8 Security and compliance

This chapter covers

Choosing protections for credentials and secrets in IaC
Implementing policies to enforce compliant and secure infrastructure
Preparing end-to-end tests for security and compliance

In previous chapters, I alluded to the importance of securing infrastructure as code and checking its conformance with your organization’s security and compliance requirements. Oftentimes, you don’t address these requirements until later in your engineering process. By that point, you may have already deployed an insecure configuration or violated a compliance requirement about data privacy!

For example, imagine you work for a retail company called uDress. Your team has six months to build a new frontend application on ...

Get Infrastructure as Code, Patterns and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Infrastructure as Code, Patterns and Practices by Rosemary Wang

8 Security and compliance

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly