Most cloud providers has services to assess their infrastructure. These assessments comes at the cost of count and limited to established standards. AWS Inspector tops the assessment for amazon cloud accounts and provide on-demand assessment for existing cloud resources. The proposed framework, extends chef-inspec to do infrastructure validation at the time of cloud resource provisioning.
What it does
The model/framework helps provisioning authorized infrastructure in accordance to the user defined rules. These rules are defined as chef recipes. Cloud Formation templates are being used to provision the required infrastructure. Whenever a new CFN stack is created or updated, the assessment is triggered as part of the CI/CD process and reports are generated. At any time, the reports are available on an organized dashboard, provided by allure services.
How we built it
We used Gitlab for the CI/CD process. Cloud formation templates and Chef Inspec controls are invoked by the pipeline process to generate Junit2 compatible results. These results are sent to self-hosted allure api service.
Challenges we ran into
We initially intended to host the allure services in heroku cluster but eventually landed in another app hosting provider koyeb.app due to easier integration.
Accomplishments that we're proud of
- an automated assessment system built completely out of FOSS tools.
- extensible, robust and backed by chef inspec community
What's next for Automating Cloud Infrastructure Assessment with FOSS
- migrate CFN to terraform for multi cloud support
- build more recipes for other cloud providers and resources.