Infrastructure as Code (IaC) brings tremendous benefits to modern cloud management. From Docker to Terraform, AWS CloudFormation, Kubernetes, or Azure, several SKDs and file formats allow our applications to be built, deployed, and run in complex Cloud systems.

But it’s easy to introduce errors with misconfigurations and security lapses if you’re not careful.

In this talk, we’ll tackle some of the most common pitfalls in IaC and show you how to steer clear of them. We’ll look at typical issues like insecure settings, hardcoded credentials, and inefficient resource use—and dive into practical fixes for each. Using real-world examples, we’ll break down why these mistakes happen and how you can correct them with straightforward best practices.

We’ll also cover some handy tools that can secure and improve your IaC process, from automated code quality checks to security scans that fit right into your CI/CD pipeline. By the end, you’ll have a solid grasp of how to make your infrastructure code more reliable and secure, along with the tools to keep it that way.

This session is perfect for developers and DevOps professionals looking to improve their skills. It will help you refine your IaC approach and avoid common traps.