Enterprises invested in AWS have a few options to get their QA jobs done. They can turn to native AWS testing tools,...
as well as the AWS Marketplace to find an arsenal of third-party tools that integrate with their cloud workloads. In practice, users should incorporate a combination of these testing tools to evaluate their applications and workloads for security, configuration, performance standards and more.
Automated AWS testing tools
Automation is a central tenant of modern security practices. For example, AWS users can automate security tests with Amazon Inspector, which provides automated security assessments along with recommendations on how to reduce vulnerabilities. This is the simplest way enterprises on AWS can incorporate automated AWS tools for testing
For more advanced security automation, developers can automate code testing by combining CodePipline with CodeBuild and the Git-based source code repository CodeCommit. AWS users can also automate configuration testing with AWS Config managed rules.
In addition to incorporating AWS automation testing tools, AWS users should create a test automation strategy to get the most out of their testing practices.
Third-party QA tools
The AWS Marketplace lists more than 100 diverse QA tools for various AWS test cases and scenarios. Some tools are free of charge, while others are priced per-hour, per-month or per-test. These tools include options such as TestLink, a QA test management tool that provides continuous monitoring for vulnerabilities and security threats. StormRunner Load on AWS is another example. It's a load testing tool that uses machine learning to evaluate applications for unusual behavior and provides real-time analytics. There are also a number of tools for performance testing, AppLoader for example, as well as tools such as SAINT for penetration testing.
Independent, third-party testing providers also provide testing as a service on cloud resources. LoadStorm, Ravello Systems, Neustar and SOSTA are few examples. These QA tools are typically offered on pay-as-you-go models that charge by the hour, network bandwidth or other measures. This means there is no setup cost or software licensing fees. Engineering support is usually available for an additional fee.
A testing provider might spawn hundreds or thousands of servers from different AWS availability zones to stress-test a client's web application. The test provider then collects data and generates reporting that the developers can use to prepare changes and fixes for another version. This allows developers to focus on software development and improvements, instead of test and implementation.
Some third-party QA tools offer a do-it-yourself platform. For example, LoadStorm supports cloud-based load testing for web and mobile apps. To use it, a developer creates browser recording files as HTTP Archive -- .har files -- uploads them to LoadStorm, assigns parameters and then uses the software to test the application. Another third-party tool, Neustar -- formerly BrowserMob -- lets developers test website traffic capacity and locate potential bottlenecks before an app launches.
In some cases, prefabricated test scenarios and automated scripting don't apply the same stresses or mistakes to a software release candidate as real-world use does. Using an on-demand workforce like Amazon Mechanical Turk enables enterprises to create test scenarios, analyze test results or logs, look for broken links, offer feedback on design or performance and create real human interaction with the software -- a process Mechanical Turk calls "human intelligence tasks."
Dig Deeper on AWS tools for development
Related Q&A from Stephen J. Bigelow
Don't neglect form factor as part of your data center server selection. Instead, figure out what type of environment you need and learn which server ... Continue Reading
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore the different services available from AWS,... Continue Reading
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading