Skip to main content
HashiConf More sessions have been added to the conference agenda. Buy your pass and plan your schedule. Register
Case Study

Compliance at scale: Hardened Terraform modules at Morgan Stanley

Morgan Stanley has freed up its cloud service developers by building automated cloud security controls by default using Terraform and Sentinel.

Brett Tegart and Itay Cohai recount how their team at Morgan Stanley implemented secure Terraform modules that enforce cloud security controls by default, allowing free development of cloud service provider accounts and resources without requiring additional security review. Sentinel policy as code was also important. They wrote policies that blocked direct creation of Terraform resources, limiting users to the secure modules that derive values from the Terraform or CSP environment instead of allowing user input.

More resources like this one

  • 1/20/2023
  • Case Study
Adopting GitOps and the Cloud in a Regulated Industry
  • 1/5/2023
  • Case Study
How Discover Manages 2000+ Terraform Enterprise Workspaces
  • 9/26/2022
  • Case Study
How Deutsche Bank onboarded to Google Cloud w/ Terraform
  • 9/2/2022
  • Case Study
Vault in BBVA, Secrets in a Hybrid Architecture