This week's articles
Testing Infrastructure-as-Code Using Dynamic Tooling
#aws, #ci/cd, #defend, #terraform
NCC released a project called Aerides
, which demonstrates how to integrate LocalStack and dynamic tools for assessing IaC. Aerides includes mock infrastructure for a web service that is written using Terraform's HCL. It is hosted on GitHub and uses GitHub Actions to perform automatic tests for pull requests.
Defense Against Novel Threats: Redesigning CI at Mercari
#build, #ci/cd, #strategy, #supply-chain
Article discussing the effort to build Mercari's next generation CI system and some of their engineering solutions towards this effort. It also explores supply chain security as an increasingly important area of focus for CI/CD engineers.
AWS IAM: Best practices
#aws, #explain, #iam
Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.
Bypassing the AWS WAF protection with an 8KB bullet
The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.