A New Version of AWS Compliance Enforcer, CloudFormation Guard 2.0 Is in GA

Barely a year after the preview release of the maiden version AWS CloudFormation Guard, the cloud hosting giant has released a sequel AWS CloudFormation Guard 2.0. The tool was oriented at mitigating risks such as overspending, security fragility, or legal affairs. The tool personifies a light scale, declarative code for defining rules. The tool supports wildcards, lists, declaration of variables and regex, and can be integrated with CloudFormation exclusive functions. The open source CLI compliance enforcer could, for example, create rules to ensure that S3 buckets get encrypted by default or deter using particular availability zones.

Built-in this tool is a CLI that goes by the name CloudFormation Guard Rulegen. This tool is essentially automated to generate Guard rules from preexisting CloudFormation templates. The resultant code can be sorted and compiled into a file for editing and spawning the relevant rule sets.

The new version extends to many functions and applications with a strict policy syntax enforcer. In addition to writing rules for CloudFormation’s already supported templates, the rule-writing now extends to any JSON and YAML file extensions, be it Kubernetes or Terraform JSON configurations.

Guard still retains its niche as a personification of open source command syntax equipping developers/organizations with an easy-to-use domain-specific language (DSL) to write company policy guidelines, compliance, cluster schedules, and more and validate JSON and YAML data against those rules according to their hierarchy, this data could be code written with cloud infrastructure.

The new version also features an improved domain-specific language (DSL) to better policy writing and delete ambiguity. It also allows the configuration of custom and advanced rules if proceedings get more complex for the developer.