Reverse Engineering of Cloud Configurations from Deployments

Infrastructure as Code (IaC) is a widely adopted approach for defining and managing cloud infrastructures using tools such as Terraform and Pulumi. While standard workflows assume that cloud architectures are designed and encoded as IaC before deployment, many real-world cloud environments have evolved over time through manual configuration and incremental changes. These legacy deployments often lack an explicit IaC representation, making them difficult to understand, maintain, or reproduce. This thesis project proposes to investigate methods for reconstructing Infrastructure as Code descriptions from existing cloud deployments. The goal is to explore techniques for analyzing deployed cloud resources and inferring declarative IaC definitions that capture their structure and dependencies. An important application of the reconstructed IaC is the assessment of the security posture of the infrastructure, enabling systematic analysis of configurations, permissions, and architectural weaknesses directly at the code level. The project will study the challenges, design choices, and limitations of reverse engineering IaC, and may involve prototyping a tool or workflow for this purpose. The outcome is expected to provide insights into how legacy cloud infrastructures can be systematically transitioned to modern IaC-based management practices while supporting security analysis and auditing.