All news with #pipeline security tag

⏸️ Amazon Elastic Container Service (Amazon ECS) now supports configurable pause points in service deployments, allowing operators to halt progression at critical stages for manual approvals, tests, or operational checks. ECS emits Amazon EventBridge events at pause points and provides the ContinueServiceDeployment API to resume or rollback. Pause hooks support timeouts up to 14 days and configurable timeout actions. The feature integrates with native deployment strategies and is available across commercial and GovCloud Regions.

🔒 This guide consolidates practical recommendations for securing AWS CodeBuild CI/CD pipelines, emphasizing webhook configuration, trust boundaries, and least-privilege access. It warns against automatic pull request builds from untrusted contributors and prescribes push-based, branch-based, and contributor-filtered webhook patterns, plus staged rollout using Infrastructure as Code. Additional safeguards include scoped GitHub tokens, per-build IAM roles, isolated build environments, CloudTrail logging, and manual approval gates for sensitive deployments.