Tx-IaCT Infrastructure as a Code Testing

An Introduction to Infrastructure as a Code

The usage of Cloud has become widespread and this trend is likely to continue. Organizations, large or small, continue to prefer using public/private Cloud solutions to deploy their platforms and solutions. The cloud enables organizations to turn their capital expenditure (Capex) to operating expenditure (Opex) using either the pay-as-you-go Infrastructure as a Service (IaaS) or pay-as-you-go Platform as a Service (PaaS) from various cloud vendors.

Today, even the “conservative” organizations are moving towards Cloud for their infrastructure needs. This clearly shows how Cloud is becoming rampant. However, one of the consequences seen by most organizations is the quick need to create an appropriate infrastructure, provision it and tear it down when the infrastructure is no longer necessary.

This conventional way for setting up Cloud Infrastructure has been using the console access, provided by public cloud providers. However, this manual procedure hits the limits especially when the infrastructure and its configuration is elaborate in nature. Besides, the inherent requirements are idempotent and the ability to build & destroy infrastructure quickly is in demand. This has resulted in the usage of open tools like Chef, Ansible, Terraform, Packer, SaltStack etc. or some proprietary tools like AWS CloudFormation, to create and destroy infrastructure. These tools deliver Infrastructure as Code, which can be version-controlled using standard version control tools like git to carefully review any changes.

The Challenges of Testing the Cloud Infrastructure

Given the ubiquity of Cloud, it is important to ensure your cloud Infrastructure is created first, and a comprehensive testing is done to check the correctness of infrastructure and cloud configuration. There are some regulatory requirements that a particular infrastructure may need to adhere to, and the usage of the best practices or standard proprietary rules need to be instituted by organizations while setting up their infrastructure.

TestingXperts Infrastructure as a Code Testing (Tx-IaCT)

Tx-IaCT is a framework that enables writing rules for validating cloud infrastructure, while also being a ready library for some industry standard benchmarks. In effect, Tx-IaCT provides an automated way to ensure:

Functional correctness of the infrastructure
Check compliance to proprietary governance standards
Check compliance against for industry specific benchmarks like CIS Benchmarks for Cloud, PCI and HIPAA standards
Continuous monitoring and flagging of issues with compliance and governance standards

Key features

Tx-IaCT is built on top of Python/unittest framework in order to test/validate the Infrastructure for various attributes. As it stands now, Tx-IaCT has the following features:

A framework to write tests for infrastructure
A set of test cases to conduct Compliance Testing against CIS Benchmarks on AWS

Future Upgrades

As proposed enhancements to the existing framework, TestingXperts will plan to incorporate the following upgrades:

CIS Benchmarks for Azure
Other Industry standards like PCI, HIPAA etc.