Issue #3

Hello CloudMakers!

This is a special issue of the newsletter, dedicated to the AWS re:Invent going on these days in Las Vegas! The event takes place every year at this time in this surreal city, and major new developments in the AWS world are announced. This year I had the privilege of being here in person and enjoying the merry shindig, meeting people from all over the world, learning new things through dedicated sessions, witnessing firsthand the new announcements and stumbling upon vendors at the Expo with the most interesting tools.

Which ones have I found most interesting so far? Here they are!

Enjoy!

StackHawk: DAST automated in CI/CD

As teams are expected to produce and deploy new code daily or more frequently, traditional security cannot keep up with the current pace of software development. Securing code becomes a part of the continuous development workflow when security feedback is automated on each pull request and vulnerabilities are fixed before going live.

DAST simulates malicious attacks and other external behaviors by searching for ways to exploit security vulnerabilities during runtime. In my experience, it is the least used type of test because it often needs to rely on security experts to create the right test procedures.

StackHawk is a DAST tool that simplify the creation of comprehensive testing for applications and API: it is super developer-friendly so that application security can keep up with the pace of today’s engineering teams.

Fully Managed Blue/Green Deployments in Amazon Aurora and Amazon RDS

Now you can do Blue/Green deployment with database changes too! You can create a separate, synchronised, fully managed staging environment that mirrors your production environment by using Blue/Green Deployments to set up a staging environment that cloned your production environment's primary database and in-region read replicas.

Blue/Green Deployments keep these two environments in sync using logical replication. During switchover, Blue/Green Deployments blocks writes on the blue and green environments, ensuring that the green catches up with the blue, preventing any data loss. Production traffic will be redirected to the newly promoted staging environment without altering your application's code.

Blue/Green Deployments can be used to make changes, such as major and minor version upgrades, schema alterations, operating system upgrades, and maintenance activities, without impacting the production workload.

Preview: VPN-less Secure Network Access to Corporate Applications

Zero Trust principles are utilised to construct AWS Verified Access, currently in Preview.

Verified Access improves your organisation's security position by using multiple security inputs to grant access to applications. When a user or device meets certain security demands, applications are given access. Security demands include user identity and role, as well as device security, among lots of other things. Before granting access to any application, Verified Access verifies each request, whether it be from a user or network. Verified Access can adjust its security posture as needed by evaluating each request. If your device indicates that its security posture is out of compliance, Verified Access will no longer allow you to access your application.

BONUS: all things serverless

Have you heard about the new launch of OpenSearch Serverless?

Thank you for reading my newsletter!

If you liked it, please invite your friends to subscribe!

If you were forwarded this newsletter and liked it, you can subscribe for free here:

Have you read an article you liked and want to share it? Send it to me and you might see it published in this newsletter!

Interested in old issues? You can find them here!

Until next time!