Demo

Credential-Free Cloud Provisioning with Terraform Cloud Agent

The new Terraform Agents feature of Terraform Cloud eliminates the need to place cloud credentials in your Terraform workspaces and fully supports your multi-account strategy.

Provisioning into a cloud account requires credentials. Static credentials are easy, but can be risky. A tool such as HashiCorp Vault can help generate short lived ("dynamic") credentials, but that requires Vault, along with some external automation or added Terraform code. Is there another approach that will increase security and reduce risk, with little manual effort?

What You'll Learn

In this talk Andy will show how the newly released Terraform Cloud Agent can be used to leverage the cloud provider IAM systems to generate short-lived credentials with limited blast radius. This approach eliminates the need to place cloud credentials in your Terraform workspaces, and fully supports your multi-account strategy.

Speaker: Andy Assareh

Slides available here

GitHub repo

CloudSecurity #Terraform #SecretsManagement #HashiCorpVault

More resources like this one

  • 3/15/2023
  • Presentation

Advanced Terraform techniques

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 2/1/2023
  • Case Study

Should My Team Really Need to Know Terraform?

  • 1/20/2023
  • Case Study

Packaging security in Terraform modules