Secure human access to infrastructure

The move to cloud-native and ephemeral resources has changed how people think about securing access to infrastructure. Regardless of your deployment methodology, your teams still need to access infrastructure for troubleshooting and incident response.

In traditional infrastructure deployments, you might have used bastion hosts or VPNs to provide secure access to infrastructure. However, these methods can introduce additional attack surfaces and may not align with modern security best practices. Managing access to infrastructure typically relied on long-lived, static credentials. Long-lived credentials increase the risk of compromise, leading to unauthorized access.

Why secure human access to infrastructure?

Securing human access to infrastructure is critical to protect against unauthorized access and potential threats. Organizations must implement a strong identity and access management program, including the following concepts:

Define access requirements: to ensure only authorized users can access infrastructure.
Ensure access follows the principle of least privilege: to ensure users have only the minimum access necessary to perform their job functions.
Centralize authentication and authorization: to protect against unauthorized access and simplify identity management.
Use strong authentication methods: to protect against credential theft and unauthorized access.
Switch to ephemeral, dynamic credentials: to reduce the risk of credential compromise.
Audit and manage account access: to ensure access is reviewed and revoked when no longer needed.

Implementing an effective identity and access management program sets the foundation to secure human access to infrastructure.

Deploy access controls with Terraform

HashiCorp Terraform helps you adapt to how you manage and audit infrastructure access. Instead of platform engineers accessing infrastructure directly, they use Terraform to define and manage infrastructure as code.

Using Terraform enables teams to:

Eliminate direct console access: Teams interact with infrastructure through code review and approval processes rather than direct cloud console access
Enforce change management: All infrastructure modifications must go through version control, peer review, and approval workflows
Provide complete audit trails: Documentation is available for every infrastructure change in Git history with author, timestamp, and approval records
Enable policy enforcement: HCP Terraform and Terraform Enterprise can enforce organization-wide security policies that prevent non-compliant infrastructure deployment
Support least-privilege access: Teams only need access to version control and CI/CD systems, not direct infrastructure APIs

The following example Terraform configuration creates a virtual machine in Azure. The platform engineer would write this configuration, commit it to version control, and then apply it to deploy the infrastructure.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_virtual_machine" "example" {
  name                = "example-vm"
  location            = "East US"
  resource_group_name = "existing-rg"
  network_interface_ids = [
    azurerm_network_interface.example.id,
  ]
  vm_size = "Standard_B1s"

  storage_image_reference {
    publisher = "Canonical"
    offer     = "0001-com-ubuntu-server-jammy"
    sku       = "22_04-lts"
    version   = "latest"
  }

  storage_os_disk {
    name              = "example-osdisk"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = "Standard_LRS"
  }

  os_profile {
    computer_name  = "hostname"
    admin_username = "testadmin"
    admin_password = "Password1234!"
  }

  os_profile_linux_config {
    disable_password_authentication = false
  }
}

resource "azurerm_network_interface" "example" {
  name                = "example-nic"
  location            = "East US"
  resource_group_name = "existing-rg"

  ip_configuration {
    name                          = "testconfiguration1"
    subnet_id                     = "/subscriptions/YOUR-SUBSCRIPTION-ID/resourceGroups/existing-rg/providers/Microsoft.Network/virtualNetworks/existing-vnet/subnets/existing-subnet"
    private_ip_address_allocation = "Dynamic"
  }
}

Once the team approves the changes, and ensures the changes align with their organizational security and compliance policies, the platform engineer runs Terraform to apply the changes to the infrastructure, or uses a GitOps workflow to deploy the configuration once you approve and merge the changes. Using Terraform provides a clear audit trail of who made changes to the infrastructure and when, without the need for direct access to the infrastructure or platform itself.

For larger platform teams, you can also use HCP Waypoint to enable developer self-service for common provisioning tasks. Waypoint provides a self-service workflow for application and infrastructure deployments.

Waypoint enables teams to:

Reduces developer infrastructure access needs: Developers deploy applications through Waypoint's interface rather than requiring cloud console access.
Enforces deployment standards: Platform teams abstract infrastructure complexity by defining secure deployment patterns that developers automatically follow.
Integrates with existing CI/CD: Works with Git workflows to enable deployment without manual infrastructure interaction.
Provides deployment visibility: Teams can track application deployments without needing infrastructure monitoring access.

Using Waypoint further reduces the number of people who need direct infrastructure access, supporting the principle of least privilege while also improving developer productivity.

Secure remote access with Boundary

HashiCorp Boundary is a modern access management solution that provides secure access to infrastructure without the need for bastion hosts or VPNs.

Eliminates SSH key distribution: No need to manage, rotate, or secure SSH private keys across teams.
Session-based access: Creates temporary, auditable connections that automatically expire.
Multi-hop architecture: Securely access private resources without exposing network topology or requiring VPN infrastructure.
Integration with identity providers: Leverages existing Active Directory, LDAP, or cloud identity services for authentication.
Dynamic target discovery: Automatically discovers and provides access to infrastructure resources based on user permissions.

Boundary supports dynamic, ephemeral credentials to reduce the risk of credential compromise by integrating with HashiCorp Vault. Boundary also provides detailed session recording and auditing capabilities to monitor access to infrastructure.

Use dynamic credential management with Vault

HashiCorp Vault has several features that help secure access to your infrastructure. As discussed with Boundary, Vault can generate dynamic, ephemeral credentials for accessing infrastructure, reducing the risk of credential compromise. Vault can also act as a centralized identity provider, if you do not have an existing identity provider, to manage authentication and authorization for accessing infrastructure.

Just-in-time credential generation: Creates database passwords, cloud access keys, and SSH certificates on demand.
Automatic credential revocation: Credentials expire automatically, reducing the window of compromise.
Centralized secret rotation: Automatically rotates static credentials (API keys, database passwords) without service disruption.
Audit and compliance: Complete logging of who accessed what secrets and when.
Boundary + Vault integration: Boundary retrieves database passwords from Vault at session start, eliminating shared credentials.
Terraform + Vault integration: Terraform retrieves cloud credentials from Vault for deployments, no long-lived service account keys.
SSH certificate authority: Vault issues short-lived SSH certificates instead of managing static SSH keys.

HashiCorp resources:

External resources:

NIST digital identity guidelines

Next steps

In this section of how to Secure infrastructure, you learned why it is important to secure access to your infrastructure. Ensuring security programs use a comprehensive approach to infrastructure access helps your organization reduce security threats. Secure human access to infrastructure is part of the Secure systems pillar.

Following these documents in order ensures a logical progression through the key concepts and best practices, helping you build a strong foundation for your organizations security program.