03
BEGINNER
Risk register automation
Terraform + Lambda auto-generating risk registers from IaC with NIST 800-53 control mapping.
Overview
Infrastructure-as-Code approach to risk management. Parses Terraform plan output to identify security gaps, scores them by impact and likelihood, maps findings to NIST 800-53 controls, and persists a structured risk register to DynamoDB.
Implementation
The Lambda triggers on terraform plan JSON uploads to S3, extracts resource configurations, runs a rules engine to identify risk patterns, maps each finding to one or more NIST controls (including baselines), stores records in DynamoDB, and generates formatted weekly risk reports.
Terminal output
Parsing terraform.plan.json
Resources: 142 total
Analyzed: 142
Risks identified: 8
├─ CRITICAL 1 (SC-28: EBS unencrypted)
├─ HIGH 3 (AC-3, AU-12, IA-5)
└─ MEDIUM 4 (various)
→ DynamoDB updated: 8 records
→ Weekly report queued
✓ Register current as of 2025-04-16
Stack
TerraformPythonDynamoDBNIST 800-53
Source code
Source repository in the works — check back soon.