View Blog Post

Abort, Rollback…Retry? Upcoming updates to CloudFormation

Upcoming updates to CloudFormation to enable faster and more productive development.  Cloudformation templates are incredibly expressive, providing the ability to automate resource creation and configuration of many AWS services and create custom resources to accomplish an unlimited number of tasks. Cloudformation, by default, treats these stacks as single units while they are being created. If Read more…

View Blog Post

Scaling Security as Code on AWS: A DevSecOps Model

As Enterprises adopt modern application architectures, they now find they need the capability to deliver hundreds or even thousands of distinct applications while meeting stringent security and compliance requirements. Scaling the capability to deliver software securely requires a new framework for defining, creating, and delivering infrastructure and application code and brings a new set of Read more…

View Blog Post

Security Response and Remediation Automation on AWS

Consider the following questions when it comes to the typical approach to security error detection and remediation in many enterprises today: How does security error detection occur?   When and how often does it occur?  Who is usually involved in fixing these security issues?  What is the approach to fixing these issues?  How long does it Read more…

View Blog Post

Using Dependabot with AWS CodeCommit

Introduction In the DevSecOps world, maintaining code dependencies is key to acquiring the latest security vulnerability updates, bug fixes, and new features.  While locking down to “known-good” revisions of dependencies may avoid potential bugs and incompatibilities during continuous integration, critical updates could be missed.  Dependabot provides an automated solution to dependency management that can be Read more…

View Blog Post

Is Your Pipeline Ready to Speak ARM

This first half of this year featured lots of news about Arm processors (previously ARM) that culminated in three major announcements. The first was the general availability announcement from AWS of M6g Instances, powered by AWS Graviton2 processors in May. In June, Apple announced that they were migrating desktops and laptops to new Arm based Read more…

View Blog Post

Running Serverless Canary Deployments with AWS SAM

Many of us know that introducing large batches of changes into production is risky. However, because of complexity and many moving parts, it can also be risky when deploying changes in small batches – without the right techniques. One of the better ways of mitigating deployment risk is by gradually deploying small and frequent changes Read more…

View Blog Post

Pushbutton AWS Diagrams

It is often very useful to share diagrams when describing a software architecture to others. It applies the old adage that a “picture is worth a thousand words”. What’s more, it also helps you – as a builder – understand what you built and to learn areas to improve as you develop your software. While Read more…

View Blog Post

Building Developer Sandboxes on AWS with Attribute-based access control (ABAC)

Identity Management had a curious beginning in the early 1500s in England, where parish churches kept elaborate written records “for the purpose of preventing bigamy and consanguineous marriage.” It was the invention of the automobile 400 years later that furthered the creation of personal identification when in 1903 two US states issued the first driver’s Read more…

View Blog Post

Thought Experiment: Proposed Complexity Metric for IAM Policy Documents

Code Complexity Metrics When a professional software developer writes code, they measure the complexity of the code they write.  The contrapositive holds true as well that those who don’t measure the complexity of their code are not professional.  There are a variety of code complexity metrics available to the professional developer. The “better” metrics are Read more…

View Blog Post

Continuous Delivery for AWS Secrets Rotation

One of the biggest challenges with managing usernames, passwords, API keys, and other secrets is balancing the need to make it simple for authorized accounts, databases, and APIs to securely access these secrets while adhering to the principle of least privilege. Simply put, most everyone knows not to store sensitive configuration information in plain text Read more…