View Blog Post

Abort, Rollback…Retry? Upcoming updates to CloudFormation

Upcoming updates to CloudFormation to enable faster and more productive development.  Cloudformation templates are incredibly expressive, providing the ability to automate resource creation and configuration of many AWS services and create custom resources to accomplish an unlimited number of tasks. Cloudformation, by default, treats these stacks as single units while they are being created. If Read more…

View Blog Post

Scaling Security as Code on AWS: A DevSecOps Model

As Enterprises adopt modern application architectures, they now find they need the capability to deliver hundreds or even thousands of distinct applications while meeting stringent security and compliance requirements. Scaling the capability to deliver software securely requires a new framework for defining, creating, and delivering infrastructure and application code and brings a new set of Read more…

View Blog Post

Security Response and Remediation Automation on AWS

Consider the following questions when it comes to the typical approach to security error detection and remediation in many enterprises today: How does security error detection occur?   When and how often does it occur?  Who is usually involved in fixing these security issues?  What is the approach to fixing these issues?  How long does it Read more…

View Blog Post

Running Serverless Canary Deployments with AWS SAM

Many of us know that introducing large batches of changes into production is risky. However, because of complexity and many moving parts, it can also be risky when deploying changes in small batches – without the right techniques. One of the better ways of mitigating deployment risk is by gradually deploying small and frequent changes Read more…

View Blog Post

Continuous Deployment for Serverless Applications on AWS

When using serverless on AWS, you do not need to worry about load balancing, auto scaling, operating system management, managing utilization, or underlying hardware failures. All of it is abstracted from you so that you can focus on coding. What’s more, since you only pay for what you use, you can do more experimentation. It Read more…

View Blog Post

Pushbutton AWS Diagrams

It is often very useful to share diagrams when describing a software architecture to others. It applies the old adage that a “picture is worth a thousand words”. What’s more, it also helps you – as a builder – understand what you built and to learn areas to improve as you develop your software. While Read more…

View Blog Post

Implementing Amazon Inspector in Automated AMI Pipelines

This is part two of a two part series on Amazon Inspector. This article is about implementing Amazon Inspector in automated AMI pipelines. The first article is an Introduction to Amazon Inspector. Automated security scanning is an essential part of DevSecOps, however setting the scanning up can be cumbersome. This quickstart incorporates Amazon Inspector and Read more…

View Blog Post

Introduction to Amazon Inspector

This is part one of a two part series on Amazon Inspector. This article goes over some of the features of Amazon Inspector and covers some of the pros and cons of the service. The second article within this series is a quick start on implementing Amazon Inspector in automated AMI pipelines.  Introduction to Amazon Read more…

View Blog Post

Deployment Pipeline Compliance and Control – a Service-based Approach

Deployment Pipelines – Introduction The software “deployment pipeline” has become a common mechanism in the modern enterprise.  A deployment pipeline is a sequence of automation that produces or deploys a software artifact.  This artifact can take many forms, for example, a programming library, a web application, or even automation to converge infrastructure and security controls.  Read more…

View Blog Post

Continuous Delivery for AWS Secrets Rotation

One of the biggest challenges with managing usernames, passwords, API keys, and other secrets is balancing the need to make it simple for authorized accounts, databases, and APIs to securely access these secrets while adhering to the principle of least privilege. Simply put, most everyone knows not to store sensitive configuration information in plain text Read more…