Category: Early identification of issues

A pipeline definition in AWS CodePipeline consists of at least two stages, and corresponding actions within each stage. We covered the constructs of AWS CodePipeline in detail in Chapter 5, Rolling Out a CI/CD Pipeline. Typical stages that come to our mind when we think of the entire life cycle of software delivery are source, […]

DevSecOps tooling automations can kick off as early as when the developer commits code to their local git repositories. By leveraging git’s pre-commit hooks, they can benefit from the feedback of these code scans even before they push the changes to a remote repository. Tip Trufflehog is one such tool that stops you from accidentally […]

Amazon Macie is a threat detection service that uses machine learning and pattern-matching capabilities to identify sensitive data being stored in S3. Customers can also define custom patterns that are used by the service to identify risks and raise security findings in AWS Security Hub, a threat detection, aggregation, and remediation service. All your pipeline […]

An important dimension that we cannot overlook is the evolution of application architectures over the past years, which, in a way, has added an additional burden to security investigations and sign-offs. These days, monolith applications are broken down into microservices, resulting in hundreds or thousands of APIs. Previously, you just needed to safeguard countable entry […]

This category of offeringsis a huge differentiator when it comes to providing ready- made solutions that extract data from multiple sources and deriving insights out of those to provide actionable next steps to the user. Container insights When working with AWS services in the container landscape, you can use CloudWatch container insights to summarize metrics […]

CloudWatch is a centralized platform that allows customers to collect, monitor, and visualize their application logs, metrics, and X-Ray traces, all in a single dashboard. It is invaluable in providing a unified view of operational health for all the workloads the customer is managing. There are three main areas of features that CloudWatch offers. Infrastructure […]

Considering the scope of our test application, we will keep the EFS configurations simple and just declare fileSystemId, which is mandatory. Since EFS is accessed over the network, we also need to ensure that appropriate security group configurations are in place before this filesystem can be mounted inside the database container: We allow incoming traffic […]

For some metrics, it is more relevant to observe the time series pattern instead of scalar values. This can boost proactive analysis when your operation team notices that the API error count spikes up every 10 minutes, but never crosses the threshold your alarms are set at. You can also plot related time series data […]

We can use existing Python modules to interact with Flask and MongoDB. These dependencies have been defined in the requirements.txt file inside the application directory: After importing the necessary modules, we initialize a DB client, database, and corresponding collection that will host our JSON documents in MongoDB. Now, we can move on to defining the […]

We will define the previously discussed infrastructure components inside a CDK stack. The complete CDK project is available in your Cloud9 IDE, in the chapter-7/chapter-7-cdk/ directory. We will not go through the CDK project initiation steps in detail as these were already covered in the previous chapter, A Programmatic Approach to IaC with AWS CDK. […]