AWS Podcast #720: Hooked on CloudFormation: GoDaddy stays proactive with AWS CloudFormation Hooks
May 12, 2025
James Kelley, a Senior Software Engineer at GoDaddy specializing in cloud governance, shares insights on optimizing cloud security for developers. He reveals how GoDaddy utilizes AWS CloudFormation Hooks to enforce resource governance and automate policy enforcement, ensuring compliance without stifling developer freedom. The discussion covers the strategic integration of AWS tools to enhance governance and streamline workflows, showcasing innovative approaches to balance security with operational efficiency.
AI Snips
Chapters
Transcript
Episode notes
Proactive CloudFormation Governance
- CloudFormation Hooks let you proactively enforce policies before provisioning resources.
- This shifts security left, catching issues early rather than reactively after deployment.
Enforce Rules Across Tools
- Use the integration of Hooks with AWS Cloud Control API to enforce policies across multiple IaC tools.
- This lets you write one rule set for CloudFormation, Terraform, SAM, and others.
GoDaddy's Shift to Managed Hooks
- GoDaddy faced brittle custom solutions with privilege escalations before adopting CloudFormation Hooks.
- Their pivot to the AWS-managed Hooks improved security and simplified governance complexity.