View Blog Post

Thought Experiment: Proposed Complexity Metric for IAM Policy Documents

Code Complexity Metrics When a professional software developer writes code, they measure the complexity of the code they write.  The contrapositive holds true as well that those who don’t measure the complexity of their code are not professional.  There are a variety of code complexity metrics available to the professional developer. The “better” metrics are Read more…

View Blog Post

Custom Rule Distribution Enhancements for cfn_nag

Introduction The cfn_nag tool is a static analysis tool for finding obvious security weaknesses in CloudFormation templates.   The core product includes rules that apply universally across environments and enterprises.  That said, the product supports the development of custom rules to allow enterprise-specific rules for compliance and security controls. For more information on developing custom rules Read more…

View Blog Post

Continuous Delivery for AWS Secrets Rotation

One of the biggest challenges with managing usernames, passwords, API keys, and other secrets is balancing the need to make it simple for authorized accounts, databases, and APIs to securely access these secrets while adhering to the principle of least privilege. Simply put, most everyone knows not to store sensitive configuration information in plain text Read more…

View Blog Post

Automate Encryption in Transit with AWS Certificate Manager

Traditionally, managing transport layer security (TLS) digital certificates that are used for encrypting data in transit between clients and servers has been a very manual process. In 2016, Amazon Web Services began offering the AWS Certificate Manager (ACM) – a service for managing these digital certificates. By using AWS CloudFormation and AWS CodePipeline, you can Read more…

View Blog Post

Deploy Managed Config Rules using CloudFormation and CodePipeline

“AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.” (Source) There are over 100 Managed Config Rules that AWS provides for all types of checks including Analytics, Compute, Database, Machine Learning, Security, Identity & Compliance, and Storage – Read more…

View Blog Post

Dance like Nobody’s Watching; Encrypt like Everyone Is

While AWS is making computing easier, it can be challenging to know how to effectively use encryption. In this screencast, we provide an overview of the encryption landscape on AWS. This includes services like AWS Certificate Manager, AWS Key Management Service, and the Encryption SDK, which provide encryption in transit and at rest. In addition, Read more…

View Blog Post

DevOps on AWS Radio: DevOps Philosophies with James Martin at 3M HIS (Episode 20)

In this episode, Paul Duvall speaks with VP of Engineering & Delivery Casey Lee on a brief preview of next months episode. Casey touches on some of the new features and updates added to open-source, full-stack DevOps on AWS tool mu.  Paul Duvall also speaks with James Martin, an Automation Engineering Manager at 3M HIS on team structure, his philosophies behind choosing Read more…