CloudFormation: Limited-Privilege IAM Policies With cfn-nag

Hello! This article is about security testing in CloudFormation, if you're looking for functional testing, check out this. When you write IAM policies, you should grant the smallest set of permissions that work. So, looking at this policy defined in a CloudFormation resource: The Resource: '*' looks wrong. It grants permission to make the DescribeInstances … Continue reading CloudFormation: Limited-Privilege IAM Policies With cfn-nag

Python DevOps Code Error Checking: Lint with Pyflakes

Hello! For those unfamiliar with linting (static analysis), read Dan Bader's introduction. There are several linters for Python, but when I'm doing DevOps I use Pyflakes. I love the opening sentence of its design principals: Pyflakes makes a simple promise: it will never complain about style, and it will try very, very hard to never … Continue reading Python DevOps Code Error Checking: Lint with Pyflakes