cloudformation-guard
Policy validator
An evaluation tool for JSON- and YAML-formatted data against pre-defined policies written in a domain-specific language.
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
1k stars
40 watching
180 forks
Language: Rust
last commit: 10 days ago cfn-guardcloudformationcompliancegovernancek8spolicy-as-codepolicy-rule-evaluationsecurityterraform
Related projects:
| Repository | Description | Stars |
|---|---|---|
 awslabs/terraform-iam-policy-validator | A tool to validate Terraform IAM policies against AWS best practices and security standards. | 298 |
 appliscale/perun | A tool for validating AWS CloudFormation templates and improving the work experience with CloudFormation. | 92 |
 salesforce/cloudsplaining | A tool that scans AWS IAM policies to identify security vulnerabilities and generates a report with recommendations for remediation | 1,998 |
| salesforce/aws-allowlister | Automatically generates AWS Service Control Policies based on compliance frameworks and custom service inclusions/exclusions | 224 |
 dowjones/hammer | Identifies and protects insecure configurations in AWS resources across multiple accounts. | 436 |
| salesforce/terraform-provider-policyguru | Generates and manages least privilege IAM policies using an external audit service | 30 |
 dragondrop-cloud/cloud-concierge | Automates cloud infrastructure monitoring and optimization by analyzing Terraform state files and detecting drifts, security risks, and cost estimation. | 224 |
 welldone-cloud/aws-lint-iam-policies | A tool that analyzes AWS IAM policies to detect security vulnerabilities and best practice violations. | 111 |
 jcouyang/dhall-aws-cloudformation | Generates AWS CloudFormation templates from Dhall expressions | 30 |
| awslabs/cwe-monitor-secgrp | A CloudWatch Events rule Lambda function that checks security group permissions against a pre-configured policy and logs non-compliant changes. | 25 |
 flosell/iam-policy-json-to-terraform | Converts an IAM Policy in JSON format into a Terraform aws_iam_policy_document | 780 |
 prevade/cloudjack | Checks AWS accounts for subdomain hijacking vulnerabilities | 84 |
 cloudtools/awacs | A Python library to create and manage AWS Access Policy Language JSON | 395 |
 jakejscott/humidifier | Automated CloudFormation template generation and deployment tool for AWS Lambda functions and serverless projects. | 46 |
 cloud-custodian/cloud-custodian | A tool for managing public cloud accounts and resources by enforcing security policies and cost optimization through a simple rules engine. | 5,460 |