Infrastructure as Code
Empowering different teams to iteratively improve upon infrastructure through code means security can be embedded in decision making through automation leveraging static code analysis tools. There are many options when it comes to Infrastructure as Code such as CloudFormation, Terraform, Pulumi, Terraform SDK, Heat, etc. There are also similarly as many tools to perform security static code analysis on the infrastructure it will create prior to applying. Leveraging these tools can empower the engineers who create them to ensure their work is resilient, efficient, and most importantly secure. These often catch mistakes before they happen so implementing these can help shift left.
Infrastructure as Code(IaC) enables teams to iteratively improve upon infrastructure, collaborate with multiple engineers, avoids repeating yourself(DRY), and allows controls to be put in place to adhere to the organizations standards. Newcomers to the cloud will often wonder why should they spend more time and effort on creating infrastructure as code when they can instead click a button. The reason is always maintainability. When that individual leaves all of their work leaves with them and no iterative improvements can be made on top of that work. While one engineer can do outstanding work, a team can make the company thrive.
Success of Others
There is nothing more satisfying then creating re-usable code within Infrastructure as Code that allows others to build off of your successes. As you build them out, you create reusable components you can lift and shift to any scenario that needs it. Saving hours of time and effort.
It is common practice within many fields to build upon the success of existing ideas and concepts. In which engineers will often take examples from others and hopefully repeat the same triumphs that engineer made. Allowing your infrastructure to be created in a repository means individuals can mimic work that has already been done with success and empowers them to mimic quality work that has already been performed. Having examples in your repository is a great way for individuals to get started who work best off of existing examples. Which is your oppurtunity to insert best practices.
There are plenty of options when it comes to Infrastructure as Code and picking one is often dependant on the skills you have within the organization. It is up to you as to which technology you wish to adopt. There are also advantages and disadvantages to each approach, so be sure to pick wisely.
- AWS CloudFormation
- CDK for Terraform
- Azure Resource Manager
- Google Cloud Deployment Manager
Helpful tools that assist you in managing infrastructure as code, keeping it DRY(Don’t Repeat Yourself), and deploying.
A list of tooling that goes into how to scan your infrastructure as code for security misconfigurations.