HashiCorp Terraform provides cloud infrastructure automation with infrastructure and policies as code. Policy as code is becoming the popular approach to embedding guardrails into the provisioning workflow while not slowing down end-users who are provisioning infrastructure. Terraform uses Sentinel policy as code to embed these policies.
In recent months we have spoken to customers about their priorities when it comes to introducing Sentinel and policy as code within their companies. The common first starting point has been around improving the security of their workloads, and ensuring consistent approaches are applied. Many of these standards are not just consistent across a company, they’re common across many of our customers. So it wasn’t surprising to hear that customers wanted HashiCorp to provide first-class policies out-of-the-box that implement controls for the most commonly adopted security standards such as those defined by the Center for Internet Security (CIS).
Today, we are pleased to announce the preview release of the Terraform Foundational Policies Library for Terraform Cloud and Enterprise.
In this release we have focused our efforts on developing controls that align with the controls that have been defined in the CIS Benchmarks for Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
For the first phase of this release we have implemented 40+ controls that secure the most commonly used cloud services such as networking, databases, storage and compute services.
CIS Benchmarks are developed by a team of subject matter experts covering 140+ differing technologies and each benchmark provides a best practice approach to configuring and securing a target system. In the case of public cloud, the CIS Benchmarks provide prescriptive guidance for establishing a secure baselines for each of the Cloud Service Providers and cover topics such as Identity and Access Management, Logging and Monitoring as well as the commonly used cloud services that we have focused on for the release. Some of these controls include restricting network flow and the encryption of storage, disks and database services to name a few.
If you would like to know more about the Foundational Policies Library or how to get started with them today, please review the documentation. To learn more about using Terraform with Sentinel visit the HashiCorp Learn Platform.
If you have any thoughts on how we can further expand the capabilities of the library, please get in touch. We are always interested in hearing from our customers.
Terraform 0.14 features a new concise diff renderer, provider dependency lockfile, and more.
This blog is a summary of HashiCorp activities at AWS re:Invent 2020.
The Terraform AWS provider now supports Code Signing for AWS Lambda, which involves digitally signing code artifacts and verifying at deployment.