Blog Viewer

HashiCorp Terraform: Cloud-Agnostic Deployment and Provisioning for Imperva Cloud WAF

By Brian Anderson posted 04-20-2020 08:51
Integrating Security as Infrastructure as Code with HashiCorp’s Terraform

The DevOps framework is all about removing production bottlenecks through automation and integration. For many enterprises, introducing security gets in the way of DevOps-oriented infrastructural goals.

This is especially true of enterprises that make extensive use of cloud-based applications and services. Two out of three enterprise IT specialists say security is their primary concern when it comes to adopting cloud computing strategies.

HashiCorp Terraform is a cloud-agnostic deployment and provisioning tool that allows enterprise IT professionals to deploy applications and the underlying infrastructure using configuration files in a one-click deployment. This is referred to as infrastructure as code (IaC). Imperva’s new Cloud WAF Terraform Provider enables customers to natively integrate security as a part of this process.

Securing the DevOps Workflow

At a certain level of complexity, organizations need to start optimizing their SDLC processes in order to keep up with smaller competitors’ time-to-market advantages.  Cloud computing and consumption model biling eliminates market barriers to entry, and puts a lot of start-up companies on more of an even playing field.  

This makes the DevOps framework hugely popular with enterprises that need to release new applications, upgrades, and feature implementations on a frequent basis.  Enterprises that are able to adopt DevOps and take advantage of virtualization and automation can reduce complexity, introduce standards across the enterprise, and ultimately remain competitive.  

Keeping new applications, upgrades, and implementations secure is no small task.  It is critical to integrate security into the existing automated application code development/review, build, test, package, and release processes, it is also just as important for security to be a part of the build and update lifecycle of the underlying infrastructure. 

Most companies are adopting a multi-cloud strategy, so they are not locked into a single cloud technology.  Without tools like Terraform, IT security teams would have no standard automated approach across the board, and would be forced to come up with separate deployment processes and toolsets for each environment for every new software release, introducing additional complexity and becoming a significant production bottleneck in the process.

HashiCorp’s innovative Infrastructure-as-code solution allows IT operations to provision and manage any cloud-based application, infrastructure, or service directly from its command-line interface in an agnostic approach. The addition of the Imperva Cloud WAF Terraform Provider drastically simplifies operations, as security can now be natively integrated into the application build and update process.

Terraform: Infrastructure as Code

HashiCorp’s Terraform tool allows enterprise IT teams to build, change, and version infrastructure with safety and efficiency in mind. It uses configuration files to describe the components needed to run applications, processes, or your entire datacenter.

Terraform’s capabilities span the spectrum from individual computing instances, storage behavior, and networking to advanced components like DNS entries and SaaS features. Whenever a configuration changes, Terraform determines what changed, and allows users to apply incremental execution plans in response.

There are significant benefits to being able to treat business infrastructure as code:

  • Advanced Versioning. Blueprint any version of your datacenter and keep it as a reference to compare other operating models against.
  • Reproducibility. Copy your infrastructural configuration, share it, and re-use it across multiple instances.
  • Efficiency. Significantly improve the efficiency of newly built infrastructure, and gain insight into your system’s dependencies in the process.
  • Robustness. Apply complex changesets with minimal human interaction, reducing human errors and mitigating the risk of misconfiguration in the process.
  • Insight. Build detailed resource graphs and parallelize the creation and maintenance of non-dependent resources.

All of these benefits fit clearly into the scope of deploying and provisioning web assets using Imperva’s Cloud WAF solution. Developers who incorporate this functionality into their production cycle are able to gain DevOps agility in their security deployments.

Watch this video on how to this: 

Introducing the Terraform Incapsula Provider

The Imperva Cloud WAF Terraform Provider is now natively available when downloading and installing Terraform.  This enables Imperva customers to use existing Terraform HCL config files to create new sites, updated security settings, bulk provision enterprise security policies, manage load-balancing and downstream origin server definition, and more.  This is true as sites are migrated from one environment to another, and between cloud environments as well. 

After creating your terraform configuration files and defining your resources, a deployment is as simple as running “terraform init” to download resource packages, “terraform plan” to have terraform preview what is going to be provisioned/deployed, and “terraform apply” to actually deploy all infrastructure and applications.  This process can then be replicated across the board as a single unified syntax to orchestrate any number of platforms, clusters, and third-party providers in the process.

It is enormously valuable for large enterprises to implement standardized processes for the deployment and on-boarding of cloud environments, and to have security be a part of that natively.  Cross-platform functionality allows Imperva’s security solutions to fit natively within that infrastructure and provisioning process.

Get Unprecedented Visibility into Infrastructural Change

Terraform includes app-specific Incapsula configurations and application delivery rules (ADRs) that can be deployed on-the-fly through the Terraform interface. This can make or break the success of a web asset deployment through the ability to configure and provision Imperva security technology alongside new sites and applications.

The ability to immediately see the results of infrastructural change before you apply it is what makes this such a useful tool. DevOps engineers and their security partners no longer need to reason mentally about the effects of any particular change – you can see it laid out in perfect detail using Terraform.

Learn More with Imperva Community 

The Imperva Community is a great place to learn more about how to use Imperva cybersecurity technologies like On-Prem WAF, Cloud WAF and more to establish efficient, secure processes for enterprise networks. Rely on the expertise of Imperva partners, customers and technical experts. 

Related Content: