On DevOps — 22. Security in Infrastructure as Code with Terraform — Everything You Need to Know

1. Infrastructure Security and Infrastructure Code Security

With DevOps, we try to manage our infrastructure using pure code. It’s automated, making it easier to manage, faster to deploy, and possibly can be reused too, hence reducing human labor and eliminating errors.

Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial.

We often say that security is job zero; when it comes to infrastructure, it’s even more so. If, for example, the database password is included in the code, and someone else gets access to the code, the infrastructure might be compromised, simple as that.

So, while adding security group rules to make sure only the least-privilege access is allowed to your database helps to improve the security around the infrastructure, handling the code properly (for example, not storing the database password directly in the code) to improve the security around the code is also one of our top priorities.

Today, we will have a look at possible security leaks and enhancements in the infrastructure code.