View Blog Post

Abort, Rollback…Retry? Upcoming updates to CloudFormation

Upcoming updates to CloudFormation to enable faster and more productive development.  Cloudformation templates are incredibly expressive, providing the ability to automate resource creation and configuration of many AWS services and create custom resources to accomplish an unlimited number of tasks. Cloudformation, by default, treats these stacks as single units while they are being created. If Read more…

View Blog Post

Security Response and Remediation Automation on AWS

Consider the following questions when it comes to the typical approach to security error detection and remediation in many enterprises today: How does security error detection occur?   When and how often does it occur?  Who is usually involved in fixing these security issues?  What is the approach to fixing these issues?  How long does it Read more…

View Blog Post

Stelligent U: Onboarding New Hires with a Standard Development Environment

Let’s imagine this scenario: Today is the first day of your new gig. With overwhelming nervous energy, you’re awake so early you wonder how people normally wake up at this hour, you even combed your hair today (maybe even showered?) and you’re ready to put your best foot forward and conquer the world. You have Read more…

View Blog Post

Infrastructure as Code and Stelligent U

At Stelligent, Infrastructure as Code (IaC) is foundational to our mantra of “Automate Everything”. This is reflected in our new engineer training, Stelligent U, which has recently been open-sourced. Throughout the training, we focus on creating and updating resources via CloudFormation. Even with templates provided as reference, the engineer is the ultimate decision-maker for building Read more…

View Blog Post

Removing Errors on CloudFormation Stack Creation

OVERVIEW Administering AWS infrastructure through CloudFormation is one way to use Infrastructure as Code to simplify and replicate an environment. Here at Stelligent, we encourage using automation to apply CloudFormation templates. An early hurdle with CloudFormation one might encounter is a mistake that would break the initial creation of the stack. When CloudFormation fails during Read more…

View Blog Post

Generating Least Privileged IAM Roles for CloudFormation and Service Catalog with cfn-leaprog

CloudFormation Development Process and Privilege As a developer works through the development of a CloudFormation template, they are likely working in a “sandbox” account where they have significant “power user” privileges.  This is convenient in order to allow the developer to focus on the business needs, but what happens when the same template is converged Read more…

View Blog Post

Implementing Amazon Inspector in Automated AMI Pipelines

This is part two of a two part series on Amazon Inspector. This article is about implementing Amazon Inspector in automated AMI pipelines. The first article is an Introduction to Amazon Inspector. Automated security scanning is an essential part of DevSecOps, however setting the scanning up can be cumbersome. This quickstart incorporates Amazon Inspector and Read more…

View Blog Post

Thought Experiment: Proposed Complexity Metric for IAM Policy Documents

Code Complexity Metrics When a professional software developer writes code, they measure the complexity of the code they write.  The contrapositive holds true as well that those who don’t measure the complexity of their code are not professional.  There are a variety of code complexity metrics available to the professional developer. The “better” metrics are Read more…

View Blog Post

Custom Rule Distribution Enhancements for cfn_nag

Introduction The cfn_nag tool is a static analysis tool for finding obvious security weaknesses in CloudFormation templates.   The core product includes rules that apply universally across environments and enterprises.  That said, the product supports the development of custom rules to allow enterprise-specific rules for compliance and security controls. For more information on developing custom rules Read more…

View Blog Post

Continuous Delivery for AWS Secrets Rotation

One of the biggest challenges with managing usernames, passwords, API keys, and other secrets is balancing the need to make it simple for authorized accounts, databases, and APIs to securely access these secrets while adhering to the principle of least privilege. Simply put, most everyone knows not to store sensitive configuration information in plain text Read more…