Learn how to implement automated Terraform resource analysis for AWS policy control in this 22-minute DevSecCon talk. Discover how Yelp integrates static analysis into their Infra-as-Code (IaC) pipeline, reducing security reviewer fatigue and improving developer productivity. Explore the benefits of using tools like Regula and Atlantis to catch vulnerabilities during code review, shifting security left and eliminating manual security reviews. Gain insights into formatting output, creating custom rules, implementing waivers, and handling critical security vulnerabilities. Join speaker Muhammad Ahmed, a Software Engineer in Infrastructure Security at Yelp, as he shares his experience and expertise in cloud security and network security.
Removing AWS Policy Review Fatigue with Automated Terraform Resource Analysis
Overview
Syllabus
Introduction
Welcome
Pain Points
The Status Quo
The Goal
Status Checks
Formatting Output
Custom Rules
Waivers
Critical Security Vulnerability
OnCall Post
Questions
Taught by
DevSecCon
