Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

TECH DIGITAL RESOURCE LIBRARY
COMPANY DIRECTORY

DevOps Guide to Terraform Security

by Accurics

Feb 01, 2021

Using Terraform, an open source IaC tool developed by Hashicorp, to provision infrastructure provides many benefits to the management and operations of your environment. Its versatility, declarative language, and the productivity gains of using the same Infrastructure as Code (IaC) tooling across multiple cloud providers have made Terraform one of the most popular tools for infrastructure provisioning.

While there are many benefits to using Terraform as part of your infrastructure provisioning workflow, there are also some key security considerations that we will cover in this paper.

In this guide, you will learn:

  • How to security manage Secrets and prevent exposure to unauthorized users
  • Why Secure Collaboration is required to protect sensitive data and handling State correctly
  • Best ways to manage Terraform providers and modules including verification of trusted sources
  • Find inconsistency between code and cloud including how to detect and remediate drift
  • How to leverage Terraform to enforce security best practices
  • Plus, how to use Terraform as part of Threat Modeling

Whitepaper

Accurics


RECOMMENDED RESOURCES
Are Unprotected Cloud Databases Leaking Your Data?
Tightly Control and Manage Access to Applications with Zero Trust
The Anatomy of a Phishing Attack
The State of DevSecOps Report
Sunburst: Impact and Timeline
2020 End of Year Phishing Report
Why Add Security to Your Skill Set and How to Do It
Building the SOC of the Future
Zero Trust Evaluation Guide
Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception
SANS 2021 Cyber Threat Intelligence Survey