View Blog Post

Thought Experiment: Proposed Complexity Metric for IAM Policy Documents

Code Complexity Metrics When a professional software developer writes code, they measure the complexity of the code they write.  The contrapositive holds true as well that those who don’t measure the complexity of their code are not professional.  There are a variety of code complexity metrics available to the professional developer. The “better” metrics are Read more…

View Blog Post

Deployment Pipeline Compliance and Control – a Service-based Approach

Deployment Pipelines – Introduction The software “deployment pipeline” has become a common mechanism in the modern enterprise.  A deployment pipeline is a sequence of automation that produces or deploys a software artifact.  This artifact can take many forms, for example, a programming library, a web application, or even automation to converge infrastructure and security controls.  Read more…

View Blog Post

Continuous Delivery for AWS Secrets Rotation

One of the biggest challenges with managing usernames, passwords, API keys, and other secrets is balancing the need to make it simple for authorized accounts, databases, and APIs to securely access these secrets while adhering to the principle of least privilege. Simply put, most everyone knows not to store sensitive configuration information in plain text Read more…

View Blog Post

AWS re:Invent 2019 DevOps and Security re:Cap

We had over 40 people from Mphasis and Mphasis Stelligent at the AWS re:Invent 2019 conference in Las Vegas, NV. There were 77 product launches, feature releases, & services announced at the conference (and many more at “pre:Invent” in November). Of this, there were several DevOps-related features announced at re:Invent or during pre:Invent. The theme Read more…

View Blog Post

Three Ways: Event Driven Architecture

As the complexity and scale of our AWS use cases grow, so too does the complexity of  monitoring and managing our AWS accounts. Whether these concerns revolve around maintaining corporate compliance objectives, hardening accounts against attackers, or simply controlling cost, the enforcement mechanisms can involve some serious logic. With the advent of AWS Cloudwatch Events Read more…

View Blog Post

Automate Container Security Scans in Your CI/CD Pipeline with AWS ECS

Many enterprises attempt to drive software development and delivery towards a DevOps mindset. Likewise, organizations struggle with increasing security challenges while adopting these innovative software practices. Embedding security within the deployment lifecycle is non-negotiable. Therefore, integration of security into CI/CD workflows need be done cautiously to meet an ever-evolving technology landscape. DevSecOps is an important Read more…

View Blog Post

Automate Encryption in Transit with AWS Certificate Manager

Traditionally, managing transport layer security (TLS) digital certificates that are used for encrypting data in transit between clients and servers has been a very manual process. In 2016, Amazon Web Services began offering the AWS Certificate Manager (ACM) – a service for managing these digital certificates. By using AWS CloudFormation and AWS CodePipeline, you can Read more…

View Blog Post

Deploy Managed Config Rules using CloudFormation and CodePipeline

“AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.” (Source) There are over 100 Managed Config Rules that AWS provides for all types of checks including Analytics, Compute, Database, Machine Learning, Security, Identity & Compliance, and Storage – Read more…

View Blog Post

Continuous Compliance on AWS with CodePipeline and CloudFormation

Whether it’s in or out of the cloud, most IT compliance usually comes in the form of a multitude of checklists – like the one you see below. It might be a spreadsheet, website, or other “digital” tool but, in the end, it’s still checklists that software teams must comply with by filling out forms Read more…

View Blog Post

Automatically Remediate Noncompliant AWS Resources using Lambda

While enterprises are capable of rapidly scaling their infrastructure in the cloud, there’s a corresponding increase in the demand for scalable mechanisms to meet security and compliance requirements based on corporate policies, auditors, security teams, and others. For example, we can easily and rapidly launch hundreds of resources – such as EC2 instances – in Read more…