Create your IBM Cloud toolchain with Terraform

Tekton pipeline in action on IBM Cloud

Automation is key to cost-efficient use of (cloud) resources and to security. One of our security-focused IBM Cloud solution tutorials, Apply end to end security to a cloud application, comes with an automation to easily provision all required services and to use a toolchain with CI/CD pipeline to build and deploy the app as container.

Because the tutorial is from some years back, it has been updated, reworked, modernized, and kept in shape to stay current. The improvements include the code for the deployment automation.

Required IAM privileges for a service ID to update Code Engine app

Remember the steps

This blog post today is one of those written for me. In the past I stated a couple times that I use this blog to remember things. Today, it is about setting up IBM Cloud IAM privileges for a Service ID. That service ID needs to build a new container image, then update an existing Code Engine app.

Simple, quick and secure cloud onboarding for workshops and hackathons

Create an external Identity Provider

Short-lived projects like hackathons or workshops often have the following characteristics:

• similar privileges for everyone on the project,
• only few IAM (Identity and Access Management) roles,
• preferred simple administration (setup, running it, cleanup) over tightest security.

Additionally, such projects often are repeated with similar setup, but other participants. So, how do you onboard them efficiently and securely?

With that question in mind, I published two blog posts on the IBM side along with code on GitHub:

• Secure onboarding for your workshops and hackathons and
  
• Bulk creation of users in IBM Cloud App ID.
  

The articles utilize features and services like access groups and trusted profiles, external identity providers based on IBM Cloud App ID. The code is in Terraform and Python for full automation where possible. Enjoy.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Quickly deploy the serverless cloud mailer using Terraform

In the era of instant messaging we all still receive emails. They are used for status updates, security alerts or just for proposing really great offers. Recently, I blogged about how to have the IBM Cloud Security Advisor send out alerts using your SMTP-based email delivery service. Later, I made the solution core, a serverless action available as separate project "cloudmailer" on GitHub and blogged about it: A Serverless Function for Sending Emails on IBM Cloud. Continuing this side project, I now added Terraform support. Thus, using "terraform apply" you can now automatically deploy everything including the SMTP configuration. See the instructions in code repository for details.

Terraform: Best practices for the cloud onboarding of enterprise projects

Architecture: End to end security

When onboarding a new project — either on-prem or to a cloud environment — there should be no questions on how to get started. Onboarding should follow an enterprise-defined process based on (internal) standards. It needs to detail access roles and privileges and provide means to implement them.

Recently, in an IBM Cloud blog, I discussed such a project onboarding. Terraform scripts implement the rules as code — they help to automate roll-out and tear down access roles and privileges. The scenario from the solution tutorial "Apply end-to-end security to a cloud application" serves as specific example to proof-point the ideas.

Head over to IBM Cloud and read my blog on "Blueprinting the Onboarding of Cloud Projects Using Terraform".