From scanning infrastructure as code (IaC) for security misconfigurations to implementing automated DevSecOps workflows, this 2-hour workshop will provide a hands-on experience to automate your cloud security.

We’ll use this Workshop Documentation as a guide to walk through:

• An overview of DevSecOps and Terraform infrastructure as code (IaC)
• Getting started with Bridgecrew to scan for Terraform misconfigurations
• Setting up CI/CD with GitHub and Terraform Cloud to automate security scanning and policy enforcement
• Detecting drift between running AWS resources and Terraform configuration

Know before you go:

To get the most out of this tutorial, please come prepared with the following prerequisites (Bridgecrew, Checkov, VS Code, GitHub, Terraform Cloud, and AWS).

It will also be helpful to have a basic understanding of git, AWS core concepts (IAM, regions, UI, CLI, APIs), and CI/CD principles. The workshop will utilize AWS Event Engine and Cloud9 IDE, which attendees will get AWS credits to apply to their AWS account to cover the cost of the dev day AWS resources.