AWS DevOps Blog
Category: AWS Identity and Access Management (IAM)
Best practices working with self-hosted GitHub Action runners at scale on AWS
Note: Customers no longer need to manage their own GitHub runners, you can now use AWS CodeBuild for managed GitHub Actions self-hosted runners, which provides ephemeral and scalable runner environment with strong security boundaries and low start up latency. With AWS CodeBuild, you don’t need to maintain your own infrastructure or build scaling logic, as […]
Best practices for managing Terraform State files in AWS CI/CD Pipeline
Introduction Today customers want to reduce manual operations for deploying and maintaining their infrastructure. The recommended method to deploy and manage infrastructure on AWS is to follow Infrastructure-As-Code (IaC) model using tools like AWS CloudFormation, AWS Cloud Development Kit (AWS CDK) or Terraform. One of the critical components in terraform is managing the state file which […]
Unit testing IAM policies across multiple accounts
When migrating applications from a development account to a testing or production account, customers often find that AWS IAM policies or Service Control Policies (SCP) for their applications need significant modification to allow the application to deploy and function correctly. This can be a time-consuming process of discovery and remediation to get an application live […]