terraform earth
play

Terraform Earth Secure Infrastructure for Developers Chase Evans - PowerPoint PPT Presentation

Aug 23, 2023 •177 likes •754 views

Terraform Earth Secure Infrastructure for Developers Chase Evans Timeline 1. Where we were before May 2. Where we are today 3. Where we are going Timeline 1. Where we were before May GeoEngineer Builds Terraform state files by

  1. Terraform Earth Secure Infrastructure for Developers Chase Evans

  2. Timeline 1. Where we were before May 2. Where we are today 3. Where we are going

  3. Timeline 1. Where we were before May

  4. GeoEngineer ● Builds Terraform state files by fetching remote resources, think `$ terraform refresh` Manual and distributed changes easily reconciled ● when AWS is the source of truth Looks like HCL ● ● github.com/coinbase/geoengineer

  5. Applying Resources

  6. Terraform Mars

  7. The Problem

  8. The Problem (Bottlenecking)

  9. The Problem (Bottlenecking)

  10. The Problem (Bottlenecking)

  11. The Problem (Business units)

  12. The Problem (Platform vs Operations)

  13. The Problem (Did you remember to pull?)

  14. The Problem (Credential proliferation)

  15. The Problem (VPC proliferation)

  16. Timeline 1. Where we were before May 2. Where we are today

  17. Introducing Terraform Earth

  18. Heimdall ● Records PR approvals with MFA ● Provides a clean API ● Not vulnerable to administrative Github tampering

  19. Terraform Earth

  20. Single Production Deployment ● One deployment makes updates easier ● New VPCs work without deployment

  21. Flow Diagram

  22. Flow Diagram

  23. Why bother locking? ● Concurrent changes are usually safe ● Sometimes multiple PRs pile up and need to modify a resource in order

  24. Flow Diagram

  25. Why SHAs and not ‘master’? ● Master is just a label and moves frequently ● Code has quorum, not labels ● Something could be merged to the repo between quorum check and clone

  26. Flow Diagram

  27. Handling Failure ● Retry the GeoEngineer apply with backoff AWS rate limits heavily AWS has failures ● Queue and retry ● Replay the webhook using Github administration ● Add an endpoint to manually intervene

  28. Handling Failure Not great solutions, if you have ideas, let me know

  29. Staging Deploys ● Setup a bot with limited privileges You can test the flow, without breaking everything We have a separate repository that defines 1 S3 bucket ● Make a periodic cleaner that cleans up test resources We use lambdas to do this

  30. Timeline 1. Where we were before May 2. Where we are today 3. Where we are going

  31. Team Scaling

  32. Team Scaling

  33. Team Scaling

  34. Resource Configuration Today

  35. Ownership

  36. Ownership

  37. Resource Configuration Today ● project = Project.new(‘infra/heimdall’, aws_accounts) ● project.service_with_elb(‘api’, configuration) ● project.rds_instance(‘db’, configuration)

  38. What’s Wrong? ● Uses language the Infrastructure team knows ● Developer’s mental model of deploys is not represented ● Too many options, very little opinion ● Code is too flexible

  39. Resource Configuration Tomorrow name: ‘developers/my-service’ services: - api: load_balanced: true accessible_by: [‘developers/my-other-service’] databases: - postgres: size: medium

  40. Ownership

  41. Ownership

  42. The Future

  43. Design Considerations ● Mono-repo or multi-repo ● Automated workflows (PR bots) ● Exposing the information to outside services

  44. The Other Half ● Provisioning and management is now easy ● Operation is not

  45. Account Stewardship Today

  46. Account Stewardship Today

  47. Account Stewardship Tomorrow

  48. Complications ● Managing connectivity between many VPCs is hard ● Like microservices, finding the right domain is difficult ● How much access is enough access?

  49. Team Scaling

  50. Team Scaling

  51. The Future

  52. The Future

  53. The Future

  54. The Future

  55. Secure Infrastructure for Developers Or: Infrastructure with Vacation

  56. We’re Hiring! careers.coinbase.com

  57. Questions? chase.evans@coinbase.com

Recommend

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to automate NSX to provide virtualized networking and security services using both ESXi and KVM based hypervisor hosts as well as container networking and

1.68k views • 150 slides
Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram

Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram

Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram Cofounder, Nava PBC What is Terraform? A tool for building , changing , and versioning infrastructure Manage cloud providers Infrastructure as Code

958 views • 56 slides
Brookfield and TerraForm Power: New Sponsor Transaction March 7, 2017 Risk Factors &

Brookfield and TerraForm Power: New Sponsor Transaction March 7, 2017 Risk Factors &

Brookfield and TerraForm Power: New Sponsor Transaction March 7, 2017 Risk Factors & Additional Information This presentation provides certain information relating to a new sponsor transaction between TerraForm Power, Inc. (TerraForm

160 views • 14 slides
AWS Identity and Access Management (IAM) made easy with Terraform Kala Maturi, Technology

AWS Identity and Access Management (IAM) made easy with Terraform Kala Maturi, Technology

AWS Identity and Access Management (IAM) made easy with Terraform Kala Maturi, Technology Services Yoon Lee, Technology Services Topics AWS Authentication AWS Authorization About Roles & Policies Best practices Terraform

1.92k views • 33 slides
Terraform Colonise the cloud! Stefan Magnus Landr, BEKK Consulting AS ApacheCon North America

Terraform Colonise the cloud! Stefan Magnus Landr, BEKK Consulting AS ApacheCon North America

Terraform Colonise the cloud! Stefan Magnus Landr, BEKK Consulting AS ApacheCon North America 2017 - 17. May 2017 1 Terraform Commandline tool (go) (OS X, Windows, Linux, ) Developed by Hashicorp (Vagrant, Packer, Consul, Nomad)

1.07k views • 17 slides
Vault Provider The Vault provider allows Terraform to read from, write to, and congure

Vault Provider The Vault provider allows Terraform to read from, write to, and congure

Vault Provider The Vault provider allows Terraform to read from, write to, and congure Hashicorp Vault (https://vaultproject.io/). Important Interacting with Vault from Terraform causes any secrets that you read and write to be persisted in both

1.82k views • 159 slides
Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform vs

Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform vs

Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform vs ServerlessFramework Bruno Amaro Almeida | 9 Sept 2019 @bruno_amaro Community Day 2019 Sponsors FUTURE. CO-CREATED. Nordic Roots, Global Mindset

238 views • 23 slides
Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1.

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins Duncan Hutty Overview 1. Introduction: Context, Philosophy 2. Provisioning Exercises 1. MVP 2. Testing 3. CI/CD 4. Refactoring 3. Coping with complexity & scale

946 views • 49 slides
How to Automated testing for: terraform test docker packer infrastructure

How to Automated testing for: terraform test docker packer infrastructure

How to Automated testing for: terraform test docker packer infrastructure kubernetes and more code Passed: 5. Failed: 0. Skipped: 0. Test run successful. The DevOps world is full of Fear Fear of outages Fear of security

2.33k views • 200 slides
IAC WITH TERRAFORM Based in Toronto, Canada Goal: Build software that dramatically reduces

IAC WITH TERRAFORM Based in Toronto, Canada Goal: Build software that dramatically reduces

ARTURO PIE @arturo_pie IAC WITH TERRAFORM Based in Toronto, Canada Goal: Build software that dramatically reduces waste in the global supply chain We serve Kelloggs, P&G, DHL, LOreal and others Software Craftsmanship

621 views • 38 slides
StatusCake Provider The StatusCake provider allows Terraform to create and congure tests in

StatusCake Provider The StatusCake provider allows Terraform to create and congure tests in

StatusCake Provider The StatusCake provider allows Terraform to create and congure tests in StatusCake (https://www.statuscake.com/). StatusCake is a tool that helps to monitor the uptime of your service via a network of monitoring centers

466 views • 3 slides
The age of the Earth first half billion years Discuss

The age of the Earth first half billion years Discuss

Earth 10 million years old Which of the days learning Welcome to objecEves seem most difficult? Class 6: Early Earth 3 1. Earth age, how

57 views • 5 slides
Earth in Space Section 19:1 - Earth in Space How Earth Moves Earth moves through space in

Earth in Space Section 19:1 - Earth in Space How Earth Moves Earth moves through space in

Earth in Space Section 19:1 - Earth in Space How Earth Moves Earth moves through space in two major ways: rotation and revolution. - Earth in Space Sunlight Striking Earths Surface Near the equator, sunlight strikes Earths

247 views • 7 slides
Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata

Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata

Slide 1 / 75 Slide 2 / 75 6th Grade Earth's Materials and Systems Part 1: The History of Planet Earth 2015-08-27 www.njctl.org Slide 3 / 75 Slide 4 / 75 Table of Contents: The History of Planet Earth Click on the topic to go to that

308 views • 13 slides
Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata Return to

Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata Return to

Slide 1 / 75 Slide 2 / 75 6 th Grade PSI Earth's Materials and Systems Part I : The History of Planet Earth www.njctl.org Slide 3 / 75 Slide 4 / 75 Table of Contents: The History of Planet Earth Click on the topic to go to that section

281 views • 13 slides
UltraDNS Provider This provider is unmaintained , read more details in the README

UltraDNS Provider This provider is unmaintained , read more details in the README

UltraDNS Provider This provider is unmaintained , read more details in the README (https://github.com/terraform-providers/terraform- provider-ultradns/blob/master/README.md). The UltraDNS provider is used to interact with the resources supported

429 views • 12 slides
Orchestra)ng Containers with Consul and Terraform Mitchell Hashimoto @mitchellh

Orchestra)ng Containers with Consul and Terraform Mitchell Hashimoto @mitchellh

Orchestra)ng Containers with Consul and Terraform Mitchell Hashimoto @mitchellh ORCHESTRATION? Why is it needed? What is it? ORCHESTRATION Do some set of ac)ons, to a set of things, in a

1.47k views • 70 slides
Rare Earth ? N to date N = N * f s f GHZ f p n H f l N * = 4 x 10 11 f s = 0.2 f GHZ =

Rare Earth ? N to date N = N * f s f GHZ f p n H f l N * = 4 x 10 11 f s = 0.2 f GHZ =

Rare Earth ? N to date N = N * f s f GHZ f p n H f l N * = 4 x 10 11 f s = 0.2 f GHZ = 0.1 f p = 0.8 n H = 2 f l = 1.0 N = 1.3 x 10 10 The Goldilocks Effect Earth is Just Right Yes, life on Earth has adapted to Earth,

426 views • 23 slides
Creating an iRODS zone with terraform Brett Hartley iRODS at Sanger - 2019 6 production zones,

Creating an iRODS zone with terraform Brett Hartley iRODS at Sanger - 2019 6 production zones,

Creating an iRODS zone with terraform Brett Hartley iRODS at Sanger - 2019 6 production zones, 6 dev zones 23PB Where we were: Mostly 4.1.12, with one 3.3.1 Graph/Media Area Mostly Ubuntu 12.04 Some 18.04 and RedHat 7.4 Where we wanted

303 views • 13 slides
The Earth and the Moon We will discuss the general characteristics of the Earth as a point

The Earth and the Moon We will discuss the general characteristics of the Earth as a point

The Earth and the Moon We will discuss the general characteristics of the Earth as a point of useful comparison and contrast with other Solar System bodies. Astronomy 291 1 Interior Structure of the Earth Core (largely Fe-Ni)

891 views • 71 slides
Aims To understand what Earth Day is. To understand how we can take action to support Earth

Aims To understand what Earth Day is. To understand how we can take action to support Earth

Aims To understand what Earth Day is. To understand how we can take action to support Earth Days aims. Today We Will Ask What is Earth Day? Why is Earth Day important? What is the theme for Why is climate action Earth Day 2020?

493 views • 13 slides
Scalable WordPress in AWS Elastic Beanstalk Stephen J. Butler, Technology Services

Scalable WordPress in AWS Elastic Beanstalk Stephen J. Butler, Technology Services

Scalable WordPress in AWS Elastic Beanstalk Stephen J. Butler, Technology Services sbutler1@Illinois Tools Terraform https://www.terraform.io/ UIUC AWS https://aws.illinois.edu/ aws-support@illinois.edu Labs

657 views • 53 slides
1 Google Earth on Earth Google Earth + AROnSite Building placed in Google Earth

1 Google Earth on Earth Google Earth + AROnSite Building placed in Google Earth

Project proposal MARACAT Mobile Augmented Reality for Architects, Communities, Ads and Things for Tekes UbiCom research programme 2007 Background Work Find appealing Application concept ARPhone furniture in ad Placing virtual

319 views • 5 slides
PLATE TECTONICS Revolution in Earth Science The Earth System Understanding Earth 6th edition

PLATE TECTONICS Revolution in Earth Science The Earth System Understanding Earth 6th edition

FUNDAMENTALS OF EARTH SCIENCE I FALL SEMESTER 2018 PLATE TECTONICS Revolution in Earth Science The Earth System Understanding Earth 6th edition Earths layers CRUST (solid) MANTLE (solid) OUTER CORE (liquid) INNER CORE (solid)

1.06k views • 55 slides

More recommend