Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Build for massive scale & security with the Has...

Rosemary Wang
December 03, 2024
Technology
0
12

Build for massive scale & security with the HashiCorp Cloud Platform

In this session, explore how to build scalable, secure, and manageable cloud infrastructure while enabling efficient engineering workflows using the HashiCorp Cloud Platform (HCP). Discover how to use HCP for infrastructure and security in public cloud projects through deep conceptual and technical insights. The session includes a reference codebase and live demo. Learn foundational principles and patterns for infrastructure and security lifecycle management that addresses process and people challenges and helps to upskill your engineering team to support rapid business and platform evolution.

Rosemary Wang

December 03, 2024
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
People, process, and technology for ILM and SLM adoption
joatmon08
0
4
Secure Day 2 operations with Boundary and Vault
joatmon08
0
20
Can You Test Your Infrastructure as Code?
joatmon08
1
56
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
25
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
31
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
37
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
41
Building a Developer Platform? Ask these questions.
joatmon08
0
32
From Cloud-Hosted to Cloud-Native
joatmon08
0
56

Other Decks in Technology

See All in Technology
20241214_WACATE2024冬_テスト設計技法をチョット俯瞰してみよう
kzsuzuki
3
440
UI State設計とテスト方針
rmakiyama
2
320
DevOps視点でAWS re:invent2024の新サービス・アプデを振り返ってみた
oshanqq
0
180
バクラクのドキュメント解析技術と実データにおける課題 / layerx-ccc-winter-2024
shimacos
2
1k
OpenShift Virtualizationのネットワーク構成を真剣に考えてみた/OpenShift Virtualization's Network Configuration
tnk4on
0
130
第3回Snowflake女子会_LT登壇資料(合成データ)_Taro_CCCMK
tarotaro0129
0
180
ガバメントクラウドのセキュリティ対策事例について
fujisawaryohei
0
530
1等無人航空機操縦士一発試験 合格までの道のり ドローンミートアップ@大阪 2024/12/18
excdinc
0
150
2024年にチャレンジしたことを振り返るぞ
mitchan
0
130
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
190
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
0
160
成果を出しながら成長する、アウトプット駆動のキャッチアップ術 / Output-driven catch-up techniques to grow while producing results
aiandrox
0
180

Featured

See All Featured
Become a Pro
speakerdeck
PRO
26
5k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Building Your Own Lightsaber
phodgson
103
6.1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
Why Our Code Smells
bkeepers
PRO
335
57k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.2k
Making Projects Easy
brettharned
116
5.9k
Scaling GitHub
holman
458
140k
GraphQLとの向き合い方2022年版
quramy
44
13k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
A designer walks into a library…
pauljervisheath
204
24k

Transcript

  1. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.

  2. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build for massive scale & security with the HashiCorp Cloud Platform Rosemary Wang DOP301-S (she/her) Chief Developer Advocate HashiCorp J. Cole Morrison (he/him) Senior Developer Advocate HashiCorp

  3. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure and security lifecycle management is the practice of changing infrastructure and security resources.

  4. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Actions for lifecycle management create read update delete

  5. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Building blocks of ILM/SLM Systems of record Self-service As code Immutability Standardization Modularization Monitoring Ephemerality Remediation Access Control Observability ILM SLM read create update delete scale

  6. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring & observability

  7. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Read Monitoring Observability Audit… Changes to infrastructure System access Identify… Drift Vulnerabilities Validate… Policy conformance Artifact provenance

  8. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo 1. Audit infrastructure changes and identify drift 2. Audit system access 3. Monitor service status AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 1 2 3

  9. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modularization & access control

  10. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Create Modularization Access Control Isolate… Changes to parts of system Least privilege access Decouple… Infrastructure dependencies Identity from access policy

  11. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo 1. Decouple infrastructure through modules 2. Define least privilege access 3. Decouple identity from access policy AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 2 1 3

  12. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Standardization & remediation

  13. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Update Standardization Remediation Develop… Consistent application and infrastructure deployments Baseline for detecting anomalous behavior Improve… Predictability of changes and rollbacks Speed of fixes

  14. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo 1. Standardize deployment and operations 2. Standardize access control 3. Provide just-in-time access for fixes 4. Establish baseline for service registration and status AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 2 3 1 4

  15. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Immutability & ephemerality

  16. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Delete Immutability Ephemerality Change… Resource by creation and deletion Time-to-live of resources to reduce attack surface Supports… Lower risk refactoring patterns Resiliency patterns for short-lived resources

  17. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo 1. Create new virtual machine with new AMI 2. Create new credentials and delete old ones 3. Create new targets when old ones removed AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 1 2 3

  18. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. As code, self-service, and systems of record

  19. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Scale As code Self-service Systems of record Builds… Configuration or policy for automation Abstraction for complexity of knowledge Inventory of infrastructure, secrets, identities, and policies Enables… Orchestration across systems Anyone to extend system to support business needs Visibility and orchestration across systems at scale

  20. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo 1. Enable self-service of application deployment and operations with internal developer platform 2. Maintain infrastructure self- service and system of record with infrastructure as code 3. Establish application system of record with service discovery 4. Establish access and credentials system of record with secrets management 5. Establish access system of record with secure remote access AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 1 2 4 5 3

  21. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Summary

  22. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Building blocks of ILM/SLM Systems of record Self-service As code Immutability Standardization Modularization Monitoring Ephemerality Remediation Access Control Observability ILM SLM read create update delete scale

  23. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Learn more • Demo repository: github.com/jcolemorrison/hashistack-on-aws • Sign up for HashiCorp Cloud Platform: hashi.co/cloud • Tutorials: developer.hashicorp.com/tutorials

  24. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Thank you! © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the mobile app Rosemary Wang @joatmon08 J. Cole Morrison @jcolemorrison