| Dear HN, In my company we use Infrastructure as Code approach to deal with complexity and chaos. We use pull requests and code reviews to ensure code/resulting infrastructure quality. However, we would like to go deeper and spend less human time on this.
For conventional programming languages we have lots of linters and other quality control tools that help us a lot, so we don't search for stupid Python or Go errors manually. But does anybody have any idea if there are similar tools that check common infrastructure (for example: Terraform) "fxckups" like passwords and API keys being put in cleartext form or database server (e.g. RDS) created with "public" access allowed to the whole world? Currently I can use things like serverspec/inspec to check out infra after deployment and this works pretty well,
but maybe there any tools we could apply BEFORE the deploy the [potentially flawed or broken] infrastructure? Thank YOU!!! |