Rearc.io logoContact us
Case Study

Evaluating and Securing Terraform Code on AWS

Challenge

While Terraform simplifies Infrastructure as Code (IaC) management, maintaining security compliance across diverse AWS resources remains challenging. Rearc partnered with a Fortune 250 customer in establishing a process to evaluate Terraform code and apply security controls using a custom tool. Critical AWS resources and policies were secured for EC2, IAM, KMS, SQS, S3, VPC endpoints, and more.

Solution

DevSecOps Terraform Diagram

  • Custom Tooling: designed a custom tool to analyze and enforce security policies on Terraform code. Scanned the codebase for potential security issues across critical AWS resources and policies.
  • CICD Enforcement: custom tool was integrated with CICD pipelines. Policies included restricting security group rules, enforcing least privilege IAM roles, and ensuring S3 bucket encryption.
  • Static Analysis: non-compliance detected during CI/CD pipeline execution triggered build failures and alerts, prompting security reviews and recommended resolutions.

Outcome

  • Post-implementation, the customer saw a significant reduction in security vulnerabilities within their AWS infrastructure.
  • Automated compliance checks streamlined the process, reducing the need for manual audits.
  • Regular reports and feedback helped developers understand and adhere to security best practices.
  • Enabled security engineers to continuously refine and update security policies to address emerging threats.

Latest Articles

Read more about the latest and greatest work Rearc has been up to.

Container Signing with AWS Signer

This project for a Fortune 500 company strengthened the security of deployed applications by implementing notarization for container artifacts, that can be used to established a chain of trust.

Financial Services
Security
AWS

Post-Quantum Cipher Scanning

This project for a Fortune 500 company strengthened the security of deployed applications by implementing automated cryptographic cipher scanning, analysis, and reporting, ensuring security compliance while maintaining development velocity.

Financial Services
Security
AWS

AWS Tenancy Migration And Azure Integration

Rearc performed an application portfolio assessment and designed a migration strategy for Avesis as they moved to a new AWS Organization. Post planning, Rearc leveraged infrastructure as code to deliver a new cloud landing zone in AWS and created an account factory for future growth. Rearc integrated Avesis's new AWS environment with their new Azure environment.

Cloud
AWS
Azure

Securing CI/CD Pipelines for Databricks Platform

This project for a Fortune 500 company strengthened the security of Databricks-integrated data lake pipelines by implementing automated vulnerability detection, secure credential management, and third-party dependency scanning, resulting in a compliant and resilient infrastructure.

Financial Services
Data
AWS
Next steps

Ready to talk about your next project?

1

Tell us more about your custom needs.

2

We’ll get back to you, really fast

3

Kick-off meeting

Let's Talk