15:40 - 16:10 | Blueprint LDN Keynote Theatre
Crushing your cloud misconfiguration MTTR with open source
Wednesday September 22nd 2021
Every cloud provider has a best practice document for tagging (add metadata to) infrastructure as code (IaC) resources. While they describe what we should do, they do not provide advice on how or why in order to maximise the benefits.
In this talk we’ll harness GitOps practices, consistent IaC tagging automation and automated security checks to build a shift-left and runtime policy-as-code security strategy.
We’ll start by seeing how misconfigured and insecure resource definitions are caught prior to deployment. We will also show how, when resource misconfiguration or “drift” is discovered at runtime, a consistent tagging strategy allows resources to be traced back to the appropriate commit.
This reveals a best fix location and author to vastly reduce our mean time to remediate (MTTR).
We’ll be using GitHub, AWS and a combination of open source solutions: Checkov (IaC Policy and Scanning) + Yor (IaC Tag and Trace)