Many organizations adopting cloud find that 20 - 40% of their cloud spend is on over-provisioned, unused, and orphaned infrastructure. This is the result of an infinite volume of on-demand resources, provisioned frequently by many end-users, and across multi-cloud environments.
Terraform provides cloud infrastructure automation with infrastructure as code for provisioning, compliance, and management of any cloud infrastructure. This allows organizations to codify their desired use of infrastructure in the form of modules and then enforce best practices for how that infrastructure is provisioned and de-provisioned through the use of policies. This systematic approach along with central tracking and auditability provides a systematic approach for how organizations can reduce their cloud spend when they first adopt cloud and at any scale thereafter.
In this webinar, you'll learn more about Terraform, cloud infrastructure automation, and approaches to managing spend with modules, Sentinel policies, automated policy enforcement, and cost estimation. The session will include an overview of Terraform for this use case and a live demo.
6. The 4 essential
elements
of dynamic
infrastructure
⁄
Networking
Connect infrastructure
and applications
Security
Secure Infrastructure
and applications
Development
Run applications
Operations
Provision Infrastructure
7. The 4 essential
elements
of dynamic
infrastructure
⁄
Networking
Connect infrastructure
and applications
Security
Secure Infrastructure
and applications
Development
Run applications
OperationsOperations
Provision Infrastructure
8. Terraform
Use Cases
Adopt any cloud,
infrastructure, or
service safely,
efficiently, and
timely.
Multi-Cloud
Management
Provision and manage public
cloud, private infrastructure,
and external services
holistically while still
preserving the uniqueness of
each.
Self-Service
Infrastructure
Provide a library of approved
infrastructure that developers
can use to safely and
efficiently provision
infrastructure on-demand.
Infrastructure
as Code
Use infrastructure as code to
safely and efficiently
provision and manage
infrastructure at any scale.
9. Added several module arguments
Including count, for_each, and depends_on
New integration with Terraform Cloud
Authentication process has been streamlined to
remember a Terraform Cloud sourced API token
Updated support for Terraform Registry
Third-party providers are available for automatic
installation from both public and private registries
Introducing
Terraform
0.13
10. New “Getting Started” Walkthrough
Central location to get started using Terraform Cloud
Automate runs across workspaces
Run triggers enable workspaces to be smaller, more
reusable portions of the application pipeline
Improvements to user management
Consolidated the process to add, edit, and remove
users for an Organization
Terraform
Cloud &
Enterprise
Updates
12. Embed Enforce View
When operations is no longer the gatekeeper to
infrastructure, how to approach operational consistency?
13. ▪ Enable mandatory tags
▪ Restrict premium instance usage
▪ Ensure use of ttl variable
Embed
Define best practices
for infrastructure
14. ▪ Infrastructure has tags
▪ Dev-stage is right-sizing instances
▪ Dev-infrastructure is not provisioned after hours
▪ Infrastructure does not exceed cost estimate thresholds
Enforce
Use policy to verify
best practices
15. ▪ View of all EC2 instances
▪ View of infrastructure costs associated with phases of
application development
▪ View of infrastructure costs associated with an
applications deployment
View
Consistent visibility
into infrastructure state
and costs
16. ▪ Write infrastructure as code as
reusable modules
▪ Validate modules that become
pre-approved
▪ Publish modules to library
Embed Infrastructure Best Practices
Terraform Infrastructure as Code Modules
17. ▪ Define provision-time policy for
security, compliance, and
operational best practices
▪ Validate and pre-approve policies
▪ Publish for automated
enforcement
Enforce Best Practices with Policies
Terraform & Sentinel Policy as Code Management
18. ▪ Infrastructure state provides a
current view of provisioned
infrastructure
▪ Cost estimation gives projected
costs for infrastructure
View Infrastructure State & Estimate
19. Publicly Available on GitHub
hashicorp/terraform-foundational-policies-library
~50 Policies Initially Available
Based on CIS Benchmarks, including: Compute,
Databases, Kubernetes, Storage, Networks
Covering the Major Cloud Providers
AWS, Azure, and Google Cloud Platform
Terraform
Foundational
Policies
Library
21. Demos Use Cases
● Difficult to Visualize Infrastructure Costs
● Inopportune Deployment Practices
● Inconsistent Infrastructure Configurations
● Align to Center for Internet Security
Benchmarks
22. Demos Use Case Accomplishments
● Enable Cost Estimation
● Utilize Sentinel Policy as Code
○ Configure Cost Limits
○ Follow Corporation Guidelines
○ Verify Infrastructure Uniformity
○ Adhere to Center for Internet Security
Benchmarks