Documentation
Provisioners
Provisioners prepare the system using built-in and third-party software to install and configure the image.
Use case
Create one security and compliance workflow for images that are provisioned across multiple clouds.
Challenge
Golden images must be secure, compliant, and up-to-date. Manual configuration and patching processes lead to inconsistent outcomes and increased risk of security breaches due to unsecured or out-of-date base images.
Solution
Codify security hardening and compliance baselines to ensure golden images are consistent. Security teams can automate the validation of machine image configurations and resulting builds before approval. Using channels in the HCP Packer image registry, the approved version of every image is discoverable, and vulnerable images can be revoked to prevent their use.
Documentation
Provisioners prepare the system using built-in and third-party software to install and configure the image.
Documentation
Standardize image versions by declaring the preferred iteration of an image in an HCP Packer bucket.
Documentation
Revoke an outdated or vulnerable image to prevent consumers from accessing its metadata and using it to build resources.
Use the Terraform Cloud run task for HCP Packer to prevent your Terraform configuration from referencing revoked image iterations.
Learn how image revocation in HCP Packer prevents downstream image consumers from referencing outdated images.
Revoke a parent image and all its descendants and observe the downstream impact to the Terraform Cloud workflow.