This is part two of a two part series on Amazon Inspector. This article is about implementing Amazon Inspector in automated AMI pipelines. The first article is an Introduction to Amazon Inspector. Automated security scanning is an essential part of DevSecOps, however setting the scanning up can be cumbersome. This quickstart incorporates Amazon Inspector and Read more…
This is part one of a two part series on Amazon Inspector. This article goes over some of the features of Amazon Inspector and covers some of the pros and cons of the service. The second article within this series is a quick start on implementing Amazon Inspector in automated AMI pipelines. Introduction to Amazon Read more…
Identity Management had a curious beginning in the early 1500s in England, where parish churches kept elaborate written records “for the purpose of preventing bigamy and consanguineous marriage.” It was the invention of the automobile 400 years later that furthered the creation of personal identification when in 1903 two US states issued the first driver’s Read more…
Automated integration testing of a python AWS Config rule is a challenging, but necessary undertaking to ensure that the rule provides accurate results. Creating resources, waiting for the result to show up in AWS Config, testing the results and tearing down the resources in best case circumstances takes several minutes. And it can take many Read more…
Code Complexity Metrics When a professional software developer writes code, they measure the complexity of the code they write. The contrapositive holds true as well that those who don’t measure the complexity of their code are not professional. There are a variety of code complexity metrics available to the professional developer. The “better” metrics are Read more…
Deployment Pipelines – Introduction The software “deployment pipeline” has become a common mechanism in the modern enterprise. A deployment pipeline is a sequence of automation that produces or deploys a software artifact. This artifact can take many forms, for example, a programming library, a web application, or even automation to converge infrastructure and security controls. Read more…
One of the biggest challenges with managing usernames, passwords, API keys, and other secrets is balancing the need to make it simple for authorized accounts, databases, and APIs to securely access these secrets while adhering to the principle of least privilege. Simply put, most everyone knows not to store sensitive configuration information in plain text Read more…
We had over 40 people from Mphasis and Mphasis Stelligent at the AWS re:Invent 2019 conference in Las Vegas, NV. There were 77 product launches, feature releases, & services announced at the conference (and many more at “pre:Invent” in November). Of this, there were several DevOps-related features announced at re:Invent or during pre:Invent. The theme Read more…
As the complexity and scale of our AWS use cases grow, so too does the complexity of monitoring and managing our AWS accounts. Whether these concerns revolve around maintaining corporate compliance objectives, hardening accounts against attackers, or simply controlling cost, the enforcement mechanisms can involve some serious logic. With the advent of AWS Cloudwatch Events Read more…
Many enterprises attempt to drive software development and delivery towards a DevOps mindset. Likewise, organizations struggle with increasing security challenges while adopting these innovative software practices. Embedding security within the deployment lifecycle is non-negotiable. Therefore, integration of security into CI/CD workflows need be done cautiously to meet an ever-evolving technology landscape. DevSecOps is an important Read more…