Use Terraform? You NEED this for security!

So you’re using Terraform to deploy infrastructure on the cloud, and it all works beautifully…you’re done, right? Well not quite! There’s one more very important step that you need to take to make sure that the infrastructure you’re about to deploy is following best practices and doesn’t have any major security issues. 💬 Chat with me Discord: https://cybr.com/discord Website: https://cybr.com LinkedIn: https://www.linkedin.com/in/christophelimpalair/ Twitter: https://twitter.com/christophelimp 🔗 Links mentioned in the video: - Repo used in the video: https://github.com/christophelimpalair/terraform-iac-scan-example - Checkov: https://www.checkov.io/ - Terraform: https://www.terraform.io/ 🎓 Courses - Introduction to AWS Security: https://cybr.com/courses/introduction-to-aws-security/ - Intro to AWS Pentesting: https://youtu.be/IbqjtqTeyr0 🚨 Disclaimer This video is strictly for educational purposes and to teach you how you can detect and mitigate threats from your or your employer's cloud enviroments. Learning about real threats, ethical hacking, and penetration testing is an important way of protecting ourselves against threat actors. ⏱ Timestamps: 00:00 - 00:16 - Intro 00:17 - 00:47 - What is Terraform? 00:48 - 01:20 - What you need 01:21 - 01:57 - About the demo and tools 01:58 - 02:15 - Install Checkov & Terraform 02:16 - 02:36 - Initializing Terraform 02:37 - 02:54 - Running Checkov 02:55 - 06:09 - Fixing the issues 06:10 - 08:15 - Custom Policies 08:16 - 09:31 - Restricting EC2 instance types 09:32 - 09:39 - Methods for running these checks 09:40 - 10:08 - Outro #awssecurity #cloudsecurity #sast #iac #checkov #infrastructureascode #terraform #policyascode #policy #cybersecurity #securityassessment #aws