Rearc.io logoContact us
Case Study

Evaluating and Securing Terraform Code on AWS

Challenge

While Terraform simplifies Infrastructure as Code (IaC) management, maintaining security compliance across diverse AWS resources remains challenging. Rearc partnered with a Fortune 250 customer in establishing a process to evaluate Terraform code and apply security controls using a custom tool. Critical AWS resources and policies were secured for EC2, IAM, KMS, SQS, S3, VPC endpoints, and more.

Solution

DevSecOps Terraform Diagram

  • Custom Tooling: designed a custom tool to analyze and enforce security policies on Terraform code. Scanned the codebase for potential security issues across critical AWS resources and policies.
  • CICD Enforcement: custom tool was integrated with CICD pipelines. Policies included restricting security group rules, enforcing least privilege IAM roles, and ensuring S3 bucket encryption.
  • Static Analysis: non-compliance detected during CI/CD pipeline execution triggered build failures and alerts, prompting security reviews and recommended resolutions.

Outcome

  • Post-implementation, the customer saw a significant reduction in security vulnerabilities within their AWS infrastructure.
  • Automated compliance checks streamlined the process, reducing the need for manual audits.
  • Regular reports and feedback helped developers understand and adhere to security best practices.
  • Enabled security engineers to continuously refine and update security policies to address emerging threats.

Latest Articles

Read more about the latest and greatest work Rearc has been up to.

AI Chat Agent for Real Estate

RIFO wanted to build an AI chat agent for its real estate mobile applications that was competent in their business domains and could help customers progress in their home buying or selling journey prior to connecting with a real estate agent. In order to give customers a great experience, the AI chat agent needed to be able to search RIFO's property listings, accurately answer real estate questions specific to the markets RIFO services, and be fast and performant.

Real Estate Services
AI
LLM

Container Signing with AWS Signer

This project for a Fortune 500 company strengthened the security of deployed applications by implementing notarization for container artifacts, that can be used to established a chain of trust.

Financial Services
Security
AWS

Post-Quantum Cipher Scanning

This project for a Fortune 500 company strengthened the security of deployed applications by implementing automated cryptographic cipher scanning, analysis, and reporting, ensuring security compliance while maintaining development velocity.

Financial Services
Security
AWS

AWS Tenancy Migration And Azure Integration

Rearc performed an application portfolio assessment and designed a migration strategy for Avesis as they moved to a new AWS Organization. Post planning, Rearc leveraged infrastructure as code to deliver a new cloud landing zone in AWS and created an account factory for future growth. Rearc integrated Avesis's new AWS environment with their new Azure environment.

Cloud
AWS
Azure
Next steps

Ready to talk about your next project?

1

Tell us more about your custom needs.

2

We’ll get back to you, really fast

3

Kick-off meeting

Let's Talk