Modern cloud applications increasingly depend on Infrastructure-as-Code (IaC) practices for infrastructure automation to help manage the complexity of deploying large-scale architectures. Additionally, the deployment of cloud applications is commonly subject to compliance rules. Moreover, designing compliant IaC-based cloud deployments is not enough since runtime changes to the infrastructure or the configuration of individual components may introduce compliance violations. Often, the process of checking and fixing such violations is done manually, which is time-consuming and error-prone. Therefore, this work aims to define and implement a method for runtime IaC compliance management that reduces the complexity, effort, and uncertainty of checking and enforcing compliance rules against IaC-based cloud deployments at runtime. To this end, we follow the design-science research methodology to design and implement (i)~the Runtime IaC Compliance Management~(RICMa) method and (ii)~the IaC Compliance Management Framework~(IaCMF) that supports the execution of the RICMa method. We prototypically implement IaCMF and evaluate it using a qualitative interview study with industry experts.

Top