terraform earth
play

Terraform Earth Secure Infrastructure for Developers Chase Evans - PowerPoint PPT Presentation

Aug 23, 2023 •177 likes •754 views

Terraform Earth Secure Infrastructure for Developers Chase Evans Timeline 1. Where we were before May 2. Where we are today 3. Where we are going Timeline 1. Where we were before May GeoEngineer Builds Terraform state files by

  1. Terraform Earth Secure Infrastructure for Developers Chase Evans

  2. Timeline 1. Where we were before May 2. Where we are today 3. Where we are going

  3. Timeline 1. Where we were before May

  4. GeoEngineer ● Builds Terraform state files by fetching remote resources, think `$ terraform refresh` Manual and distributed changes easily reconciled ● when AWS is the source of truth Looks like HCL ● ● github.com/coinbase/geoengineer

  5. Applying Resources

  6. Terraform Mars

  7. The Problem

  8. The Problem (Bottlenecking)

  9. The Problem (Bottlenecking)

  10. The Problem (Bottlenecking)

  11. The Problem (Business units)

  12. The Problem (Platform vs Operations)

  13. The Problem (Did you remember to pull?)

  14. The Problem (Credential proliferation)

  15. The Problem (VPC proliferation)

  16. Timeline 1. Where we were before May 2. Where we are today

  17. Introducing Terraform Earth

  18. Heimdall ● Records PR approvals with MFA ● Provides a clean API ● Not vulnerable to administrative Github tampering

  19. Terraform Earth

  20. Single Production Deployment ● One deployment makes updates easier ● New VPCs work without deployment

  21. Flow Diagram

  22. Flow Diagram

  23. Why bother locking? ● Concurrent changes are usually safe ● Sometimes multiple PRs pile up and need to modify a resource in order

  24. Flow Diagram

  25. Why SHAs and not ‘master’? ● Master is just a label and moves frequently ● Code has quorum, not labels ● Something could be merged to the repo between quorum check and clone

  26. Flow Diagram

  27. Handling Failure ● Retry the GeoEngineer apply with backoff AWS rate limits heavily AWS has failures ● Queue and retry ● Replay the webhook using Github administration ● Add an endpoint to manually intervene

  28. Handling Failure Not great solutions, if you have ideas, let me know

  29. Staging Deploys ● Setup a bot with limited privileges You can test the flow, without breaking everything We have a separate repository that defines 1 S3 bucket ● Make a periodic cleaner that cleans up test resources We use lambdas to do this

  30. Timeline 1. Where we were before May 2. Where we are today 3. Where we are going

  31. Team Scaling

  32. Team Scaling

  33. Team Scaling

  34. Resource Configuration Today

  35. Ownership

  36. Ownership

  37. Resource Configuration Today ● project = Project.new(‘infra/heimdall’, aws_accounts) ● project.service_with_elb(‘api’, configuration) ● project.rds_instance(‘db’, configuration)

  38. What’s Wrong? ● Uses language the Infrastructure team knows ● Developer’s mental model of deploys is not represented ● Too many options, very little opinion ● Code is too flexible

  39. Resource Configuration Tomorrow name: ‘developers/my-service’ services: - api: load_balanced: true accessible_by: [‘developers/my-other-service’] databases: - postgres: size: medium

  40. Ownership

  41. Ownership

  42. The Future

  43. Design Considerations ● Mono-repo or multi-repo ● Automated workflows (PR bots) ● Exposing the information to outside services

  44. The Other Half ● Provisioning and management is now easy ● Operation is not

  45. Account Stewardship Today

  46. Account Stewardship Today

  47. Account Stewardship Tomorrow

  48. Complications ● Managing connectivity between many VPCs is hard ● Like microservices, finding the right domain is difficult ● How much access is enough access?

  49. Team Scaling

  50. Team Scaling

  51. The Future

  52. The Future

  53. The Future

  54. The Future

  55. Secure Infrastructure for Developers Or: Infrastructure with Vacation

  56. We’re Hiring! careers.coinbase.com

  57. Questions? chase.evans@coinbase.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to automate NSX to provide virtualized networking and security services using both ESXi and KVM based hypervisor hosts as well as container networking and

1.68k views • 150 slides
Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram

Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram

Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram Cofounder, Nava PBC What is Terraform? A tool for building , changing , and versioning infrastructure Manage cloud providers Infrastructure as Code

958 views • 56 slides
Brookfield and TerraForm Power: New Sponsor Transaction March 7, 2017 Risk Factors &

Brookfield and TerraForm Power: New Sponsor Transaction March 7, 2017 Risk Factors &

Brookfield and TerraForm Power: New Sponsor Transaction March 7, 2017 Risk Factors & Additional Information This presentation provides certain information relating to a new sponsor transaction between TerraForm Power, Inc. (TerraForm

160 views • 14 slides
AWS Identity and Access Management (IAM) made easy with Terraform Kala Maturi, Technology

AWS Identity and Access Management (IAM) made easy with Terraform Kala Maturi, Technology

AWS Identity and Access Management (IAM) made easy with Terraform Kala Maturi, Technology Services Yoon Lee, Technology Services Topics AWS Authentication AWS Authorization About Roles & Policies Best practices Terraform

1.92k views • 33 slides
Terraform Colonise the cloud! Stefan Magnus Landr, BEKK Consulting AS ApacheCon North America

Terraform Colonise the cloud! Stefan Magnus Landr, BEKK Consulting AS ApacheCon North America

Terraform Colonise the cloud! Stefan Magnus Landr, BEKK Consulting AS ApacheCon North America 2017 - 17. May 2017 1 Terraform Commandline tool (go) (OS X, Windows, Linux, ) Developed by Hashicorp (Vagrant, Packer, Consul, Nomad)

1.07k views • 17 slides
Vault Provider The Vault provider allows Terraform to read from, write to, and congure

Vault Provider The Vault provider allows Terraform to read from, write to, and congure

Vault Provider The Vault provider allows Terraform to read from, write to, and congure Hashicorp Vault (https://vaultproject.io/). Important Interacting with Vault from Terraform causes any secrets that you read and write to be persisted in both

1.82k views • 159 slides
Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform vs

Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform vs

Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform vs ServerlessFramework Bruno Amaro Almeida | 9 Sept 2019 @bruno_amaro Community Day 2019 Sponsors FUTURE. CO-CREATED. Nordic Roots, Global Mindset

238 views • 23 slides
Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1. Introduction: Context, Philosophy 2. Provisioning Exercises 1. MVP 2. Testing 3. CI/CD 4. Refactoring 3. Coping with complexity & scale

946 views • 49 slides
How to Automated testing for: terraform test docker packer infrastructure

How to Automated testing for: terraform test docker packer infrastructure

How to Automated testing for: terraform test docker packer infrastructure kubernetes and more code Passed: 5. Failed: 0. Skipped: 0. Test run successful. The DevOps world is full of Fear Fear of outages Fear of security

2.33k views • 200 slides
IAC WITH TERRAFORM Based in Toronto, Canada Goal: Build software that dramatically reduces

IAC WITH TERRAFORM Based in Toronto, Canada Goal: Build software that dramatically reduces

ARTURO PIE @arturo_pie IAC WITH TERRAFORM Based in Toronto, Canada Goal: Build software that dramatically reduces waste in the global supply chain We serve Kelloggs, P&G, DHL, LOreal and others Software Craftsmanship

621 views • 38 slides
StatusCake Provider The StatusCake provider allows Terraform to create and congure tests in

StatusCake Provider The StatusCake provider allows Terraform to create and congure tests in

StatusCake Provider The StatusCake provider allows Terraform to create and congure tests in StatusCake (https://www.statuscake.com/). StatusCake is a tool that helps to monitor the uptime of your service via a network of monitoring centers

466 views • 3 slides
The age of the Earth first half billion years Discuss

The age of the Earth first half billion years Discuss

Earth 10 million years old Which of the days learning Welcome to objecEves seem most difficult? Class 6: Early Earth 3 1. Earth age, how

57 views • 5 slides
Earth in Space Section 19:1 - Earth in Space How Earth Moves Earth moves through space in

Earth in Space Section 19:1 - Earth in Space How Earth Moves Earth moves through space in

Earth in Space Section 19:1 - Earth in Space How Earth Moves Earth moves through space in two major ways: rotation and revolution. - Earth in Space Sunlight Striking Earths Surface Near the equator, sunlight strikes Earths

247 views • 7 slides
Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata

Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata

Slide 1 / 75 Slide 2 / 75 6th Grade Earth's Materials and Systems Part 1: The History of Planet Earth 2015-08-27 www.njctl.org Slide 3 / 75 Slide 4 / 75 Table of Contents: The History of Planet Earth Click on the topic to go to that

308 views • 13 slides
Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata Return to

Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata Return to

Slide 1 / 75 Slide 2 / 75 6 th Grade PSI Earth's Materials and Systems Part I : The History of Planet Earth www.njctl.org Slide 3 / 75 Slide 4 / 75 Table of Contents: The History of Planet Earth Click on the topic to go to that section

281 views • 13 slides
UltraDNS Provider This provider is unmaintained , read more details in the README

UltraDNS Provider This provider is unmaintained , read more details in the README

UltraDNS Provider This provider is unmaintained , read more details in the README (https://github.com/terraform-providers/terraform- provider-ultradns/blob/master/README.md). The UltraDNS provider is used to interact with the resources supported

429 views • 12 slides
Selecting sugarcane with higher transpiration efficiency PHILLIP JACKSON, CHRIS STOKES, GEOFF

Selecting sugarcane with higher transpiration efficiency PHILLIP JACKSON, CHRIS STOKES, GEOFF

Selecting sugarcane with higher transpiration efficiency PHILLIP JACKSON, CHRIS STOKES, GEOFF INMAN-BAMBER (CSIRO) PRAKASH LAKSHMANAN, JAYA BASNAYAKE, SIJESH NATARAJAN (SUGAR RESEARCH AUSTRALIA) COLLEAGUES IN CHINA (YUNNAN SUGAR RESEARCH

622 views • 35 slides
Web | Mobile | BlockChain Based Crypto currency| ICO Launch | Exchange Application Development

Web | Mobile | BlockChain Based Crypto currency| ICO Launch | Exchange Application Development

Web | Mobile | BlockChain Based Crypto currency| ICO Launch | Exchange Application Development FUTURE READY APPS & DIGITAL EXPERIENCE WITH BLOCKCHAIN, IoT , WEB AND MOBILE! Toll Free (USA) : +1 800-912-1219 info@ade-technologies.com INDIA

1.06k views • 20 slides
CRITICALITY When you know better you do better Maya Angelou CRITICALITY OF ASSETS Eric Saylor,

CRITICALITY When you know better you do better Maya Angelou CRITICALITY OF ASSETS Eric Saylor,

CRITICALITY When you know better you do better Maya Angelou CRITICALITY OF ASSETS Eric Saylor, Cincinnati, OH What is the e likelih ihood ood that t an asset t will fail? What is the e conseq sequen uence e if the asset t does es

521 views • 25 slides
Managing Industrial Stormw ater In Minnesota For Auto Recyclers of Minnesota Melissa Wenzel

Managing Industrial Stormw ater In Minnesota For Auto Recyclers of Minnesota Melissa Wenzel

Managing Industrial Stormw ater In Minnesota For Auto Recyclers of Minnesota Melissa Wenzel Industrial Stormwater Program 651- 757-2816 wq-strm3-20c What is Stormw ater? Stormwater is site runoff or runon from: Rain Snow, sleet,

485 views • 29 slides
Internet censorship in the Catalan referendum O v e r v i e w o f h o w t h e s t

Internet censorship in the Catalan referendum O v e r v i e w o f h o w t h e s t

Internet censorship in the Catalan referendum O v e r v i e w o f h o w t h e s t a t e c e n s o r e d a n d h o w i t g o t c i r c u m v e n t e d Disclaimer I m n o t a s e c

671 views • 56 slides
Accelerating Cybersecurity Innovation = = October 16, 2018 www.mach37.com Americas Premier

Accelerating Cybersecurity Innovation = = October 16, 2018 www.mach37.com Americas Premier

= Accelerating Cybersecurity Innovation = = October 16, 2018 www.mach37.com Americas Premier Cybersecurity Accelerator = MACH37 TM is creating the next generation of disruptive cybersecurity product companies. Launched 43 start-ups

443 views • 26 slides
Healthcare Systems Change to Identify and Treat Patients Who Use Tobacco Rob Adsit, MEd

Healthcare Systems Change to Identify and Treat Patients Who Use Tobacco Rob Adsit, MEd

Healthcare Systems Change to Identify and Treat Patients Who Use Tobacco Rob Adsit, MEd Director of Education and Outreach Programs University of Wisconsin School of Medicine and Public Health Center for Tobacco Research and Intervention

691 views • 30 slides
Moral Dilemmas and the Future of Business Research SBAA Annual Meeting, November 12, 2018

Moral Dilemmas and the Future of Business Research SBAA Annual Meeting, November 12, 2018

Moral Dilemmas and the Future of Business Research SBAA Annual Meeting, November 12, 2018 William H. Glick H. Joe Nelson Professor of Management, Rice University Past Board Chair, AACSB International Parts of the Problem increasing

626 views • 23 slides

More recommend