~ 3 min read

Attacking Modern Environments Series: Attack Vectors on Terraform Environments

Terraform is a popular IAC orchestrator that is widely used for standardising and executing infrastructure deployments, but since it has privileges on the cloud platforms, Mazin Ahmed shares why it is important to understand which attack vectors exist, and what can be done about them.

Introduction

‍

Terraform is one of the most popular IAC orchestrators. It can be used to provision infrastructure across various cloud platforms such as AWS, Azure, GCP, Kubernetes, and many more. Since Terraform’s default setup has high privileges in the cloud platform where the infrastructure is deployed, it poses a high risk of compromise of the complete cloud account in case a security incident occurs.

This video has been presented by Mazin Ahmed. He is an application security and offensive security engineer. He also does bug bounty hunting occasionally and has found vulnerabilities in Facebook, Twitter, LinkedIn, Zoom, etc. Mazin is passionate about cloud security, security automation, DevSecOps, distributed systems, and web application security.

‍

What to expect from this video

‍

Following topics have been covered in this video:

  1. Overview of IAC (Infrastructure-as-Code)
  2. Introduction to Terraform
  3. Attack vectors and scenarios
  4. Demo
  5. Recommendations

‍

‍

Key Takeaways

‍

IAC (Infrastructure-as-Code) is great for introducing efficiency in setting up the infrastructure faster and with a defined standard baseline when the DevOps and SREs need to ensure that the base setup gets done as per defined standards every single time. This is done by defining your infrastructure resources in the form of code and then leaving everything else to the IAC orchestrators. Terraform is one of the most popular IAC orchestrators.

This video provides an overview of what IAC is and introduces you to Terraform. The prime goal of this video is to help you understand what attack vectors exist in Terraform environment and how it can be compromised by attackers. With Terraform Enterprise, the attack surface gets even bigger. Once a Terraform instance is compromised, it can become a gateway to the cloud accounts and can also serve as a point of persistence for the attackers. Mazin Ahmed also shares some recommendations that Terraform users should follow for better security.

‍

***

‍

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud. 

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.

;