IaC

Jan 1, 0001

Definition

Infrastructure as Code (IaC) is a practice in which infrastructure is provisioned and managed using machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. This approach allows for version control, automated testing, and consistent deployment of infrastructure resources, enhancing both scalability and reliability. IaC is commonly implemented using tools like Terraform, AWS CloudFormation, and Ansible, enabling teams to automate the provisioning of servers, networks, and other infrastructure components.

Secure Settings Example

# Terraform example for secure S3 bucket configuration
resource "aws_s3_bucket" "secure_bucket" {
  bucket = "my-secure-bucket"

  versioning {
    enabled = true
  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }

  acl = "private"

  logging {
    target_bucket = "my-logs-bucket"
    target_prefix = "log/"
  }
}

Insecure Settings Example

# Terraform example for insecure S3 bucket configuration
resource "aws_s3_bucket" "insecure_bucket" {
  bucket = "my-insecure-bucket"

  # Versioning is not enabled
  # Server-side encryption is not configured
  acl = "public-read"  # Public access

  # No logging configuration
}

IaC

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter