Infrastructure as Code tools allow you to define infrastructure in the cloud by writing code. Rather than deploying or making changes to your infrastructure manually, users can take advantage of the features typically employed in a code development environment. This approach is a significant part of a successful “shift-left” strategy. “Shifting left” is simply the practice of attempting to find and prevent defects earlier in a delivery process, typically in the creation of software. Adopting best practices around things like templates, testing, monitoring, review, and version control allow you to apply these practices to the “code” that defines your infrastructure.
To learn more about the value of IaC in a security context, check our whitepaper Shifting Cloud Security Left with Infrastructure as Code.
Treating infrastructure like code enables organizations to plan, review, and examine infrastructure (resources) for misconfigurations prior to creating these resources. By taking advantage of Infrastructure as Code's ability to describe resources without creating them, DivvyCloud’s IaC Security enables organizations to implement security controls earlier in their continuous integration/continuous delivery (CI/CD) pipeline (shifting left) and provides an opportunity to address compliance and security concerns before deployment or modifications are made to your cloud infrastructure.
DivvyCloud’s IaC allows users to pull in preconfigured infrastructure templates. Templates are analyzed against Insights, with specific feedback about violations, to determine compliance before infrastructure is deployed.
By taking advantage of the extensive library of existing DivvyCloud Insights, users can get started quickly and see immediate value by analyzing resources before deployment using our built-in Insight Packs or customer-created Insight packs.
DivvyCloud’s IaC Security supports a variety of resource types for Terraform 0.12. You can analyze supported resources for each of the three major public cloud service providers (CSPs): Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Terraform - 0.11, 0.12, 0.13
You can analyze supported resources for the following (CSPs):
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
When creating an IaC Security configuration, the configuration page informs you of any limitations in resource support.
- Fully Supported - resources are fully supported for IaC analysis on all three CSPs
- Partial Support - resources are not supported for certain CSPs; these will be specifically identified
- Unsupported - resources specific to this Insight are not supported on any of the CSPs
A complete list of supported resources is available for existing customers. Reach out to our team via [email protected] for details.
There are a few things you will need to have available and configured before using IaC. These items include:
- A running DivvyCloud Platform
- DivvyCloud Domain Admin permissions (only domain admins can create/edit IaC configs)
- A working understanding of Terraform and Terraform templates
- An existing version-controlled repository of Terraform templates
- Currently we support TF 0.12, but we are actively testing additional versions. If you have questions on versioning contact us at [email protected]
- An existing integration between version control & CI/CD
Configuring External Tooling
Updated 7 days ago