Kerim Satirli Senior Devevloper Advocate, HashiCorp Unlocking Infrastructure Lifecycle Management

©2024 HASHICORP Maximize infrastructure investments Infrastructure Nomad Scheduling and orchestration Automated developer services Waypoint Packer Build and manage images as code Terraform Infrastructure as code provisioning WORKFLOW AUTOMATION SYSTEM OF RECORD LIFECYCLE MANAGEMENT Infrastructure as code to build, deploy and manage the lifecycle of infrastructure and applications.

©2024 HASHICORP Optimize infrastructure on Day 1 Build Author infrastructure and images as code Create and share reusable modules Collaborate safely via version control

©2024 HASHICORP Optimize infrastructure on Day 1, Day 2 Deploy Enforce security and compliance Standardize provisioning workflows Enable self-service patterns

©2024 HASHICORP Optimize infrastructure on Day 1, Day 2, and beyond Manage Gain organization-wide visibility Monitor infrastructure health and drift Auto-destroy temporary resources

©2024 HASHICORP Blueprint for cloud success Security Infrastructure Compose Collaborate Publish and discover Enforce policy Enable self-service Observe and respond Manage all secrets Enforce policy Ensure continuity Automate and observe Remediate Encrypt seamlessly Stage 1: Adopting Stage 2: Standardizing Stage 3: Scaling

©2024 HASHICORP Team goals People Tools Process Platform teams Standardize and automate Enable app and service teams Reduce cross-team friction AppDev teams Accelerate app delivery Get infrastructure quickly Reduce context switching

How do we go from blocker to enabler?

©2024 HASHICORP Build 01

©2024 HASHICORP Platform team Container registry HCP Packer artifact registry VCS Packer template Infrastructure lifecycle

©2024 HASHICORP HCP Terraform private registry Packer template HCP Packer artifact registry Terraform module Platform team Container registry VCS Infrastructure lifecycle

©2024 HASHICORP HCP Terraform private registry HCP Waypoint templates/add-ons App developers Actions HCP Packer artifact registry Terraform module Application Add-ons Packer template Platform team Container registry VCS Infrastructure lifecycle

©2024 HASHICORP data "hcp-packer-artifact" "nodejs-base" { bucket_name = var.base_image_bucket channel_name = var.base_image_channel platform = "docker" region = "docker" } Images as code • Repeatable and automated builds with Packer • Common syntax and workflow for AMIs, VM templates, and containers • Publish artifact metadata to HCP Packer registry source "docker" "store-frontend" { image = data.hcp-packer-artifact.nodejs-base.labels["ImageDigest"] commit = true platform = "linux/arm64" changes = [ "WORKDIR /app", "ENTRYPOINT [\"/app/entrypoint.sh\"]", "CMD [\"node_modules/.bin/next\", \"start\"]", "USER nextjs", "EXPOSE 3000", ] } store-frontend.pkr.hcl

©2024 HASHICORP build { hcp_packer_registry { bucket_name = "hashicafe-store-frontend" description = "HashiCafe store frontend Node.js app container." bucket_labels = { "owner" = var.owner "department" = var.department } } sources = ["source.docker.store-frontend"] provisioner "shell" { script = "build-app.sh" } post-processor "docker-tag" { repository = "${var.registry_host}/hashicafe-store-frontend" tags = [ local.timestamp, "latest" ] } post-processor "docker-push" { } } store-frontend.pkr.hcl • Repeatable and automated builds with Packer • Common syntax and workflow for AMIs, VM templates, and containers • Publish artifact metadata to HCP Packer registry Images as code

©2024 HASHICORP • Promote for deployment using specific channels • Incrementally update channels as new builds are approved and tested Images as code

©2024 HASHICORP Standardize with modules main.tf data "hcp_packer_artifact" "frontend" { bucket_name = var.hcp_packer_bucket_name channel_name = var.hcp_packer_channel platform = "docker" region = "docker" } resource "aws_ecs_task_definition" "app" { container_definitions = jsonencode( [ { name : "frontend" image : data.hcp_packer_artifact.frontend.labels["ImageDigest"] essential : true portMappings = [{ containerPort = 3000 }] } ] ) } • Design for reusability

©2024 HASHICORP run "unit_test" { command = plan assert { condition = local.base_name == "hashicafe-frontend-demo-app" error_message = "Interpolated resource name doesn't match expected." } assert { condition = length(data.aws_subnets.private.ids) >= 2 error_message = "Expected at least 2 private subnets." } } run "input_validation" { command = plan variables { task_cpu = 100 # Min is 256 task_memory = 256 # Min is 512 } expect_failures = [ var.task_cpu, var.task_memory ] } Standardize with modules tests/unit-tests.tftest.hcl • Design for reusability • Bake-in compliance rules and approved practices • Extend with tests and functional health checks

©2024 HASHICORP check "service_health" { assert { condition = aws_ecs_service.app.task_definition == aws_ecs_task_definition.app.arn error_message = "The service is not using the latest task definition.” } } check "web_health" { data "http" "service" { url = "https://${local.dns_name}" } assert { condition = data.http.service.status_code == 200 error_message = "${data.http.service.url} returned an unhealthy status.” } } Standardize with modules checks.tf • Design for reusability • Bake-in compliance rules and approved practices • Extend with tests and functional health checks

©2024 HASHICORP • Private registry with integrated publishing, versioning, and testing • Enable module for easy no-code provisioning Publish and discover

©2024 HASHICORP • Platform teams curate a catalog of golden patterns • Templates and add-ons use Terraform no-code modules • Consistent governance with policy as code and run tasks Beta + Pave a golden path

©2024 HASHICORP Risk Standardized, modular deployment patterns Approved and hardened images and modules Build People Cost Best practices directly codified in modules Less duplicated effort for overcommitted teams Speed Automation through codification Reusability - stop reinventing the wheel

How do we make tomorrow better?

©2024 HASHICORP Deploy 02

©2024 HASHICORP 4,200+ providers Workspaces VCS/CLI/API Kubernetes Operator No-code provisioning Plan Apply Run tasks OPA Sentinel Policy Developer platform Dynamic provider credentials (OIDC) Service catalogs Standardized provisioning workflow

©2024 HASHICORP Self-service flow • App devs get a push-button consumption experience • Module inputs and outputs synced with HCP Terraform • Add-ons for optional app and infra dependencies Beta

©2024 HASHICORP Beta Self-service flow • Platform teams curate a catalog of golden patterns • Templates and add-ons use Terraform no-code modules • Consistent governance with policy as code and run tasks

©2024 HASHICORP Deploy Risk Proactive, consistent policy enforcement Keep cloud credentials dynamic and safe Speed Eliminate slow ticket- driven process Developers enabled to innovate on apps Cost Eliminate deployment and over-provisioning errors Reduce burden on app and platform teams Eliminate blockers and reduce frustration People

What happens after Day 1?

©2024 HASHICORP Manage 03

©2024 HASHICORP Platform teams expose common tasks for Day 2 operations: • Trigger CI/CD action • Build promotion and rollback • Toggle a feature flag Beta Day 2 actions

©2024 HASHICORP Day 2 visibility • Explorer provides views into workspace details • Sort and filter, export to CSV • API access for programmatic reporting and processing

©2024 HASHICORP Assessments • Automatic drift detection • Continuous validation of checks and conditions • Proactive notifications

©2024 HASHICORP Clean-up • Self-service: delete HCP Waypoint app, workspace gets destroyed • Terraform ephemeral workspaces: auto-destroy temporary resources

©2024 HASHICORP Manage Risk Detect and remediate drift and health risks Speed Golden patterns for app developers Shared service available to all teams Cost Clean up temporary resources Avoid costly health issues and outages People Reduce friction between app, platform, and security teams

©2024 HASHICORP Infrastructure Compose Collaborate Publish and discover Enforce policy Enable self-service Observe and respond Private registry Dynamic image usage No-code provisioning Standardize application delivery Policy as code Integrate security tooling Continuous validation Auto-destroy temporary resources Infrastructure as code Provision cloud resources Version control integration Role-based access Stage 1: Adopting Stage 2: Standardizing Stage 3: Scaling Blueprints for cloud success

Prescriptive guidance

©2024 HASHICORP Next steps Tutorials and certification developer.hashicorp.com Sign up for free hashicorp.com/cloud