Software Supply Chain Controls for Terraform

Understanding Software Supply Chain security threats for Terraform which has been the default for Infrastructure as Code is important. in this episode Mike Ruth is sharing his experience of working on securing Terraform Cloud/Terraform Enterprise - no open source was harmed in the making of this episode.

Episode YouTube: ⁠⁠⁠ ⁠⁠⁠⁠⁠Video Link⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Mike's Linkedin (⁠⁠Mike Ruth)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Spotify TimeStamp for Interview Question

(00:00) Introduction

(03:27) A bit about Mike Ruth

(04:01) What is Terraform?

(05:38) Terraform in the context of supply chain

(07:24) Flavors of Terraform

(09:07) Deploying Terraform

(12:25) Terraform Architecture

(14:48) Research findings that Mike and Oca made

(25:52) Securing Terraform Architecture

(28:13) Policy Enforcement

(29:13) What is a Module?

(30:15) Security best practices for Terraform Deployment

(31:53) Learning about Terraform security

(34:44) Maturity for Terraform

(37:45) The Fun Questions

Mike spoke about Terraform Cloud Security Model during the interview.

See you at the next episode!