Static Analysis and Alerting for Infrastructure as Code

Intermediate

5 students completed the lab in ~54m

Total available time: 1h:30m

Be the first to rate this lab!

Lab Overview

A key practice in DevOps is to manage Infrastructure as Code (IaC) allowing repeatable deployments across environments. Having IaC brings the benefits of static code analysis tools to infrastructure. Static analysis tools can automatically detect issues in your infrastructure, including security gaps, before you ever deploy the infrastructure. This Lab will illustrate static analysis and alerting for IaC, using Terraform as an example IaC framework. You will use static analysis tools to analyze Terraform configurations and automate the process in a continuous integration pipeline using a Git repository, Jenkins automation server, and Amazon Simple Notification Service (SNS).

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Explain the benefits of static analysis for IaC
  • Understand how to automate the use of static analysis tools
  • Configure automated static analysis of IaC in a continuous integration pipeline in Jenkins
  • Configure automated alerting of static analysis issues using Jenkins and Amazon SNS

Lab Prerequisites

You should be familiar with:

  • IaC concepts and at least one IaC tool
  • Compute and Network concepts in AWS or other public clouds
  • Amazon SNS basics are useful but not required
  • Basic Docker concepts and command knowledge are useful but not required

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Follow these steps to learn by building helpful cloud resources

Logging in to the Amazon Web Services Console

Your first step to start the Lab experience

Opening the AWS Cloud9 IDE

Open the AWS Cloud9 browser-based Integrated Development Environment (IDE)

Understanding the Infrastructure as Code Project

Review the provided Terraform IaC

Using Terraform's Built-In Analysis Capabilities

Learn about the built-in analysis capabilities of Terraform

Working with TFLint

Use TFLint to detect configuration errors not detected by Terraform plan

Working With Terrascan

Use Terrascan to recommend security best practices

Configuring the Jenkins Automation Server

Configure Jenkins to perform static analysis on every project code push

Triggering Jenkins Builds

Trigger a Jenkins build by pushing your code to the build server's Git repository

Creating and Subscribing to an SNS Topic

Create and subscribe to a SNS topic that will be used for build notifications

Receiving Build Alerts

Configure the Amazon SNS Notifier plugin to publish build messages to the build topic