Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Scaling Infrastructure as Code to Improve Deliv...

Rosemary Wang
April 21, 2020
Technology
0
120

Scaling Infrastructure as Code to Improve Delivery & Maintain Security

We started practicing with infrastructure as code for public cloud resources and extend our use to on-premise infrastructure. With open source tools, we can start our journey and automate some of our configuration. As we grow, however, we start running into problems of configuration conflicts, growing infrastructure dependencies, rising public cloud expenses, and audit of our changes. How can we proactively address questions around security, audit, collaboration, and cost for our infrastructure? In this talk, we'll investigate the answers to questions around collaboration, dependency management, security, auditing, and cost by scaling our hybrid infrastructure as code.

Rosemary Wang

April 21, 2020
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Secure Day 2 operations with Boundary and Vault
joatmon08
0
15
Can You Test Your Infrastructure as Code?
joatmon08
1
51
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
21
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
26
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
31
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
40
Building a Developer Platform? Ask these questions.
joatmon08
0
27
From Cloud-Hosted to Cloud-Native
joatmon08
0
53
Refactoring Applications for Dynamic Secrets
joatmon08
1
37

Other Decks in Technology

See All in Technology
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
280
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
290
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
360
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
470
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
370
Lexical Analysis
shigashiyama
1
150
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
Amazon Personalizeの レコメンドシステム構築、実際何するの? 〜大体10分で具体的なイメージをつかむ〜
kniino
1
100
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.8k
Taming you application's environments
salaboy
0
180
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160

Featured

See All Featured
4 Signs Your Business is Dying
shpigford
180
21k
KATA
mclloyd
29
14k
Designing the Hi-DPI Web
ddemaree
280
34k
Statistics for Hackers
jakevdp
796
220k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Happy Clients
brianwarren
98
6.7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
RailsConf 2023
tenderlove
29
900
How STYLIGHT went responsive
nonsquared
95
5.2k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Unsuck your backbone
ammeep
668
57k

Transcript

  1. Scaling Infrastructure as Code to Improve Delivery & Maintain Security

    April 21, 2020 | #CTOAVC Copyright © 2019 HashiCorp 1

  2. “Above the Line” “Below the Line” 2

  3. The Transition to Hybrid IT Traditional Datacenter “Static” Modern Datacenter

    “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ... + + + SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT 3

  4. “Above the Line” “Below the Line” 4

  5. Rosemary Wang Developer Advocate at HashiCorp @joatmon08 joatmon08 linkedin.com/in/rosemarywang 5

  6. Infrastructure as Code? 6

  7. Scaling Infrastructure as Code? 7

  8. Deliver Quickly Continuous Integration/Delivery/ Deployment Automated Testing Develop Consistently Development

    Model Code/Dependency Management Deploy Securely Security as Code Policy as Code 8

  9. Deliver Quickly Continuous Integration/Delivery/Deployment & Automated Testing 9

  10. Delivery 1. Change staging. 2. Run tests. 3. Review change.

    4. If approved, push to production. 5. Run tests. Integration 1. Change staging. 2. Run tests. 3. Review change. 4. Approve review. 5. Change production. 6. Run tests. Deployment 1. Change staging. 2. Run tests. 3. If tests pass, push to production. 4. Run tests. Choose Your Continuous * Journey 10

  11. Delivery Deliver on Schedule Integration Deliver When Possible Larger Blast

    Radius Challenging Rollback Low Rate of Change Deployment Always Deliver Smaller Blast Radius Well-Defined Rollback High Rate of Change Choose Your Continuous * Journey 11

  12. Automated Testing 12 Manual End to End Integration Contract Unit

    Cost TIME MONEY EFFORT

  13. 13 INTEGRATION TEST CONTRACT TEST CONTRACT TEST

  14. Develop Consistently Development Model & Code/Dependency Management 14

  15. Development Model Trunk-Based Development Deploy to Staging before Production Or

    Deploy to Production, Rollback on Failure Feature Branching Staging Infrastructure per Branch Or Staging Infrastructure dedicated to Branches 15 staging production

  16. Development Model Trunk-Based Development Dynamic Infrastructure Minimal Provisioning Time Immutable

    Infrastructure Higher Rate of Change Knowledge of Automated Testing Feature Branching Static Infrastructure Longer Provisioning Cycle Critical Infrastructure Lower Rate of Change Knowledge of Git 16

  17. ▪ Blast radius ▪ Rate of change ▪ Scope of

    responsibility ▪ Ease of management Code Management Identify Bounded Contexts & Modularize 17

  18. ▪ Version configurations ▪ Maintain schema for inputs and outputs

    ▪ Distribute for self-service ▪ Develop common architecture Dependency Management Sharing Standard Configuration 18

  19. Monorepo reference locally Multi-repository reference remotely Mono- vs. Multi-Repository 19

    CODE EDITOR module "vaulthelm" { source = "app.terraform.io/hashicorp-team-demo /vaulthelm/google" version = "0.9.0" }

  20. Deploy Securely Security as Code, Policy as Code 20

  21. Known unknowns Monitoring Known knowns Testing Unknown knowns Siloed Knowledge

    Unknown unknowns Observability 21

  22. Evolutionary Architecture support scale in organization and systems 22 thoughtworks.com/books/building-evolutionary-architectures

  23. Security or Policy as Code CODE EDITOR import "tfplan/v2" as

    tfplan database_only_has_non_permissive_firewall_rules = rule { all database_firewall_rules as firewall_rule { firewall_rule.values.start_ip_address is not "0.0.0.0" and firewall_rule.values.end_ip_address is not "255.255.255.255" } } resources_with_tag_field_have_defined_tags = rule { all resources_with_tag_field as resource { resource.values.tags is not null } } 23

  24. 24

  25. Infrastructure as Code enables self-service engagement with a system 25

  26. Scaling Infrastructure as Code means normalizing patterns across an organization

    26

  27. Cloud Operating Model hashicorp.com/cloud-operating-model Terraform Cloud app.terraform.io/signup/account Learn Terraform Cloud

    learn.hashicorp.com/terraform/cloud-gettingstarted/tfc_overview TDD for Infrastructure hashicorp.com/resources/test-driven-development-tdd-for-infrastructure Structuring Terraform Configuration for Production hashicorp.com/blog/structuring-hashicorp-terraform-configuration-for-production Evolving Your Infrastructure with Terraform hashicorp.com/resources/evolving-infrastructure-terraform-opencredo Resources 27

  28. Rosemary Wang Developer Advocate at HashiCorp @joatmon08 joatmon08 linkedin.com/in/rosemarywang 28

    Thank you!