Infrastructure as Code Security Best Practices and Strategies

Explore Infrastructure as Code (IaC) security best practices and strategies in this conference talk from Conf42 DevSecOps 2023. Learn how to tag resources properly, avoid insecure defaults, and regularly check for announcements in cloud platforms. Discover the importance of secret management and permission management, and understand why these practices are crucial. Gain insights on tracking and managing changes using version control tools, and how to use pipelines to automatically analyze security vulnerabilities. Be cautious when managing resources with IaC in pipelines, and learn about the risks of poisoned pipeline execution. Find out how to protect specific resources from accidental deletion or modification. This comprehensive overview covers essential aspects of securing your infrastructure as code implementations.

intro
preamble
about joshua
let's begin
tag resources properly
avoid insecure defaults and regurarly check for announcements in cloud platforms
secret management & permission management
why?
track and manage changes using version control tools
use pipelines to analyze security vulnerabilities automatically
be careful when managing resources with iac in pipelines!
poisoned pipeline execution
protect specific resources from accidental deletion or modification
the end