Open Source Summit North America 2023

The meteoric rise of platform engineering has led to a proliferation of self-service and on demand infrastructure as code solutions. The benefits to product team productivity through reduced cognitive load have been widely published. Yet lesser known, but no less important, are the security and compliance benefits achieved through a uniform platform interface. This talk will show that by producing IaC with a strong separation of concerns between platform engineers and their product counterparts, common fundamentals and non-negotiables can be baked in. These guard rails can be enforced through the use of static analysis tools and RBAC allowing for walled garden ecosystems of known good IaC. In this talk, Jesse will cover the capabilities Autodesk is building into their cloud deployment platform, using tools such as Open Policy Agent, in-toto, Sigstore’s suite, Crossplane and more. Jesse will detail how Autodesk is structuring their CI and CD systems to produce IaC pipelines that are inspectable, verifiable and ultimately trustable. From cryptographically verifiable IaC package signing to static analysis of IaC plans to deploy time policy enforcement, these open source tools and patterns can be used by anyone with the thirst to create a platform that increases velocity and safety!