8144  Reviews star_rate star_rate star_rate star_rate star_half

Automate Secure Infrastructure with Packer, Vault and Terraform

Transitioning from traditional infrastructure deployment and management processes can be challenging. Implementing infrastructure as code principles and using best practices leads to repeatable...

Read More
Course Code INNO-ASIPVT
Duration 3 days
Available Formats Classroom

Transitioning from traditional infrastructure deployment and management processes can be challenging. Implementing infrastructure as code principles and using best practices leads to repeatable results, fewer manual errors, and overall quicker application releases for your customers. This class focuses on using automation tools to build, deploy, and manage security-hardened infrastructure. Using Packer, students can automate building a golden base image consisting of company policies and best practices. This image can then be deployed with Terraform, using Vault to manage sensitive passwords and secrets.

Skills Gained

Attendees will understand best practices for automated building of secure infrastructure using code, storing that code in version control, and deployment using Terraform and managing secrets with Vault. They will also use Packer to automate building of "golden images".

Who Can Benefit

This class's audience is Developers, DevOps, Architects, Team Leads, Operations, and any other Engineering personnel interested in learning best practices for automating, deploying, managing, and securing infrastructure and application code.

Prerequisites

Attendees should have a basic understanding of Linux and command-line experience.

Course Details

What you learn:

Configuration Management

  • Configuration Drift
  • Challenges with Manual Configuration
  • Infrastructure as Code
  • Introduction to Automation Tools: Packer, Terraform, Vault
  • Benefits of Configuration Management

Packer

  • Introduction
  • Features
  • Commands
  • Terminology
  • Language (HCL)

Packer Builders

  • Overview
  • Builder types: Cloud, Docker, VMware

Provisioners

  • Types: Shell, Ansible, Chef
  • Cleanup provisioner
  • Template syntax

Post Processors

  • Overview
  • Use cases
  • Best practices

Terraform Introduction

  • Overview
  • Architecture
  • Why Terraform?
  • Comparison of tools
  • Core components
  • Fundamental concepts

Programming Structure

  • Providers
  • Resources
  • Variables
  • Data sources
  • Outputs
  • Cloud integration

Resources

  • Types and Arguments
  • Behavior
  • Dependencies
  • Local only resources

Variables

  • Inputs
  • References
  • Outputs and Locals
  • Overrides

Terraform CLI

  • Features
  • Commands
  • Managing infrastructure

State management

  • Local or Remote?
  • Remote storage options: S3, AzureRM, Google File Storage
  • Integrating with Git
  • Challenges with State file locking
  • Importing existing resources

Provisioners

  • Types of Provisioners
  • Remote execute provisioners
  • Local execute provisioners
  • Storing provisioners in repository

Modules and Workspaces

  • Understanding DRY (Don't Repeat Yourself) principle
  • Variables and Modules
  • Terraform module registry
  • Terraform workspace

Security

  • The right way to handle Access & Secret keys
  • Managing resources in multiple regions
  • Terraform and Identity Access Management (IAM)

Vault Introduction

  • Overview
  • Architecture
  • Comparison of tools
  • Core components
  • Fundamental concepts
  • Platforms

Secret Engines

  • Static secrets
  • Cubbyhole secret engine
  • Dynamic secrets
  • Encryption
  • Authentication

Policies

  • Configuration
  • Authentication methods
  • Syntax
  • Constraints

Vault Agent

  • Overview
  • Auto-Auth
  • Methods
  • Caching

Putting it all together

  • Building images with Packer
  • Creating and managing infrastructure with Terraform
  • Deploying Vault
  • Integration with Kubernetes
  • Securely deploying applications

Wrap-up

  • Review
  • Q&A
  • Next steps