Skip to main content

Shifting Terraform Configuration Security Left

Try some static analysis of your Terraform code.

How do you know if the HCL you're writing will result in secure infrastructure? How can you write tests to catch common problems? One of the advantages of infrastructure as code is that you can reason about the code before you run it. In this talk Gareth Rushgrove will look at the area of configuration security, discuss some of the issues around static analysis of Terraform, and look at some open source tools that can help with testing your Terraform code.

Slides here

More resources like this one

  • 3/15/2023
  • Presentation

Advanced Terraform techniques

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 2/1/2023
  • Case Study

Should My Team Really Need to Know Terraform?

  • 1/20/2023
  • Case Study

Packaging security in Terraform modules