How to Scale End-to-End Observability in AWS Environments

Bridgecrew Latest Open Source Contribution: Iac Tool, Yor.

Yor is an open source automated infrastructure-as-code tagging and tracing tool aimed at fixing cloud tagging complications

June 10, 2021, 6:50 p.m.

TL;DR

On May 27, 2021, Palo Alto Networks announced the release of an open source framework that negates the manual strain behind tagging cloud resources.

Tagging simplifies tasks, encourages cost allocation, risk management, and automation.

Key Facts

1
Enterprises may leverage Yor to allocate ownership and relevant tags.
2
Yor automatically provides developer IaC tags for framework templates with tracing details.
3
Yor is basically a stage in CI/CD pipelines.
4
Yor encourages automated simplicity in tracing misconfigurations to the developer behind it.

Details

In the face of high scale breakdown in a security operations center, from scanning through a wide field of logs and charts and securing Shell Protocol, tracking the fault to the relevant teams responsible for the code disrupting the system. DevOps have a lot to do and less time to do them. They end up navigating a labyrinth-natured field to find out the developer behind the misconfiguration with alarms endlessly blaring.

Many enterprises have been in this kind of situation, and similar ones. There have been whispers and emphasis in DevSecOps communities on ways to optimize search in configurations and fewer answers to follow them up; these answers are not all-mighty.

Enterprises often employ cloud tagging to allocate cloud resources to responsible owners, not necessarily primarily for breakdown troubleshooting but also in the cases of code improvement and rewriting. Tagging simplifies tasks, encourages cost allocation, risk management, and automation.

Image courtesy: www.paloaltonetworks.com

However, this forehand solution to that impending problem is not in any way easy. It not only requires hands-on practice and a lot of work but is also limited to resource owners in broad strokes. GitOps teams using infrastructure as code must make changes with IaC tags. Tracing a misconfiguration caused by a cloud resource to a line of code is no small feat. Without proper tags, peering through pull requests and finding the responsible person that wrote the code is bothersome.

Say no more, says cloud security firm Palo Alto Networks, through their mission-oriented addition, Bridgecrew. It is actually the first exhibition by Bridgecrew and Palo Alto since their merging and should be the talk of the security section of the open source communities.

Yor can comfortably fit into developer workflows, Yor can be integrated into a system's continuous integrations and continuous delivery pipelines. It provides allocation and tracing competencies in CloudFormation, Terraform, and Serverless templates by creating IaC tags automatically on activation.

Image courtesy: https://yor.io/

It is a tool SecOps would more than fancy; they would revere automation capable of taking on the work of tracing a misconfiguration back to the developer that orchestrated the code, tracking change management, and of course, intercloud resources tracing. This aids in determining the main cause of a runtime misconfiguration and makes detecting friction between code configuration and running resources more reliable.

Bridgecrew, the crew behind this magnificence, has an outstanding history in Infrastructure as code enhancements

Bridgecrew built Yor, the team behind the popular open source IaC scanner Checkov, downloaded over 2 million times by developers. Palo Alto Networks acquired Bridgecrew in March 2021, and together they continue to invest in new and existing open source projects.