Tweet
Tweet

Slide 1

Slide 1 text

©2024 HASHICORP 1 Infrastructure as code Production infrastructure

Slide 2

Slide 2 text

©2024 HASHICORP Platform teams AppDev teams Cloud services 2 Lifecycle management Day 0 & 1 - Automated Day 2 - Manual? As code? INFRASTRUCTURE & SECURITY

Slide 3

Slide 3 text

©2024 HASHICORP 3

Slide 4

Slide 4 text

©2024 HASHICORP Chief Developer Advocate HashiCorp she/her @joatmon08 Rosemary Wang

Slide 5

Slide 5 text

©2024 HASHICORP 5 Who is accessing the production system? Authentication Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit

Slide 6

Slide 6 text

©2024 HASHICORP 6 “…an information storage and retrieval system that can serve as an authoritative source of truth.” business.adobe.com/blog/basics/systems-of-record

Slide 7

Slide 7 text

©2024 HASHICORP 7 Machines Endpoints Infrastructure Credentials Certificates Encryption Keys Secrets Users Identity Systems of record

Slide 8

Slide 8 text

©2024 HASHICORP 8 Infrastructure as code Production infrastructure Secrets Credentials to access services Infrastructure resources and policies User access to targets

Slide 9

Slide 9 text

©2024 HASHICORP 9 Infrastructure as code Production infrastructure Secrets Store SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs

Slide 10

Slide 10 text

©2024 HASHICORP 10 github.com/joatmon08/ hashicorp-stack-demoapp

Slide 11

Slide 11 text

©2024 HASHICORP 11

Slide 12

Slide 12 text

©2024 HASHICORP 12 Infrastructure as code Production infrastructure Secrets Store SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs Use session recording to reconcile automation

Slide 13

Slide 13 text

©2024 HASHICORP 13

Slide 14

Slide 14 text

©2024 HASHICORP 14 Infrastructure as code Production infrastructure Secrets Generate dynamic database username and password Create database & configure secrets engine Identify admins or developers who can access database

Slide 15

Slide 15 text

©2024 HASHICORP 15 github.com/joatmon08/ terraform-aws-postgres

Slide 16

Slide 16 text

©2024 HASHICORP 16

Slide 17

Slide 17 text

©2024 HASHICORP 17

Slide 18

Slide 18 text

©2024 HASHICORP 18 Who is accessing the production system? Authentication Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit

Slide 19

Slide 19 text

©2024 HASHICORP 19 Integrate and use data to authorize and audit Establish systems of record Summary Configure just-in-time access to production as needed Generate just-in-time production access Assess recurring Day 2 operations that can be automated Reconcile automation

Slide 20

Slide 20 text

©2024 HASHICORP Rosemary Wang @joatmon08 joatmon08.com Thank you!