AWS re:Invent 2023
Improve Productivity by Shifting More Responsibility to Developers Svs309

Title

AWS re:Invent 2023 - Improve productivity by shifting more responsibility to developers (SVS309)

Summary

  • Speakers: Higgy Park, a specialist SA at AWS focusing on serverless, and Sam Dingler, a senior distinguished engineer at Capital One.
  • Topic: Balancing rapid development with safety and compliance in serverless applications, specifically AWS Lambda.
  • Governance Analogy: Compared to driving a car with safety mechanisms like brakes and guardrails, governance in application deployment ensures safety while maintaining speed.
  • Development Pipeline: Described a typical development pipeline from writing code to deploying Lambda functions in production, emphasizing the importance of safety mechanisms.
  • Tools and Controls: Discussed various AWS tools and controls for governance, including AWS Config, Open Policy Agent (OPA), AWS CloudFormation Guard, and AWS Signer.
  • Runtime Deprecation: Used Python 3.7 runtime deprecation as an example to demonstrate governance controls and the need for updating to newer runtimes.
  • Detective and Proactive Controls: Explained the use of detective controls for monitoring deployed resources and proactive controls to prevent non-compliant resources from being deployed.
  • Code Signing: Highlighted the importance of code signing for ensuring code integrity and trustworthiness.
  • Amazon Inspector: Introduced Amazon Inspector for runtime scanning of Lambda functions to detect vulnerabilities.
  • Centralized Artifact Repository: Suggested using a centralized artifact repository for managing dependencies and ensuring security.
  • Process and People Considerations: Emphasized the need for owner outreach, documentation, training, and incorporating compliance findings into agile workflows.

Insights

  • Governance Importance: Governance is crucial for maintaining a balance between rapid development and ensuring applications are safe and compliant with organizational and regulatory requirements.
  • Tool Integration: The integration of various AWS tools into the development pipeline can help automate governance and compliance checks, reducing the burden on developers and operations teams.
  • Runtime Management: Organizations must actively manage runtime versions to avoid using deprecated or soon-to-be-deprecated runtimes, which can pose security risks and compliance issues.
  • Developer Empowerment: By providing developers with the right tools and processes, organizations can empower them to take more responsibility for the security and compliance of their applications.
  • Continuous Monitoring: Continuous monitoring and scanning of deployed functions are essential for identifying and addressing vulnerabilities in a timely manner.
  • Cost of Non-Compliance: The talk highlighted the potential costs of non-compliance, such as the inability to update functions once a runtime enters phase two deprecation.
  • Feedback Loop: Establishing a feedback loop between platform engineers and developers is important for maintaining governance standards and encouraging best practices.
  • Agile Remediation: Integrating governance and compliance activities into existing agile workflows can help ensure that remediation tasks are prioritized and addressed efficiently alongside feature development.
Improve Outreach with Cost Effective Contact Center Solutions Imp104Improve Resilience of Sap Workloads with Aws Support Sup312