Easing the PaC transition
IaC and PaC enhance visibility and compliance, giving CIOs and IT teams control at scale. But still, their adoption often meets resistance in some organisations.
“Anytime you have to inject a new technology, it can be perceived as new and scary, adding another layer to what’s perceived as an already complex process.” explains Kyle Ruddy, “Some of that comes down to apprehension in changing the status quo, and some of that comes down to skillset.”
Starting from scratch with IaC and PaC is hard. That’s why HashiCorp and AWS have built integrations, reusable modules, and reusable Sentinel policy sets, so that teams don’t have to start from square one when adopting policy as code.
AWS and HashiCorp’s recently released set of pre-written AWS infrastructure policies gives AWS customers the immediate benefits of Sentinel policy as code, without having to invest in the heavy lifting of writing their own Sentinel policies from scratch.
Available in the Terraform registry, the first set of policies focus on applying Centre for Internet Security (CIS) AWS Foundation benchmarks across eight different services.
AWS and HashiCorp will continue to co-develop comprehensive Terraform policies that provide expert guidance on architecting, configuring, and operating on AWS.
This will include policies for additional AWS services with standards set by governing bodies such as CIS, Health Insurance Portability and Accountability Act (HIPAA), Fintech Open Source Foundation (FINOS), the AWS Well-Architected Framework, and AWS Foundational Security Best Practices.
This joint effort will help accelerate customer time-to-value, mitigate implementation risk, and provide a framework to address outcome-driven use cases surrounding security and compliance.
Users can simply select the relevant policies from the policy library and apply them to their Terraform environments, giving them a strong foundation which they can customise to match their own requirements. This avoids the costs of developing these policies internally.
These policies can be uploaded to Git repositories for easy access and version control. They can be grouped into sets to be enforced on individual workspaces or across projects.
With consistent policies that enforce security best practices, it’s easier to confirm that resources are being provisioned in a properly secured and managed way.
These policies are already in use with HashiCorp customers, with over half a million downloads since they went into general availability.
As Ruddy adds: “The goal on where we’re going with these policies is that we can hopefully remove a step in the current workflow for organizations deploying their resources, because now you have these policies that can be applied in line to the way these resources are created and managed – it’s been automated and codified.”
By combining them with Terraform, Sentinel and AWS, enterprises can get a head start on their IaC and PaC journey, and open up a more consistent, secure approach to provisioning and managing resources in the cloud.
Policy library repository: Pre-written Sentinel policies for AWS CIS Foundations benchmarking
Demo video: Pre-written Sentinel policy sets for AWS
