aws-codedeploy-agent VS vsaq

AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services. A compute platform is a platform on which CodeDeploy deploys an application. There are three compute platforms:

When we deploy code at Aha! we kick off a number of AWS CodeDeploy tasks running in parallel. Here's some code to simulate deployment:

AWS has a service named CodeDeploy for this. It does exactly what you describe.

AWS CodeDeploy is a fully managed deployment service that automates software deployments to various compute services, such as Amazon Elastic Compute Cloud (EC2), Amazon Elastic Container Service (ECS), AWS Lambda, and your on-premises servers.

AWS's developer suite of products includes the AWS CodeDeploy offering, which can help developers deploy AWS Lambda functions and other compute-related services.

Documentation

AWS? Dude, use CodeDeploy green blue with hooks.

AWS CodeDeploy is a service from Amazon Web Services that automates deployments to any instance. It works with any language, platform, or application. AWS CodeDeploy makes it easier to release new features quickly, avoid downtime during application deployment, and handle the complexity of updating applications. Users can also test and track deployments so they're not left guessing or digging through logs when something goes wrong. Our integration with AWS CodeDeploy can be integrated directly into your CI/CD pipeline to improve your AWS DevOps security.

If you have a BFF, that means you have a front-end. If you have a front-end, you gotta host it somewhere. Amplify is an AWS managed service built for hosting Single Page Applications. It abstracts away all the existing serverless tech you’d traditionally use on AWS into a single place, automating most of it. S3 static asses, cache busting on deploy, and it even abstracts it’s own build pipeline using CodeDeploy sourced right from your code repository. Like AppSync, it creates a CloudFront distribution for you, and optionally provides automatic Route53 creation if you want at full URL.

Once a fresh build passes via CodePipeline, CodeDeploy distributes the functioning package to each instance based on your predefined settings. This makes it easy to coordinate builds and upgrade or patch simultaneously. CodeDeploy is code-agnostic and includes typical old code with ease. Every deployment instance can be readily monitored using the AWS Management Console, and any mistakes or issues may be rolled back through the graphical user interface.

I'd look at the SIG, CAIQ or the Google VSAQ.

Here’s a little handy guide for 4 domains. Yours would fall under infrastructure security ;) Security Questionnaire

pretty straightforward, but does it scale? and can the answers be captured objectively in order to inform consistent decision making?

i.e. this is fine for a one shot review, but would be tough to operationalize...

Plus, keep in mind diagrams can be critical. If you're going to be sharing sensitive data with this vendor you're going to need to know and have documented how that data will flow, where it will persist, etc. Can be a lot easier to capture in a diagram than narrative format.

There is variety of other FOSS type stuff out there that is useful for anyone that needs more:

Vendor Security Alliance -- https://www.vendorsecurityalliance.org/downloadQuestionaire (disclaimer: I'm an advisor @VSA)

CSA CAIQ -- https://cloudsecurityalliance.org/artifacts/consensus-assess...

SIG --NM, looks like this is closed/member only now, but if you can track it down (SIG Lite/Full, Standard Information Gathering) its ridiculously comprehensive.

Google VSAQ -- https://github.com/google/vsaq

As someone who deals with both sides (asking the questions to vendors, and answering them for prospect customers) I can say they mostly all suck pretty hard... and that's probably why there's a whole ecosystem of vendors in this space nowadays.