AWS DevOps & Developer Productivity Blog

Tag: Compliance

Manage application security and compliance with the AWS Cloud Development Kit and cdk-nag

Infrastructure as Code (IaC) is an important part of Cloud Applications. Developers rely on various Static Application Security Testing (SAST) tools to identify security/compliance issues and mitigate these issues early on, before releasing their applications to production. Additionally, SAST tools often provide reporting mechanisms that can help developers verify compliance during security reviews. cdk-nag integrates […]

solution architecture diagram

Continuous Compliance Workflow for Infrastructure as Code: Part 2

In the first post of this series, we introduced a continuous compliance workflow in which an enterprise security and compliance team can release guardrails in a continuous integration, continuous deployment (CI/CD) fashion in your organization. In this post, we focus on the technical implementation of the continuous compliance workflow. We demonstrate how to use AWS […]

continuous compliance workflow

Continuous Compliance Workflow for Infrastructure as Code: Part 1

Security and compliance standards are of paramount importance for organizations in many industries. There is a growing need to seamlessly integrate these standards in an application release cycle. From a DevOps standpoint, an application can be subject to these standards during two phases: Pre-deployment – Standards are enforced in an application deployment pipeline prior to […]

How to Centrally Manage AWS Config Rules across Multiple AWS Accounts

AWS Config Rules allow you to codify policies and best practices for your organization and evaluate configuration changes to AWS resources against these policies. If you manage multiple AWS accounts, you might want to centrally govern and define these policies for all of the AWS accounts in your organization. With appropriate authorization, you can create […]