La información en esta página no se encuentra completamente disponible en tu idioma de preferencia. Muy pronto esperamos tenerla completamente disponible en otros idiomas. Para obtener información en tu idioma de preferencia, por favor descarga el PDF aquí.
cfn_nag
The cloud and continuous delivery had a dramatic effect on infrastructure security. When following infrastructure as code, the entire infrastructure — which includes networks, firewalls and accounts — is defined in scripts and configuration files, and with Phoenix Servers and Environments, the infrastructure is recreated in each deployment, often many times a day. In such a scenario, testing the infrastructure after it's created is neither sufficient nor feasible. A tool that helps address this problem is cfn_nag. It scans the CloudFormation templates used with AWS for patterns that may indicate insecure infrastructure, and it does so before the infrastructure is created. Running a tool such as cfn_nag in a build pipeline is fast and it can detect a number of problems before they even reach a cloud environment.