AWS Tel Aviv Summit 2018: Using Lambda Functions for DevSecOps Integration

Published on Apr 02, 2018

Want to learn more about past and upcoming AWS Israel events and activities? Visit us at - In addition to mapping controls and technical mitigations from traditional on-premise environments to AWS, a great deal of benefit can be achieved from applying automation to security, and in particular, integrating it with a DevOps model and culture to give “DevSecOps”. We present a set of approaches for integrating automated security testing and security-centric release control into a CI/CD pipeline and feedback loop without appreciably impacting the loop’s cycle rate in this context, and adding automated penetration testing as a further feedback stage for potential Continuous Deployment. Further, automation can be used to react to, and in some cases automatically remediate, classes of security events; we discuss the use of CloudWatch Events as a Lambda trigger for addressing threat intelligence information via GuardDuty, as well as being a trigger for rapidly assessing and acting on API call events. CloudWatch Events can also function as "cron for Lambda", and we present an example where it is used in this manner to fetch reputation lists from realtime blackhole lists and synthesize them into AWS WAF rules.