Anton Babenko
AWS Hero / Terraform influencer / compliance.tf
Oslo, Norway
Actions
Anton is an AWS Community Hero and helps companies around the globe build solutions using AWS, specializing in infrastructure-as-code, DevOps, and reusable infrastructure components.
He spends much of his time as an open-source contributor on various Terraform and AWS projects: Terraform AWS modules (downloaded more than 2 billion times), the Terraform best practices ebook (www.terraform-best-practices.com), serverless with Terraform (serverless.tf), Terraform Weekly (weekly.tf), and Your Weekly Dose of Terraform (http://bit.ly/terraform-youtube). He runs compliance.tf, which delivers compliance-ready Terraform AWS modules, and maintains terraform-skill (1.8K stars on GitHub), an open agent skill for writing and reviewing Terraform safely.
Links
Badges
Area of Expertise
Topics
Implementing Compliance in AWS with Terraform: Practical Steps That Work
Implementing compliance doesn't have to be treated like voodoo magic (though some vendors want you to think it is). As the creator of the popular open-source Terraform AWS modules, which have been provisioned several billion times worldwide, and the newer compliance.tf project, I've spent years helping teams make their AWS infrastructure secure and compliant without burning out.
In this talk, I'll walk through practical, hands-on ways to approach compliance in modern cloud environments using Terraform. I'll show you how to evaluate your compliance readiness for frameworks like SOC 2, ISO 27001, GDPR, and HIPAA using a mix of cloud-native services and open-source tools, such as Prowler, SteamPipe, and Checkov. Then I'll demonstrate how to write Terraform code to meet those required controls, implement compliance-as-code as part of your CI/CD pipelines, and prevent compliance drift over time, so your infrastructure stays secure as it evolves.
This talk is packed with real-world examples, so if you're responsible for building or maintaining infrastructure and want to get compliance right from the start (or finally address what's already there), this session is for you.
Attendees will leave with actionable techniques, open-source tools, and reusable code to implement compliance from day one or to address gaps in their existing infrastructure. Whether you’re new to compliance or have gone through it before, this talk delivers real solutions you can use right away.
Doing serverless on AWS with Terraform for real
More and more companies are adopting serverless technologies as the community is defining the best practices, tools, and patterns.
Companies using Terraform as their infrastructure as a code tool are often required to reinvent the wheel when they work with serverless.
In the talk, I will explain why managing serverless applications with Terraform is a good idea and how https://serverless.tf open-source project has started as an organic response to the accidental complexity of many existing tools used by serverless developers.
I will demo a complete serverless application (including building and deploying it) using Terraform and open-source components.
I had several live streams on my YouTube channel discussing similar things ( https://www.youtube.com/c/AntonBabenkoLive/search?query=serverless ). Also, I had a session at AWS re:invent 2024 - https://youtu.be/fX7c2GGqTWs?si=z7tM2x3I8t8R1lYL&t=1545
No More Forks: Policy Transformation for Terraform at Scale
Every org enforcing Terraform standards eventually hits the same wall: policy tools can flag issues, but they cannot fix module code. The result is a graveyard of forked modules that drift from upstream and turn upgrades into a full-time job. This talk introduces policy transformation: automatically rewriting Terraform modules at download time so teams get compliant code without maintaining forks.
I will demo eight real transformation rules across four categories: lifecycle management (prevent_destroy, ignore tag drift, protect KMS keys), block removal (strip provisioners), attribute restriction (deny GPU or specialty instances), and content sanitization (safe regex cleanups). You will see the before-and-after HCL, plus the safety model that makes this production-ready: deterministic outputs, collision detection, preview diffs, and a four-level risk classification.
You will leave with a practical decision framework for validate vs transform, a DIY toolkit using pre-commit, hclwrite, custom tflint rules, and plan validation, and a simple migration path from module forks to rule-based enforcement. No vendor account required to apply the patterns from this talk.
The Terraform Trust Gap: Engineering the Space Between Prompts and Production
Agents can already write Terraform. That was never the hard part. The hard part is that the context going in is stale and the apply coming out is too easy to hand over, so you get code that looks right, passes your linters, even terraform plan passed, but still it quietly does the wrong thing in production.
This talk runs one module everyone knows, terraform-aws-modules/s3-bucket, through the whole chain live. First I give the agent a real contract instead of a README and watch the hallucinated config disappear. Then I take one of the module's own examples and turn it into a fixture that fails the moment it drifts from the module. Then I let the agent plan changes but not apply them. A human has to approve the plan first, and apply only runs on the approved one. On stage the agent tries to apply by itself and you watch it get blocked.
You leave with three things to do on Monday, every pattern working with open tooling, and an honest feedback of where the chain still breaks. No vendor account, no prompt magic.
Target Audience:
Mid to senior DevOps, platform, SRE, and AI-engineering practitioners who run Terraform daily and have used coding agents on real modules. Best fit for people who have seen an agent make a confident Terraform mistake and are now deciding where agents belong in infrastructure delivery.
Prerequisites:
Comfort with Terraform modules, plan/apply, CI/CD, and basic review workflows. Some exposure to a coding agent (Claude, Cursor, Copilot). No AI or ML background required.
Preferred session duration: 45 minutes + Q&A
One Model Is a Guess. Three That Agree Is a Plan.
The agent-written Terraform failure that costs me a day is never a syntax error. It passes terraform validate, tflint, and the HashiCorp Terraform MCP and is still wrong. One model does not catch that; nothing disagrees with it.
So I make three disagree. `consensus` sends the same artifact to GPT, Gemini, and Claude in fresh independent threads under different reviewer roles. Where they split is the risky part. Claude triages every objection, revises, and loops until all three sign off or reports they did not.
The brief said no public access, everything behind CloudFront with a WAF. The plan did that, and two reviewers signed off - it looks fronted. The third, "Security Reviewer", refused: the execute-api endpoint is still reachable on its own, so the WAF is decorative without a secret header binding CloudFront to the origin. The loop keeps the disagreement. Then an unenforceable IAM control and an S3 Deny that drops CloudFront. Same loop on Python, TS, marketing, and troubleshooting.
Target Audience:
Mid-to-senior DevOps, platform, SRE, and AI-engineering builders who run real infrastructure changes, especially on AWS via Terraform, and have already used coding agents on work that mattered.
Cloud Native Days Austria 2026 Sessionize Event Upcoming
AWS Community Day Hong Kong 2025 Sessionize Event
AWS Community Day Bulgaria 2025 Sessionize Event
AWS Community Day Georgia 2025 User group Sessionize Event
AWS North Community Conference Sessionize Event
AWS Community Day Nordics 2025 Sessionize Event
AWS Community Day DACH 2025 Sessionize Event
AWS Community Day Poland 2025 Sessionize Event
AWS Community Day Adria 2025 Sessionize Event
Malta AWS Community day 2025 Sessionize Event
AWS Community Day Italy 2025 Sessionize Event
AWS re:invent 2024
Accelerate serverless deployments using Terraform with proven patterns (SVS320)
NIC Empower 2024 Sessionize Event
AWS Community Day DACH 2024 Sessionize Event
AWS Community Day - Central Asia Sessionize Event
AWS Community Day Poland 2024 Sessionize Event
HashiTalks 2024 Sessionize Event
AWS Community Day Bulgaria 2023 Sessionize Event
DeveloperWeek CloudX 2023 Sessionize Event
DevOpsDays Tel Aviv 2022 Sessionize Event
2022 All Day DevOps Sessionize Event
NIC X Edition Sessionize Event
DevOpsDays Zurich 2020 Sessionize Event
2020 All Day DevOps Sessionize Event
2019 All Day DevOps Sessionize Event
devopsdays Amsterdam 2019 Sessionize Event
NDC Oslo 2019 Sessionize Event
NDC Oslo 2018 Sessionize Event
Anton Babenko
AWS Hero / Terraform influencer / compliance.tf
Oslo, Norway
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top