Easy Infra[structure as Code]
easy_infra is a docker container that simplifies and secures Infrastructure as Code deployments by running security scans prior to running IaC tools. It supports three main use cases:
Experimentation by supporting interactive use and secure troubleshooting.
Continuous Integration as a part of Pull/Merge Request validation.
Continuous Deployment as an automated deployment tool.
In order to run your infrastructure code from within the container, volume mount your files into
/iac and pass it your command, for example:
docker run -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform validate
You can simplify your workflow further by using aliases. For instance, consider putting something like the following in your
alias terraform="docker run -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform"
This will allow you to run simple
terraform commands at the command-line, which will run transparently in easy_infra:
terraform validate terraform plan terraform apply
To learn more, check out our documentation and CONTRIBUTING.md.
Secure by default¶
This container provides security features by default. Deploying an environment using terraform would likely look something like this:
docker run -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform apply -auto-approve
easy_infra does in this case is:
terraform init && terraform validate.
terraformsecurity tools* serially, and in alphabetical order.
Run the provided
terraformcommand, assuming the provided configurations were confirmed as valid and did not fail any of the security policy validation.
terraformimages, only Checkov is configured by default
The learning mode suppresses the exit codes of any injected validation or security tooling, ensuring the provided commands will run. This can be
configured by setting the
LEARNING_MODE environment variable to
true, for instance:
docker run -e LEARNING_MODE=true -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform apply -auto-approve
If you’d like to enable debug logs at runtime, pass an environment variable of
LOG_LEVEL with a value of
DEBUG, such as:
docker run -e LOG_LEVEL=DEBUG -v $(pwd):/iac seiso/easy_infra:latest-terraform terraform validate
- Technical Details