EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud

Guest:

• Rosemary Wang, Developer Advocate at HashiCorp

 Topics:

• Could you give us a 2 minute picture on what Terraform is, what stages of the cloud lifecycle it is relevant for, and how it intersects with security teams?

• How can Terraform be used for security automation? How should security teams work with DevOps teams to use it?

• What are some of the obvious and not so obvious security challenges of using Terraform?

• How can security best practices be applied to infrastructure instantiated via Terraform?

• What is the relationship between Terraform and policy as code (PaC)?

• How do you get started with all this?

• What do you tell the security teams who want to do cloud security the “old way” and not the cloud-native way?

 Resources:

• Video (LinkedIn, YouTube)

• “EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?”

• Policy as Code with HashiCorp Sentinel or Open Policy Agent (OPA) for Terraform

• “Terraform Cloud adds Vault-backed dynamic credentials” blog

• Google Cloud Provider for Terraform

• Security & Authentication Providers for Terraform

• “Sloth’s Guide to Mindfulness” book