Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SeisoLLC/easy_infra

A docker container to simplify and secure the use of Infrastructure as Code (IaC)
https://github.com/SeisoLLC/easy_infra

aws azure cloud docker docker-container docker-image iac infrastructure infrastructure-as-code security seiso

Last synced: 3 days ago
JSON representation

A docker container to simplify and secure the use of Infrastructure as Code (IaC)

Host: GitHub
URL: https://github.com/SeisoLLC/easy_infra
Owner: SeisoLLC
License: bsd-3-clause
Created: 2020-05-19T20:39:57.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2024-04-08T04:24:34.000Z (7 months ago)
Last Synced: 2024-04-08T05:28:36.407Z (7 months ago)
Topics: aws, azure, cloud, docker, docker-container, docker-image, iac, infrastructure, infrastructure-as-code, security, seiso
Language: Python
Homepage: https://seisollc.com
Size: 3.6 MB
Stars: 65
Watchers: 7
Forks: 7
Open Issues: 3
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md

Awesome Lists containing this project

awesome-opentofu - easy_infra - Docker container to simplify and secure the use of infrastructure as code. (Tools / Wrappers)

README

Easy Infra[structure as Code]

## Getting Started

easy_infra is a docker container that simplifies and secures Infrastructure as Code deployments by running security scans prior to running IaC tools. It
supports three main use cases:

1. **Experimentation** by supporting interactive use and secure troubleshooting.
1. **Continuous Integration** as a part of Pull/Merge Request validation.
1. **Continuous Deployment** as an automated deployment tool.

In order to run your infrastructure code from within the container, volume mount your files into `/iac` and pass it your command, for example:

```bash
docker run -v .:/iac seiso/easy_infra:latest-terraform terraform validate
```

You can simplify your workflow further by using aliases. For instance, consider putting something like the following in your `.zshrc`, `.bashrc`, or similar:

```bash
alias terraform="docker run -v .:/iac seiso/easy_infra:latest-terraform terraform"
```

This will allow you to run simple `terraform` commands at the command-line, which will run transparently in easy_infra:

```bash
terraform validate
terraform plan
terraform apply
```

To learn more, check out [our documentation](https://easy-infra.readthedocs.io/) and [CONTRIBUTING.md](./CONTRIBUTING.md).

## Secure by default

This container provides security features by default. Deploying an environment using terraform would likely look something like this:

```bash
docker run -v .:/iac seiso/easy_infra:latest-terraform /bin/bash -c "terraform init && terraform apply -auto-approve"
```

What `easy_infra` does in this case is:

1. Run a `checkov` security scan
1. Run `terraform init`
1. Identify if the filesystem changed, and only if so, run another `checkov` security scan
1. Run `terraform apply -auto-approve`

### Learning mode

The learning mode suppresses the exit codes of any injected validation, hook, or security tooling, ensuring the provided commands will run.
This can be configured by setting the `LEARNING_MODE` environment variable to `true`, for instance:

```bash
docker run -e LEARNING_MODE=true -v .:/iac seiso/easy_infra:latest-terraform terraform apply -auto-approve
```

### Debugging

If you'd like to enable debug logs at runtime, pass an environment variable of `LOG_LEVEL` with a value of `DEBUG`, such as:

```bash
docker run -e LOG_LEVEL=DEBUG -v .:/iac seiso/easy_infra:latest-terraform terraform validate
```