Objectives

Design decisions regarding DevSecOps mechanisms are frequently made in isolation, which can lead to downstream challenges for users of the platform and other stakeholders. In traditional user story development, developers must imagine themselves in the users' shoes to determine which features to implement and how to best implement them within the given time frame.

Developers are accustomed to developing features and user stories in a typical two-way-door fashion. However, DevOps and DevSecOps mechanisms have a much higher level of amplification and impact. These mechanisms typically affect the entire organization and often represent one-way doors. When they are designed in a way that doesn't meet the needs of the organization's users, there is resistance to adoption. As a result, the mechanisms might need to be rebuilt eventually, causing significant development delays and a loss of trust.

This guide seeks to alleviate the implementation challenges experienced by users and stakeholders of such mechanisms by providing additional tactical guidance to developers in designing and deploying these features.

After implementing the recommendations in this guide, you should be able to identify correctly the following:

How the mechanism can support various code authorship sources
How the mechanism can support various environment deployment strategies
How to manage the environment deployment state
How to implement appropriate security controls in a way that focuses on usability

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Introduction

Best practices