From 8aa9032de90ec53a1d9f348f03b8e2b06ca928c5 Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Fri, 24 Oct 2025 15:20:36 -0400
Subject: [PATCH 01/14] Add secure infra docs
---
.../data/docs-nav-data.json | 33 +++++-
.../automate-security-verification.mdx | 0
.../infrastructure/build-culture-security.mdx | 0
.../build-zero-trust-network.mdx | 0
.../control-network-ingress-egress.mdx | 0
.../infrastructure/identity-new-perimeter.mdx | 109 ++++++++++++++++++
.../prevent-lateral-movement.mdx | 0
.../infrastructure/secure-access.mdx | 0
.../secure-public-edge-access.mdx | 0
.../redirects.jsonc | 5 +
10 files changed, 143 insertions(+), 4 deletions(-)
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-verification.mdx
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/control-network-ingress-egress.mdx
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
rename content/well-architected-framework/docs/docs/secure-systems/{ => infrastructure}/prevent-lateral-movement.mdx (100%)
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-public-edge-access.mdx
diff --git a/content/well-architected-framework/data/docs-nav-data.json b/content/well-architected-framework/data/docs-nav-data.json
index c482cb70e2..be8055adef 100644
--- a/content/well-architected-framework/data/docs-nav-data.json
+++ b/content/well-architected-framework/data/docs-nav-data.json
@@ -393,6 +393,35 @@
}
]
},
+ {
+ "title": "Secure infrastructure",
+ "routes": [
+ {
+ "title": "Identity is the new perimeter",
+ "path": "secure-systems/infrastructure/identity-new-perimeter"
+ },
+ {
+ "title": "Build a culture of security automation",
+ "path": "secure-systems/infrastructure/build-culture-security"
+ },
+ {
+ "title": "Build a zero trust network",
+ "path": "secure-systems/infrastructure/build-zero-trust-network"
+ },
+ {
+ "title": "Secure human access to infrastructure",
+ "path": "secure-systems/infrastructure/secure-access"
+ },
+ {
+ "title": "Prevent lateral movement",
+ "path": "secure-systems/infrastructure/prevent-lateral-movement"
+ },
+ {
+ "title": "Automate security verification",
+ "path": "secure-systems/infrastructure/automate-security-verification"
+ }
+ ]
+ },
{
"title": "Secure secrets",
"routes": [
@@ -431,10 +460,6 @@
}
]
},
- {
- "title": "Prevent lateral movement",
- "path": "secure-systems/prevent-lateral-movement"
- },
{
"title": "Validate software integrity",
"path": "secure-systems/validate-software-integrity"
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-verification.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-verification.mdx
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/control-network-ingress-egress.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/control-network-ingress-egress.mdx
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
new file mode 100644
index 0000000000..79f1505b06
--- /dev/null
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
@@ -0,0 +1,109 @@
+---
+page_title: Identity in the new perimeter
+description: Learn how to build a secure infrastructure to secure modern workloads against threats.
+---
+
+# Identity in the new perimeter
+
+Securing modern infrastructure requires a new approach to security. While many
+security principles remain the same as legacy infrastructure, how
+you implement these principles has changed. In legacy infrastructure, security
+focused on securing the network perimeter using firewalls, VPNs, and other network
+security tools.
+
+Modern infrastructure encompasses a mix of on-premises, cloud, and
+software-as-a-service (SaaS) workloads. Securing modern infrastructure requires
+a shift in focus to securing access to resources using identities, as the network
+perimeter is no longer a reliable boundary.
+
+Identity has become the new perimeter for securing modern infrastructure.
+Instead of relying on network security tools to secure access to resources,
+organizations must focus on securing user and machine identities. In addition to
+shifting focus to identities, organizations must also ensure all services:
+
+- Follow the principle of [least
+ privilege](/well-architected-framework/secure-systems/identity-access-management/grant-least-privilege),
+ granting the minimum access necessary to perform their tasks.
+- Use [strong authentication and authorization
+ mechanisms](/well-architected-framework/secure-systems/identity-access-management/implement-strong-sign-in-workflows),
+ including multi-factor authentication (MFA), to access resources.
+- Replace long-lived credentials with [ephemeral, short-lived
+ credentials](/well-architected-framework/secure-systems/identity-access-management/use-dynamic-credentials)
+ to reduce the risk of credential theft.
+- Implement a [data classification
+ scheme](/well-architected-framework/secure-systems/data/classify-data) for all
+ services.
+- Isolate workloads and resources to limit the effect of potential
+ security breaches.
+- Continuously monitor and audit access to resources to detect and respond to
+ potential threats.
+
+
+
+## Why you should use identity as a security perimeter
+
+By adopting identity as the new perimeter, organizations can build a more secure
+infrastructure that is better equipped to handle the challenges of modern
+workloads.
+
+Shifting security focus to identities provides several benefits:
+
+- **Improved security**: By focusing on securing identities, organizations can
+ better protect against threats such as phishing, credential theft, and
+ insider threats.
+- **Greater flexibility**: Identity-based security allows organizations to
+ securely manage access to resources across a mix of on-premises, cloud, and
+ SaaS workloads.
+- **Enhanced user experience**: Identity-based security can provide a more
+ seamless user experience, reducing the need for users to remember multiple
+ passwords or navigate complex network security tools.
+- **Better compliance**: Identity-based security can help organizations meet
+ regulatory requirements by providing better visibility and control over
+ access to sensitive data and resources.
+
+
+
+HashiCorp Vault allows you to adopt ephemeral, dynamic credentials - replacing
+long-lived credentials with short-lived ones to reduce the risk of credential
+theft. Vault dynamic credentials support multiple cloud providers like Amazon Web
+Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), as well as
+databases like MySQL, PostgreSQL, and MongoDB.
+
+HashiCorp Boundary provides identity-aware access without requiring
+network-level trust. Instead of opening firewall ports or managing VPN
+connections, Boundary verifies user identity and grants just-in-time access to
+specific resources based on their authenticated identity and assigned
+permissions.
+
+You can further enhance your security posture by integrating Vault and Boundary
+to allow identity based access to target resources. Users authenticate to
+Boundary through a trusted identity provider, and Boundary retrieves dynamic
+credentials from Vault to access the target resource.
+
+HashiCorp Terraform enables you to manage identity [policies as
+code](/well-architected-framework/secure-systems/compliance-and-governance/policy-as-code),
+ensuring consistent security configurations across all environments and making
+your identity perimeter auditable and version-controlled.
+
+HashiCorp resources:
+
+- [Get started with Boundary](/boundary/tutorials/get-started-hcp)
+- [Get started with Vault](/vault/tutorials/get-started)
+- [Generate dynamic secrets in Vault](/vault/tutorials/db-credentials)
+- [OIDC authentication to Boundary using Okta](/boundary/tutorials/identity-management/oidc-okta)
+- [OIDC authentication to Vault using Okta](/vault/tutorials/auth-methods/vault-oidc-okta)
+- [Connect to Kubernetes using Boundary and Vault](/boundary/tutorials/kubernetes-connect)
+
+External resources:
+
+- [What is identity and access management (IAM)?](https://www.ibm.com/think/topics/identity-access-management)
+- [Zero trust architecture](https://www.nist.gov/publications/zero-trust-architecture)
+- [The real AI risk isn’t AGI — it’s unregulated machine identity](https://www.cio.com/article/4075672/the-real-ai-risk-isnt-agi-its-unregulated-machine-identity.html)
+
+## Next steps
+
+In this section of how to Secure infrastructure, you learned why it is important to
+shift to using identity as the new security perimeter. Focusing security
+programs around identity allows you create a more comprehensive security
+strategy. Identity as a security perimeter is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/prevent-lateral-movement.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
similarity index 100%
rename from content/well-architected-framework/docs/docs/secure-systems/prevent-lateral-movement.mdx
rename to content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-public-edge-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-public-edge-access.mdx
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/content/well-architected-framework/redirects.jsonc b/content/well-architected-framework/redirects.jsonc
index 7c2bfd473a..c0d413647d 100644
--- a/content/well-architected-framework/redirects.jsonc
+++ b/content/well-architected-framework/redirects.jsonc
@@ -202,5 +202,10 @@
"source": "/well-architected-framework/nomad/production-reference-architecture-vm-with-consul",
"destination": "/nomad/tutorials/enterprise/production-reference-architecture-vm-with-consul",
"permanent": true
+ },
+ {
+ "source": "/well-architected-framework/secure-systems/prevent-lateral-movement",
+ "destination": "/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement",
+ "permanent": true
}
]
From d982b6989bd315e74e36017b3aea88ace223e484 Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Sat, 25 Oct 2025 08:38:46 -0400
Subject: [PATCH 02/14] Minor updates
---
.../infrastructure/identity-new-perimeter.mdx | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
index 79f1505b06..08e4da9eaa 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
@@ -14,7 +14,7 @@ security tools.
Modern infrastructure encompasses a mix of on-premises, cloud, and
software-as-a-service (SaaS) workloads. Securing modern infrastructure requires
a shift in focus to securing access to resources using identities, as the network
-perimeter is no longer a reliable boundary.
+perimeter is no longer a reliable security boundary.
Identity has become the new perimeter for securing modern infrastructure.
Instead of relying on network security tools to secure access to resources,
@@ -76,9 +76,10 @@ specific resources based on their authenticated identity and assigned
permissions.
You can further enhance your security posture by integrating Vault and Boundary
-to allow identity based access to target resources. Users authenticate to
-Boundary through a trusted identity provider, and Boundary retrieves dynamic
-credentials from Vault to access the target resource.
+to allow identity based access to target resources without exposing or sharing
+the targets credentials. Users authenticate to Boundary through a trusted
+identity provider, and Boundary retrieves dynamic credentials from Vault to
+access the target resource.
HashiCorp Terraform enables you to manage identity [policies as
code](/well-architected-framework/secure-systems/compliance-and-governance/policy-as-code),
From 54c628a78f15b28da51c5fe658efe0158e92d7e7 Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Thu, 30 Oct 2025 08:58:31 -0400
Subject: [PATCH 03/14] Add ingress/egress doc
---
.../data/docs-nav-data.json | 8 +-
...n.mdx => automate-security-compliance.mdx} | 0
.../infrastructure/build-culture-security.mdx | 128 ++++++++++++++
.../build-zero-trust-network.mdx | 33 ++++
.../control-network-ingress-egress.mdx | 0
.../infrastructure/identity-new-perimeter.mdx | 37 +++-
.../manage-network-ingress-egress.mdx | 165 ++++++++++++++++++
.../infrastructure/secure-access.mdx | 33 ++++
.../secure-public-edge-access.mdx | 0
.../docs/templates/prompts.md | 20 +++
10 files changed, 415 insertions(+), 9 deletions(-)
rename content/well-architected-framework/docs/docs/secure-systems/infrastructure/{automate-security-verification.mdx => automate-security-compliance.mdx} (100%)
delete mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/control-network-ingress-egress.mdx
create mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
delete mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-public-edge-access.mdx
create mode 100644 content/well-architected-framework/docs/templates/prompts.md
diff --git a/content/well-architected-framework/data/docs-nav-data.json b/content/well-architected-framework/data/docs-nav-data.json
index be8055adef..c712386bfd 100644
--- a/content/well-architected-framework/data/docs-nav-data.json
+++ b/content/well-architected-framework/data/docs-nav-data.json
@@ -404,6 +404,10 @@
"title": "Build a culture of security automation",
"path": "secure-systems/infrastructure/build-culture-security"
},
+ {
+ "title": "Manage network ingress and egress",
+ "path": "secure-systems/infrastructure/manage-network-ingress-egress"
+ },
{
"title": "Build a zero trust network",
"path": "secure-systems/infrastructure/build-zero-trust-network"
@@ -417,8 +421,8 @@
"path": "secure-systems/infrastructure/prevent-lateral-movement"
},
{
- "title": "Automate security verification",
- "path": "secure-systems/infrastructure/automate-security-verification"
+ "title": "Automate security compliance",
+ "path": "secure-systems/infrastructure/automate-security-compliance"
}
]
},
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-verification.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-compliance.mdx
similarity index 100%
rename from content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-verification.mdx
rename to content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-compliance.mdx
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
index e69de29bb2..dc65da00ca 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
@@ -0,0 +1,128 @@
+---
+page_title: Build a culture of security automation
+description: Learn how to build security into your organization's culture.
+---
+
+# Build a culture of security automation
+
+Security is no longer a separate function in modern
+infrastructure. Organizations must incorporate security in all phases of
+infrastructure deployment and software development lifecycles (SDLC).
+
+Waiting for security teams to manually review and approve changes can lead to
+delays, increased risk of human error, and inconsistent security practices.
+Waiting for audits and compliance checks to verify your security program does
+not allow you to proactively respond to emerging threats, leaving your
+organization vulnerable.
+
+When you build a culture of security automation, you integrate security practices and
+tools into your organization's culture, processes, and workflows. When you
+approach security as a necessary part of your organization's culture, you can
+mitigate security risks more effectively and efficiently.
+
+## What is security automation?
+
+Security automation involves using tools and processes to automate security
+tasks, such as scanning for vulnerabilities, managing secrets, applying
+security patches, and monitoring for threats. You can automate these
+tasks as code, instead of performing the tasks manually. By automating tasks
+like policy provision, or scanning for secrets, your security posture improves.
+
+
+
+Another important aspect of security automation and building a culture around
+security is understanding that various compliance standards do not inhibit
+innovation. Its can be easy to blame compliance requirements for slowing down
+development and infrastructure innovation. However, when you teach teams that
+security and compliance are enablers of innovation, giving you the necessary
+guardrails to innovate, you can build a culture that embraces security.
+
+You can adopt security as code practices using HashiCorp Terraform to automate
+the deployment of security [policies as
+code](/well-architected-framework/secure-systems/compliance-and-governance/policy-as-code)
+in your infrastructure. You can manage policies for HashiCorp Vault, Boundary,
+and Sentinel, as well as policies for public cloud providers and orchestration
+platforms like Kubernetes, and Nomad.
+
+- **Security policies become testable code** - Teams can unit test, peer review, and version control security configurations just like application code.
+- **Prevents configuration drift** - Automated detection when infrastructure deviates from secure baselines, encouraging teams to maintain security standards.
+- **Enables security guardrails** - HCP Terraform can enforce organization-wide security policies that prevent non-compliant infrastructure deployment.
+- **Democratizes security knowledge** - Security configurations are documented in code, making security requirements visible and understandable to all team members.
+- **Creates security feedback loops** - Failed deployments due to security violations become learning opportunities rather than blame events.
+
+This shifts security from being a "blocker" to being an integral part of how you
+design and deploy infrastructure.
+
+Security teams can help shift security left with HCP Vault Radar. Shifting security
+left means software and IaC developers integrate security tools into their
+development process. HCP Vault Radar [scans for
+secrets](/well-architected-framework/secure-systems/secrets/manage-leaked-secrets)
+in source code during development, or once they commit their code to a version
+control system (VCS) such as GitHub.
+
+- **Continuous education** - Integrating scanning into the software development
+ lifecycle helps developers understand how secrets leak.
+- **Immediate feedback** - Real-time alerts when developers commit secrets help
+ improve secure coding practices.
+- **Integration with development workflows** - Security scanning becomes part of
+ the development process, not a separate security audit.
+- **Cross-team visibility** - Security teams can see patterns and provide
+ targeted training based on actual findings.
+
+When used together, HashiCorp tools help you create a security culture for your
+organization. You can integrate each of these tools into common industry
+workflows such as
+[GitOps](/well-architected-framework/define-and-automate-processes/process-automation/gitops)
+to further automate security practices.
+
+**Developer Experience:**
+
+- Developers get immediate feedback on security issues through their workflows.
+- Security becomes part of the development workflow, not an external gatekeeper.
+- Learning happens in context when teams discover security issues.
+
+**Operations Teams:**
+
+- Infrastructure security through familiar code-based workflows.
+- Security policies enforced and deployed automatically, reducing manual oversight burden.
+- Compliance becomes a byproduct of standard operations rather than a special process.
+
+**Security Teams:**
+
+- Shift from being gatekeepers to being enablers and consultants.
+- Focus on defining policies and standards rather than manual reviews.
+- Gain visibility into security posture across the entire organization.
+
+This creates a culture where security is everyone's responsibility. Security is
+now part of each teams workflows, rather than being an afterthought.
+
+HashiCorp resources:
+
+- [Correlate HCP Vault Radar findings with HCP Vault](/hcp/tutorials/hcp-vault-radar-operations)
+- [Boundary credential brokering with Vault](/boundary/tutorials/credential-management/hcp-vault-cred-brokering-quickstart)
+- [Enforce policies in HCP Terraform using Sentinel](/terraform/tutorials/policy/policy-quickstart)
+
+External resources:
+
+- [NIST cyberssecurity framework](https://www.nist.gov/cyberframework)
+- [Navigating behavioral change in security awareness and culture](https://www.ibm.com/think/insights/security-awareness-culture)
+- [Why Culture Is the First Line of Defense in the Age of Agentic AI](https://www.cio.com/article/4043094/why-culture-is-the-first-line-of-defense-in-the-age-of-agentic-ai.html)
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+build a culture where security is integrated into every aspect of your
+organization's operations. Build a culture of security automation is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
index e69de29bb2..33f9d71b15 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
@@ -0,0 +1,33 @@
+---
+page_title: Name...
+description: Description...
+---
+
+#
+
+HashiCorp resources:
+
+- ...
+
+External resources:
+
+- ...
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+shift to using identity as the new security perimeter. Focusing security
+programs around identity allows you create a more comprehensive security
+strategy. Identity as a security perimeter is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/control-network-ingress-egress.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/control-network-ingress-egress.mdx
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
index 08e4da9eaa..91c594f329 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
@@ -1,15 +1,16 @@
---
-page_title: Identity in the new perimeter
+page_title: Identity is the new perimeter
description: Learn how to build a secure infrastructure to secure modern workloads against threats.
---
-# Identity in the new perimeter
+# Identity is the new perimeter
-Securing modern infrastructure requires a new approach to security. While many
-security principles remain the same as legacy infrastructure, how
-you implement these principles has changed. In legacy infrastructure, security
-focused on securing the network perimeter using firewalls, VPNs, and other network
-security tools.
+In traditional infrastructure, security focused on securing the network perimeter
+using firewalls, VPNs, and other network security tools.
+
+Securing modern infrastructure requires a new approach to security. While most
+of the security principles and tools are still utilized, how you implement a
+strong security program has changed.
Modern infrastructure encompasses a mix of on-premises, cloud, and
software-as-a-service (SaaS) workloads. Securing modern infrastructure requires
@@ -40,8 +41,18 @@ shifting focus to identities, organizations must also ensure all services:
+In the secure infrastructure section, you will learn how to adapt your security
+program to support modern infrastructure using identities and automation to
+establish a zero trust architecture.
+
## Why you should use identity as a security perimeter
+Every user, machine, or service has an identity. Leveraging the identities of
+your users through an identity provider (IdP) allows you to manage access to resources
+more effectively. You can also leverage trusted platforms such as your cloud
+provider, or self-managed infrastructure-as-a-service (IaaS) platforms to verify
+a workloads identity.
+
By adopting identity as the new perimeter, organizations can build a more secure
infrastructure that is better equipped to handle the challenges of modern
workloads.
@@ -103,6 +114,18 @@ External resources:
## Next steps
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter) **(this document)**
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
In this section of how to Secure infrastructure, you learned why it is important to
shift to using identity as the new security perimeter. Focusing security
programs around identity allows you create a more comprehensive security
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
new file mode 100644
index 0000000000..dfe35af5ef
--- /dev/null
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
@@ -0,0 +1,165 @@
+---
+page_title: Manage network ingress and egress
+description: Learn how to manage network ingress and egress to secure your infrastructure.
+---
+
+# Manage network ingress and egress
+
+As you transition to a security culture centered around identity, managing
+traffic to and from your infrastructure, both cloud and self-managed, becomes a
+critical component of security.
+
+Traditional infrastructure relied on network-based controls to manage traffic
+coming into (ingress), and out of (egress) your local network, or data center.
+Small networks often used a flat network, and were only able to manage traffic
+at the network perimeter. Larger networks or organizations with a more mature
+security program create virtual networks (VLANs) to separate network
+traffic. VLANs allow you to create internal network perimeters, and
+deploy network access controls (NACL) to manage traffic. Security teams also
+have the option to configure operating system firewalls to help manage traffic.
+Managing local operating system firewalls is often difficult to manage at scale
+and places additional overhead on each system to process traffic.
+
+Modern infrastructure still relies on VLANs for network isolation, however
+advances in networking services provide even greater control. Most modern
+infrastructure as a service (IaaS) providers allow you to filter both ingress
+and egress traffic at the network interface (NIC) level, before it reaches
+the operating system. Managing traffic at the NIC level is also known as
+micro-segmentation, and is a key component as you build towards a zero trust
+network architecture.
+
+## Why manage network ingress and egress
+
+Managing network ingress has been a standard security practice for decades.
+Managing egress traffic, however, is often overlooked. Managing egress traffic
+ensures that systems that do not require outbound network access are not able to
+initiate connections to external systems. This helps prevent data exfiltration,
+and limits the ability for attackers to communicate with command and control
+servers.
+
+While managing network ingress and egress is important, it can be resource
+intensive to manage at scale. As you build a culture of security centered around
+identity, you can begin to shift away from network-based controls, and focus on
+identity-based security.
+
+HashiCorp Consul allows you to connect infrastructure and services using a
+service mesh. Consul protects communication using mutual TLS (mTLS) to ensure that only
+authorized services are able to communicate with each other.
+
+- **Automatic mTLS encryption** for all service communication, eliminating the need for network-level encryption.
+- **Service intentions** that act as application-aware firewall rules, allowing you to define which services can communicate based on identity rather than IP addresses.
+- **Transparent proxy integration** that automatically routes and secures traffic without application code changes.
+- **L7 traffic management** including traffic splitting, timeouts, and retries that reduce the need for complex network configurations.
+
+
+
+By using Consul, you shift from managing network ports and IP-based ACL rules to
+managing identities and communication policies.
+
+Consul service intentions allow you to manage which services communicate with each
+other. For example, you can write an intention that blocks traffic for a specific
+infrastructure component, or service:
+
+```hcl
+Kind = "service-intentions"
+Name = "backend"
+Sources = [
+ {
+ Name = "frontend"
+ Action = "deny"
+ }
+]
+```
+
+HashiCorp Boundary allows you to limit network ingress by providing secure,
+identity-based access to infrastructure without opening network ports or
+managing VPN connections. Boundary verifies user identity and grants just-in-time
+access to specific resources based on their authenticated identity and assigned
+permissions.
+
+- **Credential-less access** that removes the need to distribute SSH keys or manage VPN certificates.
+- **Just-in-time network access** that creates temporary, session-based connections rather than permanent network paths.
+- **Multi-hop architecture** that allows secure access to private networks without exposing internal network topology.
+- **Session recording and monitoring** that provides complete audit trails without network packet inspection.
+- **Integration with identity providers** that ties network access decisions to your existing user directory.
+
+
+
+For infrastructure not well integrated with a service mesh, you can use
+HashiCorp Terraform to manage network policies. Terraform enables you to manage
+network ingress and egress rules as code, ensuring consistent security
+configurations across all environments and making your network policies
+auditable and version-controlled.
+
+- **Standardizing security group configurations** across multiple cloud providers and environments.
+- **Implementing least-privilege network policies** through code review and approval processes.
+- **Automating security group updates** based on application deployment patterns.
+- **Providing drift detection** to identify when network configurations have been manually modified.
+- **Enabling policy-as-code** where network security rules are tested and versioned like application code.
+
+In this example Terraform configuration, you create an AWS security group with
+no defined network egress. Using Terraform to create the security group removes
+the default egress rule that normally allows all outbound traffic.
+
+```hcl
+# By omitting egress rules, this security group blocks all outbound traffic
+# (removes AWS default "allow all" egress rule)
+
+resource "aws_security_group" "no_egress_sg" {
+ name = "no-egress-security-group"
+ description = "Security group that blocks all outbound traffic"
+ vpc_id = aws_vpc.main.id
+
+ # Ingress rules
+ ingress {
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["192.168.1.0/24"] # Allow SSH from specific CIDR
+ description = "Allow SSH inbound"
+ }
+
+ ingress {
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
+ cidr_blocks = ["10.0.0.0/24"] # Allow HTTP from specific CIDR
+ description = "Allow HTTP inbound"
+ }
+
+ tags = {
+ Name = "no-egress-security-group"
+ }
+ }
+ ```
+
+HashiCorp resources:
+
+- [Get started with Consul](/consul/tutorials/get-started-vms)
+- [Control traffic communication between services with intentions](/consul/tutorials/secure-services/secure-services-intentions)
+- [Identity management workflows for Boundary](/boundary/tutorials/identity-management)
+- [Create an AWS EC2 instance and security group with Terraform](/terraform/tutorials/configuration-language/resource)
+
+External resources:
+
+- [What is a service mesh](https://www.ibm.com/think/topics/service-mesh)
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress) **(this document)**
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+secure network ingress and egress traffic. Unmanaged traffic creates risks for
+your companies security programs, leading to leaked secrets, or unauthorized
+access to data. Manage network ingress and egress is
+part of the [Secure systems pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
index e69de29bb2..33f9d71b15 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
@@ -0,0 +1,33 @@
+---
+page_title: Name...
+description: Description...
+---
+
+#
+
+HashiCorp resources:
+
+- ...
+
+External resources:
+
+- ...
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+shift to using identity as the new security perimeter. Focusing security
+programs around identity allows you create a more comprehensive security
+strategy. Identity as a security perimeter is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-public-edge-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-public-edge-access.mdx
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/content/well-architected-framework/docs/templates/prompts.md b/content/well-architected-framework/docs/templates/prompts.md
new file mode 100644
index 0000000000..1f57fa10c3
--- /dev/null
+++ b/content/well-architected-framework/docs/templates/prompts.md
@@ -0,0 +1,20 @@
+Before proceeding, add style-guide directory to chat context.
+
+1. Are there any spelling errors in this document?
+
+1. Are there any US english grammar errors in this document?
+
+1. Check this file for any confusing statements
+
+1. Using the information from the style-guide directory, are there any problems
+ with not following the recommendations??
+
+1. Is this technically accurate?
+
+1. Can i better describe how hashicorp tools help?
+
+1. looking at all docs in the directory, are there any inconsistencies
+ in technical explanation of concepts that could be better aligned,
+ inconsistent formatting for links, lists, etc?
+
+1. Are there any sentances that start with `this`?
\ No newline at end of file
From aa0716144a6415cb2c3f491d399ff02ba8b4f2c3 Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Thu, 30 Oct 2025 13:00:04 -0400
Subject: [PATCH 04/14] Fixes from initial review
---
.../infrastructure/build-culture-security.mdx | 12 ++++++++----
.../build-zero-trust-network.mdx | 19 ++++++++++++++++---
.../manage-network-ingress-egress.mdx | 2 +-
3 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
index dc65da00ca..915a112332 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
@@ -34,8 +34,8 @@ Another important aspect of security automation and building a culture around
security is understanding that various compliance standards do not inhibit
innovation. Its can be easy to blame compliance requirements for slowing down
development and infrastructure innovation. However, when you teach teams that
-security and compliance are enablers of innovation, giving you the necessary
-guardrails to innovate, you can build a culture that embraces security.
+security and compliance give you the necessary guardrails to innovate, you can
+build a culture that embraces security.
You can adopt security as code practices using HashiCorp Terraform to automate
the deployment of security [policies as
@@ -44,6 +44,9 @@ in your infrastructure. You can manage policies for HashiCorp Vault, Boundary,
and Sentinel, as well as policies for public cloud providers and orchestration
platforms like Kubernetes, and Nomad.
+You can also use Terraform to manage common infrastructure components such as
+user accounts, firewall configurations, and network settings.
+
- **Security policies become testable code** - Teams can unit test, peer review, and version control security configurations just like application code.
- **Prevents configuration drift** - Automated detection when infrastructure deviates from secure baselines, encouraging teams to maintain security standards.
- **Enables security guardrails** - HCP Terraform can enforce organization-wide security policies that prevent non-compliant infrastructure deployment.
@@ -93,8 +96,9 @@ to further automate security practices.
- Focus on defining policies and standards rather than manual reviews.
- Gain visibility into security posture across the entire organization.
-This creates a culture where security is everyone's responsibility. Security is
-now part of each teams workflows, rather than being an afterthought.
+Automating security tasks creates a culture where security is everyone's
+responsibility. Security is now part of each teams workflows, rather than being
+an afterthought.
HashiCorp resources:
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
index 33f9d71b15..1fe3e3bb2c 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
@@ -1,9 +1,22 @@
---
-page_title: Name...
-description: Description...
+page_title: Build a zero trust network
+description: Learn how to build a zero trust network architecture to enhance security by eliminating implicit trust and continuously verifying every access request.
---
-#
+# Build a zero trust network
+
+In the secure infrastructure series, you learned about the importance of
+shifting your security focus to identities, instead of the traditional network
+perimeter. You have also learned how to incorporate security into your
+organizations culture, enabling security automation to improve efficiency and
+reduce human error. In the last document, you learned about the importance of
+filtering both ingress and egress traffic to prevent unauthorized access and data
+exfiltration.
+
+The foundational concepts you have learned so far set you up to build a zero trust
+network architecture. A zero trust network architecture is a security model that
+eliminates implicit trust and continuously verifies every access request,
+regardless of its origin.
HashiCorp resources:
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
index dfe35af5ef..4defa583c2 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
@@ -9,7 +9,7 @@ As you transition to a security culture centered around identity, managing
traffic to and from your infrastructure, both cloud and self-managed, becomes a
critical component of security.
-Traditional infrastructure relied on network-based controls to manage traffic
+Traditional infrastructure relies on network-based controls to manage traffic
coming into (ingress), and out of (egress) your local network, or data center.
Small networks often used a flat network, and were only able to manage traffic
at the network perimeter. Larger networks or organizations with a more mature
From 13d9e4407362cd8bd8c1a328ce0c490cee2bc68b Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Mon, 3 Nov 2025 13:31:01 -0500
Subject: [PATCH 05/14] Add draft for secure infra access
---
.../data/docs-nav-data.json | 8 +-
.../prevent-lateral-movement.mdx | 22 +-
.../infrastructure/secure-access.mdx | 193 +++++++++++++++++-
3 files changed, 207 insertions(+), 16 deletions(-)
diff --git a/content/well-architected-framework/data/docs-nav-data.json b/content/well-architected-framework/data/docs-nav-data.json
index 12a9b44e56..799585855b 100644
--- a/content/well-architected-framework/data/docs-nav-data.json
+++ b/content/well-architected-framework/data/docs-nav-data.json
@@ -408,14 +408,14 @@
"title": "Manage network ingress and egress",
"path": "secure-systems/infrastructure/manage-network-ingress-egress"
},
- {
- "title": "Build a zero trust network",
- "path": "secure-systems/infrastructure/build-zero-trust-network"
- },
{
"title": "Secure human access to infrastructure",
"path": "secure-systems/infrastructure/secure-access"
},
+ {
+ "title": "Build a zero trust network",
+ "path": "secure-systems/infrastructure/build-zero-trust-network"
+ },
{
"title": "Prevent lateral movement",
"path": "secure-systems/infrastructure/prevent-lateral-movement"
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
index ebe6d39962..d0ab22dd13 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
@@ -150,4 +150,24 @@ HashiCorp resources:
External resources:
- [NIST SP 800-63B-4: Digital Identity Guidelines: Authentication and Authenticator Management](https://csrc.nist.gov/pubs/sp/800/63/b/4/2pd)
-- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
\ No newline at end of file
+- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
+
+## Next steps
+
+Following these documents in order ensures a logical progression through the key
+concepts and best practices, helping you build a strong foundation to build a
+culture of security in your organization.
+
+- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement) **(this document)**
+- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
+
+In this section of how to Secure infrastructure, you learned why it is important to
+secure network ingress and egress traffic. Unmanaged traffic creates risks for
+your companies security programs, leading to leaked secrets, or unauthorized
+access to data. Manage network ingress and egress is
+part of the [Secure systems pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
index 33f9d71b15..77e86b9ed5 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
@@ -1,17 +1,187 @@
---
-page_title: Name...
-description: Description...
+page_title: Secure human access to infrastructure
+description: Implement secure access controls for human users to protect infrastructure from unauthorized access and potential threats.
---
-#
+# Secure human access to infrastructure
+
+The move to cloud-native and ephemeral resources has changed how
+people think about securing access to infrastructure. Regardless of your
+deployment methodology, your teams still need to access infrastructure for
+troubleshooting, and incident response.
+
+In traditional infrastructure deployments, you might have used bastion hosts or VPNs
+to provide secure access to infrastructure. However, these methods can introduce
+additional attack surfaces and may not align with modern security best
+practices. Managing access to infrastructure typically relied on long-lived,
+static credentials. Long-lived credentials increase the risk of compromise,
+leading to unauthorized access.
+
+## Why secure human access to infrastructure?
+
+Securing human access to infrastructure is critical to protect against
+unauthorized access and potential threats. Organizations must implement a strong
+identity and access management program, including:
+
+- [**Define access
+ requirements:**](/well-architected-framework/secure-systems/identity-access-management/define-access-requirements)
+ to ensure only authorized users can access infrastructure.
+- [**Ensure access follows the principle of least
+ privilege:**](/well-architected-framework/secure-systems/identity-access-management/grant-least-privilege)
+ to ensure users have only the minimum access necessary to perform their job functions.
+- [**Centralize authentication and
+ authorization:**](/well-architected-framework/secure-systems/identity-access-management/centralize-identity-management)
+ to protect against unauthorized access and simplify identity management.
+- [**Use strong authentication
+ methods:**](/well-architected-framework/secure-systems/identity-access-management/implement-strong-sign-in-workflows)
+ to protect against credential theft and unauthorized access.
+- [**Switch to ephemeral, dynamic
+ credentials:**](/well-architected-framework/secure-systems/identity-access-management/use-dynamic-credentials)
+ to reduce the risk of credential compromise.
+- [**Audit and manage account
+ access:**](/well-architected-framework/secure-systems/identity-access-management/manage-access-lifecycle)
+ to ensure access is reviewed and revoked when no longer needed.
+
+Implementing an effective identity and access management program sets the
+foundation to secure human access to infrastructure.
+
+HashiCorp Terraform helps you adapt to how you manage and audit infrastructure
+access. Instead of platform engineers accessing infrastructure directly, they
+use Terraform to define and manage infrastructure as code.
+
+- **Eliminates direct console access** - Teams interact with infrastructure through code review and approval processes rather than direct cloud console access
+- **Enforces change management** - All infrastructure modifications must go through version control, peer review, and approval workflows
+- **Provides complete audit trails** - Every infrastructure change is documented in Git history with author, timestamp, and approval records
+- **Enables policy enforcement** - Terraform Cloud/Enterprise can enforce organization-wide security policies that prevent non-compliant infrastructure deployment
+- **Supports least-privilege access** - Teams only need access to version control and CI/CD systems, not direct infrastructure APIs
+
+For example, rather than an engineer logging into the Azure portal to deploy a
+virtual machine, platform engineers write or update a Terraform configuration,
+commit the configuration to version control.
+
+```hcl
+terraform {
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~>3.0"
+ }
+ }
+}
+
+provider "azurerm" {
+ features {}
+}
+
+resource "azurerm_virtual_machine" "example" {
+ name = "example-vm"
+ location = "East US"
+ resource_group_name = "existing-rg"
+ network_interface_ids = [
+ azurerm_network_interface.example.id,
+ ]
+ vm_size = "Standard_B1s"
+
+ storage_image_reference {
+ publisher = "Canonical"
+ offer = "0001-com-ubuntu-server-jammy"
+ sku = "22_04-lts"
+ version = "latest"
+ }
+
+ storage_os_disk {
+ name = "example-osdisk"
+ caching = "ReadWrite"
+ create_option = "FromImage"
+ managed_disk_type = "Standard_LRS"
+ }
+
+ os_profile {
+ computer_name = "hostname"
+ admin_username = "testadmin"
+ admin_password = "Password1234!"
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = false
+ }
+}
+
+resource "azurerm_network_interface" "example" {
+ name = "example-nic"
+ location = "East US"
+ resource_group_name = "existing-rg"
+
+ ip_configuration {
+ name = "testconfiguration1"
+ subnet_id = "/subscriptions/YOUR-SUBSCRIPTION-ID/resourceGroups/existing-rg/providers/Microsoft.Network/virtualNetworks/existing-vnet/subnets/existing-subnet"
+ private_ip_address_allocation = "Dynamic"
+ }
+}
+```
+
+Once the team approves the changes, an ensures the changes align with their
+organizational security and compliance policies, the platform engineer runs Terraform
+to apply the changes to the infrastructure or uses a GitOps workflow to deploy
+the configuration once you approve and merge the changes. Using Terraform provides a
+clear audit trail of who made changes to the infrastructure and when, without
+the need for direct access to the infrastructure or platform itself.
+
+For larger platform teams, you can also use HCP Waypoint to enable developer
+self-service for common provisioning tasks. Waypoint provides a self-service
+workflow for application and infrastructure deployments. Waypont abstracts the
+infrastructure complexity away from developers, allowing them to deploy
+applications without needing direct access to the underlying infrastructure.
+
+- **Reduces developer infrastructure access needs** - Developers deploy applications through Waypoint's interface rather than requiring cloud console access
+- **Enforces deployment standards** - Platform teams define secure deployment patterns that developers automatically follow
+- **Integrates with existing CI/CD** - Works with Git workflows to enable deployment without manual infrastructure interaction
+- **Provides deployment visibility** - Teams can track application deployments without needing infrastructure monitoring access
+
+Using Waypoint further reduces the number of people who need direct
+infrastructure access, supporting the principle of least privilege while also
+improving developer productivity.
+
+HashiCorp Boundary is a modern access management solution that provides secure access to
+infrastructure without the need for bastion hosts or VPNs.
+
+- **Eliminates SSH key distribution** - No need to manage, rotate, or secure SSH private keys across teams
+- **Session-based access** - Creates temporary, auditable connections that automatically expire
+- **Multi-hop architecture** - Securely access private resources without exposing network topology or requiring VPN infrastructure
+- **Integration with identity providers** - Leverages existing Active Directory, LDAP, or cloud identity services for authentication
+- **Dynamic target discovery** - Automatically discovers and provides access to infrastructure resources based on user permissions
+
+
+
+Boundary supports dynamic, ephemeral credentials to
+reduce the risk of credential compromise by integrating with HashiCorp Vault.
+Boundary also provides detailed session recording and auditing capabilities to
+monitor access to infrastructure.
+
+HashiCorp Vault has several features that help secure access to your
+infrastructure. As discussed with Boundary, Vault can generate dynamic,
+ephemeral credentials for accessing infrastructure, reducing the risk of
+credential compromise. Vault can also act as a centralized identity provider, if
+you do not have an existing identity provider, to manage authentication and
+authorization for accessing infrastructure.
+
+- **Just-in-time credential generation** - Creates database passwords, cloud access keys, and SSH certificates on-demand
+- **Automatic credential revocation** - Credentials expire automatically, reducing the window of compromise
+- **Centralized secret rotation** - Automatically rotates static credentials (API keys, database passwords) without service disruption
+- **Audit and compliance** - Complete logging of who accessed what secrets and when
+- **Boundary + Vault integration** - Boundary retrieves database passwords from Vault at session start, eliminating shared credentials
+- **Terraform + Vault integration** - Terraform retrieves cloud credentials from Vault for deployments, no long-lived service account keys
+- **SSH certificate authority** - Vault issues short-lived SSH certificates instead of managing static SSH keys
HashiCorp resources:
-- ...
+- [Get started with Boundary](/boundary/tutorials/get-started-hcp)
+- [Boundary credential management with Vault](/boundary/tutorials/credential-management)
+- [Build a GitOps pipeline to deploy a three-tier application](/terraform/tutorials/hashicorp/gitops)
External resources:
-- ...
+- [NIST digital identity guidelines](https://pages.nist.gov/800-63-3/)
## Next steps
@@ -20,14 +190,15 @@ concepts and best practices, helping you build a strong foundation to build a
culture of security in your organization.
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
-- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access) **(this document)**
- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
-- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned why it is important to
-shift to using identity as the new security perimeter. Focusing security
-programs around identity allows you create a more comprehensive security
-strategy. Identity as a security perimeter is part of the [Secure systems
-pillar](/well-architected-framework/secure-systems).
+secure access to your infrastructure. Ensuring security
+programs use a comprehensive approach to infrastructure access helps your
+organization reduce security threats. Secure human access to infrastructure is
+part of the [Secure systems pillar](/well-architected-framework/secure-systems).
From 53e5625a45359e010e2669600c2b4d472dd8d3c7 Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Mon, 3 Nov 2025 14:54:49 -0500
Subject: [PATCH 06/14] Reorg lateral movement
---
.../data/docs-nav-data.json | 8 +-
.../build-zero-trust-network.mdx | 27 +++++-
.../prevent-lateral-movement.mdx | 87 ++++++++-----------
3 files changed, 64 insertions(+), 58 deletions(-)
diff --git a/content/well-architected-framework/data/docs-nav-data.json b/content/well-architected-framework/data/docs-nav-data.json
index 799585855b..fe686e376d 100644
--- a/content/well-architected-framework/data/docs-nav-data.json
+++ b/content/well-architected-framework/data/docs-nav-data.json
@@ -412,14 +412,14 @@
"title": "Secure human access to infrastructure",
"path": "secure-systems/infrastructure/secure-access"
},
- {
- "title": "Build a zero trust network",
- "path": "secure-systems/infrastructure/build-zero-trust-network"
- },
{
"title": "Prevent lateral movement",
"path": "secure-systems/infrastructure/prevent-lateral-movement"
},
+ {
+ "title": "Build a zero trust network",
+ "path": "secure-systems/infrastructure/build-zero-trust-network"
+ },
{
"title": "Automate security compliance",
"path": "secure-systems/infrastructure/automate-security-compliance"
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
index 1fe3e3bb2c..16fb39ea54 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
@@ -18,6 +18,28 @@ network architecture. A zero trust network architecture is a security model that
eliminates implicit trust and continuously verifies every access request,
regardless of its origin.
+
+
+When all three tools work together, they create a comprehensive security model:
+
+1. **Infrastructure Changes (Terraform):**
+ - Engineers modify infrastructure through code review
+ - CI/CD systems use Vault-generated cloud credentials
+ - No human has direct cloud console access
+
+2. **Operational Access (Boundary + Vault):**
+ - Support teams access infrastructure through Boundary
+ - Vault provides just-in-time credentials for each session
+ - All access is temporary, audited, and automatically expires
+
+3. **Zero Standing Privileges:**
+ - No long-lived credentials anywhere in the system
+ - No permanent access to infrastructure resources
+ - Every action is authenticated, authorized, and audited
+
+This creates a true zero-trust model where human access to infrastructure is
+both secure and auditable without sacrificing operational efficiency.
+
HashiCorp resources:
- ...
@@ -33,9 +55,10 @@ concepts and best practices, helping you build a strong foundation to build a
culture of security in your organization.
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
-- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
+- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network) **(this document)**
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
index d0ab22dd13..fcdd506b21 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
@@ -5,23 +5,27 @@ description: Implement service mesh and zero trust security to prevent lateral m
# Prevent lateral movement
-This guide describes one of the foundational approaches to safeguard and protect against
-“bad actors” following the well documented [MITRE ATT&CK
-framework](https://attack.mitre.org/docs/attack_matrix_poster_2024_april.pdf)
-(lateral movement).
+Providing access to infrastructure resources is inevitable. With the proper
+guardrails, as discussed in [secure human access to
+infrastructure](/well-architected-framework/docs/secure-systems/infrastructure/secure-access/),
+you can reduce the risk of unauthorized access. However, if an attacker gains
+access to one resource, they may attempt to move laterally through your
+environment to compromise additional resources.
-## Lateral movement techniques
+## What is lateral movement?
Lateral movement is the act of moving through the environment from a compromised
-resource into an uncompromised one by exploiting the assumption that the former
-is secure. The following diagram shows the lateral movement techniques attackers
-commonly use to compromise systems through unauthorized means.
+resource into an uncompromised resource by exploiting the assumption that the compromised
+resource is secure.
-
+The [MITRE ATT&CK framework](https://attack.mitre.org/docs/attack_matrix_poster_2024_april.pdf)
+provides a overview of lateral movement techniques that you can use to secure
+your infrastructure.
-
+The following diagram shows the lateral movement techniques attackers
+commonly use to compromise systems through unauthorized means.
-
+
Common techniques include:
@@ -41,10 +45,6 @@ or mutual transport layer security or (mTLS).
-External resources:
-
-- [What is the MITRE ATT&CK framework?](https://www.ibm.com/think/topics/mitre-attack)
-
## Secure cloud native applications
In the traditional datacenter approach to network security, network
@@ -54,26 +54,13 @@ VLANs. Following this model, however, might allow a compromised system in one
VLAN to access services in other VLANs without proper authentication and
authorization.
-In modern applications that use a cloud native approach, dynamic (or ephemeral)
-services come up and down often. These services need to establish secure
-connections and not rely on long-lived secrets or manual authentication processes.
+Modern infrastructure and applications that use a cloud native approach, dynamic
+(or ephemeral) services come up and down often. These services need to establish
+secure connections and not rely on long-lived secrets or manual authentication
+processes.
-External resources:
-
-- [Authentication vs authorization: understanding the difference](https://www.cncf.io/blog/2024/07/23/authentication-vs-authorization-understanding-the-difference/)
-- [OWASP Cloud-Native Application Security Top 10](https://owasp.org/www-project-cloud-native-application-security-top-10/)
-
-## Implement a service mesh
-
-
-
-
-
-
-
-With the rise of cloud native practices, organizations need to ensure they have
-secure, resilient, and performant applications while reducing complexity at
-scale.
+HashiCorp Consul enables you to secure communication between systems by
+leveraging mTLS between systems in the service mesh.
A service mesh is an infrastructure layer that manages communication
between services for distributed applications. Rather than
@@ -82,6 +69,8 @@ abstracts these concerns into a separate layer. This allows services to
communicate through the mesh infrastructure without needing to understand the
underlying network.
+
+
The benefits of a service mesh include enhanced observability, security,
and reliability. It provides load balancing, traffic routing, and failure
handling without requiring code changes. Security is strengthened through
@@ -93,20 +82,6 @@ the maintainability of large-scale distributed systems.
-HashiCorp's service mesh solution, Consul, enables practitioners to achieve this
-today by leveraging mTLS between services in the mesh.
-
-HashiCorp resources:
-
-- [What is Consul?](/consul/docs/intro)
-- [Consul service mesh](/consul/docs/use-case/service-mesh)
-- [Consul service mesh in production with Nomad](/nomad/tutorials/integrate-consul/service-mesh-production-checklist)
-
-External resources:
-
-- [NIST SP 800-204A: Building Secure Microservices-based Applications Using Service-Mesh Architecture](https://csrc.nist.gov/pubs/sp/800/204/a/final)
-- [OWASP Microservices Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Microservices_Security_Cheat_Sheet.html)
-
## Enable secrets management
Running a service mesh introduces its own set of challenges. Organizations need
@@ -143,12 +118,20 @@ use cases trying to manage secrets.
HashiCorp resources:
+- [What is Consul?](/consul/docs/intro)
+- [Consul service mesh](/consul/docs/use-case/service-mesh)
+- [Consul service mesh in production with Nomad](/nomad/tutorials/integrate-consul/service-mesh-production-checklist)
- [What is "secret sprawl" and why is it harmful?](https://www.hashicorp.com/resources/what-is-secret-sprawl-why-is-it-harmful)
- [Vault for secrets management with Consul](/consul/docs/integrate/vault/k8s)
- [Identify, prevent, and manage leaked secrets](/well-architected-framework/secure-systems/secrets/manage-leaked-secrets)
External resources:
+- [What is the MITRE ATT&CK framework?](https://www.ibm.com/think/topics/mitre-attack)
+- [Authentication vs authorization: understanding the difference](https://www.cncf.io/blog/2024/07/23/authentication-vs-authorization-understanding-the-difference/)
+- [OWASP Cloud-Native Application Security Top 10](https://owasp.org/www-project-cloud-native-application-security-top-10/)
+- [NIST SP 800-204A: Building Secure Microservices-based Applications Using Service-Mesh Architecture](https://csrc.nist.gov/pubs/sp/800/204/a/final)
+- [OWASP Microservices Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Microservices_Security_Cheat_Sheet.html)
- [NIST SP 800-63B-4: Digital Identity Guidelines: Authentication and Authenticator Management](https://csrc.nist.gov/pubs/sp/800/63/b/4/2pd)
- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
@@ -161,13 +144,13 @@ culture of security in your organization.
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
-- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement) **(this document)**
+- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned why it is important to
-secure network ingress and egress traffic. Unmanaged traffic creates risks for
+secure infrastructure against lateral movement attacks. Unmanaged traffic creates risks for
your companies security programs, leading to leaked secrets, or unauthorized
-access to data. Manage network ingress and egress is
+access to data. Prevent lateral movement is
part of the [Secure systems pillar](/well-architected-framework/secure-systems).
From c49110e8a60abe57ad45d11504592d575180865f Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Tue, 4 Nov 2025 14:58:14 -0500
Subject: [PATCH 07/14] Add zero trust doc
---
.../build-zero-trust-network.mdx | 106 +++++++++++++-----
.../prevent-lateral-movement.mdx | 2 -
2 files changed, 78 insertions(+), 30 deletions(-)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
index 16fb39ea54..5d209f5079 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
@@ -9,50 +9,99 @@ In the secure infrastructure series, you learned about the importance of
shifting your security focus to identities, instead of the traditional network
perimeter. You have also learned how to incorporate security into your
organizations culture, enabling security automation to improve efficiency and
-reduce human error. In the last document, you learned about the importance of
-filtering both ingress and egress traffic to prevent unauthorized access and data
-exfiltration.
+reduce human error. You then read about the importance of
+managing ingress and egress (north-south) traffic and preventing lateral
+movement to stop unauthorized access and data exfiltration.
-The foundational concepts you have learned so far set you up to build a zero trust
-network architecture. A zero trust network architecture is a security model that
+The foundational concepts you have learned so far provide one approach to
+building a zero trust network architecture.
+
+## What is a zero trust network architecture?
+
+A zero trust network architecture is a security model that
eliminates implicit trust and continuously verifies every access request,
regardless of its origin.
+In a zero trust model, all users and devices are treated as untrusted
+until they are verified. In a zero trust environment, access to resources is
+granted based on strict identity verification and least privilege principles.
+
+
+
+When the HashiCorp tools discussed throughout this series work together, they
+create a strong security model across your infrastructure.
+
+1. **Terraform manages infrastructure changes:**
+
+ - Engineers modify infrastructure through code review.
+ - [CI/CD](/well-architected-framework/define-and-automate-processes/automate/cicd)
+ systems use Vault-generated cloud credentials.
+ - No human has direct cloud console access.
+
+1. **Vault manages secrets and identities:**
+
+ - Manages static and dynamic secrets.
+ - Creates a trusted identity platform to authenticate and authorize users and
+ devices.
+ - Issues just-in-time credentials for infrastructure access.
+ - Manages certificates for both PKI and certificate-based authentication.
+
+1. **Boundary and Vault provide access to infrastructure:**
+
+ - Support teams access infrastructure through Boundary.
+ - Vault provides just-in-time credentials for each session.
+ - All access is temporary, audited, and automatically expires.
+
+1. **Consul enables network security:**
+
+ - API gateways and ingress controllers manage north-south traffic with identity-based policies.
+ - Service mesh provides automatic mTLS encryption and service-to-service authorization.
+ - Service intentions define which services can communicate, providing
+ micro-segmentation that blocks unauthorized lateral movement.
+1. **Waypoint allows developer self-service:**
-When all three tools work together, they create a comprehensive security model:
+ - Developers deploy through standardized workflows without infrastructure access.
+ - Platform teams define secure deployment patterns that developers automatically follow.
+ - Reduces the number of people requiring direct infrastructure permissions.
-1. **Infrastructure Changes (Terraform):**
- - Engineers modify infrastructure through code review
- - CI/CD systems use Vault-generated cloud credentials
- - No human has direct cloud console access
+Combining these tools creates a strong foundation for a zero-trust model where
+access to infrastructure is both secure and auditable without sacrificing
+operational efficiency.
-2. **Operational Access (Boundary + Vault):**
- - Support teams access infrastructure through Boundary
- - Vault provides just-in-time credentials for each session
- - All access is temporary, audited, and automatically expires
+
-3. **Zero Standing Privileges:**
- - No long-lived credentials anywhere in the system
- - No permanent access to infrastructure resources
- - Every action is authenticated, authorized, and audited
+Other services to complete your zero trust architecture include:
-This creates a true zero-trust model where human access to infrastructure is
-both secure and auditable without sacrificing operational efficiency.
+- **Identity providers** - Centralized [identity and access management
+ systems](/well-architected-framework/secure-systems/identity-access-management/define-access-requirements)
+ (Okta, Azure AD, Ping Identity) that integrate with Vault to provide SSO and
+ MFA capabilities.
+- **SIEM solutions** - Security Information and Event Management (SIEM)
+ solutions (Splunk, ELK Stack, Grafana) that collect and analyze logs
+ from Vault, Boundary, Consul, and other systems to provide real-time
+ monitoring and alerting.
+- **Endpoint security solutions** - Tools that ensure devices accessing the
+ network meet security standards, such as antivirus software, firewalls, and
+ endpoint detection and response (EDR) solutions.
HashiCorp resources:
-- ...
+- [Get started with Vault](/vault/tutorials/get-started)
+- [Get started with Boundary](/boundary/tutorials/get-started-hcp)
+- [Get started with Consul](/consul/tutorials/get-started-kubernetes)
+- [Get started with Waypoint](/waypoint/tutorials/hcp-waypoint)
External resources:
-- ...
+- [The Evolution of Zero Trust and the Frameworks that Guide It](https://www.ibm.com/think/insights/the-evolution-of-zero-trust-and-the-frameworks-that-guide-it)
+- [NIST Zero Trust Architecture](https://www.nist.gov/publications/zero-trust-architecture)
## Next steps
Following these documents in order ensures a logical progression through the key
-concepts and best practices, helping you build a strong foundation to build a
-culture of security in your organization.
+concepts and best practices, helping you build a strong security foundation for
+your organization.
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
@@ -62,8 +111,9 @@ culture of security in your organization.
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
-In this section of how to Secure infrastructure, you learned why it is important to
-shift to using identity as the new security perimeter. Focusing security
-programs around identity allows you create a more comprehensive security
-strategy. Identity as a security perimeter is part of the [Secure systems
+In this section of how to Secure infrastructure, you learned about the tools and
+workflows needed to build a zero trust network architecture. Integrating
+HashiCorp tools into your zero trust network architecture enables auditable
+infrastructure changes, secure access to infrastructure following the principle
+of least privilege, and properly managed secrets. Build a zero trust network is part of the [Secure systems
pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
index fcdd506b21..ec451ba35f 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
@@ -80,8 +80,6 @@ mesh handles operational concerns like retries, timeouts, circuit
breaking, and canary deployments, ultimately reducing complexity and improving
the maintainability of large-scale distributed systems.
-
-
## Enable secrets management
Running a service mesh introduces its own set of challenges. Organizations need
From b7816a0f888bb251e07f898d90020c7c08bc692f Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Wed, 5 Nov 2025 14:50:22 -0500
Subject: [PATCH 08/14] First draft complete - ready for CJ review
---
.../data/docs-nav-data.json | 16 ++---
.../automate-security-compliance.mdx | 0
.../infrastructure/build-culture-security.mdx | 15 ++---
.../infrastructure/identity-new-perimeter.mdx | 26 ++------
.../manage-network-ingress-egress.mdx | 33 +++++-----
.../prevent-lateral-movement.mdx | 23 ++++---
.../infrastructure/secure-access.mdx | 15 ++---
...st-network.mdx => zero-trust-security.mdx} | 66 +++++++++++--------
.../redirects.jsonc | 7 +-
9 files changed, 96 insertions(+), 105 deletions(-)
delete mode 100644 content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-compliance.mdx
rename content/well-architected-framework/docs/docs/secure-systems/infrastructure/{build-zero-trust-network.mdx => zero-trust-security.mdx} (62%)
diff --git a/content/well-architected-framework/data/docs-nav-data.json b/content/well-architected-framework/data/docs-nav-data.json
index fe686e376d..5117e6ea03 100644
--- a/content/well-architected-framework/data/docs-nav-data.json
+++ b/content/well-architected-framework/data/docs-nav-data.json
@@ -396,6 +396,10 @@
{
"title": "Secure infrastructure",
"routes": [
+ {
+ "title": "Implement zero trust security",
+ "path": "secure-systems/infrastructure/zero-trust-security"
+ },
{
"title": "Identity is the new perimeter",
"path": "secure-systems/infrastructure/identity-new-perimeter"
@@ -415,14 +419,6 @@
{
"title": "Prevent lateral movement",
"path": "secure-systems/infrastructure/prevent-lateral-movement"
- },
- {
- "title": "Build a zero trust network",
- "path": "secure-systems/infrastructure/build-zero-trust-network"
- },
- {
- "title": "Automate security compliance",
- "path": "secure-systems/infrastructure/automate-security-compliance"
}
]
},
@@ -467,10 +463,6 @@
{
"title": "Validate software integrity",
"path": "secure-systems/validate-software-integrity"
- },
- {
- "title": "Implement zero trust security",
- "path": "secure-systems/zero-trust-security"
}
]
},
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-compliance.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/automate-security-compliance.mdx
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
index 915a112332..e43c35375e 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
@@ -26,13 +26,13 @@ Security automation involves using tools and processes to automate security
tasks, such as scanning for vulnerabilities, managing secrets, applying
security patches, and monitoring for threats. You can automate these
tasks as code, instead of performing the tasks manually. By automating tasks
-like policy provision, or scanning for secrets, your security posture improves.
+like policy provisioning, or scanning for secrets, your security posture improves.
Another important aspect of security automation and building a culture around
security is understanding that various compliance standards do not inhibit
-innovation. Its can be easy to blame compliance requirements for slowing down
+innovation. It can be easy to blame compliance requirements for slowing down
development and infrastructure innovation. However, when you teach teams that
security and compliance give you the necessary guardrails to innovate, you can
build a culture that embraces security.
@@ -74,7 +74,7 @@ control system (VCS) such as GitHub.
When used together, HashiCorp tools help you create a security culture for your
organization. You can integrate each of these tools into common industry
-workflows such as
+workflows, such as
[GitOps](/well-architected-framework/define-and-automate-processes/process-automation/gitops)
to further automate security practices.
@@ -97,7 +97,7 @@ to further automate security practices.
- Gain visibility into security posture across the entire organization.
Automating security tasks creates a culture where security is everyone's
-responsibility. Security is now part of each teams workflows, rather than being
+responsibility. Security is now part of each team's workflows, rather than being
an afterthought.
HashiCorp resources:
@@ -115,16 +115,15 @@ External resources:
## Next steps
Following these documents in order ensures a logical progression through the key
-concepts and best practices, helping you build a strong foundation to build a
-culture of security in your organization.
+concepts and best practices, helping you build a strong foundation for your
+organizations security program.
+- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned why it is important to
build a culture where security is integrated into every aspect of your
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
index 91c594f329..1a43f2e286 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
@@ -5,13 +5,6 @@ description: Learn how to build a secure infrastructure to secure modern workloa
# Identity is the new perimeter
-In traditional infrastructure, security focused on securing the network perimeter
-using firewalls, VPNs, and other network security tools.
-
-Securing modern infrastructure requires a new approach to security. While most
-of the security principles and tools are still utilized, how you implement a
-strong security program has changed.
-
Modern infrastructure encompasses a mix of on-premises, cloud, and
software-as-a-service (SaaS) workloads. Securing modern infrastructure requires
a shift in focus to securing access to resources using identities, as the network
@@ -41,17 +34,13 @@ shifting focus to identities, organizations must also ensure all services:
-In the secure infrastructure section, you will learn how to adapt your security
-program to support modern infrastructure using identities and automation to
-establish a zero trust architecture.
-
## Why you should use identity as a security perimeter
Every user, machine, or service has an identity. Leveraging the identities of
your users through an identity provider (IdP) allows you to manage access to resources
-more effectively. You can also leverage trusted platforms such as your cloud
+more effectively. You can also leverage trusted platforms, such as your cloud
provider, or self-managed infrastructure-as-a-service (IaaS) platforms to verify
-a workloads identity.
+a workload's identity.
By adopting identity as the new perimeter, organizations can build a more secure
infrastructure that is better equipped to handle the challenges of modern
@@ -87,8 +76,8 @@ specific resources based on their authenticated identity and assigned
permissions.
You can further enhance your security posture by integrating Vault and Boundary
-to allow identity based access to target resources without exposing or sharing
-the targets credentials. Users authenticate to Boundary through a trusted
+to allow identity-based access to target resources without exposing or sharing
+the target's credentials. Users authenticate to Boundary through a trusted
identity provider, and Boundary retrieves dynamic credentials from Vault to
access the target resource.
@@ -115,16 +104,15 @@ External resources:
## Next steps
Following these documents in order ensures a logical progression through the key
-concepts and best practices, helping you build a strong foundation to build a
-culture of security in your organization.
+concepts and best practices, helping you build a strong foundation for your
+organization's security program.
+- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter) **(this document)**
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned why it is important to
shift to using identity as the new security perimeter. Focusing security
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
index 4defa583c2..9f952174db 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
@@ -10,22 +10,22 @@ traffic to and from your infrastructure, both cloud and self-managed, becomes a
critical component of security.
Traditional infrastructure relies on network-based controls to manage traffic
-coming into (ingress), and out of (egress) your local network, or data center.
-Small networks often used a flat network, and were only able to manage traffic
+coming into (ingress) and out of (egress) your local network or data center.
+Small networks often used a flat network and were only able to manage traffic
at the network perimeter. Larger networks or organizations with a more mature
security program create virtual networks (VLANs) to separate network
-traffic. VLANs allow you to create internal network perimeters, and
+traffic. VLANs allow you to create internal network perimeters and
deploy network access controls (NACL) to manage traffic. Security teams also
have the option to configure operating system firewalls to help manage traffic.
Managing local operating system firewalls is often difficult to manage at scale
and places additional overhead on each system to process traffic.
-Modern infrastructure still relies on VLANs for network isolation, however
+Modern infrastructure still relies on VLANs for network isolation; however,
advances in networking services provide even greater control. Most modern
infrastructure as a service (IaaS) providers allow you to filter both ingress
and egress traffic at the network interface (NIC) level, before it reaches
the operating system. Managing traffic at the NIC level is also known as
-micro-segmentation, and is a key component as you build towards a zero trust
+micro-segmentation and is a key component as you build towards a zero trust
network architecture.
## Why manage network ingress and egress
@@ -33,18 +33,18 @@ network architecture.
Managing network ingress has been a standard security practice for decades.
Managing egress traffic, however, is often overlooked. Managing egress traffic
ensures that systems that do not require outbound network access are not able to
-initiate connections to external systems. This helps prevent data exfiltration,
-and limits the ability for attackers to communicate with command and control
+initiate connections to external systems. This helps prevent data exfiltration
+and limits the ability of attackers to communicate with command and control
servers.
While managing network ingress and egress is important, it can be resource
intensive to manage at scale. As you build a culture of security centered around
-identity, you can begin to shift away from network-based controls, and focus on
+identity, you begin to shift away from network-based controls, and focus on
identity-based security.
HashiCorp Consul allows you to connect infrastructure and services using a
service mesh. Consul protects communication using mutual TLS (mTLS) to ensure that only
-authorized services are able to communicate with each other.
+authorized services can communicate with each other.
- **Automatic mTLS encryption** for all service communication, eliminating the need for network-level encryption.
- **Service intentions** that act as application-aware firewall rules, allowing you to define which services can communicate based on identity rather than IP addresses.
@@ -81,14 +81,14 @@ permissions.
- **Just-in-time network access** that creates temporary, session-based connections rather than permanent network paths.
- **Multi-hop architecture** that allows secure access to private networks without exposing internal network topology.
- **Session recording and monitoring** that provides complete audit trails without network packet inspection.
-- **Integration with identity providers** that ties network access decisions to your existing user directory.
+- **Integration with identity providers** that tie network access decisions to your existing user directory.
For infrastructure not well integrated with a service mesh, you can use
HashiCorp Terraform to manage network policies. Terraform enables you to manage
network ingress and egress rules as code, ensuring consistent security
-configurations across all environments and making your network policies
+configurations across all environments, making your network policies
auditable and version-controlled.
- **Standardizing security group configurations** across multiple cloud providers and environments.
@@ -147,19 +147,18 @@ External resources:
## Next steps
Following these documents in order ensures a logical progression through the key
-concepts and best practices, helping you build a strong foundation to build a
-culture of security in your organization.
+concepts and best practices, helping you build a strong foundation for your
+organization's security program.
+- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress) **(this document)**
-- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
+- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned why it is important to
secure network ingress and egress traffic. Unmanaged traffic creates risks for
-your companies security programs, leading to leaked secrets, or unauthorized
+your company's security programs, leading to leaked secrets, or unauthorized
access to data. Manage network ingress and egress is
part of the [Secure systems pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
index ec451ba35f..91630db567 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
@@ -19,7 +19,7 @@ resource into an uncompromised resource by exploiting the assumption that the co
resource is secure.
The [MITRE ATT&CK framework](https://attack.mitre.org/docs/attack_matrix_poster_2024_april.pdf)
-provides a overview of lateral movement techniques that you can use to secure
+provides an overview of lateral movement techniques that you can use to secure
your infrastructure.
The following diagram shows the lateral movement techniques attackers
@@ -41,7 +41,7 @@ Common techniques include:
With various techniques available to anyone, you need to protect your
organization with a solution that stops lateral movement through bi-directional
-or mutual transport layer security or (mTLS).
+or mutual transport layer security (mTLS).
@@ -83,7 +83,7 @@ the maintainability of large-scale distributed systems.
## Enable secrets management
Running a service mesh introduces its own set of challenges. Organizations need
-to secure, and manage the service mesh configuration and supporting resources.
+to secure and manage the service mesh configuration and supporting resources.
An example of some of these resources in a mesh are:
- Server TLS credentials
@@ -95,11 +95,11 @@ An example of some of these resources in a mesh are:
- Gossip encryption key
- Snapshot agent configuration
-If you're using a service mesh today you should consider the level of effort to
+If you're using a service mesh today, you should consider the level of effort to
store the secrets associated with the service mesh.
-Centralization of secrets across your environments are essential to stop a
-lateral attack among other vulnerabilities. Identity is the new perimeter and
+Centralization of secrets across your environments is essential to stop a
+lateral attack, among other vulnerabilities. Identity is the new perimeter, and
identity is a secret. Managing multiple secrets may lead to secret sprawl.
@@ -110,7 +110,7 @@ identity is a secret. Managing multiple secrets may lead to secret sprawl.
HashiCorp Vault can help practitioners simplify these workloads and centralize
these secrets. Vault's secrets engines give teams solutions for various
-use cases trying to manage secrets.
+use cases, trying to manage secrets.
@@ -136,19 +136,18 @@ External resources:
## Next steps
Following these documents in order ensures a logical progression through the key
-concepts and best practices, helping you build a strong foundation to build a
-culture of security in your organization.
+concepts and best practices, helping you build a strong foundation for your
+organization's security program.
+- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement) **(this document)**
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
-- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned why it is important to
secure infrastructure against lateral movement attacks. Unmanaged traffic creates risks for
-your companies security programs, leading to leaked secrets, or unauthorized
+your company's security programs, leading to leaked secrets, or unauthorized
access to data. Prevent lateral movement is
part of the [Secure systems pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
index 77e86b9ed5..390f0cc2f9 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
@@ -8,7 +8,7 @@ description: Implement secure access controls for human users to protect infrast
The move to cloud-native and ephemeral resources has changed how
people think about securing access to infrastructure. Regardless of your
deployment methodology, your teams still need to access infrastructure for
-troubleshooting, and incident response.
+troubleshooting and incident response.
In traditional infrastructure deployments, you might have used bastion hosts or VPNs
to provide secure access to infrastructure. However, these methods can introduce
@@ -120,9 +120,9 @@ resource "azurerm_network_interface" "example" {
}
```
-Once the team approves the changes, an ensures the changes align with their
+Once the team approves the changes, and ensures the changes align with their
organizational security and compliance policies, the platform engineer runs Terraform
-to apply the changes to the infrastructure or uses a GitOps workflow to deploy
+to apply the changes to the infrastructure, or uses a GitOps workflow to deploy
the configuration once you approve and merge the changes. Using Terraform provides a
clear audit trail of who made changes to the infrastructure and when, without
the need for direct access to the infrastructure or platform itself.
@@ -165,7 +165,7 @@ credential compromise. Vault can also act as a centralized identity provider, if
you do not have an existing identity provider, to manage authentication and
authorization for accessing infrastructure.
-- **Just-in-time credential generation** - Creates database passwords, cloud access keys, and SSH certificates on-demand
+- **Just-in-time credential generation** - Creates database passwords, cloud access keys, and SSH certificates on demand
- **Automatic credential revocation** - Credentials expire automatically, reducing the window of compromise
- **Centralized secret rotation** - Automatically rotates static credentials (API keys, database passwords) without service disruption
- **Audit and compliance** - Complete logging of who accessed what secrets and when
@@ -186,16 +186,15 @@ External resources:
## Next steps
Following these documents in order ensures a logical progression through the key
-concepts and best practices, helping you build a strong foundation to build a
-culture of security in your organization.
+concepts and best practices, helping you build a strong foundation for your
+organizations security program.
+- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access) **(this document)**
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned why it is important to
secure access to your infrastructure. Ensuring security
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
similarity index 62%
rename from content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
rename to content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
index 5d209f5079..532160f4fb 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-zero-trust-network.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
@@ -1,35 +1,45 @@
---
-page_title: Build a zero trust network
-description: Learn how to build a zero trust network architecture to enhance security by eliminating implicit trust and continuously verifying every access request.
+page_title: Implement zero trust security and networking
+description: Learn how a zero trust security model enhances security by eliminating implicit trust and continuously verifying access requests.
---
-# Build a zero trust network
+# Implement zero trust security and networking
-In the secure infrastructure series, you learned about the importance of
+In traditional infrastructure, security focused on securing the network perimeter
+using firewalls, VPNs, and other network security tools.
+
+Securing modern infrastructure requires a new approach to security. While most
+of the security principles and tools are still utilized, how you implement a
+strong security program has changed.
+
+In the secure infrastructure series, you will learn about the importance of
shifting your security focus to identities, instead of the traditional network
-perimeter. You have also learned how to incorporate security into your
-organizations culture, enabling security automation to improve efficiency and
-reduce human error. You then read about the importance of
-managing ingress and egress (north-south) traffic and preventing lateral
+perimeter. You will also see the importance of incorporating security into your
+organization's culture, enabling security automation to improve efficiency and
+reduce human error. You will then review how you should manage ingress and
+egress (north-south) traffic and prevent lateral
movement to stop unauthorized access and data exfiltration.
-The foundational concepts you have learned so far provide one approach to
-building a zero trust network architecture.
+In the secure infrastructure section, you will learn how to adapt your security
+program to support modern infrastructure using identities and automation to
+establish a zero trust architecture.
## What is a zero trust network architecture?
-A zero trust network architecture is a security model that
-eliminates implicit trust and continuously verifies every access request,
-regardless of its origin.
+Zero trust security is a security model that eliminates the concept of trusted
+networks and requires verification for every user, device, and application
+attempting to access resources. Unlike traditional perimeter-based security,
+which assumes everything inside the network is safe, zero-trust security
+operates on the principle of "never trust, always verify."
-In a zero trust model, all users and devices are treated as untrusted
-until they are verified. In a zero trust environment, access to resources is
-granted based on strict identity verification and least privilege principles.
+In the following video, HashiCorp co-founder Armon Dadgar discusses the zero
+trust security model and how it can protect your organization.
-
+
-When the HashiCorp tools discussed throughout this series work together, they
-create a strong security model across your infrastructure.
+Throughout this series, you will see how HashiCorp tools work together, so you
+can create a strong security model following zero trust principles across your
+infrastructure.
1. **Terraform manages infrastructure changes:**
@@ -69,7 +79,7 @@ Combining these tools creates a strong foundation for a zero-trust model where
access to infrastructure is both secure and auditable without sacrificing
operational efficiency.
-
+
Other services to complete your zero trust architecture include:
@@ -82,7 +92,7 @@ Other services to complete your zero trust architecture include:
from Vault, Boundary, Consul, and other systems to provide real-time
monitoring and alerting.
- **Endpoint security solutions** - Tools that ensure devices accessing the
- network meet security standards, such as antivirus software, firewalls, and
+ network meets security standards, such as antivirus software, firewalls, and
endpoint detection and response (EDR) solutions.
HashiCorp resources:
@@ -100,20 +110,20 @@ External resources:
## Next steps
Following these documents in order ensures a logical progression through the key
-concepts and best practices, helping you build a strong security foundation for
-your organization.
+concepts and best practices, helping you build a strong foundation for your
+organization's security program.
+- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security) **(this document)**
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
-- [Build a zero trust network architecture](/well-architected-framework/secure-systems/infrastructure/build-zero-trust-network) **(this document)**
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-- [Automate security compliance and governance](/well-architected-framework/secure-systems/infrastructure/automate-security-compliance)
In this section of how to Secure infrastructure, you learned about the tools and
-workflows needed to build a zero trust network architecture. Integrating
-HashiCorp tools into your zero trust network architecture enables auditable
+workflows needed to implement a zero trust security model. Integrating
+HashiCorp tools into your infrastructure and network architecture enables auditable
infrastructure changes, secure access to infrastructure following the principle
-of least privilege, and properly managed secrets. Build a zero trust network is part of the [Secure systems
+of least privilege, and properly managed secrets. Implement zero trust security
+and networking is part of the [Secure systems
pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/redirects.jsonc b/content/well-architected-framework/redirects.jsonc
index c0d413647d..2e6e7ce198 100644
--- a/content/well-architected-framework/redirects.jsonc
+++ b/content/well-architected-framework/redirects.jsonc
@@ -207,5 +207,10 @@
"source": "/well-architected-framework/secure-systems/prevent-lateral-movement",
"destination": "/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement",
"permanent": true
- }
+ },
+ {
+ "source": "/well-architected-framework/secure-systems/zero-trust-security",
+ "destination": "/well-architected-framework/secure-systems/infrastructureß/zero-trust-security",
+ "permanent": true
+ },
]
From 2c6d1449ab49db9f71aa89860dc43cfa7d4bda23 Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Wed, 5 Nov 2025 16:11:32 -0500
Subject: [PATCH 09/14] Fix extra comma in redirects
---
content/well-architected-framework/redirects.jsonc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/well-architected-framework/redirects.jsonc b/content/well-architected-framework/redirects.jsonc
index 2e6e7ce198..6459626b25 100644
--- a/content/well-architected-framework/redirects.jsonc
+++ b/content/well-architected-framework/redirects.jsonc
@@ -212,5 +212,5 @@
"source": "/well-architected-framework/secure-systems/zero-trust-security",
"destination": "/well-architected-framework/secure-systems/infrastructureß/zero-trust-security",
"permanent": true
- },
+ }
]
From 31b7041dc003465e11582d42ff731247b033ee3a Mon Sep 17 00:00:00 2001
From: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Date: Wed, 5 Nov 2025 16:12:20 -0500
Subject: [PATCH 10/14] Remove random character in redirect
---
content/well-architected-framework/redirects.jsonc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/well-architected-framework/redirects.jsonc b/content/well-architected-framework/redirects.jsonc
index 6459626b25..d66d205b4b 100644
--- a/content/well-architected-framework/redirects.jsonc
+++ b/content/well-architected-framework/redirects.jsonc
@@ -210,7 +210,7 @@
},
{
"source": "/well-architected-framework/secure-systems/zero-trust-security",
- "destination": "/well-architected-framework/secure-systems/infrastructureß/zero-trust-security",
+ "destination": "/well-architected-framework/secure-systems/infrastructure/zero-trust-security",
"permanent": true
}
]
From 9933f2a38b7529adb116e90c8390e206dd858f8b Mon Sep 17 00:00:00 2001
From: CJ <105300705+cjobermaier@users.noreply.github.com>
Date: Mon, 10 Nov 2025 11:18:37 -0600
Subject: [PATCH 11/14] Improve clarity of security integration text
Rephrase sentences for clarity and conciseness.
---
.../infrastructure/build-culture-security.mdx | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
index e43c35375e..6658cb8874 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
@@ -9,11 +9,7 @@ Security is no longer a separate function in modern
infrastructure. Organizations must incorporate security in all phases of
infrastructure deployment and software development lifecycles (SDLC).
-Waiting for security teams to manually review and approve changes can lead to
-delays, increased risk of human error, and inconsistent security practices.
-Waiting for audits and compliance checks to verify your security program does
-not allow you to proactively respond to emerging threats, leaving your
-organization vulnerable.
+Waiting for security teams to review and approve changes manually can lead to delays, increased risk of human error, and inconsistent security practices. Waiting for audits and compliance checks to verify your security program does not allow you to respond to emerging threats, leaving your organization vulnerable.
When you build a culture of security automation, you integrate security practices and
tools into your organization's culture, processes, and workflows. When you
From 8b158ad41967aa2ac7ee270a1265182f46678247 Mon Sep 17 00:00:00 2001
From: CJ Obermaier
Date: Mon, 10 Nov 2025 11:32:12 -0600
Subject: [PATCH 12/14] review build culture
---
.../infrastructure/build-culture-security.mdx | 76 ++++++++++---------
1 file changed, 39 insertions(+), 37 deletions(-)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
index 6658cb8874..92dde56596 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
@@ -16,6 +16,27 @@ tools into your organization's culture, processes, and workflows. When you
approach security as a necessary part of your organization's culture, you can
mitigate security risks more effectively and efficiently.
+When you build a culture of security automation, you create the following benefits
+in your organization:
+
+**Developer Experience:**
+
+- Developers get immediate feedback on security issues through their workflows.
+- Security becomes part of the development workflow, not an external gatekeeper.
+- Learning happens in context when teams discover security issues.
+
+**Operations Teams:**
+
+- Infrastructure security through familiar code-based workflows.
+- Security policies enforced and deployed automatically, reducing manual oversight burden.
+- Compliance becomes a byproduct of standard operations rather than a special process.
+
+**Security Teams:**
+
+- Shift from being gatekeepers to being enablers and consultants.
+- Focus on defining policies and standards rather than manual reviews.
+- Gain visibility into security posture across the entire organization.
+
## What is security automation?
Security automation involves using tools and processes to automate security
@@ -33,7 +54,9 @@ development and infrastructure innovation. However, when you teach teams that
security and compliance give you the necessary guardrails to innovate, you can
build a culture that embraces security.
-You can adopt security as code practices using HashiCorp Terraform to automate
+## Deploy security as code with Terraform
+
+You can adopt security as code practices using Terraform to automate
the deployment of security [policies as
code](/well-architected-framework/secure-systems/compliance-and-governance/policy-as-code)
in your infrastructure. You can manage policies for HashiCorp Vault, Boundary,
@@ -43,15 +66,17 @@ platforms like Kubernetes, and Nomad.
You can also use Terraform to manage common infrastructure components such as
user accounts, firewall configurations, and network settings.
-- **Security policies become testable code** - Teams can unit test, peer review, and version control security configurations just like application code.
-- **Prevents configuration drift** - Automated detection when infrastructure deviates from secure baselines, encouraging teams to maintain security standards.
-- **Enables security guardrails** - HCP Terraform can enforce organization-wide security policies that prevent non-compliant infrastructure deployment.
-- **Democratizes security knowledge** - Security configurations are documented in code, making security requirements visible and understandable to all team members.
-- **Creates security feedback loops** - Failed deployments due to security violations become learning opportunities rather than blame events.
+- **Security policies become testable code:** Teams can unit test, peer review, and version control security configurations just like application code.
+- **Prevents configuration drift:** Automated detection when infrastructure deviates from secure baselines, encouraging teams to maintain security standards.
+- **Enables security guardrails:** Terraform can enforce organization-wide security policies that prevent non-compliant infrastructure deployment.
+- **Democratizes security knowledge:** Security configurations are documented in code, making security requirements visible and understandable to all team members.
+- **Creates security feedback loops:** Failed deployments due to security violations become learning opportunities rather than blame events.
This shifts security from being a "blocker" to being an integral part of how you
design and deploy infrastructure.
+## Shift security left with HCP Vault Radar
+
Security teams can help shift security left with HCP Vault Radar. Shifting security
left means software and IaC developers integrate security tools into their
development process. HCP Vault Radar [scans for
@@ -59,42 +84,15 @@ secrets](/well-architected-framework/secure-systems/secrets/manage-leaked-secret
in source code during development, or once they commit their code to a version
control system (VCS) such as GitHub.
-- **Continuous education** - Integrating scanning into the software development
+- **Continuous education:** Integrating scanning into the software development
lifecycle helps developers understand how secrets leak.
-- **Immediate feedback** - Real-time alerts when developers commit secrets help
+- **Immediate feedback:** Real-time alerts when developers commit secrets help
improve secure coding practices.
-- **Integration with development workflows** - Security scanning becomes part of
+- **Integration with development workflows:** Security scanning becomes part of
the development process, not a separate security audit.
-- **Cross-team visibility** - Security teams can see patterns and provide
+- **Cross-team visibility:** Security teams can see patterns and provide
targeted training based on actual findings.
-When used together, HashiCorp tools help you create a security culture for your
-organization. You can integrate each of these tools into common industry
-workflows, such as
-[GitOps](/well-architected-framework/define-and-automate-processes/process-automation/gitops)
-to further automate security practices.
-
-**Developer Experience:**
-
-- Developers get immediate feedback on security issues through their workflows.
-- Security becomes part of the development workflow, not an external gatekeeper.
-- Learning happens in context when teams discover security issues.
-
-**Operations Teams:**
-
-- Infrastructure security through familiar code-based workflows.
-- Security policies enforced and deployed automatically, reducing manual oversight burden.
-- Compliance becomes a byproduct of standard operations rather than a special process.
-
-**Security Teams:**
-
-- Shift from being gatekeepers to being enablers and consultants.
-- Focus on defining policies and standards rather than manual reviews.
-- Gain visibility into security posture across the entire organization.
-
-Automating security tasks creates a culture where security is everyone's
-responsibility. Security is now part of each team's workflows, rather than being
-an afterthought.
HashiCorp resources:
@@ -114,6 +112,10 @@ Following these documents in order ensures a logical progression through the key
concepts and best practices, helping you build a strong foundation for your
organizations security program.
+- Integrate Terraform and Vault into common industry
+workflows, such as
+[GitOps](/well-architected-framework/define-and-automate-processes/process-automation/gitops)
+to further automate security practices.
- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
From b4c57b3d75c5fc0936f5b7f88edb86393474a552 Mon Sep 17 00:00:00 2001
From: CJ Obermaier
Date: Mon, 10 Nov 2025 11:53:48 -0600
Subject: [PATCH 13/14] added description
---
.../infrastructure/build-culture-security.mdx | 10 +--
.../infrastructure/identity-new-perimeter.mdx | 61 +++++++++----------
.../manage-network-ingress-egress.mdx | 12 ++--
.../prevent-lateral-movement.mdx | 12 ++--
.../infrastructure/secure-access.mdx | 12 ++--
.../infrastructure/zero-trust-security.mdx | 16 ++---
6 files changed, 59 insertions(+), 64 deletions(-)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
index 92dde56596..d4216c3f4e 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
@@ -108,6 +108,11 @@ External resources:
## Next steps
+In this section of how to Secure infrastructure, you learned why it is important to
+build a culture where security is integrated into every aspect of your
+organization's operations. Build a culture of security automation is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
+
Following these documents in order ensures a logical progression through the key
concepts and best practices, helping you build a strong foundation for your
organizations security program.
@@ -122,8 +127,3 @@ to further automate security practices.
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-
-In this section of how to Secure infrastructure, you learned why it is important to
-build a culture where security is integrated into every aspect of your
-organization's operations. Build a culture of security automation is part of the [Secure systems
-pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
index 1a43f2e286..34e1e8f9d6 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
@@ -1,9 +1,9 @@
---
-page_title: Identity is the new perimeter
-description: Learn how to build a secure infrastructure to secure modern workloads against threats.
+page_title: How to secure cloud infrastructure with identity-based access control
+description: Secure cloud infrastructure by replacing network perimeters with identity-based access control. Learn zero trust security, dynamic credentials, MFA implementation, and least privilege access strategies.
---
-# Identity is the new perimeter
+# Identity-based security for modern infrastructure
Modern infrastructure encompasses a mix of on-premises, cloud, and
software-as-a-service (SaaS) workloads. Securing modern infrastructure requires
@@ -15,32 +15,19 @@ Instead of relying on network security tools to secure access to resources,
organizations must focus on securing user and machine identities. In addition to
shifting focus to identities, organizations must also ensure all services:
-- Follow the principle of [least
- privilege](/well-architected-framework/secure-systems/identity-access-management/grant-least-privilege),
- granting the minimum access necessary to perform their tasks.
-- Use [strong authentication and authorization
- mechanisms](/well-architected-framework/secure-systems/identity-access-management/implement-strong-sign-in-workflows),
- including multi-factor authentication (MFA), to access resources.
-- Replace long-lived credentials with [ephemeral, short-lived
- credentials](/well-architected-framework/secure-systems/identity-access-management/use-dynamic-credentials)
- to reduce the risk of credential theft.
-- Implement a [data classification
- scheme](/well-architected-framework/secure-systems/data/classify-data) for all
- services.
-- Isolate workloads and resources to limit the effect of potential
- security breaches.
-- Continuously monitor and audit access to resources to detect and respond to
- potential threats.
+- **Follow the principle of least privilege:** Grant the minimum access necessary to perform their tasks.
+- **Use strong authentication and authorization mechanisms:** Implement robust sign-in workflows, including multi-factor authentication (MFA), to access resources.
+- **Use ephemeral credentials:** Use ephemeral, short-lived credentials to reduce the risk of credential theft.
+- **Classify data:** Implement a data classification scheme for all services.
+- **Isolate workloads and resources:** Limit the effect of potential security breaches.
+- **Continuously monitor and audit access:** Detect and respond to potential threats.
-## Why you should use identity as a security perimeter
+## Benefits of identity-based security
-Every user, machine, or service has an identity. Leveraging the identities of
-your users through an identity provider (IdP) allows you to manage access to resources
-more effectively. You can also leverage trusted platforms, such as your cloud
-provider, or self-managed infrastructure-as-a-service (IaaS) platforms to verify
-a workload's identity.
+Every user, machine, or service has an identity. Leveraging the identities of your users through an identity provider (IdP) allows you to manage access to resources more effectively. You can also leverage trusted platforms, such as your cloud provider or self-managed infrastructure-as-a-service (IaaS) platforms, to verify a workload's identity.
+By adopting identity as the new perimeter, organizations can build a secure infrastructure to handle the challenges of modern workloads.
By adopting identity as the new perimeter, organizations can build a more secure
infrastructure that is better equipped to handle the challenges of modern
@@ -63,6 +50,8 @@ Shifting security focus to identities provides several benefits:
+## Implement zero trust with Vault and Boundary
+
HashiCorp Vault allows you to adopt ephemeral, dynamic credentials - replacing
long-lived credentials with short-lived ones to reduce the risk of credential
theft. Vault dynamic credentials support multiple cloud providers like Amazon Web
@@ -88,8 +77,14 @@ your identity perimeter auditable and version-controlled.
HashiCorp resources:
-- [Get started with Boundary](/boundary/tutorials/get-started-hcp)
-- [Get started with Vault](/vault/tutorials/get-started)
+- Follow the principles of [least
+ privilege](/well-architected-framework/secure-systems/identity-access-management/grant-least-privilege)
+- Implement [strong authentication and authorization
+ mechanisms](/well-architected-framework/secure-systems/identity-access-management/implement-strong-sign-in-workflows)
+- Use [ephemeral, short-lived
+ credentials](/well-architected-framework/secure-systems/identity-access-management/use-dynamic-credentials)
+- Implement a [data classification
+ scheme](/well-architected-framework/secure-systems/data/classify-data)
- [Generate dynamic secrets in Vault](/vault/tutorials/db-credentials)
- [OIDC authentication to Boundary using Okta](/boundary/tutorials/identity-management/oidc-okta)
- [OIDC authentication to Vault using Okta](/vault/tutorials/auth-methods/vault-oidc-okta)
@@ -103,6 +98,12 @@ External resources:
## Next steps
+In this section of how to Secure infrastructure, you learned why it is important to
+shift to using identity as the new security perimeter. Focusing security
+programs around identity allows you create a more comprehensive security
+strategy. Identity as a security perimeter is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
+
Following these documents in order ensures a logical progression through the key
concepts and best practices, helping you build a strong foundation for your
organization's security program.
@@ -113,9 +114,3 @@ organization's security program.
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-
-In this section of how to Secure infrastructure, you learned why it is important to
-shift to using identity as the new security perimeter. Focusing security
-programs around identity allows you create a more comprehensive security
-strategy. Identity as a security perimeter is part of the [Secure systems
-pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
index 9f952174db..a0b10911bd 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
@@ -146,6 +146,12 @@ External resources:
## Next steps
+In this section of how to Secure infrastructure, you learned why it is important to
+secure network ingress and egress traffic. Unmanaged traffic creates risks for
+your company's security programs, leading to leaked secrets, or unauthorized
+access to data. Manage network ingress and egress is
+part of the [Secure systems pillar](/well-architected-framework/secure-systems).
+
Following these documents in order ensures a logical progression through the key
concepts and best practices, helping you build a strong foundation for your
organization's security program.
@@ -156,9 +162,3 @@ organization's security program.
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress) **(this document)**
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-
-In this section of how to Secure infrastructure, you learned why it is important to
-secure network ingress and egress traffic. Unmanaged traffic creates risks for
-your company's security programs, leading to leaked secrets, or unauthorized
-access to data. Manage network ingress and egress is
-part of the [Secure systems pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
index 91630db567..1478537a52 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
@@ -135,6 +135,12 @@ External resources:
## Next steps
+In this section of how to Secure infrastructure, you learned why it is important to
+secure infrastructure against lateral movement attacks. Unmanaged traffic creates risks for
+your company's security programs, leading to leaked secrets, or unauthorized
+access to data. Prevent lateral movement is
+part of the [Secure systems pillar](/well-architected-framework/secure-systems).
+
Following these documents in order ensures a logical progression through the key
concepts and best practices, helping you build a strong foundation for your
organization's security program.
@@ -145,9 +151,3 @@ organization's security program.
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement) **(this document)**
-
-In this section of how to Secure infrastructure, you learned why it is important to
-secure infrastructure against lateral movement attacks. Unmanaged traffic creates risks for
-your company's security programs, leading to leaked secrets, or unauthorized
-access to data. Prevent lateral movement is
-part of the [Secure systems pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
index 390f0cc2f9..68004e5b5b 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
@@ -185,6 +185,12 @@ External resources:
## Next steps
+In this section of how to Secure infrastructure, you learned why it is important to
+secure access to your infrastructure. Ensuring security
+programs use a comprehensive approach to infrastructure access helps your
+organization reduce security threats. Secure human access to infrastructure is
+part of the [Secure systems pillar](/well-architected-framework/secure-systems).
+
Following these documents in order ensures a logical progression through the key
concepts and best practices, helping you build a strong foundation for your
organizations security program.
@@ -195,9 +201,3 @@ organizations security program.
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access) **(this document)**
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-
-In this section of how to Secure infrastructure, you learned why it is important to
-secure access to your infrastructure. Ensuring security
-programs use a comprehensive approach to infrastructure access helps your
-organization reduce security threats. Secure human access to infrastructure is
-part of the [Secure systems pillar](/well-architected-framework/secure-systems).
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
index 532160f4fb..07656fa56e 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
@@ -109,6 +109,14 @@ External resources:
## Next steps
+In this section of how to Secure infrastructure, you learned about the tools and
+workflows needed to implement a zero trust security model. Integrating
+HashiCorp tools into your infrastructure and network architecture enables auditable
+infrastructure changes, secure access to infrastructure following the principle
+of least privilege, and properly managed secrets. Implement zero trust security
+and networking is part of the [Secure systems
+pillar](/well-architected-framework/secure-systems).
+
Following these documents in order ensures a logical progression through the key
concepts and best practices, helping you build a strong foundation for your
organization's security program.
@@ -119,11 +127,3 @@ organization's security program.
- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
-
-In this section of how to Secure infrastructure, you learned about the tools and
-workflows needed to implement a zero trust security model. Integrating
-HashiCorp tools into your infrastructure and network architecture enables auditable
-infrastructure changes, secure access to infrastructure following the principle
-of least privilege, and properly managed secrets. Implement zero trust security
-and networking is part of the [Secure systems
-pillar](/well-architected-framework/secure-systems).
From 5291950afd7d5b6b45eeeb56a818e12720408b4d Mon Sep 17 00:00:00 2001
From: CJ Obermaier
Date: Mon, 10 Nov 2025 14:31:19 -0600
Subject: [PATCH 14/14] finish review
---
.../infrastructure/build-culture-security.mdx | 4 +--
.../infrastructure/identity-new-perimeter.mdx | 8 +++---
.../manage-network-ingress-egress.mdx | 28 +++++++++++--------
.../prevent-lateral-movement.mdx | 8 ++++--
.../infrastructure/secure-access.mdx | 12 ++++++--
.../infrastructure/zero-trust-security.mdx | 4 +--
6 files changed, 38 insertions(+), 26 deletions(-)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
index d4216c3f4e..d27bdcc02c 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/build-culture-security.mdx
@@ -122,8 +122,8 @@ workflows, such as
[GitOps](/well-architected-framework/define-and-automate-processes/process-automation/gitops)
to further automate security practices.
- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
-- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [How to secure cloud infrastructure with identity-based access control](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security) **(this document)**
-- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Secure network traffic with ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
index 34e1e8f9d6..e24c34e121 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/identity-new-perimeter.mdx
@@ -1,6 +1,6 @@
---
page_title: How to secure cloud infrastructure with identity-based access control
-description: Secure cloud infrastructure by replacing network perimeters with identity-based access control. Learn zero trust security, dynamic credentials, MFA implementation, and least privilege access strategies.
+description: Identity is the new perimeter. Learn zero trust security, dynamic credentials, MFA, and least privilege access for cloud infrastructure.
---
# Identity-based security for modern infrastructure
@@ -101,7 +101,7 @@ External resources:
In this section of how to Secure infrastructure, you learned why it is important to
shift to using identity as the new security perimeter. Focusing security
programs around identity allows you create a more comprehensive security
-strategy. Identity as a security perimeter is part of the [Secure systems
+strategy. How to secure cloud infrastructure with identity-based access control is part of the [Secure systems
pillar](/well-architected-framework/secure-systems).
Following these documents in order ensures a logical progression through the key
@@ -109,8 +109,8 @@ concepts and best practices, helping you build a strong foundation for your
organization's security program.
- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
-- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter) **(this document)**
+- [How to secure cloud infrastructure with identity-based access control](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter) **(this document)**
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
-- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Secure network traffic with ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
index a0b10911bd..e3ad5061e0 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/manage-network-ingress-egress.mdx
@@ -1,13 +1,11 @@
---
-page_title: Manage network ingress and egress
-description: Learn how to manage network ingress and egress to secure your infrastructure.
+page_title: Secure network traffic with ingress and egress
+description: Secure network ingress and egress using Consul service mesh, Boundary, and Terraform-managed firewall rules.
---
-# Manage network ingress and egress
+# Secure network traffic with ingress and egress
-As you transition to a security culture centered around identity, managing
-traffic to and from your infrastructure, both cloud and self-managed, becomes a
-critical component of security.
+Network ingress and egress controls determine what traffic can enter and leave your infrastructure. As you transition to a security culture centered around identity, managing traffic to and from your infrastructure, both cloud and self-managed, becomes an essential component of security.
Traditional infrastructure relies on network-based controls to manage traffic
coming into (ingress) and out of (egress) your local network or data center.
@@ -28,7 +26,7 @@ the operating system. Managing traffic at the NIC level is also known as
micro-segmentation and is a key component as you build towards a zero trust
network architecture.
-## Why manage network ingress and egress
+## Why network ingress and egress security matters
Managing network ingress has been a standard security practice for decades.
Managing egress traffic, however, is often overlooked. Managing egress traffic
@@ -42,6 +40,8 @@ intensive to manage at scale. As you build a culture of security centered around
identity, you begin to shift away from network-based controls, and focus on
identity-based security.
+## Use service mesh for traffic control with Consul
+
HashiCorp Consul allows you to connect infrastructure and services using a
service mesh. Consul protects communication using mutual TLS (mTLS) to ensure that only
authorized services can communicate with each other.
@@ -71,6 +71,8 @@ Sources = [
]
```
+## Secure network access with Boundary
+
HashiCorp Boundary allows you to limit network ingress by providing secure,
identity-based access to infrastructure without opening network ports or
managing VPN connections. Boundary verifies user identity and grants just-in-time
@@ -85,6 +87,8 @@ permissions.
+## Deploy firewall rules with Terraform
+
For infrastructure not well integrated with a service mesh, you can use
HashiCorp Terraform to manage network policies. Terraform enables you to manage
network ingress and egress rules as code, ensuring consistent security
@@ -129,8 +133,8 @@ resource "aws_security_group" "no_egress_sg" {
tags = {
Name = "no-egress-security-group"
- }
- }
+ }
+}
```
HashiCorp resources:
@@ -149,7 +153,7 @@ External resources:
In this section of how to Secure infrastructure, you learned why it is important to
secure network ingress and egress traffic. Unmanaged traffic creates risks for
your company's security programs, leading to leaked secrets, or unauthorized
-access to data. Manage network ingress and egress is
+access to data. Secure network traffic with ingress and egress is
part of the [Secure systems pillar](/well-architected-framework/secure-systems).
Following these documents in order ensures a logical progression through the key
@@ -157,8 +161,8 @@ concepts and best practices, helping you build a strong foundation for your
organization's security program.
- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
-- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [How to secure cloud infrastructure with identity-based access control](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
-- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress) **(this document)**
+- [Secure network traffic with ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress) **(this document)**
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
index 1478537a52..9b75319140 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/prevent-lateral-movement.mdx
@@ -59,6 +59,8 @@ Modern infrastructure and applications that use a cloud native approach, dynamic
secure connections and not rely on long-lived secrets or manual authentication
processes.
+## Prevent lateral movement with Consul service mesh
+
HashiCorp Consul enables you to secure communication between systems by
leveraging mTLS between systems in the service mesh.
@@ -80,7 +82,7 @@ mesh handles operational concerns like retries, timeouts, circuit
breaking, and canary deployments, ultimately reducing complexity and improving
the maintainability of large-scale distributed systems.
-## Enable secrets management
+## Centralize secrets management with Vault
Running a service mesh introduces its own set of challenges. Organizations need
to secure and manage the service mesh configuration and supporting resources.
@@ -146,8 +148,8 @@ concepts and best practices, helping you build a strong foundation for your
organization's security program.
- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
-- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [How to secure cloud infrastructure with identity-based access control](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
-- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Secure network traffic with ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement) **(this document)**
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
index 68004e5b5b..11fc852fda 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/secure-access.mdx
@@ -1,6 +1,6 @@
---
page_title: Secure human access to infrastructure
-description: Implement secure access controls for human users to protect infrastructure from unauthorized access and potential threats.
+description: Learn how to secure human access to infrastructure with modern identity management, ephemeral credentials, and zero-trust security.
---
# Secure human access to infrastructure
@@ -45,6 +45,8 @@ identity and access management program, including:
Implementing an effective identity and access management program sets the
foundation to secure human access to infrastructure.
+## Deploy access controls with Terraform
+
HashiCorp Terraform helps you adapt to how you manage and audit infrastructure
access. Instead of platform engineers accessing infrastructure directly, they
use Terraform to define and manage infrastructure as code.
@@ -142,6 +144,8 @@ Using Waypoint further reduces the number of people who need direct
infrastructure access, supporting the principle of least privilege while also
improving developer productivity.
+## Secure remote access with Boundary
+
HashiCorp Boundary is a modern access management solution that provides secure access to
infrastructure without the need for bastion hosts or VPNs.
@@ -158,6 +162,8 @@ reduce the risk of credential compromise by integrating with HashiCorp Vault.
Boundary also provides detailed session recording and auditing capabilities to
monitor access to infrastructure.
+## Use dynamic credential management with Vault
+
HashiCorp Vault has several features that help secure access to your
infrastructure. As discussed with Boundary, Vault can generate dynamic,
ephemeral credentials for accessing infrastructure, reducing the risk of
@@ -196,8 +202,8 @@ concepts and best practices, helping you build a strong foundation for your
organizations security program.
- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security)
-- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [How to secure cloud infrastructure with identity-based access control](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
-- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Secure network traffic with ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access) **(this document)**
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)
diff --git a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
index 07656fa56e..f875b76142 100644
--- a/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
+++ b/content/well-architected-framework/docs/docs/secure-systems/infrastructure/zero-trust-security.mdx
@@ -122,8 +122,8 @@ concepts and best practices, helping you build a strong foundation for your
organization's security program.
- [Implement zero trust security and networking](/well-architected-framework/secure-systems/infrastructure/zero-trust-security) **(this document)**
-- [Identity is the new perimeter](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
+- [How to secure cloud infrastructure with identity-based access control](/well-architected-framework/secure-systems/infrastructure/identity-new-perimeter)
- [Build a culture of security automation](/well-architected-framework/secure-systems/infrastructure/build-culture-security)
-- [Manage network ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
+- [Secure network traffic with ingress and egress](/well-architected-framework/secure-systems/infrastructure/manage-network-ingress-egress)
- [Secure human access to infrastructure](/well-architected-framework/secure-systems/infrastructure/secure-access)
- [Prevent lateral movement](/well-architected-framework/secure-systems/infrastructure/prevent-lateral-movement)