stackconf 2024 | Streamlining Compliance Leveraging Open-Source Terraform AWS modules by Anton Babenko.pdf

NETWAYS 54 views 17 slides Jul 26, 2024
Slide 1
Slide 1 of 17
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17

About This Presentation

Are you navigating the complexities of compliance frameworks like SOC2, CIS, and HIPAA and seeking a more efficient path? This talk breaks down these frameworks simply and shows you a time-saving trick, making it perfect for anyone wanting to make their organization’s compliance journey much easie...

Size: 7.41 MB
Language: en
Added: Jul 26, 2024
Slides: 17 pages

Slide Content

–Степан Яблучко
“Введіть цитату тут.”
!
Streamlining Compliance: Leveraging Open-Source Terraform
AWS modules
Anton Babenko
June 2024

Anton Babenko
AWS Community Hero / Terraform influencer since 2015.
Organiser of user groups in Oslo — HashiCorp, AWS, DevOps.
I " open-source:
terraform-aws-modules
antonbabenko/pre-commit-terraform — clean code, documentation, and more
antonbabenko/terraform-aws-devops — Terraform, AWS, and DevOps projects
serverless.tf — Doing serverless on AWS with Terraform
www.terraform-best-practices.com
bit.ly/terraform-youtube — Your weekly dose of Terraform (news, reviews, Q&A, interviews, and live coding)
weekly.tf — Terraform Weekly newsletter
@antonbabenko — Twitter, GitHub, Linkedin
!

http://bit.ly/
terraform-
youtube
!

@antonbabenko !
weekly.tf

Collection of 50+ open-source Terraform AWS modules supported by the community with over 500
million provisions
VPC, EKS, RDS, IAM, Lambda, and many more…
github.com/terraform-aws-modules
registry.terraform.io/modules/terraform-aws-modules
@antonbabenko !

@antonbabenko !

Agenda
What is compliance?
Walkthrough a compliance process
Demo: Implementing required compliance controls
@antonbabenko !

Compliance
Proof that clients can trust your company with their data
Compliance is a Shared Responsibility
@antonbabenko !

Compliance is a Shared Responsibility
@antonbabenko !
https://aws.amazon.com/compliance/shared-responsibility-model/

Compliance Frameworks
A set of structured guidelines that helps organisations satisfy regulatory
requirements, industry standards, and internal policies.
Focus on managing risk and improving security.
Involves the implementation of security controls, continuous monitoring,
and detailed documentation to meet legal and regulatory obligations.
Vary by industry and data type, risk management, operational efficiency.
Which one to choose?
@antonbabenko !

Types of Compliance Frameworks
CIS: The Center for Internet Security (CIS) Controls are a set of
actionable guidelines and best practices designed to help
organizations protect themselves against prevalent cyber threats.
SOC 2 (Service Organization Control): Security, availability, processing
integrity, confidentiality, and privacy. Standard for service providers
storing customer data.
GDPR: Personal data of individuals within the EU.
PCI DSS: A set of standards to ensure a secure environment to accept,
process, store, or transmit credit card information.
@antonbabenko !

Compliance Process
Understand the shared responsibility model
Identify applicable regulations and standards
Assess current compliance posture (AWS Security Hub, Prowler,
Steampipe, CloudQuery)
Implement required controls (Terraform)
Automate compliance processes (e.g. auto-remediation)
Conduct regular audits
@antonbabenko !

How to implement required controls?
checkov, trivy, kics, terrascan
Review Terraform configurations, run scans, understand scan results
and remediation steps
Apply remediations steps
… or use compliance-ready Terraform configurations by
compliance.tf
@antonbabenko !

@antonbabenko !

Demo
@antonbabenko !

!
Q3

Thank you!
Questions?
Subscribe to "Your Weekly Dose of Terraform" — http://bit.ly/terraform-youtube
github.com/antonbabenko
twitter.com/antonbabenko
!
Tags
stackconf 2024 netways open source conference big data
Categories
Technology Business
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 54
  • Slides 17
  • Age 493 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category