Determining IaC ownership – a tag-based approach
a year ago
- #Ownership
- #Security
- #IaC
- IaC ownership is crucial for managing non-human identities (NHIs) in organizations.
- Identifying owners for IaC-generated identities is challenging due to automated processes.
- Different scenarios complicate ownership: direct role creation, CI/CD-triggered deployments, and module usage.
- A tag-based approach was explored to track IaC ownership by modifying Terraform files to include tags.
- Running 'terraform plan' locally helps identify files involved in identity creation without affecting the live environment.
- Challenges include handling different cloud providers, file formats, and ensuring tag inheritance.
- Despite its potential, the tag-based approach was not scalable for large deployments.
- Understanding IaC identity creation is beneficial for troubleshooting and security.