CloudFormation Guard
A policy-as-code tool for CloudFormation.
Overview
CloudFormation Guard is an open-source command-line interface (CLI) that provides a policy-as-code language to define rules that can check for both required and prohibited resource configurations. It enables developers to validate their CloudFormation templates against those rules.
✨ Key Features
- Policy-as-code for CloudFormation
- Declarative language for writing rules
- Validation of CloudFormation templates
- Integration with CI/CD pipelines
- Can be used to validate any JSON- or YAML-formatted data
🎯 Key Differentiators
- Developed and supported by AWS
- Deep integration with the AWS CloudFormation ecosystem
- Purpose-built for validating CloudFormation templates
Unique Value: Provides a simple and effective way to enforce policies on your CloudFormation templates.
🎯 Use Cases (3)
✅ Best For
- Requiring encryption on all S3 buckets
- Ensuring that all EC2 instances are launched in a specific VPC
💡 Check With Vendor
Verify these considerations match your specific requirements:
- Checking IaC for other platforms like Terraform or Kubernetes
🏆 Alternatives
Easier to use for CloudFormation-specific policies than more general-purpose tools.
💻 Platforms
✅ Offline Mode Available
🔌 Integrations
🛟 Support Options
- ✓ Live Chat
💰 Pricing
Free tier: Open source and free to use.
🔄 Similar Tools in Policy as Code Testing
Checkov
A static code analysis tool for infrastructure-as-code....
Open Policy Agent (OPA)
An open-source, general-purpose policy engine that enables unified, context-aware policy enforcement...
Terrascan
A static code analysis tool for IaC that helps you detect security vulnerabilities and compliance vi...
KICS
An open-source static analysis tool that finds security vulnerabilities, compliance issues, and infr...
tfsec
A static analysis tool for Terraform code to spot potential security issues....
Snyk IaC
A developer-first security platform that helps you find and fix misconfigurations in your IaC files....