- Automation
- Security & Compliance
- Validation & Formating
- Testing
- Version Control
- CI/CD Automation
Static code analysis tool for infrastructure-as-code.
tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform CDK support.
#####checkhov
It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile, Serverless or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.
Checkov also powers Bridgecrew, the developer-first platform that codifies and streamlines cloud security throughout the development lifecycle. Bridgecrew identifies, fixes, and prevents misconfigurations in cloud resources and infrastructure-as-code files.
Automating Terraform Documentation using terraform-docs
Documentation generated by Terraform-docs
TBC
- Default values best practices -> look at helm
- Exiger vs sample
- Terragrunt vs Terraform
- Terraform vs Terraform Cloud
- RBAC
- API Integration for third party applications and systems rather than service account/user based.
- Workspaces are Collections of Infrastructure
- Sentinel is an embeddable policy as code framework to enable fine-grained, logic-based policy decisions that can be extended to source external information to make decisions.
- Easily leverage and integrate with Hashicorp Vault
Policy enforcement: With Sentinel, you can assign policy criteria to all Terraform plans before execution. This allows for enforcement such that only modules from the TFE private module registry can be used; this provides greater control over collaboration and adoption of company policy and/or regulatory requirements.