AWS Launches CloudFormation Guard Preview

CloudFormation Guard dubbed cfn-guard is an open-source command-line interface that helps companies maintain their AWS infrastructure and application resources in accordance with the company 's guidelines.

Recently, AWS announced the preview of AWS CloudFormation Guard (cfn-guard), which is an open-source command-line interface that helps companies maintain their AWS infrastructure and application resources in accordance with the company 's guidelines.
 
CloudFormation Guard offers compliance administrators with a simple, policy-as-code language to define rules that can check for both required and prohibited resource configurations. It enables you validate your CloudFormation templates against those rules.
 
According to AWS, CloudFormation Guard helps companies minimize the risks associated with overspending on operating costs, vulnerabilities in security, legal issues and more. For instance, it enables administrators to create rules that ensure that developers always create encrypted Amazon S3 buckets. A second open-source CLI called cfn-guard-rulegen can also be used by administrators to extract rules from existing CloudFormation templates.
 
Administrators don't have to create rules from scratch with cfn-guard-rulegen which speeds up the process of authoring rules. These rules become a consistent record of compliant resource configurations and administrators can check into a source control like GitHub to share across teams.
 
You can use cfn-guard either locally during templates editing, or automatically as part of a CI / CD pipeline to stop non-compliant resource deployment. In cases where resources in the template fail the rules, cfn-guard provides developers information to help identify non-compliant resources.