hands-on lab

Static Analysis and Alerting for Infrastructure as Code

Up to 2h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


A key practice in DevOps is to manage Infrastructure as Code (IaC) allowing repeatable deployments across environments. Having IaC brings the benefits of static code analysis tools to infrastructure. Static analysis tools can automatically detect issues in your infrastructure, including security gaps, before you ever deploy the infrastructure. This Lab will illustrate static analysis and alerting for IaC, using Terraform as an example IaC framework. You will use static analysis tools to analyze Terraform configurations and automate the process in a continuous integration pipeline using a Git repository, Jenkins automation server, and Amazon Simple Notification Service (SNS).

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Explain the benefits of static analysis for IaC
  • Understand how to automate the use of static analysis tools
  • Configure automated static analysis of IaC in a continuous integration pipeline in Jenkins
  • Configure automated alerting of static analysis issues using Jenkins and Amazon SNS

Lab Prerequisites

You should be familiar with:

  • IaC concepts and at least one IaC tool
  • Compute and Network concepts in AWS or other public clouds
  • Amazon SNS basics are useful but not required
  • Basic Docker concepts and command knowledge are useful but not required

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:


April 17th, 2024 - Resolved Terrascan issues

January 24th, 2024 - Updated screenshots & instructions to reflect the latest UI

November 15th, 2023 - Resolved an issue that caused the lab to fail to provision on rare occasions

August 3rd, 2023 - Added login to Jenkins server

January 7th, 2022 - Updated Jenkins version

October 8th, 2021 - Resolved an issue causing Jenkins to be unavailable

May 18th, 2021 - Resolved an issue that caused the Jenkins server to fail to properly configure in some instances

November 8th, 2020 - Updated Jenkins version and added a custom validation check

August 1st, 2020 - Updated Jenkins signing keys

April 25th, 2019 - Updated Jenkins version and resolved issue causing the prior version to be very slow to start

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

September 6th, 2018 - Resolved an issue with the Jenkins SNS Notifier not emailing the correct build url (${BUILD_URL})

About the author

Logan Rakai, opens in a new tab
Lead Content Developer - Labs
Learning paths

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Opening the AWS Cloud9 IDE
Understanding the Infrastructure as Code Project
Using Terraform's Built-In Analysis Capabilities
Working with TFLint
Working With Terrascan
Configuring the Jenkins Automation Server
Triggering Jenkins Builds
Creating and Subscribing to an SNS Topic
Receiving Build Alerts