Developing cloud-native preventative and auto-remediating guardrails for a multi-org/multi-account deployment backed by a customized AWS Landing Zones architecture. Controls run in Lambda, written in Python3.
Project Details
This is using the CWE/Lambda pattern, forwarding to an SQS Queue which notifies the relevant parties of specific alerts. Many of the guardrails additionally have an auto-remediation function as well, leveraging cross-account roles to ensure a safe landing and secure cloud operating environment. This is fully cloud-native, including the use of:
- CloudWatch Events, Lambda, SQS (basic guardrail structure)
- Landing Zones (Cross-Acct-Role & guardrail deployment)
- CodeCommit, CodePipeline, CodeBuild (CI/CD)
CI/CD Testing
It’s imperative to uphold rigorous coding standards - especially for your security controls. We take this to heart, so some of the testing in place includes:
- Linting (PyLint, Flake8)
- Unit Testing (PyTest)
- Code Coverage (Coverage.py)
- Functional/Behavior Testing (Behave)
- Monitoring & daily efficacy testing (custom in-house tooling)