From the course: Cloud Security for DevSecOps Engineers: From Security Models to API Protection
Join today to access over 24,900 courses taught by industry experts.
Common security risks with IaC
From the course: Cloud Security for DevSecOps Engineers: From Security Models to API Protection
Common security risks with IaC
- [Instructor] Like web applications and APIs, there are various security risks that you should be aware of with infrastructure as code. Let's dive in and explore these risks and discuss mitigation strategies. One risk that many face is hard-coded secrets. This is identical to writing your passwords and tokens on a sticky note, but in reality, these credentials are left in the code. To mitigate this, leverage SaaS scanning solutions to identify secrets and remove them from your code. It would be ideal to include this scanning technology into your CI/CD pipelines prior to deployment. You also want to leverage a secrets management solution that you can leverage to inject them safely into your environment during runtime for deployment. This is an example of someone hard-coding a value, SuperSecretPassword123!, and set it as a type of SecureString within AWS Secrets Manager Parameter Store within Terraform. This service will treat this value as a secret encrypted within AWS. However, if…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Getting set up in GitHub Codespaces4m 46s
-
What is infrastructure as code (IaC)?5m 27s
-
(Locked)
Common security risks with IaC4m 46s
-
(Locked)
Policy-as-code basics4m 21s
-
(Locked)
IaC scanning basics5m 32s
-
(Locked)
Scan misconfigured IaC files and report findings using Trivy3m 30s
-
(Locked)
Purpose of automating IaC security scans1m 52s
-
(Locked)
GitHub Actions IaC scanning with Trivy6m 52s
-
(Locked)
-