TERRAFORM
The Hidden Dangers of Using Terraform's Remote-Exec Provisioner
Terraform is a powerful infrastructure as code tool that can support multi-cloud deployments. Terraform provides consistent and reliable deployments for cloud infrastructure. But as with every tool there are hidden dangers built-in we need to check for! The remote-exec provisioner in Terraform can be a valuable tool, providing the ability to execute scripts and commands on remote resources. However, it can pose significant security risks to your infrastructure without proper control and awarene
MIKE MCCABE ∙
SEPTEMBER 13, 2023
The Security Benefits of Infrastructure as Code
We have developed and delivered new ways to deliver infrastructure quickly and without these misconfigurations. Prevention is the only cure; we’ll talk about how you can implement this today.
MIKE MCCABE ∙
FEBRUARY 22, 2024
Infrastructure as Code Security
I was excited to have the opportunity to speak recently at Kernelcon and BSidesNYC about one of my favorite topics, infrastructure as code (IAC). Having helped multiple companies build IAC security programs, talking about what we've learned is always enjoyable. Companies moving to centralized and well-managed infrastructure as code pipelines with built-in security controls is a massive security win. However, utilizing these tools comes with certain risks that we must manage. As I outlined in m
MIKE MCCABE ∙
MAY 1, 2023