Easy Infra[structure as Code]
easy_infra is a docker container that simplifies and secures Infrastructure as Code deployments.
easy_infra runs security scans in response to any Ansible or Terraform
command. It supports three main use cases:
Experimentation by supporting interactive use and secure troubleshooting.
Continuous Integration as a part of Pull/Merge Request validation.
Continuous Deployment as an automated deployment tool.
In order to run your code from within the container, volume mount your files
/iac and pass your command, such as
terraform validate, as such:
docker run -v $(pwd):/iac seiso/easy_infra terraform validate
To learn more, check out our documentation and CONTRIBUTING.md.
Secure by default¶
This container provides security features by default. Deploying an environment using terraform would likely look something like this:
docker run -v $(pwd):/iac seiso/easy_infra terraform apply -auto-approve
easy_infra does in this case is:
terraform init && terraform validate
terraformsecurity tools* serially, and in alphabetical order (
terrascan, and then
Run the provided
terraformcommand, assuming the provided configurations were confirmed as valid and did not fail any of the security policy validation.
In the minimal images, only KICS is available
The learning mode suppresses the exit codes of any injected validation or
security tooling, ensuring the provided commands will run. This can be
configured by setting the
LEARNING_MODE environment variable to
docker run -e LEARNING_MODE=true -v $(pwd):/iac seiso/easy_infra terraform apply -auto-approve
If you’d like to enable debug logs at runtime, pass an environment variable of
LOG_LEVEL with a value of
DEBUG, such as:
docker run -e LOG_LEVEL=DEBUG -v $(pwd):/iac seiso/easy_infra terraform validate