No. Assuming a well configured continuous deployment type environment; you just ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		darkr on Aug 9, 2022 \| parent \| context \| favorite \| on: “Who Should Write the Terraform?” No. Assuming a well configured continuous deployment type environment; you just need to have peer review on code before it can hit production, and you need to have controls in place over the who, what and when of elevated access to production being granted

destroy-2A on Aug 9, 2022 [–]

This all breaks down as soon as audit realise the Devops team is also admin of the ci/cd stack and therefore all controls put in place to make it harder for a single actor to do bad stuff can be bypassed via this all powerful system.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact