AWS makes open-source CloudFormation Guard compliance tool generally available

Amazon Net Providers Inc. on Thursday introduced the final availability of CloudFormation Guard, an open-source instrument that helps firms guarantee their cloud environments adjust to cybersecurity insurance policies and different inner guidelines.

The instrument joins the rising record of open-source applied sciences provided by AWS. Beforehand, the Amazon.com Inc. subsidiary launched Bottlerocket, an working system for operating software program containers. 

CloudFormation Guard will get its title from AWS’ CloudFormation service, which directors use to outline the configuration settings of their AWS deployments. CloudFormation Guard ensures that any new sources added to a deployment adjust to the knowledge know-how workforce’s insurance policies. The instrument can, for instance, be used to implement a rule that requires builders to allow encryption for brand new S3 storage buckets they provision.

Directors can work together with CloudFormation Guard through a command-line interface that has its personal specialised syntax for creating configuration guidelines. Guidelines could specify properties that cloud sources are required to have, for instance encryption. A rule might also specify properties that sources shouldn’t have, say help for the power to entry knowledge from outdoors the company community.

The instrument might come helpful for big enterprises that depend on AWS. In a corporation the place a whole bunch of builders use the corporate AWS surroundings, there’s a great probability that occasional human error will result in some sources being provisioned with out all of the required configuration settings. The power to routinely implement configuration compliance guidelines reduces the danger of such errors. 

Enhancing safety is simply one of many purposes AWS sees for CloudFormation Guard. Directors may also use it to optimize cloud prices by limiting what sort of infrastructure builders are allowed to provision. One other software is guaranteeing that cloud sources’ configuration complies with knowledge laws.

CloudFormation Guard is launching into basic availability with a number of enhancements over its preliminary preview model, which AWS revealed earlier this 12 months. Directors can now create a broader number of guidelines for duties as fine-grained as controlling how a cloud occasion is up to date and deleted. Furthermore, CloudFormation Guard now comes bundled with cfn-guard-rulegen, one other open-source instrument developed by AWS that hastens rule creation by enabling directors to attract on current insurance policies applied of their cloud environments. 

CloudFormation Guard is accessible on GitHub. 

Photograph: AWS