View Blog Post

AWS Integration Testing for boto with potemkin-decorator

Test Automation for Integrating with External Services Developing test automation code for an interface to an “external” service is always a difficult proposition.  There is a spectrum of techniques for developing reproducible tests against an external service. On one end of the spectrum are “mocking” techniques and on the other far end of the spectrum Read more…

View Blog Post

Thought Experiment: Proposed Complexity Metric for IAM Policy Documents

Code Complexity Metrics When a professional software developer writes code, they measure the complexity of the code they write.  The contrapositive holds true as well that those who don’t measure the complexity of their code are not professional.  There are a variety of code complexity metrics available to the professional developer. The “better” metrics are Read more…

View Blog Post

Custom Rule Distribution Enhancements for cfn_nag

Introduction The cfn_nag tool is a static analysis tool for finding obvious security weaknesses in CloudFormation templates.   The core product includes rules that apply universally across environments and enterprises.  That said, the product supports the development of custom rules to allow enterprise-specific rules for compliance and security controls. For more information on developing custom rules Read more…

View Blog Post

Automate Container Security Scans in Your CI/CD Pipeline with AWS ECS

Many enterprises attempt to drive software development and delivery towards a DevOps mindset. Likewise, organizations struggle with increasing security challenges while adopting these innovative software practices. Embedding security within the deployment lifecycle is non-negotiable. Therefore, integration of security into CI/CD workflows need be done cautiously to meet an ever-evolving technology landscape. DevSecOps is an important Read more…

View Blog Post

DevOps on AWS Radio: The Do’s and Dont’s of Containers with Michael Wittig (Episode 26)

In this episode, we chat with Michael Wittig an AWS Community Hero prior to re:Invent 2019 with some of our hopes and expectations of the conference, and we also dive into a number of topics including Michael’s most recent book. In this episode, Paul Duvall and Michael Wittig will give you an overview of the Read more…

View Blog Post

Validating AWS CloudFormation templates with cfn_nag and mu

Stelligent cfn_nag is an open source command-line tool that performs static analysis of AWS CloudFormation templates. With cfn_nag you can check for: Static code analysis of AWS CloudFormation Block undesirable resource specifications Proactive preventative control – stop before creating resources Enforceable in a deployment pipeline Here are some examples of the types of checks cfn_nag Read more…