At the recent HashiConf 2017 here in Austin, HashiCorp announced several updates and new features that we are pretty excited about. If you are a regular follower of this blog, you know that we’ve become heavy users of many HashiCorp tools of the past few years as they excel at helping further DevOps automation for greater efficiency, security and productivity. Today we’re going to share with you which new announcements we’re most excited about and why.
Over the past few months, the DevOps team here at Flux7 has noticed a growing trend among our projects. An increasing number of client assessments result in the use of Terraform by HashiCorp in support of DevOps automation and more specifically, infrastructure as code (IaC). We thought we’d devote today’s blog to why we are becoming heavier Terraform users and its benefits. And, we’ll also share the situations in which we recommend its use to clients, as well as situations where we might recommend the use of both AWS CloudFormation and Terraform.
Our DevOps consultants often get asked about the use of specific technologies and if they would make a good fit for the inquirer’s organization. One of those technologies that we frequently field questions about is HashiCorp Vault. As a result, we think you’ll be interested in this short story of a financial services organization who moved to Vault to improve its secret management system. (For a fuller version of this story, please access the case study here.)
Continuous Delivery (CD) is a core facet of successful DevOps and as a result, a core Flux7 strategy for implementing DevOps-based IT modernization. At Flux7, we always view DevOps as streamlining the delivery of not just Code but also the delivery of Infrastructure (networking, firewalls, VMs), Server Configuration (software packages such as Apache or JAVA), and Security Rules (policies for AWS Config Rules or HashiCorp Vault). Among these, efficient delivery of infrastructure and configuration are both very critical for full stack agility. For our customers in AWS, our typical choice for infrastructure delivery is CloudFormation. We like AWS CloudFormation because it is native to AWS, follows a simple YAML or JSON syntax, and has deep integration with other AWS Services such as the AWS Service Catalog.
As we discussed recently, AWS microservices are being adopted widely across organizations and industries for their ability to increase service delivery and speed time to market while decreasing team overhead. As organizations begin traveling down the path to a microservices architecture, one hurdle that they often run into is enterprise password management or secret management. For, as the number of microservices increase, so too do the number of credentials—often exponentially so—creating a need for effective and efficient management.
Service discovery is not new. The idea of a tool that can discover how processes and services talk to each other and help facilitate connections has been around for some time. However, with the rise of increasingly dynamic environments, the important role service discovery plays continues to grow. Indeed, since the beginning of the year at Flux7 we have seen a surge of customers looking for container-based microservices architectures that highlights the need for service discovery due to its dynamic nature.
As AWS experts we work closely with organizations who handle a wide variety of sensitive information – from patient health records to credit card data and more. Resultantly, we are always on the look-out for technology and best practice-based improvements to ensuring cloud-based security. With more and more of our clients looking to embrace a microservices architecture, cloud security and compliance naturally didn’t stop being a focus which is why we are happy at the news from AWS today that they’ve addressed how to help secure container-enabled applications with IAM Roles for ECS tasks.