Infrastructure as code (IaC) is critical for developing cloud-native applications at scale, but with added complexity comes added security considerations. If gone undetected, one IaC misconfiguration can snowball into hundreds of alerts and cloud risk. 

In this talk, we analyzed the most common AWS misconfigs within Bridgecrew’s IaC scan data to illustrate the importance of IaC security. We’ll walk through each of the misconfigs, the potential risk they pose, and show how to fix them.

What you will learn:

• Security considerations when leveraging infrastructure as code (IaC)
• 5 of the most common AWS IaC misconfigurations across Terraform and CloudFormation scan data
• How the proper policy guardrails and DevSecOps processes can help avoid cloud misconfigurations and keep applications secure