Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

Getting Started with IaC Security

Steps to Implement

Before getting started with IaC Security you will want to understand the steps typically required to take advantage of this feature. IaC Security employs the IaC Analyzer to scan your infrastructure templates using Insight Packs to detect security issues with resource definitions. The scan results provide details about policy violations to determine compliance before infrastructure is deployed.

To get started you’ll need to do four things:

Select your configuration
Configurations are a critical component that allow users to select the checks best suited to use for scanning, based on your environment's resources and the applicable Insights. Within your InsightCloudSec platform, from Security > Infrastructure as Code select the Configurations tab:
- Select an Insight Pack for scanning
- Define the settings for each Insight within the Pack
- Choose your notification options (email/Slack)
Choose a method for initiating IaC file scans
Initiating an IaC file scan can be done in two ways:
- Configure your CI/CD tooling to trigger a scan based on desired events (e.g. Push, Pull, Build, Stage, Deploy, etc.) using the CLI IaC Scanning Tool
- Manually run a scan via the CLI IaC Scanning Tool
Initiate a Scan
With an IaC Configuration and scanning method defined you are ready to initiate IaC scans. Scan results are communicated regardless of the scanning method. Users receive an overall pass/fail and results are compiled into a detailed report.
Note: Scans initiated manually through the CLI are also published in the InsightCloudSec UI.
View Your Report
After a scan has completed, view your scan results. Learn more about this report in our docs on the Viewing Scan Results.

Prerequisites & Requirements

In general before using IaC Security you will need:

A running InsightCloudSec Platform
A working implementation and understanding of the desired supported IaC templating software

Note: While any type of user can access IaC Security, only Domain Admins, Organization Admins, and Editor/Admin-entitled users can create/edit IaC Configurations. See the User Entitlements Matrix for more information.

External Tooling

To leverage the full capability of the InsightCloudSec IaC functionality and compliance automation at scale, you'll need the following additional items:

An API Key for a user with the Infrastructure as Code Viewer entitlement
An existing version-controlled repository of the templates
An existing integration between the version-controlled repository and a CI/CD tool, e.g., Jenkins, CircleCI, etc.
- InsightCloudSec also supports Terraform Cloud/Enterprise. See Terraform Cloud/Enterprise (TFC/E) Run Task Integration for more information.
The capacity for your CI/CD pipeline to create an IaC template and send API requests to InsightCloudSec

Additional Configuration Options

Additional configuration options for IaC are also available within InsightCloudSec's general system administration settings. Through the main console navigate to Administration > System Administration and click on the System tab. Scroll further down the page and locate the Infrastructure-as-Code (IaC) component, which allows IaC users to specify settings for authentication and defaults for new Insights added to a Custom Pack.

To get started with IaC Security, all you need is to ensure you've met the IaC prerequisites defined here. You can view a summary about the capabilities on our IaC Overview page.

IaC Security Interface

The IaC Security interface is available through the InsightCloudSec platform under Security > Infrastructure as Code.

There are two distinct sections of the IaC Security interface:

Scan List Lists all IaC completed configuration scans as well as their status, scan date, and duration. Review Viewing Scan Results for details on filtering, interacting, and interpreting scan results.
Configurations Lists all IaC configurations as well as some scan statistics about each configuration. Review Managing Configurations for details on reviewing, creating, and editing IaC configurations.

IaC System Settings

Additional configuration options for IaC are also available within InsightCloudSec's general system administration settings. Through the main console navigate (via the gear on the top right) to Administration > System Administration and click on the System tab. Scroll further down the page and locate the Infrastructure-as-Code (IaC) component; this section in the System Administration allows you to:

Specify settings for authentication
Add defaults for new Insights added to a Custom Pack
Specify the number of days the system retains scans (if no value is supplied scans are never deleted)

Did this page help you?

Infrastructure as Code (IaC) Security

AWS CloudFormation Support

Infrastructure as Code (IaC) Security

Managing IaC Configurations