CI/CD

Introduction Many enterprises attempt to drive software development and delivery towards a DevOps mindset. Likewise, organizations struggle with increasing security challenges while adopting these innovative software practices. Embedding security within the deployment lifecycle is non-negotiable. Therefore, integration of security into CI/CD workflows need to be done cautiously to meet an ever-evolving technology landscape. DevSecOps is Read more…

This is part two of a two part series on Amazon Inspector. This article is about implementing Amazon Inspector in automated AMI pipelines. The first article is an Introduction to Amazon Inspector. Automated security scanning is an essential part of DevSecOps, however setting the scanning up can be cumbersome. This quickstart incorporates Amazon Inspector and Read more…

Automated integration testing of a python AWS Config rule is a challenging, but necessary undertaking to ensure that the rule provides accurate results. Creating resources, waiting for the result to show up in AWS Config, testing the results and tearing down the resources in best case circumstances takes several minutes.  And it can take many Read more…

config-lint: Up and Running How to leverage config-lint to validate JSON and YAML based configurations. Configuration Validation with config-lint Stelligent config-lint is an open source command line tool to lint configuration file in a variety of formats, including JSON, YAML, Terraform, and Kubernetes. Config-lint offers a lightweight method to provide custom validation for unique compliance Read more…

Test Automation for Integrating with External Services Developing test automation code for an interface to an “external” service is always a difficult proposition.  There is a spectrum of techniques for developing reproducible tests against an external service. On one end of the spectrum are “mocking” techniques and on the other far end of the spectrum Read more…

Introduction The cfn_nag tool is a static analysis tool for finding obvious security weaknesses in CloudFormation templates.   The core product includes rules that apply universally across environments and enterprises.  That said, the product supports the development of custom rules to allow enterprise-specific rules for compliance and security controls. For more information on developing custom rules Read more…

Deployment Pipelines – Introduction The software “deployment pipeline” has become a common mechanism in the modern enterprise.  A deployment pipeline is a sequence of automation that produces or deploys a software artifact.  This artifact can take many forms, for example, a programming library, a web application, or even automation to converge infrastructure and security controls.  Read more…

Many enterprises attempt to drive software development and delivery towards a DevOps mindset. Likewise, organizations struggle with increasing security challenges while adopting these innovative software practices. Embedding security within the deployment lifecycle is non-negotiable. Therefore, integration of security into CI/CD workflows need be done cautiously to meet an ever-evolving technology landscape. DevSecOps is an important Read more…

The AWS QuickStart team open sourced a project they use for automated testing of CloudFormation templates called TaskCat. With TaskCat, you can run automated tests to learn of and fix any errors that arise in your CloudFormation templates. If you have been using CloudFormation for any period of time, you will learn that even if Read more…

Traditionally, managing transport layer security (TLS) digital certificates that are used for encrypting data in transit between clients and servers has been a very manual process. In 2016, Amazon Web Services began offering the AWS Certificate Manager (ACM) – a service for managing these digital certificates. By using AWS CloudFormation and AWS CodePipeline, you can Read more…