DENSO's cloud approach: Challenges in cloud and IaC for Japanese manufacturing

© DENSO CORPORATION All Rights Reserved.
Susumu Tomita
Naomichi Shimazu
DENSO's cloud approach: Challenges in cloud
and IaC for Japanese manufacturing
2024/5/22

2
1. Introduction
2. Terraform Implementation Journey
3. Our Standard Terraform Modules
4. Enhancing Security Standards
Agenda

3
Susumu Tomita
Department: CCoE Section, Digital Innovation Department, Cloud Services R&D Division
Role: Software Engineer
About: I joined DENSO in 2018. My current role involves software development for web services and
working within the CCoE. I focus on creating software solutions that support our cloud services.
Naomichi Shimazu
Department: CCoE Section, Digital Innovation Department, Cloud Services R&D Division
Role: Software Engineer
About: I joined DENSO in 2017. Architectural design and construction of web services.
Outside of work, I enjoy making and eating sushi!
Self Introduction

4
Introduction
1

5
• Tech Changes:
o DENSO is leader in changing car technology. Cars are now more using computer technology
for Software-Defined Vehicles , connected cars and so on.
• Need for New Skills:
o Many embedded software engineers are working in DENSO, but we need expand our capability more.
o For example cloud and web technologies.
• What We Do:
o Design and implement the next generation cars. Safer, easy to use and integrated Cloud and new
technologies..
About DENSO: Embracing Cloud Technology
Denmaru

6
• Division Launch:
o Our department established in 2017 to enhance our capabilities in cloud technologies.
• Diverse Team Composition:
o Our team includes not only software engineers but also business developers, combining technical
and commercial expertise.
• Collaborative Approach:
o Our business and development teams work together closely, using a 'try and error' method to rapidly
develop and refine software products.
• Growth Strategy:
o We start our projects small and scale them up gradually based on success and learning.
Cloud Services R&D Division

7
• AWS
• As the backbone of our cloud infrastructure, AWS provides us with the flexibility
and scalability necessary for our demanding applications.
• Terraform
• We use Terraform extensively for infrastructure as code, which allows us to manage
our cloud resources efficiently and reliably.
• Ruby on Rails
• While Ruby on Rails is our primary development framework, we are open to integrating other
technologies as needed.
• GitHub
• For continuous integration and deployment, we use GitHub Actions to automate our software
delivery process.
Technology stacks

8
Terraform Implementation Journey
2

Title / Month XX, 2023 (Please enter it fromthe "Insert" → "Header andFooter")
9
• Multi-Platform Support
• Supports AWS and other major cloud platforms.
• Flexibility to adapt to future changes in cloud strategy.
• Easy to Find Solutions and Best Practices
• De facto standard for IaC.
• Lots of information and case studies available.
• User-Friendly Documentation
• Official documentation is easy to navigate.
• Easy to find how to write the resources you need.
Why we choose Terraform?

10
• Simplified Infrastructure Management
• Single command to automatically build entire infrastructure.
• Removes the risk of human errors and simplifies the process.
• Reliable and Consistent Setups
• Thanks to idempotence, setups are reliable and consistent every time.
• Improved Documentation
• Automation eliminates the need for separate documentation.
• Code shows how everything is built and configured.
Benefits of Terraform

11
• Need for Multiple Environments
• Environments required for development, testing, production,
performance measurement, and penetration testing.
• Code Limitations
• Code was not designed to handle multiple environments.
Specifically:
• Hardcoded Values
• Directory StructureIssues
Challenges with Commercial Products

12
• Copying and Pasting Code
• Partial Changes and Additions
• Skill Disparity Among Teams
• Lack of Uniformity in Coding Standards
Why These Problems Occurred
Project A
Problem A
Project B
Project C
Problem A
Problem B
Project D
Problem A
Problem B
Problem A

13
Given the challenges and inconsistencies across projects, there was a clear need to standardize
Terraform usage.
• All developers can follow best practices for Terraform.
• Cloud service division's products have similar AWS architecture, preventing implementation
from scratch each time.
Standard Terraform Modules

14
Standard Terraform Modules
3

15
• Variable Customization
o Only essential components can be changed.
• Hardcoded Settings
o Critical configurations are hardcoded.
• Modular Design
o Services are split into separate modules.
o Related AWS services, like S3 and CloudWatch for Elastic Beanstalk, are defined in the same module.
• Easy Updates with Git Submodule
o Pull the latest code to update modules.
Detail Design of Terraform modules

16
• Sample Programs
o Prepared sample programs to help developers understand the modules.
• Pair Programming
o Module designers pair programmed with developers to implement the modules together.
• InnerSource on GitHub
o Module code is openly shared on the internal GitHub.
o Developers can refer to the source code, propose improvements via issues, and submit pull requests.
How We Promote Standard Terraform Modules

17
• Testing and Quality Assurance
o Maintainers write test code using the Terraform test command (supported from v1.6).
o TFLint
o Static code scanning with PrismaCloud(CSPM).
• Keeping Up with AWS
o Maintainers ensure modules follow the latest AWS specifications.
How We Maintain the Modules
Issue Pull Request
OK!
I add the
feature.
Please add
this option.
Maintainer
developer
developer

18
• Rapid Environment Setup
o AWS environments can be created in less than a day.
• Easy Application Deployment
o Elastic Beanstalk is used for PaaS, making application deployment simple.
o Easy integration with CI/CD pipelines for each product.
• Focus on Application Development
o Developers can focus on application development as modules keep up with the latest
AWS specifications.
Impact of Using the Modules

19
Enhancing Security Standards
4

20
• Promotion of Terraform Modules
o Encouraged use by teams outside the Cloud Services Development Department.
• Early AWS Usage Challenges
o Many struggled with the initial stages of using AWS.
o Lack of security baseline for AWS usage.
• Existing Guidelines
o Only covered web security, not comprehensive IT services.
• Security Risks
o Potential security incidents due to inadequate guidelines.
• Security Department Challenges
o Lacked experience with IT services and AWS.
Promoting Terraform Modules and Discovering Security Issues

21
• Development of Security Guidelines
o Created AWS security guidelines to establish a security baseline.
• Well-Architected Framework
o Guidelines based on AWS Well-Architected Framework.
• Best Practices
o Following the guidelines ensures best practices for AWS usage.
Creating AWS Security Guidelines

22
• Security-Compliant Modules
o Updated Terraform modules to reflect the security guidelines.
• Consistent and Secure Environments
o Terraform modules now create environments that comply with internal regulations.
Integrating Security Guidelines into Terraform Modules

23
• IMDSv2 Compliance
o Added WAF rules to prevent SSRF attacks.
Examples
AWSManagedRulesCommonRuleSet

24
• Log Retention
o Ensured log retention period is at least 180 days through module validation.
Examples

25
• Reduced Security Risks
o Consistent application of security practices.
• Enhanced Reputation
o Minimized risks to the company's reputation.
• Improved Module Evolution
o Security guidelines inform module updates and enhancements.
Benefits of Security-Compliant Modules

26
• Introduction to DENSO's Cloud Journey
o Overview of challenges and solutions in cloud and IaC implementation.
• Standardizing Terraform Modules
o Ensured best practices and avoided redundant efforts.
• Enhancing Security Standards
o Addressed the lack of security guidelines and created AWS security guidelines.
• Integrating Security into Terraform Modules
o Updated modules to comply with security guidelines.
• Benefits of Security-Compliant Modules
o Reduced risks, and improved module evolution.
Summary

DENSO's cloud approach: Challenges in cloud and IaC for Japanese manufacturing

DENSO's cloud approach: Challenges in cloud and IaC for Japanese manufacturing

Recommended

Recommended

More Related Content

Similar to DENSO's cloud approach: Challenges in cloud and IaC for Japanese manufacturing

Similar to DENSO's cloud approach: Challenges in cloud and IaC for Japanese manufacturing (20)

Recently uploaded

Recently uploaded (20)

DENSO's cloud approach: Challenges in cloud and IaC for Japanese manufacturing