Removing AWS Policy Review Fatigue with Automated Terraform Resource Analysis
Offered By: DevSecCon via YouTube
Course Description
Overview
Learn how to implement automated Terraform resource analysis for AWS policy control in this 22-minute DevSecCon talk. Discover how Yelp integrates static analysis into their Infra-as-Code (IaC) pipeline, reducing security reviewer fatigue and improving developer productivity. Explore the benefits of using tools like Regula and Atlantis to catch vulnerabilities during code review, shifting security left and eliminating manual security reviews. Gain insights into formatting output, creating custom rules, implementing waivers, and handling critical security vulnerabilities. Join speaker Muhammad Ahmed, a Software Engineer in Infrastructure Security at Yelp, as he shares his experience and expertise in cloud security and network security.
Syllabus
Introduction
Welcome
Pain Points
The Status Quo
The Goal
Status Checks
Formatting Output
Custom Rules
Waivers
Critical Security Vulnerability
OnCall Post
Questions
Taught by
DevSecCon
Related Courses
Terraform Basics: Automate Provisioning of AWS EC2 InstancesCoursera Project Network via Coursera DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX DevOps Foundations: Software Development Optimization
Universidad Anáhuac via edX Fundamentos de DevOps: Optimiza el desarrollo del software
Universidad Anáhuac via edX