Secure Terraform Actions for Private Infrastructures

Proper organizing data and calls transfer within the IaaC processes is one of the crucial elements of establishing the sufficient level of security within the enterprise.

Traditionally, when Maestro users work with Terraform, all templates are stored and processed on Maestro side. However, this approach does not suit when the customer needs the sensitive data be kept within their private secure perimeter.

Recently, we introduced a new secure approach to process Terraform templates with the Private Agent.

The general idea of the approach is the following. Once you use a native cloud provider for Terraform templates execution, you (before the update was introduced) would pull the git repository and execute Terraform on Maestro side, which may not have direct access to your private cloud and execution would fail. However, now you have an option to choose execution on Maestro Private Agent, which has its own Terraform engine that is used to process the templates, staying within your secure perimeter.
What Maestro does is, by your request, informing the Agent about the need to process a template, pushing the necessary template details to the agent, and retrieving the information about the Terraform state.  The communication is performed via encrypted Maestro API atop RabbitMQ configured with Transport Layer Security (TLS) protocol.

In this scenario, the responsibility for processing a template is split between Maestro and Private agent.




Thus, retrieving the template content and all the Terraform-dependent actions (init, plan, apply, destroy, show) needed to process this template are performed on the Private Agent side.

Maestro, in its turn, remains responsible for the calling the process, passing the variables and temporary values, logs collection, checking approvals and quotas, and sharing the status of the execution with the end-user.

With this approach introduced, Maestro Private Agent becomes a secure and reliable mediator between your private safe perimeter and the Terraform. This makes it possible to increase the IaaC coverage of the infrastructure flows and bring enterprise cloud infrastructure management to a new level.

Comments

Popular posts from this blog

Maestro Analytics: Essentials at the Fingertips

Maestro: Greeting the Green Dragon

Maestro Orchestrator: Product? SaaS? Framework!