Infrastructure as Code (IaC) brings the best of software engineering practices over to infrastructure. We keep all our configuration in a central git repository and we provision all AWS resources through Terraform. For security this means we have clear audit log of all the changes as well as a clearly defined process requiring at least two people to be able to make changes (PR review). When any of the parts of the infrastructure goes down we have an automated way to recreate it. When introducing new services the process is a simple as creating a PR.

👍 Best practices

• We separate all our environemnts (production, staging, ops) into separate AWS accounts
• We use the principle of least privilege for all our IAM resources

📚 Resources

Infra documentation pb-infrastructure