AWS Security Controls

Developing cloud-native preventative and auto-remediating guardrails for a multi-org/multi-account deployment backed by a customized AWS Landing Zones architecture. Controls run in Lambda, written in Python3.

Project Details

This is using the CWE/Lambda pattern, forwarding to an SQS Queue which notifies the relevant parties of specific alerts. Many of the guardrails additionally have an auto-remediation function as well, leveraging cross-account roles to ensure a safe landing and secure cloud operating environment. This is fully cloud-native, including the use of:

  • CloudWatch Events, Lambda, SQS (basic guardrail structure)
  • Landing Zones (Cross-Acct-Role & guardrail deployment)
  • CodeCommit, CodePipeline, CodeBuild (CI/CD)

CI/CD Testing

It’s imperative to uphold rigorous coding standards - especially for your security controls. We take this to heart, so some of the testing in place includes:

  • Linting (PyLint, Flake8)
  • Unit Testing (PyTest)
  • Code Coverage (
  • Functional/Behavior Testing (Behave)
  • Monitoring & daily efficacy testing (custom in-house tooling)