Easy Infra[structure as Code]
easy_infra is a docker container that simplifies and secures Infrastructure as Code deployments by running security scans prior to running IaC tools. It supports three main use cases:
Experimentation by supporting interactive use and secure troubleshooting.
Continuous Integration as a part of Pull/Merge Request validation.
Continuous Deployment as an automated deployment tool.
In order to run your infrastructure code from within the container, volume mount your files into
/iac and pass it your command, for example:
docker run -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform validate
You can simplify your workflow further by using aliases. For instance, consider putting something like the following in your
.bashrc, or similar:
alias terraform="docker run -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform"
This will allow you to run simple
terraform commands at the command-line, which will run transparently in easy_infra:
terraform validate terraform plan terraform apply
Secure by default¶
This container provides security features by default. Deploying an environment using terraform would likely look something like this:
docker run -v $(pwd):/iac seiso/easy_infra:latest-terraform /bin/bash -c "terraform init && terraform apply -auto-approve"
easy_infra does in this case is:
Identify if the filesystem changed, and only if so, run another
terraform apply -auto-approve
The learning mode suppresses the exit codes of any injected validation or security tooling, ensuring the provided commands will run. This can be configured by
LEARNING_MODE environment variable to
true, for instance:
docker run -e LEARNING_MODE=true -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform apply -auto-approve
If you’d like to enable debug logs at runtime, pass an environment variable of
LOG_LEVEL with a value of
DEBUG, such as:
docker run -e LOG_LEVEL=DEBUG -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform validate
- Technical Details
- Internal naming
- Scan-only functions
- High-Level Design of the image build process
- Runtime user support
- Adding to the project