AirFrance-KLM transformed its automation platform using Terraform, Vault, and Ansible to enhance security, compliance, and efficiency. The shift from compliance-by-construction to compliance-by-guardrails streamlined their processes, reducing provisioning time and errors while maintaining governance.

This article outlines how to improve Azure infrastructure by integrating a Load Balancer and Virtual Machine Scale Sets (VMSS) for high availability. It covers setting up the necessary components, defining infrastructure using Terraform, and implementing autoscaling and security rules.

Cloudflare uses a "shift left" strategy to embed security checks early in the software development process, aiming to minimize human error and prevent misconfigurations. By managing their infrastructure as code, they ensure consistent security policies across hundreds of accounts while enabling rapid deployment. Key tools include Terraform and a custom CI/CD pipeline.

The article provides a step-by-step guide for testing configuration scanners on a deliberately insecure Kubernetes deployment using Terraform and Helm. It outlines the setup of an EKS cluster with insecure application pods, detailing the commands needed for deployment, testing, and cleanup, while highlighting the various security vulnerabilities present in the deployed applications.

HashiCorp announces the general availability of version 7.0 of the Terraform provider for Google Cloud, featuring new ephemeral resources, write-only attributes, and enhanced validation logic. These updates aim to improve security and user experience while ensuring alignment with the latest Google Cloud APIs.

Learn how to automate the generation and management of secrets, such as passwords, using Terraform and Azure Key Vault. The article covers creating a secure password, setting expiry dates, and implementing best practices for handling sensitive data in cloud infrastructure.

Identifying ownership of non-human identities (NHIs) created through Infrastructure as Code (IaC) poses significant challenges, particularly when automated processes are involved. A tag-based approach is proposed to help determine the human responsible for IaC-generated identities by linking code commits to the resources created, although this requires careful analysis of various components within the IaC framework.

The article discusses best practices for securing Terraform state files stored in Azure Blob Storage, emphasizing the importance of encryption, access control, and proper configuration to protect sensitive infrastructure data. It provides practical guidance on implementing these security measures effectively to mitigate risks associated with cloud infrastructure management.