Analysis of infrastructure as code for compliance

Thumbnail Image

Files

master_Xamin_Alberto_2024.pdf (1.3 MB)

URL

Journal Title

Journal ISSN

Volume Title

Sähkötekniikan korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2024-05-20

Department

Major/Subject

Autonomous Systems

Mcode

ELEC3055

Degree programme

Master's Programme in ICT Innovation

Language

en

Pages

51

Series

Abstract

The goal of this project was to create an Infrastructure as Code compliance tool specifically targeting Terraform configuration files. The tool was implemented as a command in an existing open-source tool called \textit{datadog-ci}, which enables integration with continuous integration and continuous delivery pipelines. The tool can scan Terraform plan files for misconfigurations or incompatible resources. To ensure compatibility with the company's internal resource schedule, a resource aggregation algorithm was implemented to merge subordinate resources. The evaluation of the security rules is performed using the Open Policy Agent, which allows the use of a single policy language and model for all products and services. While the current implementation is functional, there are limitations in its scope and future work includes expanding support to more platforms and integrating the scanning logic with a cloud service within the enterprise infrastructure.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Bufalino, Jacopo
Renaud, Nicolas

Keywords

infrastructure as code, cloud compliance, continuous integration, open policy agent, terraform

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202406024012

Collections

[dipl] Sähkötekniikan korkeakoulu / ELEC