Deploy AWS Network Firewall on Multi-VPC environment with open source tools (P2)

Open source tools integrated with Terraform and GitHub

Atlantis

• Atlantis is an application for automating Terraform via pull requests. It is deployed as a standalone application into your infrastructure.

• Atlantis listens for GitHub, GitLab or Bitbucket webhooks about Terraform pull requests. It then runs terraform plan and comments with the output back on the pull request. When you want to apply, comment atlantis apply on the pull request and Atlantis will run terraform apply and comment back with the output.

Without Atlantis :

With Atlantis :

As soon as there is a change, a Pull request is generated that will send a trigger to Atlantis to run the plan, or comment atlantis plan :

After the code review is done and the pull request is approved, comment atlantis apply to send a trigger to Atlantis :

• Check out the video below to see it in action:

Checkov

• Checkov is a static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations that may lead to security or compliance problems.

• Checkov scans these IaC file types: Terraform, CloudFormation, Helm charts, Kubernetes, Docker, ...

• Checkov will check if the resources meet the security requirements, it will also give recommendations for developers to do :

Infracost

• Infracost shows cloud cost estimates for Terraform. It lets DevOps, SRE and engineers see a cost breakdown and understand costs before making changes.

to be continued...🐧