Config Management Camp 2023 Ghent

Lessons Learned from Writing Thousands of Lines of IaC
2023-02-06, 17:10–18:00, B.1.015

Immutable architecture is the backbone of infrastructure as code, to ensure production environments cannot be changed during runtime. While this has the benefits of its inherent safety measures, this can also be restrictive, all while creating new challenges for security. Immutable concepts are much more effective when it comes to securing cloud-native environments and infrastructure, which is becoming an increasingly more complex task.

This talk will focus on some of the fundamentals of immutable architecture, best practices, and recommended design patterns to work around its limitations and enhance security, as well as what you most certainly should not be doing when running immutable architecture both from an infrastructure and security perspective.

This will be demonstrated through a real-world example of deploying a single-tenant SaaS in an automated pipeline, typical challenges encountered, and what was learned on the way, through a Terraform, Kubernetes, and step functions example.

In this talk, Sefi Genis, the co-founder and Chief Technology Officer of Firefly, will discuss the lessons learned while writing infrastructure code using the immutable infrastructure concept. Specifically, he will focus on using Terraform as the main language for infrastructure as code. He will start by explaining what immutable infrastructure is and how it differs from the traditional way of provisioning infrastructure.
He will then go on to share a few tips, such as using the modular pattern and the dry pattern, to help keep infrastructure code consistent, predictable, and easy to manage. He will also cover best practices for naming conventions, using variables, and using modules.

Overall, this talk will provide valuable insights for anyone looking to improve their skills in writing infrastructure code using the immutable infrastructure concept.

As the CTO and Co-Founder of Firefly, Sefi Genis brings a wealth of experience to the table. Beginning his career in the prestigious 8200 Unit of the Israeli Intelligence Corps, he quickly transitioned into the world of security and developer tooling. At Dome9 Security (later acquired by Checkpoint), Sefi played a pivotal role as a founding engineer, and eventually took on the role of leading the Backend Infrastructure of the product post-acquisition. Before starting Firefly, he served as Head of Engineering for an Israeli cybersecurity startup company. Now, he is dedicated to building Firefly to assist engineers in navigating the complexities of cloud native operations.