Back to course

Infrastructure as Code (IaC) Security

Modern DevSecOps (The Hard Way)

Security for Terraform and Ansible

If your Terraform script opens port 22 to the whole world (0.0.0.0/0), that's a security flaw in your infrastructure code.

Tool: Checkov

Checkov scans Terraform, CloudFormation, and Kubernetes manifests for misconfigurations.

checkov -d ./terraform-directory.

It will catch errors like 'Ensure S3 bucket has public access blocked'.