CloudAcademy

Static Analysis and Alerting for Infrastructure as Code

The hands-on lab is part of these learning paths

DevOps Playbook - CI/CD Tools and Services

course-steps 4 certification 2 lab-steps 5

Solving Infrastructure Challenges with Terraform

course-steps 1 certification 1 lab-steps 5

Lab Steps

keyboard_tab
lock
Logging in to the Amazon Web Services Console
lock
Opening the AWS Cloud9 IDE
lock
Understanding the Infrastructure as Code Project
lock
Using Terraform's Built-In Analysis Capabilities
lock
Working with TFLint
lock
Working With Terrascan
lock
Configuring the Jenkins Automation Server
lock
Triggering Jenkins Builds
lock
Creating and Subscribing to an SNS Topic
lock
Receiving Build Alerts

Ready for the real environment experience?

DifficultyIntermediate
Duration2h
Students76

Description

Lab Overview

A key practice in DevOps is to manage Infrastructure as Code (IaC) allowing repeatable deployments across environments. Having IaC brings the benefits of static code analysis tools to infrastructure. Static analysis tools can automatically detect issues in your infrastructure, including security gaps, before you ever deploy the infrastructure. This Lab will illustrate static analysis and alerting for IaC, using Terraform as an example IaC framework. You will use static analysis tools to analyze Terraform configurations and automate the process in a continuous integration pipeline using a Git repository, Jenkins automation server, and Amazon Simple Notification Service (SNS).

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Explain the benefits of static analysis for IaC
  • Understand how to automate the use of static analysis tools
  • Configure automated static analysis of IaC in a continuous integration pipeline in Jenkins
  • Configure automated alerting of static analysis issues using Jenkins and Amazon SNS

Lab Prerequisites

You should be familiar with:

  • IaC concepts and at least one IaC tool
  • Compute and Network concepts in AWS or other public clouds
  • Amazon SNS basics are useful but not required
  • Basic Docker concepts and command knowledge are useful but not required

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Updates

September 6th, 2018 - Resolved an issue with the Jenkins SNS Notifier not emailing the correct build url (${BUILD_URL})

About the Author

Students8078
Labs60
Courses6
Learning paths3

Logan has been involved in software development and research for over eleven years, including six years in the cloud. He is an AWS Certified DevOps Engineer - Professional, MCSE: Cloud Platform and Infrastructure, and Certified Kubernetes Administrator (CKA). He earned his Ph.D. studying design automation and enjoys all things tech.

Covered Topics