🗂️ Navigation
📁 Infrastructure as Code
📋 Infrastructure Testing Tools
🔧 AWS CloudFormation Guard

AWS CloudFormation Guard

A set of tools to check AWS CloudFormation templates for policy compliance.

Visit Website →

Overview

AWS CloudFormation Guard is an open-source command-line interface (CLI) that provides a policy-as-code language to define rules that can check for both required and prohibited resource configurations. It enables developers to validate their CloudFormation templates against these policies. This helps ensure that the infrastructure being deployed is compliant with organizational standards.

✨ Key Features

  • Policy-as-code for CloudFormation
  • Declarative language for writing rules
  • Validates templates against policies
  • Prevents non-compliant deployments
  • Can be used in CI/CD pipelines

🎯 Key Differentiators

  • Native AWS tool
  • Powerful and flexible policy language
  • Focus on policy enforcement

Unique Value: Provides a native and powerful way to enforce policies on your AWS CloudFormation templates, ensuring that your infrastructure is always compliant.

🎯 Use Cases (4)

Enforcing security policies for CloudFormation Ensuring compliance with regulatory standards Maintaining consistency across CloudFormation templates Preventing misconfigurations

✅ Best For

  • Writing a rule to ensure all S3 buckets have encryption enabled
  • Preventing the creation of overly permissive IAM roles
  • Validating that all resources have the required tags

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Testing non-CloudFormation IaC
  • Runtime infrastructure testing

🏆 Alternatives

Checkov Terrascan cfn-lint

While other tools can scan CloudFormation templates, CloudFormation Guard's specialized DSL and deep integration with the AWS ecosystem make it a more powerful option for policy enforcement.

💻 Platforms

CLI

✅ Offline Mode Available

🔌 Integrations

AWS CloudFormation AWS CDK CI/CD pipelines

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: AWS CloudFormation Guard is open-source and free to use.

Visit AWS CloudFormation Guard Website →

🔄 Similar Tools in Infrastructure Testing Tools

Checkov

An open-source static analysis tool for infrastructure as code....

Contact

Terratest

A Go library that provides patterns and helper functions for testing infrastructure....

Contact

tfsec

A static analysis tool for finding security issues in Terraform code....

Contact

Snyk IaC

Find and fix security issues in IaC files....

$25.00/mo

Terrascan

An open-source static code analysis tool for IaC....

Contact

KICS

An open-source static analysis tool for IaC security....

Contact