cfn-python-lint
cfn_nag
Our great sponsors
cfn-python-lint | cfn_nag | |
---|---|---|
20 | 14 | |
2,334 | 1,218 | |
0.9% | 0.4% | |
9.1 | 0.0 | |
5 days ago | 7 months ago | |
Python | Ruby | |
MIT No Attribution | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cfn-python-lint
-
Managing low-code environments with AWS CloudFormation and Azure Resource Manager
Automate testing and validation: Before deploying your templates, it's important to test and validate them to ensure that they will work as expected. Use tools like AWS CloudFormation Linter and Azure Resource Manager Template Tester to automate this process.
-
Alternatives to Terraform
Honestly I've had good luck writing clean Cloud Formation. It's AWS only. But Nested Stacks can help keep things pretty clean and tools like cfn-lint do a pretty good job of preventing you from going too crazy with spaghetti code. Additionally, as it's all json/yaml, you can parse it to look for common problems your organization wants to enforce. So you can ensure things like specific tags your roles/vpc etc..., or usage of an "approved" set of AMI, requiring an EKS/RDS cluster to be split across availability zones; they're all just a test in your CI pipeline away.
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
A linter for our AWSCloudformation stack called cfn-lint
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Validating cloudFormation templates
https://github.com/aws-cloudformation/cfn-lint as mentioned will do what you've explicitly called-out.
I use cfn-lint for this. Works great in a CI pipeline for example, and goes much further than just checking validity: it also checks all manner of good style etc…
-
CloudFormation locally
cfn-lint can do basic validation and rule-based linting. Highly recommend using it even if it doesn't solve your problem.
-
Source Control your AWS CloudFormation templates with GitHub
To help validate your AWS CloudFormation templates you can use a tool called cfn-lint.
cfn_nag
-
Setting up my own landing zone on AWS
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
-
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
For generic CloudFormation templates, check CFN-NAG.
-
AWS Serverless Production Readiness Checklist
If you use CDK, you should implement CDK nag; otherwise, use cfn-nag.
-
Make your life easier using Makefiles
cfn_nag
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
Security checks for the Cloudformation stack using cfn-nag
-
Mastering AWS CDK Aspects
cdk-nag contains several Aspects to check your applications for best practices. It is especially useful if you need to be HIPAA-compliant or have other compliance requirements. It is inspired by cfn_nag which is a a tool checking for patterns in your CloudFormation templates.
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Source Control your AWS CloudFormation templates with GitHub
There is another tool called cfn_nag that can check your code for potentially any insecure infrastructure. When you read the documentation around this tool, the author says it can check for things such as:
-
Static Analysis for Cloud Formation
cfn-nag: Verify that there is no code that poses a security risk.
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
aws-codebuild-docker-images - Official AWS CodeBuild repository for managed Docker images http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html
SonarQube - Continuous Inspection
cloudformation-guard - Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
terraform-aws-icons - Annotate Terraform graphs with AWS icons.
vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.
aws-toolkit-vscode - Amazon Q, CodeWhisperer, CodeCatalyst, Local Lambda debug, SAM/CFN syntax, ECS Terminal, AWS resources
rain - A development workflow tool for working with AWS CloudFormation.
tfsec - Security scanner for your Terraform code
cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
aws-iam-generator - Generate Multi-Account IAM users/groups/roles/policies from a simple YAML configuration file and Jinja2 templates.