AWS re:Invent 2017: Automating Security and Compliance Testing of Infrastructure-as- (SID317)
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline. Session Sponsored by: Dome9