Most cloud providers has services to assess their infrastructure. These assessments comes at the cost of count and limited to established standards. AWS Inspector tops the assessment for amazon cloud accounts and provide on-demand assessment for existing cloud resources. The proposed framework, extends chef-inspec to do infrastructure validation at the time of cloud resource provisioning.

What it does

The model/framework helps provisioning authorized infrastructure in accordance to the user defined rules. These rules are defined as chef recipes. Cloud Formation templates are being used to provision the required infrastructure. Whenever a new CFN stack is created or updated, the assessment is triggered as part of the CI/CD process and reports are generated. At any time, the reports are available on an organized dashboard, provided by allure services.

How we built it

We used Gitlab for the CI/CD process. Cloud formation templates and Chef Inspec controls are invoked by the pipeline process to generate Junit2 compatible results. These results are sent to self-hosted allure api service. framework

Challenges we ran into

We initially intended to host the allure services in heroku cluster but eventually landed in another app hosting provider due to easier integration.

Accomplishments that we're proud of

  • an automated assessment system built completely out of FOSS tools.
  • extensible, robust and backed by chef inspec community

What's next for Automating Cloud Infrastructure Assessment with FOSS

  • migrate CFN to terraform for multi cloud support
  • build more recipes for other cloud providers and resources.

Built With

Share this project: