Compliance At Scale: Hardened Terraform Modules at Morgan Stanley
Morgan Stanley has freed up its cloud service developers by building automated cloud security controls by default using Terraform and Sentinel.
Brett Tegart and Itay Cohai recount how their team at Morgan Stanley implemented secure Terraform modules that enforce cloud security controls by default, allowing free development of cloud service provider accounts and resources without requiring additional security review. Sentinel policy as code was the key. They wrote policies that blocked direct creation of Terraform resources, limiting users to the secure modules that derive values from the Terraform or CSP environment instead of allowing user input.
More resources like this one
9/26/2022 | Case StudyHow Deutsche Bank Onboarded to Google Cloud w/ Terraform
9/2/2022 | Case StudyVault in BBVA, Secrets in a Hybrid Architecture
1/28/2022 | Case StudyBoundary (with Vault) at the Crypto ATM Bank of Canada
8/13/2021 | Case StudyOn-demand access to earnings via self-serve infrastructure at Earnin
