IaC 遇见现实：为你的实际云环境进行工程设计.pdf

《IaC 遇见现实：为你的实际云环境进行工程设计.pdf》由会员分享，可在线阅读，更多相关《IaC 遇见现实：为你的实际云环境进行工程设计.pdf（72页珍藏版）》请在三个皮匠报告上搜索。

1、IaC Meets RealityEngineering for the Cloud You Actually HaveOur ContextSmall teamDifferent environmentsDifferent teamsDifferent tech stacksDifferent time zonesCompliance-heavy environmentSOC2,HIPAA,SOX,PCI,Embracing Infra as CodeSmall teamDifferent environmentsDifferent teamsDifferent tech stacksDif

2、ferent time zonesCompliance-heavy environmentSOC2,HIPAA,SOX,PCI,Embracing Infra as Code$aws sts get-caller-identity-profile unicrons_cloudAndoniCloud Security Engineer SamuelCloud Security Engineer sbldevnetandoniafIs IaC the path to go?IaC Benefits:Version Control&Auditability Consistency&Standardi

3、zation Automation&Speed Documentation That Never Lies Cost&Resource ManagementEmbracing IaCClickOps in highly regulated environments Audit trails?What audit trails?Compliance?Trust me,I configured it right Security consistency?Scale?Good luck with 50+cloud accountsAuditors dont accept I clicked it i

4、n the console as documentationThe Pain of ClickOpsIaCClickOpsComplianceSecurityEasy auditsLess toilIaCClickOpsUs(and probably you too)The RealityNot Everything can be IaC Legacy systems Unsupported resources*Manual changes Emergency fixes TestsManualChangesNot Everything can be IaC Legacy systems Un

5、supported resources*Manual changes Emergency fixes Tests DriftNot Everything can be IaCThe RealityIaC MaintenanceIaC Maintenance:UpgradesIaC Maintenance:Provider UpgradesIaC Maintenance:Provider Upgradesx 34terraform-provider-aws 6.0 x 34terraform-provider-aws 6.0IaC Maintenance:MigrationsThe Realit

6、yImplementation ComplexityManagement AccountDelegated AccountManagement AccountDelegated AccountManagement AccountDelegated AccountManagement AccountDelegated AccountBugs+Few people using it=Learn Go?The Hybrid ApproachManual changes,the good way Principle Of Least Privilege Oncall Just-In-Time(JIT)