Credential-Free Cloud Provisioning with Terraform Cloud Agent
Mar 15, 2021
The new Terraform Agents feature of Terraform Cloud eliminates the need to place cloud credentials in your Terraform workspaces and fully supports your multi-account strategy.
Provisioning into a cloud account requires credentials. Static credentials are easy, but can be risky. A tool such as HashiCorp Vault can help generate short lived ("dynamic") credentials, but that requires Vault, along with some external automation or added Terraform code. Is there another approach that will increase security and reduce risk, with little manual effort?
What You'll Learn
In this talk Andy will show how the newly released Terraform Cloud Agent can be used to leverage the cloud provider IAM systems to generate short-lived credentials with limited blast radius. This approach eliminates the need to place cloud credentials in your Terraform workspaces, and fully supports your multi-account strategy.
Speaker: Andy Assareh
Slides available here
#CloudSecurity #Terraform #SecretsManagement #HashiCorpVault