This is a multipart series we are putting together to walk through automation of DevSecOps for mobile solutions. We are going to focus on iOS, but much of this is applicable to Android as well. Our goal is to leverage GitLab as the CI/CD engine and other services like AWS Device Farm, SonarQube, and NowSecure for testing. Finally, the app should pre-stage by self publishing to Apple's App Store for TestFlight publishing.

We want to see our CI/CD pipeline, at a minimum look like this:

For as many mobile solutions that exist out there, the write ups and documentation that exists to automate testing, specifically UI testing is substandard to say the least. This post will lay out some of the techniques we leverage to automate the testing of mobile apps (iOS specifically) to perform fully automated UI testing.

iOS Testing in AWS Device Farm

We leverage AWS Device Farm to implement testing—the capabilities of Device Farm are fantastic, the difficult bit is the practical application of documentation.

Again, everyone talks about automated testing, but who is actually doing it?

We'll dive into AWS Device Farm later.

Recap: True to its theme, Wednesday’s webinar adapted to the current socially distant climate and felt more like a digital fireside chat. ATARC led a discussion about how to sell your digital transformation vision with a well-rounded panel of women ranging from small business innovators, to retired two-star Air Force Generals. Find out what we learned, and some common themes.

Start with the “why”

Why do we need change? What is the problem we are solving, and who is it being solved for? What does change look and feel like to you? Clear and succinct communication is not only necessary for executive leaders, but also necessary for others to be champions for your vision.

Collaboration makes the “how” possible

How do I get the people who are ready for change on my side? How do I get the people ambivalent to change to sway to my side? How do I get the people uber resistant to change on my side?

This technical article will walk through a CloudFormation template that will create a Step Function that creates AWS GovCloud accounts with AWS Organizations and automatically links them. Our end goal is to simply submit a JSON package like this:

{
  "email": "some-email@example.com",
  "name": "The Account Name"
}

And generate the AWS Organization and link them. This is a rather manual process if you do it by hand.

This CloudFormation template provides two main components:

1. A configured S3 bucket and KMS key that enable child AWS Organizations to pull from the bucket
2. A Step Function that automatically creates and links AWS organizations

This script is intended for creating AWS GovCloud accounts, but can be modified for creating standard AWS accounts. Note, this will create the requisite commercial AWS accounts that GovCloud accounts are tied to.

We have included this notice because this CloudFormation template is deployed into the root AWS GovCloud account you own.

The files can be found here (https://cdn.monkton.io/share/mcm-creator-1.0.zip)

This technical article will break down how to automatically configure a custom build of NGINX (using Alpine Linux) that runs in Fargate.

Why? Well, we want to enable encrypted data in transit through the stack of the AWS Fargate solution we are deploying. Our entry point is an AWS Application Load Balancer accepting traffic on port 443 for TLS communication. We have an ACM certificate stored in our Account that we have referenced and use to configure that.

From there, we have a Task running in a Service/Cluster within Fargate. This task is a RESTful Web Service. Our desire is not to configure that task to process TLS itself, due to unnecessary changes to the Containers.

So, what we will do is leverage NGINX as a reverse proxy and use S3 to automatically configure NGINX on the fly as the Container is launched! We accomplish this by extending the NGINX Alpine Linux container, adding a script to download the configuration from S3 upon launch, and voila done.

Upon entering a grocery store, the general public is typically not pondering whether they feel protected by the safety, efficacy, and security of the food supply presented to them, but that is in fact what the FDA is responsible for. When it comes to meat, labels now inform us of how the animal was fed, the conditions they were raised in, and a myriad of other miscellaneous facts that manufacturers capitalize on in order to gain consumer loyalty. However, when dealing specifically with field-based meat inspectors, how data is generated is never a thought – not even an afterthought. 

Having so many nuanced compliance regulations within agriculture, mobility means always knowing what is necessary to complete inspections. USDA inspectors are the prime example of hurry up and wait—whether it be improper paper documentation, waiting for a form sign off, or lag time in getting meat over the border because of regulatory laws, inspectors need mobile apps to simply know how to do their job. Mobile solutions provide clarity on when, where, and how meat inspections can occur safely and securely, while still getting the product to its end destination in a timely manner.

There are people who fly planes, and those who don’t. The non-pilot folk likely assume that any given pilot has the ability to simply show up for work, ready and able to fly on a moment’s notice. While that notion isn’t entirely false, the simplicity of tinkering with a few levers and checking the weather before takeoff is a made-up narrative generally regarded as false.

The truth of the matter is that an Air Force pilot quite literally steps into a time machine when she or he enters an aircraft. Imagine for a second you’re a pilot. You’ve got your clean and pressed flight suit on; possibly a new pair of aviator sunglasses to block out the harsh rays; the ascent up the airstairs toward the entrance of the aircraft has been made where the wind is blowing just right to, wait for it…blow away over 100 pounds of your paper-based aeronautical and flight regulation charts to the ground below. Not exactly the Top Gun moment you envisioned.

When disaster strikes, the most precious resource is time–time to assemble, act, and mobilize with skillful efficiency. Speed is imperative to improve everything from field reporting, data collection, and damage assessments. With weather and climate changes in constant fluctuation, organizations must be prepared to handle a diverse array of potential disasters. Fire drills are introduced in elementary school, but what about explosions, chemical spills, hurricanes, floods, and extreme weather­–what’s the plan then?

It’s generous to assume that employers are even 50% equipped to handle catastrophic events like earthquakes, tornadoes, hurricanes, and even snow or ice storms. Most companies have disaster preparedness plans, but when disaster strikes who is going to remember to open the locked drawer with the stuffed filing cabinet full of outdated, paper-based manuals/posters/flip books/building diagrams etc. Trick question–no one!

As a result of paper-based inefficiencies, there is often a lack of resources and preparedness to understand or much less handle what to do when disaster strikes. Beyond taking steps to empower employees to be better prepared for how to respond to disasters, it is incumbent that organizations like FEMA and The Red Cross are readily equipped with the resources and technology to respond with agile authority.

Everyday millions of people make appointments to see their doctor or nurse for miscellaneous reasons. Sometimes it may be an emergency and other times it may be a routine checkup, but how often do we consider what the scheduling and charting process looks like for them? Do they suffer from aches and pains due to the behind the scenes patient charting, prescription filling, emails, office tasks, etc.? In a word—YES.

Pre Covid-19, the shift towards online and app-based appointment booking was already happening, but now it is paramount as in-person staff is reduced and access is granted towards those regarded as essential. Many would argue they do not receive enough face to face time with their healthcare provider, and with staffing down that situation is not about to change. The question now becomes if improvements are being made toward the patient experience, why can't the same be true for those truly essential doctors and nurses? If we've said it once, we've said it 101 times—Getting data to the point of use, to either consume or generate is the power of secure mobility.

Modern enterprise understands both the business and economic advantage to happier employees. Where digitally defiant organizations may have placed all the focus on external growth, a bulletproof business strategy is one centered around secure mobility as a tool to increase employee satisfaction and productivity in an effort to achieve long-term goals.

K-I-S-S, as in the clever acronym for “keep it simple stupid”, (not the classic rock band) is never more relevant than when it comes to mobile technology. Think of the user interface (UI) on a mobile device as exposure therapy – the more you expose primary functions to users, the more engagement and overall usage. In an effort to reduce user confusion and achieve rapid results, obvious UI is often the best UI.