SlideShare a Scribd company logo

Managing Github via Terrafom.pdf

M
micharaeck

Managing Github via Terrafom

1 of 47
Download to read offline
MANAGING GITHUB VIA TERRAFOM TO
BE COMPLIANT WITH ISO27001
Remove the UI from your On- / Offboarding GitHub Workflow
MICHA(EL) RAECK
PRODUCT OWNER DEVSECOPS
Developing a platform as a Product tailored for all
engineering colleagues.
Utilizing Kubernetes to manage cloud-native services
within Hyperscalers (AWS mostly).
Offering consultancy services for customer projects.
Coordination of contractors.
• 37 y/o
• From Leipzig (working Hybrid)
• Owned an Full Service Media Agency for
10 years
• Owned a Bar and a Restaurant
• Was a Lead Developer and Head of
Infrastrcuture at 1337 UGC
What we do as a Team? Who am I ?
3
PROBLEM
1
4
1. PROBLEM
800Repos within 12Organizations
Different Teams / Teams in Teams /
External Users / External Users in Internal Repos ?!
5
1. PROBLEM
1.Complexity in Management:
§ Managing a variety of GitHub repositories.
§ Managing a variety of GitHub Organizations.
2.User and Access Management:
• Coordinating multiple users, groups, and teams.
• Implementing consistent permissions and branch protection rules.
3.Collaboration with External Parties:
• Providing guest access to partners and customers.
• Ensuring controlled permissions for external users to
pull or push to repositories.
6
1. PROBLEM
ISO27001:2013 requires:
Access Control: Ensuring strict access control in line with ISO 27001
to prevent unauthorized information disclosure or modification.
Audit Trails: Implementing comprehensive audit trails for changes and
access to repositories and its User Management to meet ISO 27001's monitoring
and logging standards.
Information Security Policies: Developing and enforcing information
security policies that comply with the ISO 27001 framework across all
GitHub repositories and teams.
4-Eyes Principle:

Recommended

Git ops & Continuous Infrastructure with terra*
Git ops  & Continuous Infrastructure with terra*Git ops  & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Haggai Philip Zagury
 
Gerrit Code Review: how to script a plugin with Scala and Groovy
Gerrit Code Review: how to script a plugin with Scala and GroovyGerrit Code Review: how to script a plugin with Scala and Groovy
Gerrit Code Review: how to script a plugin with Scala and GroovyLuca Milanesio
 
Speeding up your team with GitOps
Speeding up your team with GitOpsSpeeding up your team with GitOps
Speeding up your team with GitOpsBrice Fernandes
 
Enterprise git
Enterprise gitEnterprise git
Enterprise gitPedro Melo
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Diffy gets enterprise grade
Diffy gets enterprise gradeDiffy gets enterprise grade
Diffy gets enterprise gradeEryk Szymanski
 

More Related Content

Similar to Managing Github via Terrafom.pdf

Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Mark Hamstra
 
Delivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsDelivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsWeaveworks
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Introduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticleIntroduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticlePRIYATHAMDARISI
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdfMinhTrnNht7
 
Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!CollabNet
 
Icinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga
 
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...Edureka!
 
[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructure[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructureRodrigo Stefani Domingues
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWeaveworks
 
Leveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningEvans Ye
 
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningLeveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningDataWorks Summit
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Open up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubOpen up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubScott Graham
 
Intro to Git for Drupal 7
Intro to Git for Drupal 7Intro to Git for Drupal 7
Intro to Git for Drupal 7Chris Caple
 
La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...CloudNativeElSalvado
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on CodefreshCodefresh
 

Similar to Managing Github via Terrafom.pdf (20)

Git Basics
Git BasicsGit Basics
Git Basics
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
Dev, Staging & Production Workflow with Gitify (at MODXpo 2015 in Munich)
 
Delivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsDelivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOps
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Introduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech ArticleIntroduction to GitHub, Open Source and Tech Article
Introduction to GitHub, Open Source and Tech Article
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdf
 
Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!Don't Let Git Get Your Goat!
Don't Let Git Get Your Goat!
 
Icinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2botIcinga Camp New York 2018 - Icinga2bot
Icinga Camp New York 2018 - Icinga2bot
 
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
What is Git | What is GitHub | Git Tutorial | GitHub Tutorial | Devops Tutori...
 
[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructure[2020 git lab commit] continuous infrastructure
[2020 git lab commit] continuous infrastructure
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
 
Leveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioning
 
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioningLeveraging Docker for Hadoop build automation and Big Data stack provisioning
Leveraging Docker for Hadoop build automation and Big Data stack provisioning
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
 
Open up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHubOpen up your platform with Open Source and GitHub
Open up your platform with Open Source and GitHub
 
Github basics
Github basicsGithub basics
Github basics
 
Intro to Git for Drupal 7
Intro to Git for Drupal 7Intro to Git for Drupal 7
Intro to Git for Drupal 7
 
La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...La importancia de versionar el código: GitHub, portafolio y recursos para est...
La importancia de versionar el código: GitHub, portafolio y recursos para est...
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on Codefresh
 

Recently uploaded

AWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdfAWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdfVladimir Samoylov
 
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptxNinia
 
Partnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the CaribbeanPartnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the CaribbeanCaribbean Development Bank
 
Supporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the CaribbeanSupporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the CaribbeanCaribbean Development Bank
 
Present and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the CaribbeanPresent and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the CaribbeanCaribbean Development Bank
 
VAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir ChildrenVAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir Childrendilgpitogo2023
 
Scaling up renewable energy investments in West Africa
Scaling up renewable energy investments in West AfricaScaling up renewable energy investments in West Africa
Scaling up renewable energy investments in West AfricaFrancois Stepman
 
Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...Giulio Prisco
 
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptxONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptxDivyaPatel621561
 
KKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program ConceptKKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program ConceptKarthik Krishna
 
DAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptxDAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptxFamilyWorshipCenterD
 
West Africa Scene Setting African Continental Master Plan (CMP) for electrici...
West Africa Scene Setting African Continental Master Plan (CMP) for electrici...West Africa Scene Setting African Continental Master Plan (CMP) for electrici...
West Africa Scene Setting African Continental Master Plan (CMP) for electrici...Francois Stepman
 
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptxTeams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptxKai Stenberg
 

Recently uploaded (13)

AWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdfAWS RDS Data API and CloudTrail. Who drop the table_.pdf
AWS RDS Data API and CloudTrail. Who drop the table_.pdf
 
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
1.2 Ingredients Used for Sandwiches 1.3 Culinary Terms.pptx
 
Partnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the CaribbeanPartnerships for Resilient Prosperity in the Caribbean
Partnerships for Resilient Prosperity in the Caribbean
 
Supporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the CaribbeanSupporting Resilient Prosperity in the Caribbean
Supporting Resilient Prosperity in the Caribbean
 
Present and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the CaribbeanPresent and Future Requisites for Prosperity in the Caribbean
Present and Future Requisites for Prosperity in the Caribbean
 
VAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir ChildrenVAWC-RA-9262 Anti Violence Against Women and THeir Children
VAWC-RA-9262 Anti Violence Against Women and THeir Children
 
Scaling up renewable energy investments in West Africa
Scaling up renewable energy investments in West AfricaScaling up renewable energy investments in West Africa
Scaling up renewable energy investments in West Africa
 
Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...Space expansion: cultural considerations, long term perspectives, and spiritu...
Space expansion: cultural considerations, long term perspectives, and spiritu...
 
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptxONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
ONLINE RESORT BOOKING SYSTEM WEBSITE 1.pptx
 
KKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program ConceptKKrish - DOVE Leadership Program Concept
KKrish - DOVE Leadership Program Concept
 
DAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptxDAY 05 Book of Revelation 2-18-24 PPT.pptx
DAY 05 Book of Revelation 2-18-24 PPT.pptx
 
West Africa Scene Setting African Continental Master Plan (CMP) for electrici...
West Africa Scene Setting African Continental Master Plan (CMP) for electrici...West Africa Scene Setting African Continental Master Plan (CMP) for electrici...
West Africa Scene Setting African Continental Master Plan (CMP) for electrici...
 
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptxTeams Nation 2024 - #Copilot & Teams or Just Premium.pptx
Teams Nation 2024 - #Copilot & Teams or Just Premium.pptx
 

Managing Github via Terrafom.pdf

  • 1. MANAGING GITHUB VIA TERRAFOM TO BE COMPLIANT WITH ISO27001 Remove the UI from your On- / Offboarding GitHub Workflow
  • 2. MICHA(EL) RAECK PRODUCT OWNER DEVSECOPS Developing a platform as a Product tailored for all engineering colleagues. Utilizing Kubernetes to manage cloud-native services within Hyperscalers (AWS mostly). Offering consultancy services for customer projects. Coordination of contractors. • 37 y/o • From Leipzig (working Hybrid) • Owned an Full Service Media Agency for 10 years • Owned a Bar and a Restaurant • Was a Lead Developer and Head of Infrastrcuture at 1337 UGC What we do as a Team? Who am I ?
  • 4. 4 1. PROBLEM 800Repos within 12Organizations Different Teams / Teams in Teams / External Users / External Users in Internal Repos ?!
  • 5. 5 1. PROBLEM 1.Complexity in Management: § Managing a variety of GitHub repositories. § Managing a variety of GitHub Organizations. 2.User and Access Management: • Coordinating multiple users, groups, and teams. • Implementing consistent permissions and branch protection rules. 3.Collaboration with External Parties: • Providing guest access to partners and customers. • Ensuring controlled permissions for external users to pull or push to repositories.
  • 6. 6 1. PROBLEM ISO27001:2013 requires: Access Control: Ensuring strict access control in line with ISO 27001 to prevent unauthorized information disclosure or modification. Audit Trails: Implementing comprehensive audit trails for changes and access to repositories and its User Management to meet ISO 27001's monitoring and logging standards. Information Security Policies: Developing and enforcing information security policies that comply with the ISO 27001 framework across all GitHub repositories and teams. 4-Eyes Principle:
  • 7. 7 1. PROBLEM ACCESS CONTROL ONBOARDING / OFFBOARDING What GitHub offers:
  • 8. 8 1. PROBLEM GITHUB AUDIT LOG What GitHub offers:
  • 9. 9 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO?
  • 10. 10 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO? Nah, Not really.
  • 11. 11 1. PROBLEM Does The GitHub Stuff helps in Order To be compliant to ISO? Nah, Not really. And the UI is annoying
  • 13. 13 THE NOT SO BORING PART 2 Utilizing Terraform for Managing GitHub
  • 14. 14 2. SOLVE IT TERRAFORM GITHUB PROVIDER registry.terraform.io/providers/integrations/github/latest/docs • Uses the GitHub API
  • 15. 15 2. SOLVE IT TERRAFORM GITHUB PROVIDER • In Order to have proper rights, and Access Control you should set up an Organization: • https://github.com/orgs/terraform-github-test-orga
  • 16. 16 2. SOLVE IT TERRAFORM GITHUB PROVIDER Assumptions: • Terraform is up and running • You store your state in some Sort of Backend • S3 dynamo DB • Terraform Cloud ? • GH Access Personal Access token is stored in an ENV Variable
  • 17. 17 2. SOLVE IT TERRAFORM GITHUB PROVIDER • Wanna try some code?
  • 18. 18 2. SOLVE IT TERRAFORM GITHUB PROVIDER DEFINE A REPO provider "github" { owner = "terraform-github-test-orga" } # Repo resource "github_repository" "example-repo" { name = "terraform-github-test-repo-devops-meetup-2023" description = "A Repo for the Terraform GitHub Provider Example" visibility = "public" }
  • 19. 19 2. SOLVE IT TERRAFORM GITHUB PROVIDER SETUP A PULL TEAM # Creating a Team with Pull Rights resource "github_team" "pull_team" { name = "Pull Team" description = "A team to READ on Terraform-managed repositories" } # Giving the Team correct Permissions resource "github_team_repository" "team_repo_pull" { team_id = github_team.pull_team.id repository = github_repository.example-repo.name permission = "pull" } # Assigning a Member to the Team resource "github_team_membership" "team_membership_pull" { team_id = github_team.pull_team.id username = “exampleUserOnGitHub" role = "member" }
  • 20. 20 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT ➜ ✗ terrafrom plan
  • 21. 21 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT terraform will perform the following actions: # github_team.pull_team will be created + resource "github_team" "pull_team" { + create_default_maintainer = false + description = "A team to READ on Terraform-managed repositories" … } # github_team_membership.team_membership_pull will be created + resource "github_team_membership" "team_membership_pull" { + etag = (known after apply) + id = (known after apply) + role = "member" + team_id = (known after apply) + username = "mixxor" } # github_team_repository.team_repo_pull will be created + resource "github_team_repository" "team_repo_pull" { + etag = (known after apply) + id = (known after apply) + permission = "pull" + repository = "terraform-github-test-repo-devops-meetup-2023" + team_id = (known after apply) } Plan: 3 to add, 0 to change, 0 to destroy.
  • 22. 22 2. SOLVE IT TERRAFORM GITHUB PROVIDER PLANING CREATE AN PR FOR IT ➜ ✗ git commit –m „chore(YOUR-JIRA-TICKET): Add Max Mustermann“
  • 24. 24 2. SOLVE IT TERRAFORM GITHUB PROVIDER • Let someone else grant this request. • 4 eyes Principle in place. ➜ ✗ terrafrom apply ...
  • 25. 25 2. SOLVE IT TERRAFORM GITHUB PROVIDER Nicely done, now we have a way to create Repos and Teams for all repos we manage / create with terraform!
  • 26. 26 2. SOLVE IT TERRAFORM GITHUB PROVIDER Wait ? Only Repos which are managed via Terraform?
  • 27. 27 2. SOLVE IT TERRAFORM GITHUB PROVIDER Yes! You need to import them!
  • 28. 28 2. SOLVE IT TERRAFORM GITHUB PROVIDER APPLYING # main.tf # define first your existing repo here resource "github_repository" "_devops_meetup" { name = "_devops_meetup" description = "let the Teams care about the Repo" visibility = "private“ #sh ➜ ✗ terraform import github_repository._devops_meetup _devops_meetup ➜ ✗ terraform plan ➜ ✗ terraform apply
  • 29. 29 2. SOLVE IT TERRAFORM GITHUB PROVIDER What can we do now ? • Create / Manage Repos • Create / Manage Teams • Create / Manage Users All this in a declerative Way.
  • 30. 30 2. SOLVE IT TERRAFORM GITHUB PROVIDER This is ISO Compliant, as it will follow the Guidelines: Access Control: WE define who has Access to our Repo which manages the GH Orgas Audit Trails: WE will use the GH built-in Stuff for Changes, but use our GH Repo for all other Stuff Information Security Policies: Process is comprehensible and you can explain and show it to an Auditor NO UI ClickOps. 4-Eyes Principle: In Place via PR.
  • 31. 31 2. SOLVE IT TERRAFORM GITHUB PROVIDER That‘s all?
  • 32. 32 2. SOLVE IT TERRAFORM GITHUB PROVIDER That‘s all? Wait, there is more.
  • 33. 33 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right?
  • 34. 34 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right? Somewhere at Terraform Cloud or AWS ?
  • 35. 35 2. SOLVE IT TERRAFORM GITHUB PROVIDER The state of your Repo is save, right? Somewhere at Terraform Cloud or AWS ! Sure, but your doing State changes locally after the approval of the PR ?
  • 38. 38 2. SOLVE IT TERRAFORM GITHUB PROVIDER Enhancing Terraform Infrastructure Management with Atlantis • Integrate terraform plan / apply output into Pull Requests • informed decision-making during reviews • Works with all sorts of Providers • AWS • GCP • GitHub • GitLab • BitBucket • …
  • 39. 39 2. SOLVE IT TERRAFORM GITHUB PROVIDER How does Atlantis work ?
  • 40. 40 2. SOLVE IT TERRAFORM GITHUB PROVIDER Error!!!
  • 41. 41 2. SOLVE IT TERRAFORM GITHUB PROVIDER Error!!!
  • 42. 42 2. SOLVE IT TERRAFORM GITHUB PROVIDER It works!!!1111einseins Automatic Planing
  • 43. 43 2. SOLVE IT TERRAFORM GITHUB PROVIDER It works!!!1111einseins Automatic Planing
  • 44. 44 2. SOLVE IT TERRAFORM GITHUB PROVIDER Get your PR approved ! • Atlantis also Supports Slack Notifications Now, APPLY! And Merge.
  • 45. 45 2. SOLVE IT TERRAFORM GITHUB PROVIDER Your done J • You can improve this workflow even more • Atlantis represents a significant improvement in establishing reliable audit control and governance over Infrastructure as Code (IaC). • This process supports your ISO Certification and helps to convince auditors of the robust measures you have taken.