cloudformation-guard - Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules

  •        45

AWS CloudFormation Guard is an open-source general-purpose policy-as-code evaluation tool. It provides developers with a simple-to-use, yet powerful and expressive domain-specific language (DSL) to define policies and enables developers to validate JSON- or YAML- formatted structured data with those policies. NOTE: If you are using Guard 1.0, we highly recommend adopting Guard 2.0 because Guard 2.0 is a major release that introduces multiple features to simplify your current policy-as-code experience. Guard 2.0 is backward incompatible with your Guard 1.0 rules and can result in breaking changes. To migrate from Guard 1.0 to Guard 2.0, 1) use migrate command to transition your existing 1.0 rules to 2.0 rules and 2) read all new Guard 2.0 features.

https://github.com/aws-cloudformation/cloudformation-guard

Tags
Implementation
License
Platform

   




Related Projects

regula - Regula checks infrastructure as code templates (Terraform, CloudFormation) for AWS, Azure and Google Cloud security and compliance using Open Policy Agent/Rego

  •    Open

Regula is a tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment. Regula includes a library of rules written in Rego, the policy language used by the Open Policy Agent (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included a GitHub Actions example so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, and Google Cloud Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers at Fugue.

cloudformation-coverage-roadmap - The AWS CloudFormation Public Coverage Roadmap

  •    

This is a public roadmap focused on upcoming coverage support for CloudFormation. It is focused on coverage additions to existing AWS services to be addressed by upcoming CloudFormation releases. It represents a preview of the information we provide in our existing release history documentation. Knowing about our upcoming coverage additions and priorities helps our customers plan, and we want to provide a way for our customers to help us ensure we are working on the most important requests. If you think you’ve found a potential security issue, please do not post it in the Issues. Instead, please follow the instructions here or email AWS security directly.

cfn-lint - CloudFormation Linter

  •    Python

Validate AWS CloudFormation yaml/json templates against the AWS CloudFormation Resource Specification and additional checks. Includes checking valid values for resource properties and best practices. This is an attempt to provide validation for AWS CloudFormation templates properties and their values. For values things can get pretty complicated (mappings, joins, splits, conditions, and nesting those functions inside each other) so it's a best effort to validate those values but the promise is to not fail if we can't understand or translate all the things that could be going on.

CloudQuery - Transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

  •    Go

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabling you to define security, governance, cost and compliance policies with SQL. CloudQuery comes with built-in policy packs such as: AWS CIS.


aws-cfn-template-flip - Tool for converting AWS CloudFormation templates between JSON and YAML formats

  •    Python

AWS CloudFormation Template Flip is a tool that converts AWS CloudFormation templates between JSON and YAML formats, making use of the YAML format’s short function syntax where possible.The term "Flip" is inspired by the well-known Unix command-line tool flip which converts text files between Unix, Mac, and MS-DOS formats.

aws-cloudformation-templates - A collection of useful CloudFormation templates

  •    Python

Use sample AWS CloudFormation templates to learn how to declare specific AWS resources or solve a particular use case. We recommend that you use sample templates as a starting point for creating your own templates, not for launching production-level environments. Before launching a template, always review the resources that it will create and the permissions it requires.The AWS CloudFormation team and approved contributors provide and maintain sample templates in the aws folder.

awesome-cloudformation - A curated list of resources and projects for working with AWS CloudFormation

  •    

A curated list of resources and projects for working with AWS CloudFormation. The following are pre-built CloudFormation Samples demonstrating how to use AWS CloudFormation to construct various canned resources, modules, applications or resource groupings.

aws-waf-sample - This repository contains example scripts and sets of rules for the AWS WAF service

  •    Python

Examples of sets of rules for the AWS WAF service and scripts to automate the management and configuration of AWS WAF rule sets. These examples include SDK usage, AWS CloudFormation templates and automations using AWS Lambda functions.This example AWS CloudFormation template contains an AWS WAF web access control list (ACL) and condition types and rules that illustrate various mitigations against application flaws described in the OWASP Top 10. However, note that this template is designed only as a starting point and may not provide sufficient protection to every workload. You should customize the template’s rules for each workload. For more information, please review the Use AWS WAF to Mitigate OWASP's Top 10 Web Application Vulnerabilities whitepaper.

aws-waf-sample - This repository contains example scripts and sets of rules for the AWS WAF service

  •    Python

Examples of sets of rules for the AWS WAF service and scripts to automate the management and configuration of AWS WAF rule sets. These examples include SDK usage, AWS CloudFormation templates and automations using AWS Lambda functions. This example AWS CloudFormation template contains an AWS WAF web access control list (ACL) and condition types and rules that illustrate various mitigations against application flaws described in the OWASP Top 10. However, note that this template is designed only as a starting point and may not provide sufficient protection to every workload. You should customize the template’s rules for each workload. For more information, please review the Use AWS WAF to Mitigate OWASP's Top 10 Web Application Vulnerabilities whitepaper.

troposphere - troposphere - Python library to create AWS CloudFormation descriptions

  •    Python

The troposphere library allows for easier creation of the AWS CloudFormation JSON by writing Python code to describe the AWS resources. troposphere also includes some basic support for OpenStack resources via Heat. To facilitate catching CloudFormation or JSON errors early the library has property and type checking built into the classes.

rain - A development workflow tool for working with AWS CloudFormation.

  •    Go

Rain is also a command line tool for working with AWS CloudFormation templates and stacks. Interactive deployments: With rain deploy, rain packages your CloudFormation templates using aws cloudformation package, prompts you for any parameters that have not yet been defined, shows you a summary of the changes that will be made, and then displays real-time updates as your stack is being deployed. Once finished, you get a summary of the outcome along with any error messages collected along the way - including errors messages for stacks that have been rolled back and no longer exist.

Kops - The easiest way to get a production grade Kubernetes cluster up and running

  •    Go

The easiest way to get a production grade Kubernetes cluster up and running. It helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters from the command line. AWS (Amazon Web Services) is currently officially supported, with GCE and VMware vSphere in alpha and other platforms planned.

yor - Extensible auto-tagger for your IaC files

  •    Go

Yor is an open-source tool that helps add informative and consistent tags across infrastructure-as-code frameworks such as Terraform, CloudFormation, and Serverless. Yor is built to run as a GitHub Action automatically adding consistent tagging logics to your IaC. Yor can also run as a pre-commit hook and a standalone CLI.

eksctl - a CLI for Amazon EKS

  •    Go

eksctl is a simple CLI tool for creating clusters on EKS - Amazon's new managed Kubernetes service for EC2. It is written in Go, and uses CloudFormation. You will need to have AWS API credentials configured. What works for AWS CLI or any other tools (kops, Terraform etc), should be sufficient. You can use ~/.aws/credentials file or environment variables. For more information read AWS documentation.

ecs-refarch-cloudformation - A reference architecture for deploying containerized microservices with Amazon ECS and AWS CloudFormation (YAML)

  •    Makefile

This reference architecture provides a set of YAML templates for deploying microservices to Amazon EC2 Container Service (Amazon ECS) with AWS CloudFormation. Using CloudFormation to deploy and manage services with ECS has a number of nice benefits over more traditional methods (AWS CLI, scripting, etc.).

open-cdk - This guide is an opinionated set of tips and best practices for working with the AWS Cloud Development Kit

  •    

The AWS CloudDevelopment Kit (CDK) is a framework built on top of CloudFormation that makes it delightful for users to manage AWS Infrastructure as Code (IaC). When everything is going right, the CDK will make you feel like a devops wizard. That being said, the cloud is complicated, CloudFormation coverage of AWS is incomplete, and the CDK itself (and IaC in general) is still a young framework with little in the way of established best practices. This guide is an opinionated set of tips and best practices for working with the CDK. It is meant to be a living document, updated on an ongoing basis by the community as the CDK and practices around it mature.

AWS-VPN-Server-Setup - Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes

  •    

Please refer to the blog article with all details on setting up your VPN server on the AWS cloud using cloudformation templates. You can launch a VPN on any of AWS regions which include Tokyo, Singapore, Sydney, Frankfurt, Ireland, Sao Paulo, N. Virginia, N. California, Oregon, Mumbai, London, Canada central and Seoul.

aws-lex-web-ui - Sample Amazon Lex chat bot web interface

  •    Javascript

This is a sample Amazon Lex web interface. It provides a chatbot UI component that can be integrated in your website. The interface allows to interact with a Lex bot directly from a browser using text or voice. The easiest way to test drive the chatbot UI is to deploy it using the AWS CloudFormation templates provided by this project. Once you have launched the CloudFormation stack, you will get a fully working demo site hosted in your account.

ecs-refarch-cloudformation - A reference architecture for deploying containerized microservices with Amazon ECS and AWS CloudFormation (YAML)

  •    Makefile

This reference architecture provides a set of YAML templates for deploying microservices to Amazon EC2 Container Service (Amazon ECS) with AWS CloudFormation.Using CloudFormation to deploy and manage services with ECS has a number of nice benefits over more traditional methods (AWS CLI, scripting, etc.).






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.