Continuous Compliance and Automated Incident Response with AWS CodePipeline and AWS Config

30 minutes
  • 5 Learning Objectives

About this Hands-on Lab

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. In this hands-on lab, we will leverage AWS Config to monitor resources deployed from our AWS CodePipeline to ensure they meet our company’s compliance standards. If AWS Config finds any violations, it will notify us by email through Amazon Simple Notification Service.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create an AWS Config Rule
  1. Navigate to AWS Config.
  2. Create an AWS Config rule.
  3. Select the s3-bucket-server-side-encryption-enable rule.
Create an AWS Simple Notification Service Subscription
  1. Navigate to Simple Notification Service.
  2. Create a subscription to existing topic.
  3. Confirm subscription.
Create an AWS IAM Role
  1. Navigate to Identity and Access Management.
  2. Create an IAM role.
  3. Select AWS CloudFormation.
  4. Choose permissions.
  5. Name role.
Create an AWS CodeCommit Repository
  1. Navigate to CodeCommit.
  2. Create an AWS CodeCommit repository.
  3. In a terminal session, run the command git clone to clone the repo to your local workstation or laptop.
  4. Upload s3.json to AWS CodeCommit repository and commit changes.
Create an AWS CodePipeline
  1. Navigate to CodePipeline.
  2. Create a pipeline.
  3. Name the pipeline.
  4. Select the AWS CodeCommit repository you previously created.
  5. Skip Build.
  6. Select AWS CloudFormation for deployment type.
  7. Create or update stack.
  8. Name the stack.
  9. Enter the service role name you previously created.

Additional Resources

Your company has experienced a series of security breaches due to human error with improperly provisioning resources. One of the main issues is resources being provisioned without being properly encrypted. In this lab, we will be implementing Continuous Compliance by monitoring for unencrypted S3 buckets provisioned with AWS CodePipeline and CloudFormation.

Log in to the live AWS environment using the credentials provided.

Make sure you're in the N. Virginia (us-east-1) region throughout the lab.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?