Attacking Modern Environments Series: Attack Vectors on Terraform Environments

Pragti Chauhan
Feature image


Terraform is one of the most popular IAC orchestrators. It can be used to provision infrastructure across various cloud platforms such as AWS, Azure, GCP, Kubernetes, and many more. Since Terraform’s default setup has high privileges in the cloud platform where the infrastructure is deployed, it poses a high risk of compromise of the complete cloud account in case a security incident occurs.

This video has been presented by Mazin Ahmend. He is an application security and offensive security engineer. He also does bug bounty hunting occasionally and has found vulnerabilities in Facebook, Twitter, LinkedIn, Zoom, etc. Mazin is passionate about cloud security, security automation, DevSecOps, distributed systems, and web application security.

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.

What to expect from this video

Following topics have been covered in this video:

  1. Overview of IAC (Infrastructure-as-Code)
  2. Introduction to Terraform
  3. Attack vectors and scenarios
  4. Demo
  5. Recommendations



Key Takeaways

IAC (Infrastructure-as-Code) is great for introducing efficiency in setting up the infrastructure faster and with a defined standard baseline when the DevOps and SREs need to ensure that the base setup gets done as per defined standards every single time. This is done by defining your infrastructure resources in the form of code and then leaving everything else to the IAC orchestrators. Terraform is one of the most popular IAC orchestrators.

This video provides an overview of what IAC is and introduces you to Terraform. The prime goal of this video is to help you understand what attack vectors exist in Terraform environment and how it can be compromised by attackers. With Terraform Enterprise, the attack surface gets even bigger. Once a Terraform instance is compromised, it can become a gateway to the cloud accounts and can also serve as a point of persistence for the attackers. Mazin Ahmend also shares some recommendations that Terraform users should follow for better security.

← Back to Academy