How a top 5 financial services company uses Terraform
Dec 05, 2018
One of the top financial services in the world is standardizing on Terraform for all of their self-service provisioning needs.
- Jon BensonVP Worldwide Solutions Engineering, HashiCorp, HashiCorp
A customer of ours is a large financial services company, actually top five in the world, and what they have started to standardize on is Terraform. And what Terraform allows them to do this provision any infrastructure on whatever cloud they happen to choose. As we all know, it's no longer a single cloud world, and you have infrastructure that you want to provision in AWS, Azure, GCP, and private data centers all over the place, and so what you need is flexibility.
The reason that this bank standardized on Terraform is it provides one workflow to be able to provision in whatever clouds their developers may want to provision in. As we all know, clouds provide different capabilities for different tasks that you may have, and so by being able to leverage whatever services a cloud offers without having to change your workflow, you can increase your efficiency with how you're going to provision.
With Terraform Enterprise what they're leveraging is the producer-consumer model, where they have producers—which are the architects and the operators—who really understand the best way to manage infrastructure in whatever cloud it may be. And then the consumers—which are the developers. This is a large team of developers that don't want to be bottlenecked with the producers and how they provision infrastructure.
The way that they leverage the private modular registry within Terraform Enterprise is: have the producers create these best practices modules as a catalog for the consumers, which are the developers, to consume. So the consumers go in and select whatever modules they may need, maybe it's a GKE cluster in Google Cloud, or maybe it's just a network in AWS, and they can start to stitch together those modules to create their own Terraform, which is infrastructure as code. Then they check it into their version control, and without being bottlenecked by the by the producer or having to put in a ticket to request infrastructure they're able to then provision their own best practices infrastructure at will. What they're also able to do is add to that. They can create their own Terraform templates, and we want them to be able to.
What you then take as a next step is applying governance on top of the provisioning of that infrastructure. So, if you say for AWS you don't want any S3 buckets that are open to the world and public, or maybe you never want your public CIDR open to the world, or all EBS volumes should be encrypted, you probably want to apply that across many different clouds. We're able to govern that with Sentinel and allow your developers and operators to be able to provision whatever infrastructure they want, but do so in a way that you deem acceptable.