Hack a Cloud Production Environment with Terraform Manipulation

This conference talk explores the security vulnerabilities in Terraform infrastructure as code, presented by Uri Aronovici at Conf42 DevOps 2025. Discover how attackers can exploit Terraform providers and modules to compromise cloud production environments. The 14-minute presentation covers fundamental Terraform concepts, identifies critical security risks in providers and modules, analyzes real-world attack scenarios, and provides practical mitigation strategies to protect your infrastructure. Learn how to secure your cloud deployments against sophisticated attacks that leverage trusted Terraform components. The talk progresses through an introduction, agenda overview, Terraform basics, security vulnerabilities, detailed analysis of providers and modules, attack demonstrations, best practices for protection, and concludes with essential security recommendations.