Moving Security and Sanity Left by Testing Terraform with InSpec
A test-driven approach to Terraform.
For those that have longed for a simpler test-driven approach to Terraform development, come and see how 10th Magnitude uses Test Kitchen for Terraform and how to validate deployments with InSpec. This will be a beginner's guide, but all skillsets are welcome to contribute to the conversation!
What You'll Learn
We'll discuss the different use cases for Terraform testing, such as: - Test Driven Development (TDD) - Integration Testing and CI/CD - Compliance, shifting security left - Production provisioning validation
As we know, good testing doesn't just solve CI/CD problems; it solves culture problems. I will seek to convince you of why you need to invest in a good Terraform testing strategy early and how you might have bought into a myth that makes you think you have velocity when you don't (are you running in wet cement).
And if you're late to the game and have existing infrastructure with no tests, that's okay, too. Let's talk about how you can reduce stress by adding in some testing now. It's not too late.
It takes an IT village to do DevOps, so let's talk about moving security and sanity left with InSpec and Terraform. So many use cases, and so little time. You'll leave this talk ready to implement at least one of them.
Slides in this GitHub repo.