Terraform modules and best-practices - September 2018Anton Babenko
Slides for my "Terraform modules and best-practices" talk on meetups during September 2018.
Some links from the slides:
https://www.terraform-best-practices.com/
https://cloudcraft.co/
https://github.com/terraform-aws-modules/
https://github.com/antonbabenko/modules.tf-lambda
Ansible is an established tool for server and network configuration. One reason for it's success is the simple architecture that encourages own customization and extension.
Here I want to present how own modules, i.e. single configuration actions on the target host, are implemented with Python or other languages.
Hashicorp’s Terraform provides a declarative notation (like Puppet) to describe various Cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins. The talk demonstrates how to describe web application infrastructure with Terraform, showing how easily all related components can be started, updated, and stopped.
Best Practices of Infrastructure as Code with TerraformDevOps.com
When your organization is moving to cloud, the infrastructure layer transitions from running dedicated servers at limited scale to a dynamic environment, where you can easily adjust to growing demand by spinning up thousands of servers and scaling them down when not in use.
The future of DevOps is infrastructure as code. Infrastructure as code supports the growth of infrastructure and provisioning requests. It treats infrastructure as software: code that can be re-used, tested, automated and version controlled. HashiCorp Terraform adopts infrastructure as code throughout its tool to prevent configuration drift, manage immutable infrastructure and much more!
Join this webinar to learn why Infrastructure as Code is the answer to managing large scale, distributed systems and service-oriented architectures. We will cover key use cases, a demo of how to use Infrastructure as Code to provision your infrastructure and more:
Agenda:
Intro to Infrastructure as Code: Challenges & Use cases
Writing Infrastructure as Code with Terraform
Collaborating with Teams on Infrastructure
Terraform modules and best-practices - September 2018Anton Babenko
Slides for my "Terraform modules and best-practices" talk on meetups during September 2018.
Some links from the slides:
https://www.terraform-best-practices.com/
https://cloudcraft.co/
https://github.com/terraform-aws-modules/
https://github.com/antonbabenko/modules.tf-lambda
Ansible is an established tool for server and network configuration. One reason for it's success is the simple architecture that encourages own customization and extension.
Here I want to present how own modules, i.e. single configuration actions on the target host, are implemented with Python or other languages.
Hashicorp’s Terraform provides a declarative notation (like Puppet) to describe various Cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins. The talk demonstrates how to describe web application infrastructure with Terraform, showing how easily all related components can be started, updated, and stopped.
Best Practices of Infrastructure as Code with TerraformDevOps.com
When your organization is moving to cloud, the infrastructure layer transitions from running dedicated servers at limited scale to a dynamic environment, where you can easily adjust to growing demand by spinning up thousands of servers and scaling them down when not in use.
The future of DevOps is infrastructure as code. Infrastructure as code supports the growth of infrastructure and provisioning requests. It treats infrastructure as software: code that can be re-used, tested, automated and version controlled. HashiCorp Terraform adopts infrastructure as code throughout its tool to prevent configuration drift, manage immutable infrastructure and much more!
Join this webinar to learn why Infrastructure as Code is the answer to managing large scale, distributed systems and service-oriented architectures. We will cover key use cases, a demo of how to use Infrastructure as Code to provision your infrastructure and more:
Agenda:
Intro to Infrastructure as Code: Challenges & Use cases
Writing Infrastructure as Code with Terraform
Collaborating with Teams on Infrastructure
Building infrastructure with Terraform (Google)Radek Simko
Building your infrastructure as one-off thing by clicking in the UI of your chosen cloud provider may be easy, but that isn't scalable nor fun in long-term nor in team.
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Terraform: Configuration Management for Cloud ServicesMartin Schütte
Hashicorp's Terraform provides a declarative notation (like Puppet) to describe various cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins.
The talk demonstrates how to describe a small web application with Terraform, showing how easily all related components can be started, updated, and stopped. It also shows how to organise larger projects using modules and gives an introduction to writing plugins for one’s own services.
Controlling Cloud Costs with HashiCorp TerraformDevOps.com
Many organizations adopting cloud find that 20 - 40% of their cloud spend is on over-provisioned, unused, and orphaned infrastructure. This is the result of an infinite volume of on-demand resources, provisioned frequently by many end-users, and across multi-cloud environments.
Terraform provides cloud infrastructure automation with infrastructure as code for provisioning, compliance, and management of any cloud infrastructure. This allows organizations to codify their desired use of infrastructure in the form of modules and then enforce best practices for how that infrastructure is provisioned and de-provisioned through the use of policies. This systematic approach along with central tracking and auditability provides a systematic approach for how organizations can reduce their cloud spend when they first adopt cloud and at any scale thereafter.
In this webinar, you'll learn more about Terraform, cloud infrastructure automation, and approaches to managing spend with modules, Sentinel policies, automated policy enforcement, and cost estimation. The session will include an overview of Terraform for this use case and a live demo.
A presentation from Hashiconf 2016.
Terraform is a wonderful tool for describing infrastructure as code. It’s fast, flexible, automatically resolves dependencies, and is rapidly improving.
But in some ways, Terraform is flexible like AWS is flexible. You can do pretty much anything, but it’s also easy to shoot yourself in the foot if you aren’t careful.
In the past year, we’ve started managing thousands of resources with Terraform, allowing a lot more of the dev team to change the underlying infrastructure. During that time, we’ve learned a lot about how to set up our terraform modules so that they are easy to manage and reuse.
This talk will cover how we manage tfstate, separate environments, specific module definitions, and how use terraform to boot new services in production. I’ll also discuss the challenges we’re currently facing, and how we plan to attack them going forward.
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...Vinod Narayanankutty
In this webinar, I discuss the benefits of “Infrastructure-as-code” and how you can automate your cloud infrastructure deployments. We did a deep dive into Terraform, a leading solution and demonstrated how it enables the creation of reproducible infrastructure and accelerates productivity for infrastructure deployments on Alibaba Cloud. I also explored how to scale deployment for other use cases such as Disaster Recovery and Multi-cloud Deployment.
Modern infrastructure can sometimes look like a wedding cake with many different layers. It’s no surprise for seasoned users that Terraform was able to provision the most lower layers - compute - for a long while. Skipping a few layers in between, workload scheduler like Kubernetes is typically represented as the top one, exposing high-level APIs for scheduling and scaling pods, managing persistent volumes and restrictions & limits for scheduling.
Terraform 0.10 comes with Kubernetes provider which supports all stable (v1) Kubernetes resources from K8S 1.6.
In this talk you’ll hear about particular examples of where it’s useful to use Terraform for managing K8S resources, what benefits do you get compared to other solutions and demo gods permitting you’ll also see how to get from zero to an application running on K8S.
https://www.hashiconf.com/talks/radek-simko.html
Recording: https://www.youtube.com/watch?v=-UtqHkrvFro
Managing modern infrastructure presents many different challenges. While the main operational aspects of infrastructure like durability, availability, scalability, security are very important, there’s also one aspect which should enable and support all the others - automation. Automation is a very abstract word, so the talk will briefly explain what benefits does IaC approach bring to the table and why configuration management (often driven by tools like Ansible, Puppet, Salt, Chef etc.) is just one of many layers in an automated production infrastructure. Then we will walk through the main design goals of an open source IaC tool (Terraform) that enables users to write, plan and apply changes of a production infrastructure in Google Cloud, and explain how to do it.
https://devfest.gdg.org.ua/schedule/day1?sessionId=143
Demo: https://github.com/radeksimko/devfest-ua-2017-talk-demo
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Adin Ermie
In this new presentation, we will cover advanced Terraform topics (full-on DevOps). We will compare the deployment of Terraform using Azure DevOps, GitHub/GitHub Actions, and Terraform Cloud. We wrap everything up with some key takeaway learning resources in your Terraform learning adventure.
NOTE: A recording of this presenting is available here: https://www.youtube.com/watch?v=fJ8_ZbOIdto&t=5574s
Kubernetes provides a powerful framework and great tooling to control hundreds of heterogenous workloads on thousands of machines. In a production environment, however, the collection of metrics to automatically detect and act on issues in such a cluster is essential. Prometheus was created to meet such needs: highly dynamic scheduling, automatic service discovery, and reliable operations.
Building infrastructure with Terraform (Google)Radek Simko
Building your infrastructure as one-off thing by clicking in the UI of your chosen cloud provider may be easy, but that isn't scalable nor fun in long-term nor in team.
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Terraform: Configuration Management for Cloud ServicesMartin Schütte
Hashicorp's Terraform provides a declarative notation (like Puppet) to describe various cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins.
The talk demonstrates how to describe a small web application with Terraform, showing how easily all related components can be started, updated, and stopped. It also shows how to organise larger projects using modules and gives an introduction to writing plugins for one’s own services.
Controlling Cloud Costs with HashiCorp TerraformDevOps.com
Many organizations adopting cloud find that 20 - 40% of their cloud spend is on over-provisioned, unused, and orphaned infrastructure. This is the result of an infinite volume of on-demand resources, provisioned frequently by many end-users, and across multi-cloud environments.
Terraform provides cloud infrastructure automation with infrastructure as code for provisioning, compliance, and management of any cloud infrastructure. This allows organizations to codify their desired use of infrastructure in the form of modules and then enforce best practices for how that infrastructure is provisioned and de-provisioned through the use of policies. This systematic approach along with central tracking and auditability provides a systematic approach for how organizations can reduce their cloud spend when they first adopt cloud and at any scale thereafter.
In this webinar, you'll learn more about Terraform, cloud infrastructure automation, and approaches to managing spend with modules, Sentinel policies, automated policy enforcement, and cost estimation. The session will include an overview of Terraform for this use case and a live demo.
A presentation from Hashiconf 2016.
Terraform is a wonderful tool for describing infrastructure as code. It’s fast, flexible, automatically resolves dependencies, and is rapidly improving.
But in some ways, Terraform is flexible like AWS is flexible. You can do pretty much anything, but it’s also easy to shoot yourself in the foot if you aren’t careful.
In the past year, we’ve started managing thousands of resources with Terraform, allowing a lot more of the dev team to change the underlying infrastructure. During that time, we’ve learned a lot about how to set up our terraform modules so that they are easy to manage and reuse.
This talk will cover how we manage tfstate, separate environments, specific module definitions, and how use terraform to boot new services in production. I’ll also discuss the challenges we’re currently facing, and how we plan to attack them going forward.
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...Vinod Narayanankutty
In this webinar, I discuss the benefits of “Infrastructure-as-code” and how you can automate your cloud infrastructure deployments. We did a deep dive into Terraform, a leading solution and demonstrated how it enables the creation of reproducible infrastructure and accelerates productivity for infrastructure deployments on Alibaba Cloud. I also explored how to scale deployment for other use cases such as Disaster Recovery and Multi-cloud Deployment.
Modern infrastructure can sometimes look like a wedding cake with many different layers. It’s no surprise for seasoned users that Terraform was able to provision the most lower layers - compute - for a long while. Skipping a few layers in between, workload scheduler like Kubernetes is typically represented as the top one, exposing high-level APIs for scheduling and scaling pods, managing persistent volumes and restrictions & limits for scheduling.
Terraform 0.10 comes with Kubernetes provider which supports all stable (v1) Kubernetes resources from K8S 1.6.
In this talk you’ll hear about particular examples of where it’s useful to use Terraform for managing K8S resources, what benefits do you get compared to other solutions and demo gods permitting you’ll also see how to get from zero to an application running on K8S.
https://www.hashiconf.com/talks/radek-simko.html
Recording: https://www.youtube.com/watch?v=-UtqHkrvFro
Managing modern infrastructure presents many different challenges. While the main operational aspects of infrastructure like durability, availability, scalability, security are very important, there’s also one aspect which should enable and support all the others - automation. Automation is a very abstract word, so the talk will briefly explain what benefits does IaC approach bring to the table and why configuration management (often driven by tools like Ansible, Puppet, Salt, Chef etc.) is just one of many layers in an automated production infrastructure. Then we will walk through the main design goals of an open source IaC tool (Terraform) that enables users to write, plan and apply changes of a production infrastructure in Google Cloud, and explain how to do it.
https://devfest.gdg.org.ua/schedule/day1?sessionId=143
Demo: https://github.com/radeksimko/devfest-ua-2017-talk-demo
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Adin Ermie
In this new presentation, we will cover advanced Terraform topics (full-on DevOps). We will compare the deployment of Terraform using Azure DevOps, GitHub/GitHub Actions, and Terraform Cloud. We wrap everything up with some key takeaway learning resources in your Terraform learning adventure.
NOTE: A recording of this presenting is available here: https://www.youtube.com/watch?v=fJ8_ZbOIdto&t=5574s
Kubernetes provides a powerful framework and great tooling to control hundreds of heterogenous workloads on thousands of machines. In a production environment, however, the collection of metrics to automatically detect and act on issues in such a cluster is essential. Prometheus was created to meet such needs: highly dynamic scheduling, automatic service discovery, and reliable operations.
How to Build a Telegraf Plugin by Noah CrowleyInfluxData
Telegraf is a plugin-driven server agent for collecting & reporting metrics and there are many plugins already written to source data from a variety of services and systems. However, there may be instances where you need to write your own plugin to source data from your particular systems. In this InfluxDays NYC 2019 session, Noah Crowley will provide you with the steps on how to write your own Telegraf plugin. Writing your own Telegraf plugin will require an understanding of the Go programming language.
Building a Telegraf Plugin by Noah Crowly | Developer Advocate | InfluxDataInfluxData
Telegraf is a plugin-driven server agent for collecting & reporting metrics and there are many plugins already written to source data from a variety of services and systems. However, there may be instances where you need to write your own plugin to source data from your particular systems. In this session, Noah will provide you with the steps on how to write your own Telegraf plugin.
OSDC 2016 - Configuration Management for Cloud Services by Martin SchütteNETWAYS
Hashicorp's Terraform provides a declarative notation (like Puppet) to describe various cloud resources. It is an open-source tool, provider-independent, and thus able to combine resources from multiple cloud platforms and to be extended through plugins.
The talk demonstrates how to describe a small web application with Terraform, showing how easily all related components can be started, updated, and stopped. It also shows how to organize larger projects using modules and gives an introduction to writing plugins for one’s own services.
Netronome's half-day tutorial on host data plane acceleration at ACM SIGCOMM 2018 introduced attendees to models for host data plane acceleration and provided an in-depth understanding of SmartNIC deployment models at hyperscale cloud vendors and telecom service providers.
Presenter Bio
Jaco Joubert is a Software Engineer at Netronome focusing on P4 and its applications on the Netronome SmartNIC. He recently started investigating network acceleration for Deep Learning on distributed systems. Prior to Netronome he worked on mobile application development and was a researcher at Telkom SA focusing on the mobile core after completing his Masters Degree in Computer, Electronic Engineering in 2014.
In this talk, a closer look into the lifecycle of operators will be presented. With an understanding of how operators evolve, it becomes clear what
challenges during operator upgrades. A brief overview of lifecycle management tools such as Helm, OLM, and Carvel is presented in this context. In particular, it will be discussed whether these tools can help, which restrictions apply and where further development would be desirable.
At the end of this talk, you will know what operator lifecycle management is about, what its challenges are, and which tools may be used to reduce operational friction.
This talk was given by Julian Fischer for DoK Day Europe @ KubeCon 2022.
Link: https://youtu.be/_lQhoCUQReU
https://go.dok.community/slack
https://dok.community/
From the DoK Day EU 2022 (https://youtu.be/Xi-h4XNd5tE)
The ability to extend Kubernetes with Custom Resource Definitions and respective controllers has led to the OperatorSDK, which became
the de facto standard for data service automation on Kubernetes. There are countless operator implementations available, and new operators are
being released on a daily basis. Organizations managing hundreds of Kubernetes clusters for dozens of developer teams are also challenged to
manage the lifecycle of hundreds of Kubernetes operators. The goal is to keep the operational overhead to a minimum.
In this talk, a closer look into the lifecycle of operators will be presented. With an understanding of how operators evolve, it becomes clear what
challenges during operator upgrades. A brief overview of lifecycle management tools such as Helm, OLM, and Carvel is presented in this context. In particular, it will be discussed whether these tools can help, which restrictions apply and where further development would be desirable.
At the end of this talk, you will know what operator lifecycle management is about, what its challenges are, and which tools may be used to reduce operational friction.
-----
Julian Fischer, CEO of anynines, has dedicated his career to the automation of software operations. In more than fifteen years, he has built several application platforms. He has been using Kubernetes, Cloud Foundry, and BOSH in recent years. Within platform automation, Julian has a strong focus on data service automation at scale.
Infrastructure as Code has gained a lot of traction within DevOps culture over the past ten years and brought significant changes how we manage IT infrastructure and its lifecycle. We want to deploy it as efficiently and frictionless as possible and there are many different tools available we can choose from. Using off-the-shelf SaaS solution can save us a lot of time and other resources needed to achieve that. At HashiConf'19 Terraform Cloud was announced and made generally available, which confirms IaC is getting more commodified and easily available as SaaS product.
This talk will focus on a detailed overview of Terraform Cloud features, such as remote execution, state/lock management, private modules/registry and others. Further it will examine how is Terraform Cloud abstracting complexity and amending current infrastructure deployment workflows. We will also look into CI/CD integration, collaboration features and discuss current shortcomings with possible upcoming features.
It’s no news that containers represent a portable unit of deployment, and OpenStack has proven an ideal environment for running container workloads. However, where it usually becomes more complex is that many times an application is often built out of multiple containers, as well as hybrid environments - diverse clouds, bare metal and even non-virtualized infrastructure. What’s more, setting up a cluster of container images can be fairly cumbersome because you need to make one container aware of another and expose intimate details that are required for them to communicate which is not trivial especially if they’re not on the same host.
These scenarios have instigated the demand for some kind of orchestrator. The list of container orchestrators is growing fairly fast. This session will compare the different orchestration projects out there - from Heat to Kubernetes to Mesos & Cloudify - and help you choose the right tool for the job.
As more workloads move to severless-like environments, the importance of properly handling downscaling increases. While recomputing the entire RDD makes sense for dealing with machine failure, if your nodes are more being removed frequently, you can end up in a seemingly loop-like scenario, where you scale down and need to recompute the expensive part of your computation, scale back up, and then need to scale back down again.
Even if you aren’t in a serverless-like environment, preemptable or spot instances can encounter similar issues with large decreases in workers, potentially triggering large recomputes. In this talk, we explore approaches for improving the scale-down experience on open source cluster managers, such as Yarn and Kubernetes-everything from how to schedule jobs to location of blocks and their impact (shuffle and otherwise).
Similar to Terraform – Infrastructure as Code (Kielux'18) (20)
There are still very few tools to defend against IPv6 related attacks. To improve this situation I wrote a plugin for Snort, the popular open source intrusion detection system. This plugin adds detection rules and a preprocessor for the Neighbor Discovery Protocol.
It is aimed at the detection of suspicious activity in local IPv6 networks and can detect misconfigured network elements, as well as malicious activities from attackers on the network.
There are still very few tools to defend against IPv6 related attacks. To improve this situation I wrote a plugin for Snort, the popular open source intrusion detection system. This plugin adds detection rules and a preprocessor for the Neighbor Discovery Protocol.
It is aimed at the detection of suspicious activity in local IPv6 networks and can detect misconfigured network elements, as well as malicious activities from attackers on the network.
(https://www.troopers.de/troopers14/troopers14-ipv6-security-summit-2014/troopers14-ipv6-security-summit-2014-presentations/index.html#IPv6Snort)
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
5. Services have APIs
• Starting servers is just a command line or function call
• Add to build process (phoenix/immutable servers)
• Replace “click paths” with source code in VCS
• Fewer “black box” setup steps, better team handovers
⇒ Infrastructure as Code
Martin Schütte | Terraform | Kielux’18 4/42
6. Services also need Configuration Management
• Lifecycle awareness, not just a setup.sh
• Multiple stages/environments
• Specification, documentation, policy enforcement
⇒ Tool support
Martin Schütte | Terraform | Kielux’18 5/42
12. Core Ideas in Terraform
• Simple model of resource entities with attributes
• Stateful lifecycle with CRUD operations
• Declarative configuration
• Dependencies by inference
• Parallel execution
Martin Schütte | Terraform | Kielux’18 11/42
13. Core Concepts in Terraform
• Provider: a source of resources
(usually with an API endpoint & authentication)
• Resource: every thing “that has a set of configurable
attributes and a lifecycle (create, read, update, delete)” –
implies ID and state
• Data Source: information read from provider
(e. g. lookup own account ID or AMI-ID)
• Provisioner: initialize a resource with local or
remote scripts
Martin Schütte | Terraform | Kielux’18 12/42
14. Design Choices in Terraform
• Order: directed acyclic graph of all resources
• Plan: generate an execution plan for review
before applying a configuration
• State: execution result is kept in state file
(local or remote)
• Lightweight: little provider knowledge, no error handling
Martin Schütte | Terraform | Kielux’18 13/42
16. DSL Syntax
• Hashicorp Configuration Language (HCL),
think “JSON-like but human-friendly”
• Variables
• Interpolation, e. g.
”number ${count.index + 1}”
• Attribute access with resource_type.resource_name
• Few build-in functions, e. g.
base64encode(string), format(format, args…)
Martin Schütte | Terraform | Kielux’18 15/42
17. HCL vs. JSON
# An AMI
variable ”ami” {
description = ”custom AMI”
}
/* A multi
line comment. */
resource ”aws_instance” ”web” {
ami = ”${var.ami}”
count = 2
source_dest_check = false
connection {
user = ”root”
}
}
{
”variable”: {
”ami”: {
”description”: ”custom AMI”
}
},
”resource”: {
”aws_instance”: {
”web”: {
”ami”: ”${var.ami}”,
”count”: 2,
”source_dest_check”: false,
”connection”: {
”user”: ”root”
}
}
}
}
}Martin Schütte | Terraform | Kielux’18 16/42
19. Terraform Process (simplified)
*.tf override.tfModulesProviders
“source” terraform.tfvars
plan
state
init get
plan
apply
destroy
Martin Schütte | Terraform | Kielux’18 18/42
25. Modules
“Plain terraform code” lacks structure and reusability
Modules
• are subdirectories with self-contained terraform code
• may be sourced from Git, Mercurial, HTTPS locations
• use variables and outputs to pass data
Martin Schütte | Terraform | Kielux’18 23/42
27. terraform.tfstate
• Terraform keeps known state of resources
• Defaults to local state in terraform.tfstate
• Optional remote state with different backends
(S3, Azure Storage, Consul, Atlas, …)
• Useful to sync multiple team members
• May need additional mutex mechanism
(v0.9 added state locking for Local, S3, and Consul)
• Remote state is a data source
Martin Schütte | Terraform | Kielux’18 25/42
28. Example: Using State Import
$ terraform import azurerm_storage_account.my_storage_account
/subscriptions/e9b2ec19-ab6e-4547-a3ec-5a58e234ce5e/resourceGroups/
demo-res-group/providers/Microsoft.Storage/storageAccounts/demostorage20170418
azurerm_storage_account.my_storage_account: Importing from ID ...
azurerm_storage_account.my_storage_account: Import complete!
Imported azurerm_storage_account (ID: ...)
azurerm_storage_account.my_storage_account: Refreshing state... (ID: ...)
Import success! The resources imported are shown above. These are
now in your Terraform state. Import does not currently generate
configuration, so you must do this next. If you do not create configuration
for the above resources, then the next ‘terraform plan‘ will mark
them for destruction.
$ terraform state list
azurerm_storage_account.my_storage_account
$ terraform state show azurerm_storage_account.my_storage_account
id = /subscriptions/e9b2ec19...
account_kind = Storage
account_type = Standard_LRS
location = westeurope
name = demostorage20170418
...
Martin Schütte | Terraform | Kielux’18 26/42
29. Example: Use Remote State (with Workspaces)
terraform {
required_version = ”>= 0.10.0”
environment = ”${terraform.workspace}”
backend ”s3” {
bucket = ”ms-terraform-state”
key = ”infra/ms-tf-demo/state”
region = ”eu-central-1”
}
}
$ terraform workspace new prod
$ terraform workspace new dev
$ aws s3 ls --recursive ”s3://ms-terraform-state/”
... 282 workspace:/dev/infra/ms-tf-demo/state
... 282 workspace:/prod/infra/ms-tf-demo/state
Martin Schütte | Terraform | Kielux’18 27/42
30. Example: Use Remote State to Chain Projects
data ”terraform_remote_state” ”infra” {
backend = ”s3”
config {
bucket = ”ms-terraform-state”
key = ”workspace:/${terraform.workspace}/infra/ ⌋
ms-tf-demo/state”→
region = ”eu-central-1”
}
}
resource ”aws_instance” ”foo” {
# use state from vpc_project
subnet_id =
”${data.terraform_remote_state.infra.app_subnet_id}”→
instance_type = ”t2.micro”
ami = ”ami-b968bad6”
}
Martin Schütte | Terraform | Kielux’18 28/42
31. Example: Using Data Source to Lookup Data
# searches for most recent tagged AMI in own account
data ”aws_ami” ”webami” {
most_recent = true
owners = [”self”]
filter {
name = ”tag:my_key”
values = [”my_value”]
}
}
# use AMI
resource ”aws_instance” ”web” {
instance_type = ”t2.micro”
ami = ”${data.aws_ami.webami.id}”
}
Martin Schütte | Terraform | Kielux’18 29/42
32. Example: “External” Data Source
data ”external” ”dyndns” {
program = [”bash”, ”${path.module}/variomedia_dyndns.sh”]
query = {
hostname = ”aws-demo.martin-schuette.de”
ipaddress = ”${aws_eip.foo.public_ip}”
}
}
Martin Schütte | Terraform | Kielux’18 30/42
33. How to Write Own Plugins
Now:
• Learn you some Golang
• Use the schema helper lib
• Adapt to model of
Provider (setup steps, authentication) and
Resources (arguments/attributes and CRUD methods)
• Start reading of simple plugins like
builtin/providers/mysql
Future:
• interface, support for Python, Ruby, C#, Java, …
Martin Schütte | Terraform | Kielux’18 31/42
35. General Problems for all Tools
• Testing is inherently difficult
• Provider coverage largely depends on community
• Resource model mismatches, e. g. with Heroku apps
• Ignorant of API rate limits, account ressource limits, etc.
Martin Schütte | Terraform | Kielux’18 32/42
36. Issues
Under active development,
current version 0.11.8 (August 15)
• Modules are very simple
• Lacking syntactic sugar
(e. g. aggregations, common repetitions)
• Big improvements in state management
• Large variation in provider support, new project
boundaries
Martin Schütte | Terraform | Kielux’18 33/42
37. Current Features
Recently added features in 0.7–0.11
• State Import
• Data Sources
• Workspaces (previously: State Environments)
• Separate sub-projects for providers
terraform-providers
Martin Schütte | Terraform | Kielux’18 34/42
38. New Features in 0.12
“will be released later this summer”
• First-Class Expressions
i. e. instance_type = var.instance_type instead of
instance_type = ”${var.instance_type}”
• Conditionals
…?…:… and null values
• Rich Value Types
module parameters and return objects
• Template Syntax
extended with conditionals and for expressions
• remote operations
Terraform Enterprise from CLI
Martin Schütte | Terraform | Kielux’18 35/42
40. Workflow
• Avoid user credentials in Terraform code,
use e. g. profiles and assume-role wrapper scripts
• At least use separate user credentials,
know how to revoke them
• To hold credentials in VCS use PGP encryption,
e. g. with Blackbox
Martin Schütte | Terraform | Kielux’18 37/42
41. Workflow (contd.)
• Use a VCS, i. e. git
• Namespaces! – Always add some
”${var.shortname}-${var.env}”
• per project
• per region
• per account
• per provider
• Use remote state and consider access locking,
e. g. with a single build server
• Take a look at Hashicorp Atlas and its workflow
Martin Schütte | Terraform | Kielux’18 38/42
44. Links and Resources
• Terraform.io and hashicorp/terraform
• terraform-providers
• terraform-community-modules
• newcontext/kitchen-terraform
• Terraforming – Export existing AWS resources
• Terraform: Beyond the Basics with AWS
• A Comprehensive Guide to Terraform
• Terraform, VPC, and why you want a tfstate file per env
• Infrastructure as Code by Kief Morris
Martin Schütte | Terraform | Kielux’18 41/42
45. The End
Hopefully, deployments will become routine and
boring–and in the world of operations, boring is
a very good thing.
— Terraform: Up & Running by Yevgeniy Brikman
Thank You! — Questions?
Martin Schütte
@m_schuett
info@martin-schuette.de
slideshare.net/mschuett/
noti.st/mschuett/
Martin Schütte | Terraform | Kielux’18 42/42