cfn_nag
aws-secure-environment-accelerator
Our great sponsors
cfn_nag | aws-secure-environment-accelerator | |
---|---|---|
14 | 4 | |
1,219 | 707 | |
0.5% | 0.8% | |
0.0 | 7.4 | |
8 months ago | 6 days ago | |
Ruby | HTML | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cfn_nag
-
Setting up my own landing zone on AWS
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
-
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
For generic CloudFormation templates, check CFN-NAG.
-
AWS Serverless Production Readiness Checklist
If you use CDK, you should implement CDK nag; otherwise, use cfn-nag.
-
Make your life easier using Makefiles
cfn_nag
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
Security checks for the Cloudformation stack using cfn-nag
-
Mastering AWS CDK Aspects
cdk-nag contains several Aspects to check your applications for best practices. It is especially useful if you need to be HIPAA-compliant or have other compliance requirements. It is inspired by cfn_nag which is a a tool checking for patterns in your CloudFormation templates.
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Source Control your AWS CloudFormation templates with GitHub
There is another tool called cfn_nag that can check your code for potentially any insecure infrastructure. When you read the documentation around this tool, the author says it can check for things such as:
-
Install cfn_nag on Windows
I recently wanted to use the cfn-nag tool on some templates I was writing but couldn't find any instructions to install on Windows, but I have found a way to do it.
aws-secure-environment-accelerator
-
An AWS account just for getting into other AWS accounts
https://github.com/aws-samples/aws-secure-environment-accele...
I've used the ASEA to get a number of organizations setup. I prefer it to Control Tower (it can be installed on top of CT). The ASEA is open source and written in AWS cdk so it can be forked and modified if needed.
- Managing AWS in a Large Organization: Looking for best practices and experience.
-
Multi-account with AWS Organization + VPN server access to multiple VPC/regions: best practices?
Hey ! If you plan to create a new Landing zone, take a look at Control Tower, or this Env Accelerator you can also do it with Terraform.
-
AWS Control Tower Advice
We are more interested in https://github.com/aws-samples/aws-secure-environment-accelerator which seems to be a way better successor to the original landing zone solution. Nearly all CDK and highly customisable. Just need a fresh new environment to deploy it into and test! By the looks of their commit history it seems they also thought of it as a better control tower before being told to change the wording.
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
trailscraper - A command-line tool to get valuable information out of AWS CloudTrail
cfn-python-lint - CloudFormation Linter
django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
SonarQube - Continuous Inspection
panther - [DEPRECATED] Detect threats with log data and improve cloud security posture
vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.
CapRover - Scalable PaaS (automated Docker+nginx) - aka Heroku on Steroids
tfsec - Security scanner for your Terraform code
Completion-n-Queens-Problem - A linear algorithm is described for solving the n-Queens Completion problem for an arbitrary composition of k queens, consistently distributed on a chessboard of size n x n. Two important rules are used in the algorithm: a) the rule of sequential risk elimination for the entire system as a whole; b) the rule of formation of minimal damage in the given selection conditions. For any composition of k queens (1<= k<n), a solution is provided, or a decision is made that this composition can't be completed. The probability of an error in making such a decision does not exceed 0.0001, and its value decreases, with increasing n. It is established that the average time, required for the queen to be placed on one row, decreases with increasing value of n. A description is given of two random selection models and the results of their comparative analysis. A model for organizing the Back Tracking procedure is proposed based on the separation of the solution matrix into two basic levels. Regression
cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
glauth - A lightweight LDAP server for development, home use, or CI