EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud

Guest: Rosemary Wang, Developer Advocate at HashiCorp  Topics: Could you give us a 2 minute picture on what Terraform is, what stages of the cloud lifecycle it is relevant for, and how it intersects with security teams? How can Terraform be used for security automation? How should security teams work with DevOps teams to use it? What are some of the obvious and not so obvious security challenges of using Terraform? How can security best practices be applied to infrastructure instantiated via Terraform? What is the relationship between Terraform and policy as code (PaC)? How do you get started with all this? What do you tell the security teams who want to do cloud security the “old way” and not the cloud-native way?  Resources: Video (LinkedIn, YouTube) “EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?” Policy as Code with HashiCorp Sentinel or Open Policy Agent (OPA) for Terraform “Terraform Cloud adds Vault-backed dynamic credentials” blog Google Cloud Provider for Terraform Security & Authentication Providers for Terraform “Sloth’s Guide to Mindfulness” book