Compliance At Scale: Hardened Terraform Modules at Morgan Stanley

preview_player
Показать описание
Morgan Stanley has been implementing secure Terraform modules that enforce our cloud security controls by default. The end goal is to allow free development of CSP accounts and resources using these modules without requiring additional security review.

This is achieved by defining secure defaults for the various Terraform resources, preventing freeform creation of resource and identity-based policies, and deriving values from the Terraform or CSP environment instead of allowing user input.

Our enforcement process is Sentinel-based including rules that block direct creation of Terraform resources, limiting users to the secure modules in our PMR.

Additional code samples and context sent to our account rep, Dmitry Ostrovsky.

Speakers: Brett Tegart and Itay Cohai

#InfrastructureAsCode #Terraform #AWS

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, Nomad, Boundary, and Waypoint allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices.

Twitter: @hashicorp
  1. HashiCorp
  2. HashiCorp
  3. Infrastructure as Code
  4. Terraform
  5. Module Versioning
  6. AWS
Рекомендации по теме
Compliance At Scale: 0:28:47

Compliance At Scale: Hardened Terraform Modules at Morgan Stanley

How Terraform and 0:25:30

How Terraform and Behavior-Driven Development Help Shift Security Left

Automating FedRAMP Security 0:25:50

Automating FedRAMP Security Compliance with Terraform

Patterns to Scale 0:05:06

Patterns to Scale Infrastructure with Terraform

Terraform Practices to 0:30:21

Terraform Practices to Enable Infrastructure Scaling

Key Considerations for 0:51:59

Key Considerations for Getting HashiCorp Terraform into Production

Scaling your adoption 0:49:42

Scaling your adoption of AWS with HashiCorp Terraform

VC's on Line 0:38:58

VC's on Line 1 - Scaling under pressure with Terraform, Packer, and Chef

Terraform at scale: 0:59:35

Terraform at scale: lessons from looking at 100s of IaC setups • Sören Martius

HashiCorp Terraform at 0:57:17

HashiCorp Terraform at Scale with CDW Digital Velocity

Terraform at scale 0:52:27

Terraform at scale

Detective Control Part 0:27:24

Detective Control Part 2 - AWS CloudTrail [Terraform]

6.2 Learn Terraform 0:08:09

6.2 Learn Terraform - The Production Grade Infrastructure Checklist

Lessons from 300k+ 0:47:36

Lessons from 300k+ Lines of Infrastructure Code

Terraform's Best Practices 0:16:20

Terraform's Best Practices and Pitfalls

Webinar: Codifying your 0:53:57

Webinar: Codifying your cloud security at scale with Terraform and Bridgecrew

Behavior Driven Development 0:23:48

Behavior Driven Development Helps Shift Security Left

Scale Your Security 0:02:53

Scale Your Security and Compliance with Hyperproof

Mastering Cloud Security: 0:09:36

Mastering Cloud Security: Terraform Integration | Karthik Jataprole | Conf42 Quantum Computing 2024

Terraform & Chef: 0:39:59

Terraform & Chef: Better Together (ChefConf Online, June 2020)

BSidesNYC 2023 - 0:49:30

BSidesNYC 2023 - Infrastructure as RCE: How to abuse Terraform to elevate access - Mike McCabe

How to Scale 1:00:52

How to Scale Governance, Compliance and Security through GitHub Actions

Automating Security Compliance 0:31:46

Automating Security Compliance at Scale - Ravi Devineni & Michael Pereia, Northwestern Mutual

Managing Terraform Enterprise 0:25:11

Managing Terraform Enterprise With 2000+ Workspaces at Discover Financial