Tech
June 9

Drift detection in multi-region AWS deployments for enterprises using DriftCTL

In this session, I will show how a DevSecOps engineer can reduce security risks from IaC drift in multi-Region AWS deployments with Terraform using DriftCTL. IaC drift, which can leave your data and resources exposed to security risks, is especially difficult to track down and remove in an environment that spans multiple AWS accounts and AWS Regions.
Talk abstract

Many enterprise customers on AWS have a multi-account, multi-region setup built using infrastructure as code (IaC) such as Terraform.  

IaC improves the speed and efficiency of an organisation in deploying cloud infrastructure, but there are too many moving parts: Codebase, state file, and actual cloud state. This creates the unique challenge of IaC drift whereby real-life configuration differs from predetermined build-time states. 

IaC drift can have multiple causes: From team members creating or updating infrastructure through the web console without backporting changes to Terraform, to unexpected actions from authenticated apps and services. This challenge of managing IaC drift becomes acute in a multi-region, multi-account setup. 

Until now, to be sure no change happens in your infrastructure it implied: An excellent level of trust in the tools and dependencies, every single resource in every region carefully described in Terraform, revocation of admin credentials of your team, strong CI/CD pipelines, usage of compliance tools, and regular auditing, which eventually slowed down team velocity.

DriftCTL is CLI tool that measures infrastructure as code coverage and tracks infrastructure drift. Developers can now know when things change in their cloud infrastructure and take corrective actions to resolve the drift.

Jaydev Goswami
Sr. Enterprise Solutions Architect, AWS

Related talks

Tech
June 9
Automate R&D workflows using serverless functions
As the cloud-native environment becomes increasingly complex and dynamic, it presents numerous challenges for platform teams. Managing software development manually is difficult and prone to human error and security issues, making automation essential for reducing workload and increasing security.
Michael Yuan
Founder & CEO, Second State
sponsored
Tech
June 8
Abstracting Kubernetes and setting standards with internal developer portals
Developers find it difficult to manage Kubernetes, let alone understand it when troubleshooting or developing in a shift left world. Internal developer portals can be used to abstract and whitelist K8s data and set standards through scorecards.
Suzanne Daniels
Developer Relations Lead, Port
sponsored
Tech
June 9
The current state and future of Internal Developer Portals
This session will cover how an internal developer portal and platform helps organizations, the current state of the internal developer portal product category, and the future of internal developer portals.
Seth Demsey
Co-Founder, configure8
sponsored
Tech
June 9
How to deploy Kotlin applications to Kubernetes without Dockerfiles
In this talk Lothar shares how to create docker images with Kotlin and Gradle only. Lothar will showcase a ktor application as well as create and deploy a Docker image that contains the application to a Kubernetes cluster. The deployment happens on the command line only - every code change will trigger an instant deployment of a newly created Docker image to a Kubernetes cluster.
Lothar Schulz
Head of Engineering, Miro
sponsored