Terraform Modules & Private repositories

A common way of sharing terraform code is by using modules. However, modules often end up extracted into a separate repo. This starts to create issues when integrating with a CICD tool as the tool needs to have access to all modules in order to download them.

For example, let’s assume we have the following module imported into our terraform configuration:

module "abc" {
  source = "git@github.com:username/repository"
}

This implies that our CICD need to have access to the username/repository.

AWS & MFA

Amazon Web Service is a key threat for hackers. If hackers have access to your AWS account, they can endure you a tremendous cost. The trend has been to use AWS credentials found online (through an unwanted commit, or other means) to spin up EC2 instances that mine on some kind of blockchain.

One way to mitigate the risk, which Amazon recommends, is to use MFA (Multi Factor Authentication). However, AWS’ recommendation only applies to the Web Console, not programmatic access. If your users have programmatic access (with a key secret pair), it can be harder to enforce requiring MFA.