cfn-python-lint
saml2aws
Our great sponsors
cfn-python-lint | saml2aws | |
---|---|---|
20 | 12 | |
2,345 | 2,003 | |
1.0% | 1.4% | |
9.1 | 9.2 | |
5 days ago | 1 day ago | |
Python | Go | |
MIT No Attribution | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cfn-python-lint
-
Deploy config rules across your organization
Now the first 3 options are pretty straight forward. The template itself is a bit more complicated. In my example I used an inline template, I did this for the sake of this blog. But you can also reference an existing object on S3. This way you can use linting tools like cfn-lint on your conformance pack. This will reduce errors during deployment as you can catch them before you commit and push your code.
-
Managing low-code environments with AWS CloudFormation and Azure Resource Manager
Automate testing and validation: Before deploying your templates, it's important to test and validate them to ensure that they will work as expected. Use tools like AWS CloudFormation Linter and Azure Resource Manager Template Tester to automate this process.
-
Alternatives to Terraform
Honestly I've had good luck writing clean Cloud Formation. It's AWS only. But Nested Stacks can help keep things pretty clean and tools like cfn-lint do a pretty good job of preventing you from going too crazy with spaghetti code. Additionally, as it's all json/yaml, you can parse it to look for common problems your organization wants to enforce. So you can ensure things like specific tags your roles/vpc etc..., or usage of an "approved" set of AMI, requiring an EKS/RDS cluster to be split across availability zones; they're all just a test in your CI pipeline away.
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
A linter for our AWSCloudformation stack called cfn-lint
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Validating cloudFormation templates
https://github.com/aws-cloudformation/cfn-lint as mentioned will do what you've explicitly called-out.
-
CloudFormation locally
cfn-lint can do basic validation and rule-based linting. Highly recommend using it even if it doesn't solve your problem.
-
Source Control your AWS CloudFormation templates with GitHub
To help validate your AWS CloudFormation templates you can use a tool called cfn-lint.
saml2aws
- CLI tool to login and retrieve AWS temporary credentials using a SAML IDP
- Script or software that automatically populate specific profile in ~/.aws/credentials
-
Completions plugin `saml2aws`
related: message on saml2aws repo
-
Securing the AWS CLI
If you have an external identity provider, you can add a SAML provider in IAM and use saml2aws locally. The session duration can be configured on the role.
-
don't want to store access key and secret key in plain text in the .aws/credentials file or variables
Or if you have an existing IdP you can use https://github.com/Versent/saml2aws and https://github.com/makethunder/awsudo. By setting up a central account that you put in your trust policy which users can assume roles.
- Script for cli commands with MFA and multiple accounts
-
Show HN: Authenticate into AWS right from your terminal window
In my company everything goes through Active Directory and we use saml2aws [1] to generate credentials with two factor involved. It works quite well for us. We even use this for our artists to create local builds of our games since we keep all important secrets and such in aws secrets mananger. We scope access to said secrets with custom roles and tags.
[1] https://github.com/Versent/saml2aws
- How do you get CLI credentials for a federated role?
-
Getting CLI credentials for an AWS account that is not under your AWS SSO organization
Technically I guess it should be possible with something like saml2aws, but it doesn't support AWS as an IdP yet.
-
saml2aws-multi: a simple tool providing an easy-to-use command line interface for saml2aws
saml2aws-multi is a simple tool I created for using saml2aws more effectively on day-to-day tasks. saml2aws-multi provides an easy-to-use command line interface to support login and retrieve AWS temporary credentials for multiple roles of different accounts with saml2aws.
What are some alternatives?
cfn_nag - Linting tool for CloudFormation templates
gimme-aws-creds - A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
aws-codebuild-docker-images - Official AWS CodeBuild repository for managed Docker images http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html
awsume - A utility for easily assuming AWS IAM roles from the command line.
cloudformation-guard - Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
aws-toolkit-vscode - Amazon Q, CodeWhisperer, CodeCatalyst, Local Lambda debug, SAM/CFN syntax, ECS Terminal, AWS resources
terraform-aws-icons - Annotate Terraform graphs with AWS icons.
aws-extend-switch-roles - Extend your AWS IAM switching roles by Chrome extension, Firefox add-on, or Edge add-on
aws-runas - aws-runas rewritten in Go
rain - A development workflow tool for working with AWS CloudFormation.
leapp - Leapp is the DevTool to access your cloud