Avoiding IAC Potholes with Policy and Cloud Controllers

Explore strategies for enabling and securing self-serve cloud infrastructure in large organizations using Kubernetes. Learn how to overcome challenges associated with Enterprise Security Architectures and Infrastructure as Code (IAC) pipelines when teams provision infrastructure through Kubernetes. Discover how to implement policy engines like Kyverno to secure a model that utilizes Kubernetes native and hosted cloud controllers, such as Crossplane, for infrastructure provisioning. Gain insights into enforcing compliance and security requirements centrally while allowing application teams to self-serve. Examine an open-source library of policies integrated with OSCAL for commonly used AWS services, aligned with NIST800-53 controls. Understand how this approach simplifies the developer experience by enabling dynamic generation of cloud resources with secure defaults, while facilitating auditing by compliance teams.

Avoiding IAC Potholes with Policy + Cloud Controllers - Andrew Martin, ControlPlane