Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Scaling Infrastructure as Code to Improve Delivery & Maintain Security

Rosemary Wang
April 21, 2020
Technology
0
120

Scaling Infrastructure as Code to Improve Delivery & Maintain Security

We started practicing with infrastructure as code for public cloud resources and extend our use to on-premise infrastructure. With open source tools, we can start our journey and automate some of our configuration. As we grow, however, we start running into problems of configuration conflicts, growing infrastructure dependencies, rising public cloud expenses, and audit of our changes. How can we proactively address questions around security, audit, collaboration, and cost for our infrastructure? In this talk, we'll investigate the answers to questions around collaboration, dependency management, security, auditing, and cost by scaling our hybrid infrastructure as code.

Rosemary Wang

April 21, 2020
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Can You Test Your Infrastructure as Code?
joatmon08
1
12
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
15
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
9
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
13
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
24
Building a Developer Platform? Ask these questions.
joatmon08
0
10
From Cloud-Hosted to Cloud-Native
joatmon08
0
44
Refactoring Applications for Dynamic Secrets
joatmon08
1
29
Catching Commits to Secure Infrastructure as Code
joatmon08
1
40

Other Decks in Technology

See All in Technology
Android Target SDK 35 (Android 15) 対応の概要
akkie76
0
160
Babylon.js JAPAN活動紹介 (2024/4)
limes2018
1
120
Max out Local LLM in Challenging Environments
sashimimochi
1
110
Improve Your Development Workflow with Gemini Code Assist
meteatamel
0
130
データベース02: データベースの概念
trycycle
0
180
Além do else! Categorizando Pokemóns com Pattern Matching no JavaScript
wmsbill
0
710
Cypress or Playwright?
rainerhahnekamp
0
170
今さら聞けないDocker入門 〜 Dockerfileのベストプラクティス編
devops_vtj
4
670
Building Dashboards as a Hobby
egmc
0
370
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
1k
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
2
590
Azureの基本的な権限管理の勉強会
yhana
1
2.1k

Featured

See All Featured
Building Flexible Design Systems
yeseniaperezcruz
320
37k
Design by the Numbers
sachag
274
18k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Writing Fast Ruby
sferik
622
60k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
188
16k
Making Projects Easy
brettharned
109
5.5k
How to Ace a Technical Interview
jacobian
273
22k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
21
6.4k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Building Applications with DynamoDB
mza
88
5.6k
Code Review Best Practice
trishagee
56
15k
Designing for Performance
lara
601
67k

Transcript

  1. Scaling Infrastructure as Code to Improve Delivery & Maintain Security

    April 21, 2020 | #CTOAVC Copyright © 2019 HashiCorp 1

  2. “Above the Line” “Below the Line” 2

  3. The Transition to Hybrid IT Traditional Datacenter “Static” Modern Datacenter

    “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ... + + + SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT 3

  4. “Above the Line” “Below the Line” 4

  5. Rosemary Wang Developer Advocate at HashiCorp @joatmon08 joatmon08 linkedin.com/in/rosemarywang 5

  6. Infrastructure as Code? 6

  7. Scaling Infrastructure as Code? 7

  8. Deliver Quickly Continuous Integration/Delivery/ Deployment Automated Testing Develop Consistently Development

    Model Code/Dependency Management Deploy Securely Security as Code Policy as Code 8

  9. Deliver Quickly Continuous Integration/Delivery/Deployment & Automated Testing 9

  10. Delivery 1. Change staging. 2. Run tests. 3. Review change.

    4. If approved, push to production. 5. Run tests. Integration 1. Change staging. 2. Run tests. 3. Review change. 4. Approve review. 5. Change production. 6. Run tests. Deployment 1. Change staging. 2. Run tests. 3. If tests pass, push to production. 4. Run tests. Choose Your Continuous * Journey 10

  11. Delivery Deliver on Schedule Integration Deliver When Possible Larger Blast

    Radius Challenging Rollback Low Rate of Change Deployment Always Deliver Smaller Blast Radius Well-Defined Rollback High Rate of Change Choose Your Continuous * Journey 11

  12. Automated Testing 12 Manual End to End Integration Contract Unit

    Cost TIME MONEY EFFORT

  13. 13 INTEGRATION TEST CONTRACT TEST CONTRACT TEST

  14. Develop Consistently Development Model & Code/Dependency Management 14

  15. Development Model Trunk-Based Development Deploy to Staging before Production Or

    Deploy to Production, Rollback on Failure Feature Branching Staging Infrastructure per Branch Or Staging Infrastructure dedicated to Branches 15 staging production

  16. Development Model Trunk-Based Development Dynamic Infrastructure Minimal Provisioning Time Immutable

    Infrastructure Higher Rate of Change Knowledge of Automated Testing Feature Branching Static Infrastructure Longer Provisioning Cycle Critical Infrastructure Lower Rate of Change Knowledge of Git 16

  17. ▪ Blast radius ▪ Rate of change ▪ Scope of

    responsibility ▪ Ease of management Code Management Identify Bounded Contexts & Modularize 17

  18. ▪ Version configurations ▪ Maintain schema for inputs and outputs

    ▪ Distribute for self-service ▪ Develop common architecture Dependency Management Sharing Standard Configuration 18

  19. Monorepo reference locally Multi-repository reference remotely Mono- vs. Multi-Repository 19

    CODE EDITOR module "vaulthelm" { source = "app.terraform.io/hashicorp-team-demo /vaulthelm/google" version = "0.9.0" }

  20. Deploy Securely Security as Code, Policy as Code 20

  21. Known unknowns Monitoring Known knowns Testing Unknown knowns Siloed Knowledge

    Unknown unknowns Observability 21

  22. Evolutionary Architecture support scale in organization and systems 22 thoughtworks.com/books/building-evolutionary-architectures

  23. Security or Policy as Code CODE EDITOR import "tfplan/v2" as

    tfplan database_only_has_non_permissive_firewall_rules = rule { all database_firewall_rules as firewall_rule { firewall_rule.values.start_ip_address is not "0.0.0.0" and firewall_rule.values.end_ip_address is not "255.255.255.255" } } resources_with_tag_field_have_defined_tags = rule { all resources_with_tag_field as resource { resource.values.tags is not null } } 23

  24. 24

  25. Infrastructure as Code enables self-service engagement with a system 25

  26. Scaling Infrastructure as Code means normalizing patterns across an organization

    26

  27. Cloud Operating Model hashicorp.com/cloud-operating-model Terraform Cloud app.terraform.io/signup/account Learn Terraform Cloud

    learn.hashicorp.com/terraform/cloud-gettingstarted/tfc_overview TDD for Infrastructure hashicorp.com/resources/test-driven-development-tdd-for-infrastructure Structuring Terraform Configuration for Production hashicorp.com/blog/structuring-hashicorp-terraform-configuration-for-production Evolving Your Infrastructure with Terraform hashicorp.com/resources/evolving-infrastructure-terraform-opencredo Resources 27

  28. Rosemary Wang Developer Advocate at HashiCorp @joatmon08 joatmon08 linkedin.com/in/rosemarywang 28

    Thank you!