Presentation

Shifting Terraform Configuration Security Left

Try some static analysis of your Terraform code.

How do you know if the HCL you're writing will result in secure infrastructure? How can you write tests to catch common problems? One of the advantages of infrastructure as code is that you can reason about the code before you run it. In this talk Gareth Rushgrove will look at the area of configuration security, discuss some of the issues around static analysis of Terraform, and look at some open source tools that can help with testing your Terraform code.

Slides here

More resources like this one