cfn_nag
configure-aws-credentials
Our great sponsors
cfn_nag | configure-aws-credentials | |
---|---|---|
14 | 20 | |
1,218 | 2,251 | |
0.4% | 3.4% | |
0.0 | 9.4 | |
7 months ago | 10 days ago | |
Ruby | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cfn_nag
-
Setting up my own landing zone on AWS
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
-
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
For generic CloudFormation templates, check CFN-NAG.
-
AWS Serverless Production Readiness Checklist
If you use CDK, you should implement CDK nag; otherwise, use cfn-nag.
-
Make your life easier using Makefiles
cfn_nag
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
Security checks for the Cloudformation stack using cfn-nag
-
Mastering AWS CDK Aspects
cdk-nag contains several Aspects to check your applications for best practices. It is especially useful if you need to be HIPAA-compliant or have other compliance requirements. It is inspired by cfn_nag which is a a tool checking for patterns in your CloudFormation templates.
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Source Control your AWS CloudFormation templates with GitHub
There is another tool called cfn_nag that can check your code for potentially any insecure infrastructure. When you read the documentation around this tool, the author says it can check for things such as:
-
Static Analysis for Cloud Formation
cfn-nag: Verify that there is no code that poses a security risk.
configure-aws-credentials
-
CI/CI deploy a static website to AWS S3 bucket through Github Actions
The AWS configure-aws-credentials Github Action allows the connection to the AWS S3 bucket through an AWS Role. The configuration of this role is explained in the next chapter
-
How to Get Preview Environments for Every Pull Request
In this example, we'll be using the aws-actions/configure-aws-credentials action with GitHub's OIDC provider. Make sure the configured role has the required permissions.
-
AWS SSO & GitHub OpenID Connect Setup
We are now ready to utilize configure-aws-credentials within our GitHub Actions as we move onto deploying our code!
- request critical feedback on the yaml for my first github action, please
-
Deploying to AWS from GitHub actions: is this something Fortune 500 security reviews will cry about?
Be sure to use OIDC rather than creating a user and storing long-lived credentials. This came out over a year ago and is a must for short-lived access to AWS. https://github.com/aws-actions/configure-aws-credentials
What you are looking at is totally doable, you MUST use: https://github.com/aws-actions/configure-aws-credentials
-
Trending open source repositories on GitHub
AWS Actions: It's an open source project from AWS which the goal is to get easy to Configure AWS credential and region environment variables for use in other GitHub Actions.
-
App with self-contained infrastructure on AWS
In order to achieve this, AWS credentials need to be properly configured. Here we use a handy Github action called configure-aws-credential, from AWS itself. You can also read more about the many methods of authentication available. This step requires the AWS_REGION and AWS_ROLE_ARN secrets to be properly configured in the repo, both of which that should be shared by the platform team.
-
Serverless ETL using AWS Lambda, Pandas, PostgreSQL, AWS CDK
The only commands we need to launch our infrastructure are cdk diff to detect changes and cdk deploy to commit changes. we can wrap these commands in a nice and easy Github actions workflow as after having configured your AWS access keys in Github. here's a link explaining how its done.
-
AWS Copilot GitHub Actions
We can configure AWS to trust GitHub's OIDC as a federated identity and includes a workflow for the [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) that use tokens to authenticate to AWS and access resources.
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
cfn-python-lint - CloudFormation Linter
kubectl-aws-eks - A Github action for kubectl, the Kubernetes CLI
SonarQube - Continuous Inspection
aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.
buildkit - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
setup-buildx-action - GitHub Action to set up Docker Buildx
goss - Quick and Easy server testing/validation
tfsec - Security scanner for your Terraform code
actions - GitHub Action for Infracost. See cloud cost estimates for Terraform in pull requests. 💰📉 Love your cloud bill!
cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources