The all-new AWS DevSecOps Competency includes HashiCorp as a Day 1 launch partner.
HashiCorp has achieved Amazon Web Services (AWS) DevOps Competency for development, security, and operations (DevSecOps), recognizing that HashiCorp has demonstrated technical proficiency and proven customer success specializing in DevSecOps.
Identifying and addressing a security issue early on in the development lifecycle reduces risk and cost, while improving productivity. With proper DevSecOps implementation, security can become an integral part of the application delivery pipeline and provide rapid and contextual feedback to developers as they are building new features.
HashCorp has achieved the DevSecOps competency by helping customers secure their environments with HashiCorp Terraform and Sentinel.
HashiCorp Terraform is an open source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.
HashiCorp Sentinel is an embedded policy as code framework that enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources. Sentinel is an enterprise-only feature of HashiCorp Consul, Nomad, Terraform, and Vault.
Terraform supports the provisioning of all infrastructure, from the tiniest APIs to large commercial workloads in AWS, helping customers achieve consistency of delivery by creating reusable modules that can be used at scale across the enterprise. Terraform frees customers from the bottlenecks of hardware and poorly configured environments by enabling the consumption of cloud resources at scale, without compromising on consistency.
As customers expand in the cloud, developers adopt new services and features from their cloud providers. Organizations often require that each service goes through a code review process to ensure it meets security and compliance standards before it is approved for use throughout the enterprise. This can entail a long process of manual reviews and meetings. Sentinel shifts code review left into the Terraform workflow, enabling customers to automate many of these requirements. Administrators can define policies as code that control deployments based on specified requirements, and help developers identify compliance, security, and governance issues earlier in the development cycle.
DevSecOps (development, security, and operation) is an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle. The new AWS DevOps Competency for DevSecOps recognizes solutions that make it easy for customers to integrate security across every stage of the development and delivery cycles, providing rapid and contextual feedback to development, security, and ops teams.
Terraform Enterprise embeds the Sentinel policy-as-code framework, which lets you define and enforce granular policies for how your organization provisions infrastructure. You can limit the size of compute VMs, confine major updates to defined maintenance windows, and much more. Policies can act as firm requirements, advisory warnings, or soft requirements that can be bypassed only with explicit approval from your compliance team.
AWS is fostering scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. HashiCorp previously achieved AWS Competency status in Containers, DevOps, and Security. Achieving the new AWS DevOps Competency for DevSecOps differentiates HashiCorp as an AWS Partner with deep domain expertise delivering software products that integrate security across every stage of the development and delivery cycles.
With Vault and Boundary, HashiCorp makes its debut in Gartner’s Magic Quadrant for privileged access management.
Visit us at Google Cloud Next ‘23 in San Francisco, Aug. 29 - 31, for breakout sessions, expert talks, and product demos to accelerate your cloud strategy.
HashiCorp continues to update our licensing FAQ based on questions from the community about our change to the Business Source License for future releases of HashiCorp products.