Building IaC Pipeline on AWS with Security Fully Integrate

In my last article (Link) we reviewed Infrastructure-as-code (IaC), why it’s important, why many companies are using it, and possible ways to add security to the IaC pipeline.

We know cloud developers often find themselves in high-pressure scenarios, forced to meet deadlines, and deliver fast — and that may push them to not pay full attention to coding and configuration. Now, without proper configurations, organizations are prone to security breaches. The bottom line is, it’s important to ensure architectural best practices are followed across the development process, even on the tightest of timelines.

Now let’s work on a real example of how to build engineering best practices into the IaC pipelines automatically for an AWS environment through hundreds of checks that align to the AWS Well-Architected Framework (security, cost optimization, performance, operational excellence, and reliability) and other compliance standards.

Here is a high-level view of what we will be working on:

Initial Requirements

As part of this scenario, you will need the following items to be able to build this environment:

• VSCode IDE installed in your computer -> Link to download
• Install the Cloud One — Conformity Plugin in your VSCode -> Link
• Cloud One — Conformity Account -> Register for a free trial
• AWS account -> Register here if you don't have one

Let's start building your first Infrastructure-as-Code pipeline with Best-Practices Checks!

1 — Install the Security plugin in the IDE and enable the API Token to scan CloudFormation Templates

After installed the VSCode IDE remember to install the Cloud Conformity Security Plugin as you can see here:

VSCode Marketplace— Cloud Conformity Security Plugin — LINK