All news with #infrastructure as code tag

Shifting Left at Enterprise Scale for Cloudflare Governance

🔐 Cloudflare describes how its Customer Zero team moved internal production account management from manual dashboard changes to a centralized Infrastructure as Code model to reduce human error and accelerate secure change. The effort uses Terraform, an Atlantis-driven CI/CD pipeline, and a custom tfstate-butler backend to securely manage state at scale. Policy enforcement relies on Open Policy Agent Rego policies executed through Conftest on every merge request, with warnings or deny gates and a formal exceptions workflow.

CloudFormation introduces drift-aware change sets for IaC

🔁 AWS CloudFormation now offers drift-aware change sets to detect and reconcile configuration drift by comparing a new template, the last-deployed template, and the live infrastructure state. The feature lets you preview deployment impacts on drifted resources, avoid unintended overwrites, and revert out-of-band changes. Create a change set in the console as “Drift-aware” or call CreateChangeSet with --deployment-mode REVERT_DRIFT. Available in Regions where CloudFormation is offered.

Amazon S3 Adds CloudFormation and CDK Support for Tables

🛠️ AWS now supports creating Amazon S3 Tables and namespaces with AWS CloudFormation and the AWS CDK, extending existing support for table buckets. This enables developers and teams to provision, update, and manage S3 Tables resources using infrastructure-as-code workflows, improving repeatability and version control across multiple AWS accounts. The CloudFormation and CDK integrations are available in all Regions where S3 Tables are offered, and AWS points users to the CloudFormation, CDK, and S3 Tables documentation to get started.