Build for massive scale & security with the HashiCorp Cloud Platform

Slide 1

Slide 1 text

Slide 2

Slide 2 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build for massive scale & security with the HashiCorp Cloud Platform Rosemary Wang DOP301-S (she/her) Chief Developer Advocate HashiCorp J. Cole Morrison (he/him) Senior Developer Advocate HashiCorp

Slide 3

Slide 3 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure and security lifecycle management is the practice of changing infrastructure and security resources.

Slide 4

Slide 4 text

Slide 5

Slide 5 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building blocks of ILM/SLM Systems of record Self-service As code Immutability Standardization Modularization Monitoring Ephemerality Remediation Access Control Observability ILM SLM read create update delete scale

Slide 6

Slide 6 text

Slide 7

Slide 7 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Read Monitoring Observability Audit… Changes to infrastructure System access Identify… Drift Vulnerabilities Validate… Policy conformance Artifact provenance

Slide 8

Slide 8 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo 1. Audit infrastructure changes and identify drift 2. Audit system access 3. Monitor service status AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 1 2 3

Slide 9

Slide 9 text

Slide 10

Slide 10 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Create Modularization Access Control Isolate… Changes to parts of system Least privilege access Decouple… Infrastructure dependencies Identity from access policy

Slide 11

Slide 11 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo 1. Decouple infrastructure through modules 2. Define least privilege access 3. Decouple identity from access policy AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 2 1 3

Slide 12

Slide 12 text

Slide 13

Slide 13 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Update Standardization Remediation Develop… Consistent application and infrastructure deployments Baseline for detecting anomalous behavior Improve… Predictability of changes and rollbacks Speed of fixes

Slide 14

Slide 14 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo 1. Standardize deployment and operations 2. Standardize access control 3. Provide just-in-time access for fixes 4. Establish baseline for service registration and status AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 2 3 1 4

Slide 15

Slide 15 text

Slide 16

Slide 16 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Delete Immutability Ephemerality Change… Resource by creation and deletion Time-to-live of resources to reduce attack surface Supports… Lower risk refactoring patterns Resiliency patterns for short-lived resources

Slide 17

Slide 17 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo 1. Create new virtual machine with new AMI 2. Create new credentials and delete old ones 3. Create new targets when old ones removed AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 1 2 3

Slide 18

Slide 18 text

Slide 19

Slide 19 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scale As code Self-service Systems of record Builds… Configuration or policy for automation Abstraction for complexity of knowledge Inventory of infrastructure, secrets, identities, and policies Enables… Orchestration across systems Anyone to extend system to support business needs Visibility and orchestration across systems at scale

Slide 20

Slide 20 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo 1. Enable self-service of application deployment and operations with internal developer platform 2. Maintain infrastructure self- service and system of record with infrastructure as code 3. Establish application system of record with service discovery 4. Establish access and credentials system of record with secrets management 5. Establish access system of record with secure remote access AWS Cloud Runtime Infrastructure Services Application on EC2 Infrastructure Lifecycle Management Security Lifecycle Management 1 2 4 5 3

Slide 21

Slide 21 text

Slide 22

Slide 22 text

Slide 23

Slide 23 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Learn more • Demo repository: github.com/jcolemorrison/hashistack-on-aws • Sign up for HashiCorp Cloud Platform: hashi.co/cloud • Tutorials: developer.hashicorp.com/tutorials

Slide 24

Slide 24 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the mobile app Rosemary Wang @joatmon08 J. Cole Morrison @jcolemorrison