Session

Securely deploying Infrastructure as Code

We routinely scan our code for vulnerabilities, but what about our infrastructure? Our infrastructure as code can have as many secrets as our codebase. Many organizations are using Terraform with automated pipelines like GitHub Actions. How do we automatically scan our Terraform modules for misconfiguration or secrets? How can we configure Terraform to store state securely in the cloud for each environment?

During this session we will examine how to leverage open source tools to:
Scan for security and configuration issues using tools like tfsec, terrascan, and checkov
Securely configure Terraform backends like AzureRM
Securely pass variables and input into Terraform
Securely deploy Terraform to clouds like Azure

After this session you will have the tools and examples to securely deploy terraform to the cloud.

Chris Ayers

Senior SRE @ Microsoft

Tampa, Florida, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top