DevOps Guide to Terraform Security - some key security considerations that we will cover in this paper, such as dependencies, secrets, secure collaboration, workflow, drift, and threats
Terrascan Sandbox | Tenable® - Terrascan is a static code analyzer for Infrastructure as Code that can detect compliance and security violations across Infrastructure as Code (IaC) to mitigate risk befor provisioning cloud native infrastructure
Guidelines for Configuration-based Infrastructure
Nothing should exist in the AWS accounts that is not defined in Terraform
The Terraform environment checked into main should always be the current state of the environment, defined as a terraform plan running with no expected changes to the environment
Because the dev, test, impl, and prod environments should have identical structure, the only difference between the four should be individual variables that are used to define their individual conditions such as IP addresses, routes, and system/bucket names