You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cloud Guardrails makes no mention of Infrastructure as code (IaC). Infrastructure as code is key to a truly secure infrastructure. Teams following the guardrails are left to apply policies using ClickOps with no or little focus put on reproducibility and change management.
Infrastructure as code (IaC) is the process of managing and provisioning resources in the cloud, usually with declarative approaches (Bicep, Terraform) combined with version control.
Benefits: reduce cost, increase speed, and reduce risk
cost: by removing the manual component, people are able to refocus their efforts on other tasks
speed: Infrastructure automation enables speed through faster execution when configuring infrastructure
risk: automation reduces the risk associated with human error
Intended users
Developers: facilitate deployment of development environments that mirror production infrastructure
DevOps: facilitate developing new services and promotes reuse
SRE: traceability in changes
Management: facilitate transition of infrastructure management
Security: declarative approaches to infrastructure facilitate reviews (and makes possible automated review)
Further details
Version controlled declarative IaC languages enabling cross-cloud deployments to lessen dependency on a single supplier should be strongly recommended.
Proposal
Requirement for IaC should be front and center in the cloud guardrails.
Permissions and Security
Basic infrastructure should allow proper permissions relative to the environment in which it operates:
dev: developers can deploy infrastructure resources IaC with unclassified or test data
staging or UAT: team devops can deploy infrastructure IaC
production: organization-level administration deploy on production data
What does success look like, and how can we measure that?
Widespread adoption of IaC across all our cloud subscriptions.
Problem to solve
Cloud Guardrails makes no mention of Infrastructure as code (IaC). Infrastructure as code is key to a truly secure infrastructure. Teams following the guardrails are left to apply policies using ClickOps with no or little focus put on reproducibility and change management.
Infrastructure as code (IaC) is the process of managing and provisioning resources in the cloud, usually with declarative approaches (Bicep, Terraform) combined with version control.
Benefits: reduce cost, increase speed, and reduce risk
Intended users
Further details
Version controlled declarative IaC languages enabling cross-cloud deployments to lessen dependency on a single supplier should be strongly recommended.
Proposal
Requirement for IaC should be front and center in the cloud guardrails.
Permissions and Security
Basic infrastructure should allow proper permissions relative to the environment in which it operates:
What does success look like, and how can we measure that?
Widespread adoption of IaC across all our cloud subscriptions.
Links / references
The text was updated successfully, but these errors were encountered: