<ul><li>Security researchers have warned about vulnerabilities in Infrastructure-as-code (IaC) and policy-as-code (PaC) tools, which could pose risks to cloud platforms worldwide.</li><li>Certain tools used for managing cloud infrastructure and policies, such as Terraform and Open Policy Agent (OPA), can be hijacked for malicious purposes.</li><li>The report suggests using role-based access control (RBAC), logging actions for detection of suspicious behavior, limiting data and network access, and scanning infrastructure code for issues before deployment.</li><li>Preventing unreviewed code and changes from automatically running in workflows is also recommended.</li></ul>

Infrastructure-as-code security issues could put cloud platforms everywhere at risk

Discover more