All news with #terraform tag

🔒 This AWS Security blog post outlines a pattern-based approach to policy as code, using Open Policy Agent (OPA) in CI/CD pipelines to validate Terraform plan JSON before deployment. It organizes checks around recurring control intents—required metadata, allowed configuration, exposure restriction, protection enforcement, and privilege constraint—to simplify review and maintenance. The article includes examples for S3 secure transport, VPC security group exposure, and IAM trust policy constraints, and describes artifact retention and phased rollout best practices.

🔧 IAM Policy Autopilot now analyzes Java applications and cross-references Terraform definitions to produce more precise IAM policies. The open-source tool, introduced at re:Invent 2025, already supported Python, TypeScript, and Go, and is available at no additional cost for local use. By resolving resource ARNs from Terraform, generated policies can avoid broad wildcard permissions and better enforce least-privilege. This update speeds policy creation and reduces time spent troubleshooting access issues.

🔒 AWS updated its Storage Gateway Terraform modules to deploy gateways on Amazon Linux 2023, improving security, reliability, and IaC consistency. The modules support all gateway types—Amazon S3 File Gateway, Tape Gateway, and Volume Gateway—in both Amazon EC2 and VMware environments. EC2 deployments now enforce IMDSv2 by default to mitigate credential theft and SSRF, and support optional Elastic IP association and simplified Active Directory integration. The update also prevents unexpected gateway replacements during routine Terraform operations.

🔧 The AWS Transfer Family Terraform module now supports provisioning Transfer Family web apps, offering a branded, managed web portal for users to browse, upload, and download data in Amazon S3. The module centralizes deployment with federated authentication via AWS IAM Identity Center and fine-grained permissions using S3 Access Grants. An included end-to-end example covers Identity Center user and group assignment, Access Grants setup, web app configuration, and CloudTrail auditing.

🔐 Cloudflare describes how its Customer Zero team moved internal production account management from manual dashboard changes to a centralized Infrastructure as Code model to reduce human error and accelerate secure change. The effort uses Terraform, an Atlantis-driven CI/CD pipeline, and a custom tfstate-butler backend to securely manage state at scale. Policy enforcement relies on Open Policy Agent Rego policies executed through Conftest on every merge request, with warnings or deny gates and a formal exceptions workflow.

🛠️ Google's Application Design Center is now generally available, delivering a visual, canvas-style, AI-assisted environment to design and deploy Terraform-backed application templates. It pairs Gemini Cloud Assist with opinionated Terraform components to generate deployable infrastructure patterns and architecture diagrams. Integrated with App Hub and Cloud Hub, it makes applications discoverable, observable, and manageable, while supporting BYO-Terraform, GitOps, and enterprise governance to accelerate platform engineering and developer self-service.

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

🛡️ AWS has updated the Transfer Family Terraform module to support automated malware scanning workflows for files transferred to S3. The module provisions GuardDuty S3 Protection–based scan pipelines, dynamic routing based on results, and threat notifications in a single deployment. It preserves folder structure, allows granular S3 prefix targeting, and helps ensure only verified clean files reach applications and data lakes.

☁️ AWS Transform for VMware can now automatically convert VMware network environments into Landing Zone Accelerator (LZA)-compatible YAML network configurations that can be directly imported and deployed via LZA. Building on existing IaC output formats such as CloudFormation, AWS CDK, and Terraform, this capability reduces manual re-creation of network settings, lowers the risk of configuration errors, and accelerates migration timelines while aligning deployments with enterprise security and compliance standards.

🔁 AWS Transform for VMware now generates reusable Terraform modules from discovered VMware network definitions, complementing existing AWS CloudFormation and CDK outputs. The feature converts source network configurations into modular, customizable infrastructure code that fits into current deployment pipelines. It is available in all Regions where the service is offered and helps teams preserve operational consistency during migrations. By producing Terraform modules, the service enables reuse of Terraform-based workflows, reduces manual configuration effort, and supports teams that prefer Terraform for network automation.

🚀 The AWS Transfer Family Terraform module now supports provisioning SFTP connectors to transfer files between Amazon S3 and remote SFTP servers. Announced 2025-08-27, the addition builds on existing Terraform support for SFTP server endpoints and enables programmatic provisioning of connectors, dependencies, and customizations in a single IaC deployment. The module includes end-to-end examples to automate transfers on schedules or event triggers, reducing manual configuration and improving repeatability, security, and scale.