IaCConf Spotlight: IaC Security & Governance

This IaCConf Spotlight dives into the security and governance challenges of managing infrastructure as code at scale. From embedding security in your pipelines to navigating the realities of open source risk, this event brings together practitioners who are taking a security-minded approach to how they implement IaC in their organization.

Blog Series: Enforcing Policy as Code in Terraform (by Scalr)

Part 1

Discover why Policy as Code is essential for Terraform governance. Part 1 unpacks benefits, concepts & tools to keep cloud stacks secure and compliant.

scalr.com/learning-center/blog-series-enforcing-policy-as-code-in-terraform-part-1-of-5/

Part 2

Part 2 shows practical ways to enforce Policy as Code in Terraform: where checks fit, pick the right tools, and keep infrastructure secure and compliant.

scalr.com/learning-center/blog-series-enforcing-policy-as-code-in-terraform-part-2-of-5/

Part 3

Part 3 shows how to author and enforce policy-as-code in Terraform with OPA, automating security and compliance checks in every deployment.

scalr.com/learning-center/blog-series-enforcing-policy-as-code-in-terraform-part-3-of-5/

Part 4

Part 4 shows how to automate Terraform guardrails with Scalr & OPA—write, test, and enforce policies as code across teams without slowing delivery.

scalr.com/learning-center/blog-series-enforcing-policy-as-code-in-terraform-part-4-of-5/

Part 5

Finish your policy-as-code journey: Part 5 shows how to apply, test, and automate governance in Terraform for secure, compliant cloud deployments.

scalr.com/learning-center/blog-series-enforcing-policy-as-code-in-terraform-part-5-of-5/

Terraform Import Resources by Identity

Mattias Fjellström explains Terraform's resource importing by ID, demonstrating how to migrate existing infrastructure into Terraform management without manual state manipulation. The post includes practical examples for safely adopting IaC in brownfield environments.

mattias.engineer/blog/2025/terraform-import-identity

Open-Source Projects

quixoticmonk/checkov-ephemerality-custom-checks

Checkov custom checks for promoting the usage of ephemeral resources.

github.com/quixoticmonk/checkov-ephemerality-custom-checks

AWS News (unofficial) 🔥

I recommend this project by Luc van Donkersgoed (fellow AWS Hero) to help you keep track of AWS news and blogs in one place. See what's hot, read summaries, search, set bookmarks and ratings, and categorize articles with tags.

aws-news.com

Feedback

If you have feedback to share or are interested in sponsoring this newsletter, feel free to reach out via Twitter / X, LinkedIn, BlueSky, or simply reply to this email.

Sharing is caring! Please spread the word by sharing this newsletter with your friends and colleagues—it helps grow the Terraform community and supports this weekly effort.

PS: One of the best ways to support Ukraine is by donating to palianytsia.com.ua

Glory to Ukraine! 🇺🇦

Keep Reading

© 2026 Terraform Weekly.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv