Pegasus leverages terraform in order to express cloud infrastructure as repeatable and auditable code. By enforcing strict code-review practices and implementing simple CD, it means that a model of current infrastructure is always checked in. As much as possible, infrastructure is created with secure defaults.
Pegasus uses AAD in order to ensure that applications and infrastructure is protected by both AuthN and AuthZ between each other. Groups are provided to ensure users can be assigned with Principle of Least Privelege in mind, and a Service Principal is provided to prevent direct access to infrastructure. At all times, interactions with Azure are logged and auditable.
Applications can quickly be containerized using off the shelf images we stole
forked from popular repos and rebased onto a lightweight alpine image with minimal
attack surface. Containers are deployed into a secured Kuberenetes cluster, and
hosts are hardened and autopatched. We recommend only exposing 443, but
automatically apply configs and firewall rules to block malicious traffic.
While we provide extensible interfaces and patterns, the default out of the box configuration works and is secure. We ship an optimized dev environment in the repo to provide minimal setup, and provide a simple cli to deploy even the most complex network topologies at any scale. Eliminate Shadow IT and tool sprawl - it's harder to circumvent Pegasus than to simply use it.