February 20, 2020 Build Secure Cloud Environments With Infrastructure as Code Infrastructure as Code (IaC) is a fantastic approach for any company looking to meet a compliance standard or security protocol. Daniel Rankov MentorMate Alumni MentorMate has clients across a variety of industries that have very specific technology needs. We help fintech, healthcare, and education companies — among others — achieve the necessary level of security and compliance that their industries demand. Part of this work is ensuring that these companies build secure, cloud-based infrastructures that are SOC2, PCI DSS, or HIPAA compliant. The standard development process follows execution and testing that happens in multiple environments, like development, staging, and production. In some cases, companies even choose to build performance testing, integration, and disaster recovery environments. Supporting all these different workloads can be overwhelming without the right tools and processes in place. Manual processes often lead to inconsistencies across the multiple environments. This results in hours wasted debugging and determining why the services run well in one environment and not the other. Ultimately, it results in production downtime. Manually tracking changes and following a slow change management process is likely to lead to slow software delivery and security issues. Is there a better way to achieve consistent and repeatable deployments? How can we achieve better security and an auditable infrastructure? In the MentorMate Cloud Center of Excellence (CCOE), we follow and specialize in an approach known as Infrastructure as Code (IaC). As the name implies, IaC means the environment’s infrastructure is all written as code. It’s saved in a version control database. Peer reviews are conducted before the code is merged with the working version. By taking this approach, the infrastructure is: Secure — Having visibility over the infrastructure is great. What’s even more important is that the code can be scanned before it is deployed. With IaC, Security teams can proactively find and fix security issues before they occur. Auditable and Traceable — The code is versioned and implicitly only the people with permission can access it. This means you can always track who made changes and when. Repeatable and Consistent — The same code can be executed multiple times leading to the same result. Documented — Teams can save the time of explicitly documenting their infrastructure. Time-Saving — Teams no longer have to debug environment differences for hours and can focus on more value-adding activities. Part of the CI/CD Process — Infrastructure deployment can be integrated with the application deployment. This allows you to have a complete working service. Cost-Efficient — The infrastructure that is planned can be reviewed before the actual deployment happens. Imagine consistently and securely deploying your workloads across multiple environments in a matter of minutes — even in different geographic locations. Infrastructure as code makes all that possible. The Infrastructure as Code (IaC) model allows multiple environments to be deployed in the same way, at the same time. Infrastructure as Code Tools The MentorMate CCOE uses a couple of different IaC tools in our work: AWS CloudFormation and Azure Resource Manager templates. Both are cloud-native and considered industry standard depending on which cloud service provider you use. We also invest in building reference architectures, code, and modules that we reuse. This allows us to deliver value more quickly to clients. AWS CloudFormation As a configuration orchestration tool, AWS CloudFormation allows your infrastructure to be coded so that it automates your deployments. It provides sample templates with code on the most commonly used services. Additionally, AWS CloudFormation offers a huge library with complex architectures like the one for HITRUST-CSF workloads. We use these to learn, reuse, modify and adapt for the specific client use case. Azure Resources Manager Much like AWS CloudFormation, Azure Resources Manager provides IaC templates for projects built using Microsoft Azure. It offers management and organization tools that simplify how many tasks are handled. For instance, with Azure Resources Manager, you can organize resources into different groups. These can either be deployed or deleted quickly in one action. It also allows you to define your app’s dependencies and control who has access to what. Terraform We also like writing code using the open-source Terraform from HashiCorp. A large community of people contributes, so there are a lot of really great pieces of code and infrastructure there. Terraform is cloud-agnostic so infrastructure stacks from multiple cloud providers are supported. HashiCorp works closely with all the major cloud computing vendors to provide support for new services and features. Final Thoughts Infrastructure as Code is a fantastic approach for any company looking to meet a compliance standard or security protocol. It also provides the ability to repeat workloads. In addition to saving time, IaC also lowers the risk of security breaches. Further, automating infrastructure deployment enhances the adoption of DevOps practices. The MentorMate team has more than 100 AWS and Azure certifications, validating our passion, experience, and expertise. We’re also an AWS Advanced Consulting Partner. Learn more about our cloud services and contact us with any questions on how you can implement IaC into your workflows. Photo by Markus Spiske on Unsplash Tags Systems ArchitectureCloud & DevOpsCloud Native Share Share on Facebook Share on LinkedIn Share on Twitter Guide To Going Serverless You’ve decided AWS Lambda is the right choice to power your website or app. So, how do you get started? Download Share Share on Facebook Share on LinkedIn Share on Twitter Sign up for our monthly newsletter. Sign up for our monthly newsletter.