Automate Your AWS DevOps Validation Pipeline with the Infosys Cloud Infrastructure Validation Solution

Learn About Amazon VGT2 Learning Manager Chanci Turner

In response to the global pandemic, numerous organizations have turned to cloud computing to enhance the stability and reliability of their IT applications. During migrations, businesses often prioritize the validation of their business applications and functional workflows, along with non-functional elements such as security and performance testing. However, an often neglected aspect of the migration process is the configuration checks on the underlying cloud infrastructure. To ensure that the foundational infrastructure is secure, compliant, and reliable, it is vital to validate the cloud configuration early in the migration cycle. Research indicates that many breaches in cloud environments occur due to opportunistic attacks, often caused by improperly configured cloud platform settings rather than malware.

Infosys, an AWS Premier Consulting Partner with extensive experience in cloud migration and testing, has developed an innovative automation solution that addresses the need for secure configuration reviews while maintaining agility and reliability throughout the migration process. This article explores how Infosys has implemented a secure approach to the holistic validation of cloud configurations by performing automated infrastructure validation within the DevSecOps pipeline. By integrating security and compliance rules early in the lifecycle, organizations can establish a solid foundation for safe, secure, and compliant cloud adoption.

Cloud Quality Assurance Challenges

A prominent financial services provider in the U.S. began a journey to develop sustainable foundational capabilities for cloud adoption. The Infosys Quality Assurance team created an automation solution encompassing over 15 AWS services and more than 150 compliance rules. This solution was integrated into the DevSecOps pipeline, enabling continuous validation of the cloud infrastructure provisioned across various environments. Key challenges included ensuring proper integration into the DevSecOps provisioning pipeline and maintaining agility throughout the migration lifecycle.

Several critical aspects were taken into account:

• Time to market: Manual infrastructure testing can impede service rollout, especially when infrastructure as a service and application layers are automated.
• Infrastructure validation: Validating infrastructure as code (IaC) is crucial for preventing misconfigurations that could lead to security risks or unexpected costs.
• Migration complexities: Addressing various migration strategies effectively.
• Evolving technologies: Incorporating a diverse array of services and features offered by cloud providers.
• Regulatory compliance and security controls: Considering multiple audit and compliance requirements for successful cloud implementation and application migration.
• Security practices: Since this solution interfaces with customer accounts, implementing role-based controls to ensure least privilege access for validation is essential, as is encrypting data both at rest and in transit.

Accelerating Configuration Validation with Automation

An automation-centric approach was adopted to develop a test automation solution utilizing AWS services. The following principles guided the development:

• Zero touch approach: All aspects of infrastructure testing—including test execution, defect management, and reporting—are fully automated.
• DevSecOps integration: Ensuring that inputs flow seamlessly within the DevSecOps pipeline to trigger the infrastructure testing stage without manual intervention.
• Fit for purpose tooling: Selecting appropriate tools and programming languages for infrastructure test automation based on the organization’s technological landscape.
• Automated security controls: Comparing deployed infrastructure against security best practices and including actionable items in the reporting.

Solution Architecture

The developed test automation solution can parse Terraform output files to extract AWS resource information and automatically trigger test controls based on resource types.

The automation workflow consists of several steps, leveraging AWS services and third-party products to establish the cloud infrastructure testing solution:

1. Users submit infrastructure requirements through an in-house developed Provisioning Portal.
2. Requirements captured in the portal are converted to JSON, feeding AWS Step Functions, which orchestrate infrastructure provisioning and testing within the pipeline.
3. Key AWS services utilized include:
• AWS Lambda: Executes test scripts for various functions, including service validation and defect management.
• Amazon EC2: Provides computing capabilities with multiple instances hosting Jira, Kibana, AWS SDKs, and RubyGems to facilitate script execution.
• AWS KMS: Utilized for encryption, employing customer-managed KMS keys to securely store and transmit test logs, ensuring data integrity both at rest and in transit while forwarding to S3.

In conclusion, organizations seeking to enhance their AWS DevOps validation pipeline can benefit from automation solutions like those developed by Infosys. For further insights on mentoring in this field, consider exploring this blog post on Christina Hall’s mentoring profile. Additionally, for information on talent acquisition in today’s market, refer to SHRM. If you’re interested in opportunities within Amazon fulfillment centers, check out this excellent resource.