Implementing compliance doesn't have to be treated like voodoo magic (though some vendors want you to think it is). As the creator of the popular open-source Terraform AWS modules, which have been provisioned several billion times worldwide, and the newer compliance modules.tf project, I've spent years helping teams make their AWS infrastructure secure and compliant without burning out.

In this talk, I'll walk through practical, hands-on ways to approach compliance in modern cloud environments using Terraform. I'll show you how to evaluate your compliance readiness for frameworks like CIS, SOC 2, and HIPAA using a mix of cloud-native services and open-source tools, such as Prowler, SteamPipe, and Checkov. Then I'll demonstrate how to write Terraform code to meet those required controls, implement compliance-as-code as part of your CI/CD pipelines, and prevent compliance drift over time, so your infrastructure stays secure as it evolves.

This talk is packed with real-world examples, so if you're responsible for building or maintaining infrastructure and want to get compliance right from the start (or finally address what's already there), this session is for you.

Attendees will leave with actionable techniques, open-source tools, and reusable code to implement compliance from day one or to address gaps in their existing infrastructure. Whether you’re new to compliance or have gone through it before, this talk delivers real solutions you can use right away.