Analysis of Infrastructure as Code for Compliance

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Sähkötekniikan korkeakoulu | Master's thesis
Date
2024-05-20
Department
Major/Subject
Autonomous Systems
Mcode
ELEC3055
Degree programme
Master's Programme in ICT Innovation
Language
en
Pages
51
Series
Abstract
The goal of this project was to create an Infrastructure as Code compliance tool specifically targeting Terraform configuration files. The tool was implemented as a command in an existing open-source tool called \textit{datadog-ci}, which enables integration with continuous integration and continuous delivery pipelines. The tool can scan Terraform plan files for misconfigurations or incompatible resources. To ensure compatibility with the company's internal resource schedule, a resource aggregation algorithm was implemented to merge subordinate resources. The evaluation of the security rules is performed using the Open Policy Agent, which allows the use of a single policy language and model for all products and services. While the current implementation is functional, there are limitations in its scope and future work includes expanding support to more platforms and integrating the scanning logic with a cloud service within the enterprise infrastructure.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Bufalino, Jacopo
Renaud, Nicolas
Keywords
infrastructure as code, cloud compliance, continuous integration, open policy agent, terraform
Other note
Citation