Clean and Secure Infrastructure as Code DevSecCon Lightning 2021 Mario-Leander Reimer mario-leander.reimer@qaware.de @LeanderReimer qaware.de “To Boldly Go Where No Cloud Engineer Has Gone Before”

2 Mario-Leander Reimer Principal Software Architect @LeanderReimer #cloudnativenerd #qaware https://speakerdeck.com/lreimer/ https://github.com/lreimer/

Three views of software architecture define the fields of clean code, clean architecture, quality assurance and security. QAware | 3

The security architecture of a system defines how to secure the individual views of the overall architecture. QAware | 4 Security Targets Security Requirements External Sources: OWASP Top 10, BSI, DSGVO Security Architecture (Secure) (Secure) (Secure)

The infrastructure with its technologies and frameworks, as well as the responsibilities have changed. QAware | 5

The architecture and code for our infrastructure also needs to address several -illities for good software quality. QAware | 6 Software Product Quality (ISO 25010) ● Modularity ● Reusability ● Analysability ● Modifiability ● Testability ● Adaptability ● Installability ● Replaceability ● Confidentiality ● Integrity ● Non-repudiation ● Authenticity ● Accountability ● Maturity ● Availability ● Fault Tolerance ● Recoverability Maintainability Portability Security Reliability ● Co-existence ● Interoperability Compatibility ● Time Behaviour ● Resource Utilization ● Capacity Efficiency ● Completeness ● Correctness ● Appropriateness Functional Suitability ● Operability ● Learnability ● UI Aesthetics ● Accessibility Usability

QAware | 7 Infrastructure as Code in the wild

Trial and Error seems to be the predominant approach to get infrastructure code up and running. QAware | 8 Write some code Run code Write some code Run code Write some code Run code ? Write Dockerfile docker build docker run Change Dockerfile docker build docker run Change Dockerfile docker build docker run ? Write K8s YAML kubectl apply Change K8s YAML kubectl apply Change K8s YAML kubectl apply ? Write Terraform Definition terraform apply Change Terraform Definition terraform apply Change Terraform Definition terraform apply ? commit

Infrastructure as Code without tests is broken by default!

Many of the principles on clean code and architecture apply to infrastructure code to make it maintainable and secure. QAware | 10

KISS Keep it Simple, Stupid. Emergent Design and Evolutionary Architecture https://de.slideshare.net/ThoughtWorks/neal-ford-emergent-design-and-evolutionary-architecture

SoC Separation of Concerns. Modules, layers and components. Loose Coupling and High Cohesion.

DRY Don’t Repeat Yourself. “Every piece of knowledge or logic must have a single, unambiguous representation within a system.” Andy Hunt & Dave Thomas, “The Pragmatic Programmer”

S O L I D

Single Responsibility Principle Open Closed Principle Liskov Substitution Principle Interface Segregation Principle Dependency Inversion Principle

QAware | 16 Clean Code Good overall summary can be found at https://gist.github.com/wojteklu/73c6914cc446146b8b533c0988cf8d29 1. Follow standard conventions. 2. Keep it simple stupid. Simpler is always better. Reduce complexity as much as possible. General 1. Keep configurable data at high levels. 2. Prevent over-configurability. 3. Use dependency injection. Design 1. Be consistent. If you do something a certain way, do all similar things in the same way. 2. Use explanatory variables. 3. Avoid negative conditionals. Understandability 1. Don’t be funny. 2. Choose descriptive and unambiguous names. 3. Use pronounceable names. 4. Use searchable names. Names 1. Always try to explain yourself in code. 2. Don't be redundant. 3. Don't add obvious noise. 4. Don't comment out code. Just remove. 5. Use as clarification of code. 6. Use as warning of consequences. Comments 1. Fast. 2. Independent. 3. Repeatable. 4. Self-validating 5. Timely Tests 1. Keep lines short. 2. Use white space to associate related things and disassociate weakly related. 3. Don't break indentation. 4. Dependent definitions should be close. 5. Structure should clearly express modules, layers, components or conceptual architecture. Source Code 1. Prefer data structures. 2. Hide internal structure. 3. Should be small. 4. Small number of variables. Data Structures

The conceptual architecture of your infrastructure will have a significant impact on the source code structure and security. QAware | 17 ■ Which cloud regions do we need to run in? ■ Which parts of the infrastructure and system need to be replicated? ■ How do we model environments (INT; PROD)? VPCs? K8s Namespace? ■ Which network level controls are required? ■ Which layers and components are required and what are their dependencies? ■ How does the data flow between them? ■ How do we structure the Git repositories and source code to represent the components?

Decide early on the technologies, tools and frameworks you intend to use. Less is more! QAware | 18 IaaS (AWS EC2, NLB, ALB, ...) CaaS (Amazon Elastic Kubernetes Service) PaaS (Software Infrastructure Blueprints with Helm and Continuous Delivery Toolchain) Application-specific Software Infrastructure Cloud-friendly & cloud-native Applications Architect Build Run Amazon SNS Amazon CloudWatch AWS IAM Amazon EC2 Amazon EBS Amazon S3 Amazon Route 53 Amazon VPC Atlantis

Demos and Examples https://github.com/qaware/clean-infrastructure-as-code

qaware.de QAware GmbH Aschauer Straße 32 81549 München Tel. +49 89 232315-0 info@qaware.de twitter.com/qaware linkedin.com/company/qaware-gmbh xing.com/companies/qawaregmbh slideshare.net/qaware github.com/qaware