Securely deploying Infrastructure as Code
We routinely scan our code for vulnerabilities, but what about our infrastructure? Our infrastructure as code can have as many secrets as our codebase. Many organizations are using Terraform with automated pipelines like GitHub Actions. How do we automatically scan our Terraform modules for misconfiguration or secrets? How can we configure Terraform to store state securely in the cloud for each environment?
During this session we will examine how to leverage open source tools to:
Scan for security and configuration issues using tools like tfsec, terrascan, and checkov
Securely configure Terraform backends like AzureRM
Securely pass variables and input into Terraform
Securely deploy Terraform to clouds like Azure
After this session you will have the tools and examples to securely deploy terraform to the cloud.
Senior Customer Engineer @ Microsoft
Tampa, Florida, United StatesView Speaker Profile