Module 4: Finding AWS Keys
Unfortunately, not all code committed into a source repository will be free of secrets. In this module, as a developer, you will see what security automation can do to help keep confidential information such as AWS keys stay out of source repositories.
-
Release change to start the code building again on the updated pipeline. Oops – the code had some stray AWS credentials in it – but this time we’ve caught them and stopped the build!
-
Remove the credentials.
- Edit resource.json and remove the offending credentials.
- Rezip the “codepipe-AWS-devsecops.zip” (the exact name is important)
- Upload the zip to s3.
- Come back to the DevSecOps pipeline and watch it through the stages again.
Can you use IAM roles instead?