03 BEGINNER

Risk register automation

Terraform + Lambda auto-generating risk registers from IaC with NIST 800-53 control mapping.

Overview

Infrastructure-as-Code approach to risk management. Parses Terraform plan output to identify security gaps, scores them by impact and likelihood, maps findings to NIST 800-53 controls, and persists a structured risk register to DynamoDB.

Implementation

The Lambda triggers on terraform plan JSON uploads to S3, extracts resource configurations, runs a rules engine to identify risk patterns, maps each finding to one or more NIST controls (including baselines), stores records in DynamoDB, and generates formatted weekly risk reports.

Terminal output

risk-register-automation.py

Parsing terraform.plan.json Resources: 142 total Analyzed: 142 Risks identified: 8 ├─ CRITICAL 1 (SC-28: EBS unencrypted) ├─ HIGH 3 (AC-3, AU-12, IA-5) └─ MEDIUM 4 (various) → DynamoDB updated: 8 records → Weekly report queued ✓ Register current as of 2025-04-16

Stack

TerraformPythonDynamoDBNIST 800-53

Source code

Full implementation, tests, and documentation available on GitHub.

View on GitHub ↗