The Cloud Natives - May 2024

The Cloud Natives - May 2024

Hi there, Cloud Pioneers!

Welcome to the May 🌸 issue of The Cloud Natives!

 

In This Edition:

  • Terraform now IBM, OpenTofu with state encryption
  • Vulnerable AWS deployment tool (it's on purpose)
  • Everything-as-Code (for everybody)


Let's dive in!

 

1. Terraform’s Future Uncertain

We're hearing mixed reactions to IBM's acquisition of HashiCorp. With IBM's resources and Red Hat's expertise in managing open-source projects, Terraform could see improved integration and support within IBM's cloud management ecosystem. But shifts in the product's strategic direction may not align with all current users' needs. Users accustomed to Terraform's current ecosystem are concerned facing the uncertainty about the future direction and governance of the tool.

While we'll have to see where Terraform will be heading, the popular fork OpenTofu has implemented state encryption - a feature Terraform users have to pay for. Terraform stores metadata about the current status of the managed infrastructure in the state file. This may, even unknowingly, contain sensitive data such as default passwords for the managed resources. OpenTofu now offers encryption of the state file.



2. Cool Tool: CloudGoat ☁️🐐

meshcloud CTO Johannes Rudolph came across a tool that he found to be pretty cool: CloudGoat is a deployment tool that teaches you about AWS security, esp gotchas to avoid when setting up IAM. The tool sets up vulnerable AWS accounts and let’s you run a “capture the flag” challenge where you try to escalate your privileges on the vulnerable account.

Only deploy to a sandbox landing zone!



3. GitOps Is Good but Too Complicated for Some

GitOps is a best practice for central cloud teams. It means doing IaC in Git and automating away the Ops through CI/CD. You can read up on it in this blog post.

The bigger issue is to get app teams, developers and other internal customers to follow your GitOps practices as well.

But let's face it: Nobody will learn Git for you. To get rid of service requests, avoid faulty inputs or unauthorized deployments you have to automate IaC provisioning with a user-friendly interface.

We're offering a 1-hour express webinar on this topic. 👉 Sign up for free! 👈



Your feedback and suggestions are always welcome, so let us know what you think of this edition and what you'd like to see in future issues.

 

Join the Cloud Foundation Slack community to be part of the discussion.



To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics