AWS DevOps & Developer Productivity Blog

Category: Security, Identity, & Compliance

Securing Your Software Supply Chain with Amazon CodeCatalyst and Amazon Inspector

Securing Your Software Supply Chain with Amazon CodeCatalyst and Amazon Inspector

Amazon CodeCatalyst is a unified service that streamlines the entire software development lifecycle, empowering teams to build, deliver, and scale applications on AWS. DevSecOps is the practice of integrating security into all stages of software development. Rather than prioritizing features, it injects security into an earlier phase of the development process – baking it into […]

Accessing Amazon Q Developer using Microsoft Entra ID and VS Code to accelerate development

Overview In this blog post, I’ll explain how to use a Microsoft Entra ID and Visual Studio Code editor to access Amazon Q developer service and speed up your development. Additionally, I’ll explain how to minimize the time spent on repetitive tasks and quickly integrate users from external identity sources so they can immediately use […]

Implementing Identity-Aware Sessions with Amazon Q Developer

“Be yourself; everyone else is already taken.” -Oscar Wilde In the real world as in the world of technology and authentication, the ability to understand who we are is important on many levels. In this blog post, we’ll look at how the ability to uniquely identify ourselves in the AWS console can lead to a […]

Best practices working with self-hosted GitHub Action runners at scale on AWS

Note: Customers no longer need to manage their own GitHub runners, you can now use AWS CodeBuild for managed GitHub Actions self-hosted runners, which provides ephemeral and scalable runner environment with strong security boundaries and low start up latency. With AWS CodeBuild, you don’t need to maintain your own infrastructure or build scaling logic, as […]

Best practices for managing Terraform State files in AWS CI/CD Pipeline

Introduction Today customers want to reduce manual operations for deploying and maintaining their infrastructure. The recommended method to deploy and manage infrastructure on AWS is to follow Infrastructure-As-Code (IaC) model using tools like AWS CloudFormation, AWS Cloud Development Kit (AWS CDK) or Terraform. One of the critical components in terraform is managing the state file which […]

Generative AI Meets AWS Security

A Case Study Presented by CodeWhisperer Customizations Amazon CodeWhisperer is an AI-powered coding assistant that is trained on a wide variety of data, including Amazon and open-source code. With the launch of CodeWhisperer Customizations, customers can create a customization resource. The customization is produced by augmenting CodeWhisperer using a customer’s private code repositories. This enables […]

cfn-hooks-to-an-org-with-service-managed-perms

Deploy CloudFormation Hooks to an Organization with service-managed StackSets

This post demonstrates using AWS CloudFormation StackSets to deploy CloudFormation Hooks from a centralized delegated administrator account to all accounts within an Organization Unit(OU). It provides step-by-step guidance to deploy controls at scale to your AWS Organization as Hooks using StackSets. By following this post, you will learn how to deploy a hook to hundreds […]

How to use Amazon CodeWhisperer using Okta as an external IdP

Customers using Amazon CodeWhisperer often want to enable their developers to sign in using existing identity providers (IdP), such as Okta. CodeWhisperer provides support for authentication either through AWS Builder Id or AWS IAM Identity Center. AWS Builder ID is a personal profile for builders. It is designed for individual developers, particularly when working on […]

Manage roles and entitlements with PBAC using Amazon Verified Permissions

Manage roles and entitlements with PBAC using Amazon Verified Permissions

Traditionally, customers have used role-based access control (RBAC) to manage entitlements within their applications. The application controls what users can do, based on the roles they are assigned. But, the drive for least privilege has led to an exponential growth in the number of roles. Customers can address this role explosion by moving authorization logic […]

Policy-based access control in application development with Amazon Verified Permissions

Today, accelerating application development while shifting security and assurance left in the development lifecycle is essential. One of the most critical components of application security is access control. While traditional access control mechanisms such as role-based access control (RBAC) and access control lists (ACLs) are still prevalent, policy-based access control (PBAC) is gaining momentum. PBAC […]