Amazon Web Services’ premier cloud event, AWS re:Invent, has returned, and HashiCorp is making a significant impact as an Emerald sponsor. This year, HashiCorp is showcasing its expanded presence, sharing insights into its ongoing collaboration with AWS. The focus is on how HashiCorp aids organizations in provisioning, securing, running, and connecting applications within the AWS environment.
HashiCorp’s Infrastructure Lifecycle Management (ILM) with AWS is designed to enhance the way infrastructure is built, deployed, and managed. By enforcing policies, increasing productivity, and eliminating unnecessary resources, organizations can optimize their AWS operations. As AWS re:Invent unfolds, it’s an ideal moment to highlight the fruitful infrastructure partnerships between HashiCorp and AWS, alongside the key achievements of the past year.
Key Highlights of 2024
Build: Establishing a reliable and consistent method for developing AWS environments is central to ILM’s efficacy. This year’s key developments are:
- 3 Billion Downloads of the Terraform AWS Provider: This milestone signifies the widespread trust and adoption of HashiCorp’s tools within the community.
- Launch of the AWS Cloud Control Provider: Facilitating the seamless provisioning and management of AWS resources across various services.
Deploy: Deploying applications efficiently involves provisioning the necessary infrastructure and scheduling deployment. Key features include:
- Pre-Written Sentinel Policies for AWS: These policies simplify governance with built-in policy enforcement.
- Provider-Defined Functions: These functions allow users to create custom functions directly within AWS providers, enhancing flexibility.
- Terraform Stacks Public Beta: This feature simplifies the management of complex multi-account, multi-region environments.
Manage: Managing infrastructure, images, workloads, and applications from a single platform enhances visibility and management. Highlights include:
- AppFabric Support: Expanding HCP Terraform integration capabilities with AWS.
- OIDC Federation for HCP Terraform: Simplifying and securing AWS access directly from HCP Terraform.
Build
3 Billion Downloads of the Terraform AWS Provider
Celebrating its 10th anniversary, the Terraform AWS provider has achieved an impressive milestone of three billion downloads. This accomplishment underscores the provider’s essential role in shaping the future of infrastructure management. As more organizations recognize the importance of standardized Infrastructure as Code (IaC) solutions, Terraform empowers application teams to efficiently compose, reuse, and collaborate on infrastructure provisioning. This process accelerates the build and deployment phases, setting the stage for future milestones.
AWS Cloud Control Provider Launch
The AWS Cloud Control (AWSCC) provider, built around the AWS Cloud Control API, is now generally available. It represents a significant advancement in HashiCorp’s efforts to provide launch-day support for AWS services. By being automatically generated based on AWS’s Cloud Control API, the AWSCC provider ensures immediate support for AWS’s latest features and services. This capability enhances resource coverage and reduces the time required to support new functionalities, making it a valuable addition to existing Terraform configurations.
Deploy
Pre-Written Sentinel Policies for AWS
In collaboration with AWS, HashiCorp has co-developed a comprehensive set of Terraform policies. These policies provide expert guidance for architecting, configuring, and operating within AWS environments. They enforce compliance with standards such as CIS, HIPAA, FINOS, and the AWS Well-Architected Framework. This initiative aims to help customers implement infrastructure and security lifecycle management while reducing implementation risks and addressing security and compliance use cases.
The first set of policies is tailored for AWS services in compliance with the Center for Internet Security (CIS) benchmarks. Users can explore the Terraform Registry Policy Library to find and utilize these pre-built policies. Sentinel policy integration allows users to deploy these policies within their HCP Terraform organizations, ensuring compliance by blocking resource provisioning that fails policy checks.
Provider-Defined Functions
Provider-defined functions in the AWS provider represent a new approach to ecosystem extensibility. They enable anyone in the Terraform community to create custom functions within AWS providers, extending Terraform’s capabilities. The 5.40 release of the Terraform AWS provider introduces the first provider-defined functions, which parse and construct Amazon Resource Names (ARNs), simplifying configurations where ARN manipulation is necessary. The arn_parse function parses an ARN and returns an object of individual referenceable components, such as region or account identifiers.
Terraform Stacks Public Beta
Terraform Stacks are designed to streamline infrastructure provisioning and management at scale. Teams often need to provision identical infrastructure across multiple cloud provider accounts, regions, and environments. Before Terraform Stacks, managing these instances as a single unit in Terraform was challenging. Now, Stacks enable users to automate and optimize the deployment and lifecycle management of interdependent Terraform configurations, reducing the time and overhead associated with managing infrastructure.
Manage
AppFabric Support for Terraform
AWS AppFabric now supports Terraform, allowing IT administrators and security analysts to integrate quickly with Terraform and aggregate enriched SaaS audit logs. This integration expands the range of AWS AppFabric-supported applications, facilitating faster time-to-market and streamlined infrastructure provisioning for HCP Terraform users. For more information, visit the AWS AppFabric page and learn how to connect AppFabric to your Terraform account.
OIDC Federation for HCP Terraform
Storing access keys in Terraform configurations poses security risks. While HCP Terraform secures sensitive credentials as write-only variables, auditing long-lived access keys is crucial to prevent compromise. Many organizations prohibit creating such access keys due to security concerns. However, secure alternatives like AWS IAM OIDC federation allow external identities, such as HCP Terraform, to assume IAM roles. HCP Terraform’s dynamic provider credentials enable Terraform runs to assume IAM roles through native OpenID Connect (OIDC) integration, obtaining temporary security credentials that are valid for a limited time, reducing their potential misuse by attackers.
For a step-by-step guide on setting up an OIDC provider and accessing AWS from HCP Terraform using dynamic provider credentials and OIDC federation, refer to the brief tutorial provided by HashiCorp.
Learn More About AWS and HashiCorp
AWS and HashiCorp continue to strengthen their partnership, developing new integrations to help customers work more efficiently, access more services and features, and deploy cloud infrastructure effectively. To learn the basics of Terraform using the AWS provider, explore the hands-on tutorials for getting started with Terraform on AWS available on HashiCorp’s developer education platform. Engage with AWS services such as Lambda, RDS, and IAM by following the AWS services tutorials.
For further reading, visit the official AWS and HashiCorp partner page.
For more Information, Refer to this article.
