InfraPolicies (infrastructure policies) are an implementation of Policy as Code. They provide fine-grained control over changes to an organization's infrastructures while simultaneously defining validation rules.
TL;DR
InfraPolicies allow you to create rules for your organization's infrastructures, giving you more control over what happens on your tech team.
Policy as code
If you understand infra-as-code, you'll catch on to policy as code very quickly. It's basically the idea of defining rules for your policies in code format, which makes it easier and safer to enable things like version control, automated testing, and automated deployment. When a policy is set in a traditional way, it isn't repeatable or versionable, and isn't easy to test.
How it's going to work
InfraPolicies' goal is to allow you to flexibly create rules that will govern access to your infra. These rules are written in Rego (here are some examples of Rego for some common use cases) and we've built in a severity level - you can simply warn users that what they are doing is not ideal, or you can actually fail the builds that do not meet your pre-defined standards.
The severity levels
- Critical: the changes will be blocked
- Warning: the changes will be blocked but can be overridden manually
- Advisory: the changes can be automatically applied but a notification must be sent to the appropriate user
The infrastructure changes are represented by changes in the Terraform Plan that must respect the defined rules. For example, you could block updates to a given security group, require approval to destroy an instance, or prevent the creation of resources on public subnets. Depending on how mission critical the intended action could be, you or your ops can decide the appropriate severity level.
Why we love InfraPolicies
Policies are really important in DevOps, especially as it comes to scaling and growing, which is of course what we enable our customers to do. Deciding, in a codified and reproducible manner, who can do what and under what conditions (create, read, update, destroy) is a centrepoint in the security - and therefore scalability - of a software team.
From Ops' point of view, InfraPolicies allow work to be delegated to others, without running the risk of endangering infrastructures or resources. They also allow consistency, in both what is allowed and disallowed, through documented exceptions. Finally, they allow data safety, protecting your data from inadvertent but disastrous potential situations like deletion and corruption.
Sound good?
Yes we think so too, which is why we think that now's a great time to mention that Cycloid offers a free trial (including access to InfraPolicies) for 30 days. Hop on over to the website to sign up and get moving on your DevOps destiny today!
Need more information?
No problem. You'll find technical details in the documentation.