Developers and DevOps professionals have the same goals in mind when it comes to easily getting code and releases “out the door.”
DevOps practitioners have the added burden of making sure that their development systems and production environment are updated properly and remain stable. The only way this is possible is automating as much of the process as possible and relying on integrations across all systems and tools.
Aembit, as a developer-led workload identity and access management (WIAM) provider, understands this burden and strives to enable as much automation as possible via our platform, as well as the automation tools you already use.
Today, we are excited to announce the Aembit Terraform Provider, designed to streamline the deployment, continuous configuration, and management of your Aembit solution.
What is the Aembit Terraform Provider?
The Terraform Registry just got an exciting new addition. The Aembit Terraform Provider enables users to configure Aembit Cloud resources in an automated manner.
Terraform is a powerful infrastructure as code (IaC) tool that streamlines automation processes by enabling users to define and manage their infrastructure through code. By utilizing a declarative configuration language, Terraform automates the provisioning, updating, and scaling of infrastructure resources across various environments.
Its automation capabilities offer several benefits, including increased efficiency by reducing manual intervention, ensuring consistency in infrastructure deployments, facilitating version control to track changes, and enabling the management of complex infrastructures at scale. With Terraform providers, organizations can automate repetitive tasks, accelerate deployment processes, and maintain infrastructure configurations more effectively, ultimately enhancing productivity and agility in their operations.
Enabling the Aembit Terraform Provider requires two steps.
1) Create or update the Terraform configuration to include the Aembit provider.
2) Specify the Aembit provider authentication configuration.
In keeping with our vision of moving away from long-lived secrets, Aembit supports authentication to the Aembit API using a native authentication capability which utilizes OIDC (Open ID Connect) tokens. Once set up, we can use this identity federation to provide just-in-time short-lived access credentials to services.
The Aembit Terraform Provider enables users to create, update, import, and delete Aembit Cloud resources using Terraform manually or via CI/CD workflows. The deployment of the Aembit Edge agent/proxy can also be automated.
Here’s a detailed example of how Aembit Terraform Provider can be used:
- Deploy:
- Define a new Agent using aembit_agent_controller.
- Use aembit_agent_controller_device_code to fetch a device code for an agent.
- Check on its status using aembit_agent_controllers.
- Configure a policy for GitHub Actions:
- Use aembit_client_workload to define the system which will access GitHub Actions.
- Define the GitHub server workload using aembit_server_workload.
- Add a GitHub API key using aembit_credential_provider.
- Optional, but recommended steps: configure a trust provider, and use conditional access and integrations with Wiz or CrowdStrike.
- Tie it all together with a workload access policy using aembit_access_policy.
- Monitor the end-to-end deployment using one of the many calls in Terraform Provider.
Here’s some sample code to integrate with CrowdStrike and use it for conditional access to a workload: