Why env0
Solutions
Infrastructure as Code (IaC) Automation Teams and GovernanceManaged Self-Service env0 for the Enterprise
DocumentationPricing
Resources
Case StudiesIn the NewsVideosWebinars
Blog
Login
Get a Demo
FREE TRIALContact us
Aug 8, 2022

Top IaC Challenges - Video

Justin Nemmers
VP of Marketing

There are many reasons why teams struggle with adopting Infrastructure as Code (IaC). In this five-part series, env0 CEO Ohad Maislish and Developer Advocate Tim Davis discuss the top five reasons we see most frequently. 

Ohad is the CEO of env0, and he’s also a geek at heart. At 17, he was the youngest person ever hired at Microsoft in Israel, and he has played a critical role in the building of our product and business.

There’s more to it, though. env0’s staff is comprised of IaC experts. We’ve lived and breathed Terraform for years now, in many companies, and many different roles. It’s this experience that drives us.

In this video, Ohad and Tim will discuss why env0, and then discuss the top 5 reasons we hear for teams struggling with IaC adoption at scale. 

Why IaC management?

  • IaC management is to IaC as GitLab is to git
  • IaC at scale introduces unique problems that, when left unsolved, cause tremendous problems
  • IaC provisioning requires a novel approach different from traditional application deployment pipelines
  • Organizations often use more than just Terraform; they need to manage CloudFormation, Kubernetes, Pulumi, etc. as well 

Top IaC challenges

Access control and compliance

Scaling IaC across teams and entire organizations is difficult. Once you move past a single dev on a laptop, all sorts of access questions arise. For instance:

  • Who should have access to what?
  • Who can deploy into which cloud services?
  • What are the different levels of access controls needed?
  • How can you prevent manual changes to infrastructure to prevent drift?
  • Why are approvals important?
  • How do we introduce guardrails that are developer friendly?

Security

Security in SaaS environments means many things. There is the security from the SaaS provider (in this case env0) to the customer environment, and there is security in how users work with, deploy, and manage IaC itself. Keep watching to learn more about:

  • Why self-hosted agents solve many common security issues.
  • How effective security practices can still be efficient.
  • How a hybrid methodology is both flexible and secure.
  • Where your secrets should be stored.
  • Why a Kubernetes-based agent provides maximum flexibility.

Workflow management issues

IaC isn’t just infrastructure, and isn’t just code. It’s the marrying of both. Development methodologies drive many technology decisions in organizations, and in order to properly integrate IaC into an organization, certain capabilities have to be present. Important organizational capabilities include:

  • Continuous deployment.
  • Plan and apply on pull request.
  • Automation to ensure continued confidence and safety while still enabling velocity.
  • Infrastructure provisioning vs. application deployment 

Extensibility and integrations

No two workflows are the same, just like no two organizations are identical. Ensuring your IaC management can integrate with any part of your software development lifecycle (SDLC) ensures your team can deploy with confidence each and every time. Important functionality includes using:

  • Tools like Checkov or TFSec after the Terraform Plan to check your code for issues. 
  • Open Policy Agent on your deployments to ensure that they fit within your security parameters and compliance requirements. 
  • Configuration management tools like Ansible, Chef, or Puppet to install applications or make point configuration changes.

Summary

This is the first video in a series. In upcoming videos, we’ll have deep-dive discussions with industry experts on each of these topics, and more!

‍

Interested in learning more about env0?
Request a Demo
SHARE
You may also like
Recommendations for Migrating from Terraform Cloud
Infrastructure as Code is a Creative Job
How to integrate Azure DevOps with env0
Go back to blog
CNCF Member Badge
Company
About UsIn the NewsPress ReleasesCase StudiesAdditional ResourcesCareers
Developer and DevOps
APITerraform ProviderTerratag Open Source
Terraform Cloud AlternativeDIY AlternativeAtlantis Alternative
FREE TRIAL
Follow Us
Terms of ServicePrivacy PolicySecuritySystem Status
© Copyright env0 2023
This website uses cookies. We use cookies to ensure that we give you the best experience on our website. Learn More
PreferencesDenyAccept
Privacy Preference Center
When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.
Reject all cookiesAllow all cookies
Manage Consent Preferences by Category
Essential
Always Active
These items are required to enable basic website functionality.
Marketing
These items are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission.
Personalization
These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.
Analytics
These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.
Confirm my preferences and close