Introduction

Author Introduction

I am a founder Stelligent and Chief AWS Evangelist at Mphasis. I am 6 times AWS certified including AWS Certified DevOps Engineer Professional and AWS Certified Security - Specialty, and I have architected, implemented and managed software and systems solutions for over 20 years. I have been an AWS Hero since 2016, which recognizes a very select group for their significant knowledge-sharing contributions to the AWS community. In addition, I have authored multiple books and publications on DevOps and Continuous Integration including the award-winning Continuous Integration: Improving Software Quality and Reducing Risk (Addison-Wesley) and DevOps Essentials on AWS LiveLessons (Addison-Wesley). I blog at mphasis.com and stelligent.com, and I host the DevOps on AWS Radio podcast.

Course Introduction

Continuous Compliance on AWS is a course that is most useful if you are a software developer or a security and compliance professional who wants to integrate compliance into every facet of the software development and delivery process. It assumes you have a working knowledge of AWS and programming experience and want to make compliance ubiquitous across all your systems.

In this course, you will learn how to automate compliance on AWS using AWS Developer Tools and AWS Management & Governance services. The focus of the course is on how to apply continuous delivery to compliance and not on software architectures.

The Continuous Compliance on AWS course has a heavy focus on the use of AWS Developer Tools, AWS Management & Governance tools, and other services, most notably the following:

• AWS CloudFormation - a tool you can use to create and manage resources with templates
• AWS CodePipeline - a fully-managed service for releasing software using Continuous Delivery
• AWS CodeCommit - a fully-managed service for storing code in private Git repositories
• AWS CodeBuild - a fully-managed service for building and testing code
• AWS Config and Config Rules - a fully-managed service for tracking resource inventory and changes. AWS Config Rules checks whether changes violate any of the conditions in your rules.
• Amazon CloudWatch Event Rules - a fully-managed service for detecting events and triggering targets that can remediate noncompliant resources.

Examples

All of the examples in this course are automated via AWS CloudFormation. AWS CodePipeline is the service used for continuous delivery of compliance checks in this course. All of the examples are available from a GitHub repository that will be referenced throughout this course: https://github.com/PaulDuvall/aws-compliance-workshop/.

Fees

If you launch all of the sample solutions and then terminate the resources after one day, you will spend less than $2 on AWS fees for the use of the AWS services. While the course predominantly uses AWS tools, there will be some third-party integrations and open-source tools incorporated into the examples. You can fork the GitHub repository to make your own changes.

Lessons

In Lesson 1, Automating AWS Resources, you will learn about automation and Continuous Delivery on AWS using CloudFormation and CodePipeline.

In Lesson 2, Preventive Controls, you will learn how to run static analysis tools to prevent problems from occurring.

In Lesson 3, Detective Controls, you will learn how to run detective compliance checks using AWS Config Rules.

In Lesson 4, More Detective Controls, you will learn about more advanced detective compliance checks on AWS using Custom Config Rules and CloudWatch Event Rules.

In Lesson 5, Automated Remediation, you will learn how to automatically fix noncompliant resources.

In Lesson 6, Continuous Compliance, you will put together an end-to-end Continuous Compliance solution on AWS.

How to reach me

The best way to reach me is @paulduvall.