Category: Amazon CloudWatch

A pipeline definition in AWS CodePipeline consists of at least two stages, and corresponding actions within each stage. We covered the constructs of AWS CodePipeline in detail in Chapter 5, Rolling Out a CI/CD Pipeline. Typical stages that come to our mind when we think of the entire life cycle of software delivery are source, […]

The shared responsibility approach means that developers and operators should feel equally responsible and capable of identifying and fixing security issues. This can only happen whenthe security professionals invest time and effort in making other team members aware of the security risks, identifying the right solutions, and enabling them to leverage those solutions. Automation goes […]

DevSecOps tooling automations can kick off as early as when the developer commits code to their local git repositories. By leveraging git’s pre-commit hooks, they can benefit from the feedback of these code scans even before they push the changes to a remote repository. Tip Trufflehog is one such tool that stops you from accidentally […]

The following table provides a list of some open source scanners that help mitigate a variety of security risks: Secrets Scanner git-secrets This utility prevents you from accidentally committing secrets and credentials into git repositories. Ideally, it should be invoked as part of a pre-commit hook. Vulnerability Scanners for Third-Party Libraries         […]

An important dimension that we cannot overlook is the evolution of application architectures over the past years, which, in a way, has added an additional burden to security investigations and sign-offs. These days, monolith applications are broken down into microservices, resulting in hundreds or thousands of APIs. Previously, you just needed to safeguard countable entry […]

As discussed previously, instantiating the Prometheus client inside our Flask application additionally enabled a /metrics endpoint that exposed application metrics to scrapers – in our case, the OTEL collector. You can also look at these raw metrics by hitting the application load balancer URL, with the /metrics suffix at the end. In my case, accessing […]

CloudWatch is a centralized platform that allows customers to collect, monitor, and visualize their application logs, metrics, and X-Ray traces, all in a single dashboard. It is invaluable in providing a unified view of operational health for all the workloads the customer is managing. There are three main areas of features that CloudWatch offers. Infrastructure […]

Considering the scope of our test application, we will keep the EFS configurations simple and just declare fileSystemId, which is mandatory. Since EFS is accessed over the network, we also need to ensure that appropriate security group configurations are in place before this filesystem can be mounted inside the database container: We allow incoming traffic […]

We can use existing Python modules to interact with Flask and MongoDB. These dependencies have been defined in the requirements.txt file inside the application directory: After importing the necessary modules, we initialize a DB client, database, and corresponding collection that will host our JSON documents in MongoDB. Now, we can move on to defining the […]

Finally, let’s trigger a deployment of the CDK stack in one of our AWS accounts to see the application in action. We will start by securing a new session for our Cloud9 IDE. Once we are inside the CDK project folder, chapter-7/chapter-7-cdk/, we can trigger an installation of NPM modules, followed by the cdk synth […]