Conf42: DevSecOps 2021


Lessons Learned from Writing Thousands of Lines of IaC

Eran Bibi
CPO @ Firefly

Eran Bibi's LinkedIn account Eran Bibi's twitter account

Immutable architecture is the backbone of infrastructure as code, to ensure production environments cannot be changed during runtime. While this has the benefits of its inherent safety measures, this can also be restrictive, all while creating new challenges for security. Immutable concepts are much more effective when it comes to securing cloud native environments and infrastructure, which is becoming an increasingly more complex task.

This talk will focus on some of the fundamentals of immutable architecture, best practices and recommended design patterns to work around its limitations and enhance security, as well as what you most certainly should not be doing when running immutable architecture both from an infrastructure and security perspective.

This will be demonstrated through a real-world example of deploying a single-tenant SaaS in an automated pipeline, typical challenges encountered, and what was learned on the way, through a Terraform, Kubernetes and step functions example.

Awesome conferences for

Priority access to all content

Community Discord

Exclusive promotions and giveaways