Bootstrapping a secure AWS environment? Terraform to the rescue! by David Melamed

It's been 20 years since EC2 landed, and we've learned quite a bit about managing cloud operations at scale over these years. One area that remains a real pain point is securing AWS environments (a lot of moving parts and controls to think about), this is particularly acute in the world of fast-paced engineering today.

This talk will give an overview of how to secure AWS architecture through code, leveraging Terraform for automation. This will take a look at good security practices for managing your AWS organization - from the dedicated accounts per user, switching roles for additional access, enforcing MFA, segregation of different account types - dev vs. staging vs. prod, as well as SCP policies. In addition we will review best practices for working locally and deploying code changes to your SCM (with a Github example) without compromising your AWS keypairs, and all this with an everything-as-code approach built with Terraform.