Analysis of Infrastructure as Code for Compliance
Loading...
Journal Title
Journal ISSN
Volume Title
Sähkötekniikan korkeakoulu |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Author
Date
2024-05-20
Department
Major/Subject
Autonomous Systems
Mcode
ELEC3055
Degree programme
Master's Programme in ICT Innovation
Language
en
Pages
51
Series
Abstract
The goal of this project was to create an Infrastructure as Code compliance tool specifically targeting Terraform configuration files. The tool was implemented as a command in an existing open-source tool called \textit{datadog-ci}, which enables integration with continuous integration and continuous delivery pipelines. The tool can scan Terraform plan files for misconfigurations or incompatible resources. To ensure compatibility with the company's internal resource schedule, a resource aggregation algorithm was implemented to merge subordinate resources. The evaluation of the security rules is performed using the Open Policy Agent, which allows the use of a single policy language and model for all products and services. While the current implementation is functional, there are limitations in its scope and future work includes expanding support to more platforms and integrating the scanning logic with a cloud service within the enterprise infrastructure.Description
Supervisor
Aura, TuomasThesis advisor
Bufalino, JacopoRenaud, Nicolas
Keywords
infrastructure as code, cloud compliance, continuous integration, open policy agent, terraform