Why is security important in infrastructure as code ?

What Problem Does IaC Solve?

  • Cost of infra
  • Scalability and availability
  • Monitoring and performance visibility

What is an IaC?

Who are provider for IACs ?

  • AWS CloudFormation
  • Azure Resource Manager
  • Google Cloud Deployment Manager
  • Terraform

Keeping infrastructure as code is vulnerable ?

  • Secrets and stuff in CloudFormation
  • Push CF directly instead of going through Git and without versioning
  • Without validating directly push nested config
  • Learning Curve
  • Insecure default configurations-including nearly half of CloudFormation templates.
  • Other forms of misconfiguration include publicly accessible S3 buckets or unencrypted databases.

What steps can be taken to keep secure ?

  • Prevent Hard Coded Secrets From Permeating IaC
  • Reduce The Time And Impacts Of Code Leaks
  • Restrict Access to Environments
  • Prevent IaC Code Tampering
  • Avoid Complexity
  • Alert on Failures

Best practices to keep IAC as secure as possible and scalable.

  • Go native whenever possible
  • But consider multi-cloud
  • Also consider vendor lock-in
  • Terraform
  • Use an Immutable Infrastructure Approach
  • Use Version Control for IaC Files
  • IaC Compliance Regulation
  • Don’t Store Secrets in IaC Definitions
  • IaC can be used to update resources once they are already running. It’s a best practice to scan IaC files automatically and continuously, ensuring that validation occurs whenever an IaC definition is created or updated.

Reference :

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Avinash Dalvi

Avinash Dalvi

115 Followers

Enthusiastic learner, Full Stack Developer, Techno Savvy, Traveller, Out of Box thinker, Agile Lover, Problem Solver, Blogger