A New Version of AWS Compliance Enforcer, CloudFormation Guard 2.0 Is in GA

This new version delivers a more mission-critical compliance policy enforcer


Amazon’s cloud-oriented division, Amazon Web Services, on May 17, 2021, released a sequel version of the Amazon CloudFormation Compliance Analyzer and general-purpose policy-as-code evaluation tool, CloudFormation Guard. AWS has made it generally available in CloudFormation Guard’s Github repository.

The tool personifies a light scale, declarative code for defining rules.
The tool personifies a light scale, declarative code for defining rules.
Key Facts
  1. 1

    This new upgrade of AWS CloudFormation Guard came barely a year after the prequel release.

  2. 2

    The new upgrade supports policy encryptions for JSON- and YAML- formatted files.

  3. 3

    Rule writing becomes easier and less equivocal with the improvement of Guard’s DSL


Barely a year after the preview release of the maiden version AWS CloudFormation Guard, the cloud hosting giant has released a sequel AWS CloudFormation Guard 2.0. The tool was oriented at mitigating risks such as overspending, security fragility, or legal affairs. The tool personifies a light scale, declarative code for defining rules. The tool supports wildcards, lists, declaration of variables and regex, and can be integrated with CloudFormation exclusive functions. The open source CLI compliance enforcer could, for example, create rules to ensure that S3 buckets get encrypted by default or deter using particular availability zones.

Built-in this tool is a CLI that goes by the name CloudFormation Guard Rulegen. This tool is essentially automated to generate Guard rules from preexisting CloudFormation templates. The resultant code can be sorted and compiled into a file for editing and spawning the relevant rule sets.

The new version extends to many functions and applications with a strict policy syntax enforcer. In addition to writing rules for CloudFormation’s already supported templates, the rule-writing now extends to any JSON and YAML file extensions, be it Kubernetes or Terraform JSON configurations.

Guard still retains its niche as a personification of open source command syntax equipping developers/organizations with an easy-to-use domain-specific language (DSL) to write company policy guidelines, compliance, cluster schedules, and more and validate JSON and YAML data against those rules according to their hierarchy, this data could be code written with cloud infrastructure.

The new version also features an improved domain-specific language (DSL) to better policy writing and delete ambiguity. It also allows the configuration of custom and advanced rules if proceedings get more complex for the developer.

Get similar stories in your inbox weekly, for free

Is this news interesting? Share it with your followers

Latest stories

DevOps: Report on Devil's Practices by DORA

The report is drafted from a report release of the annual research and survey of …

Amazon Elasticsearch Gets a New Version With Name Deprecated

Accompanied by new advancements is Amazon OpenSearch, the same body of code as its predecessor, …

McAfee Partners With IBM Security to Deliver TD Synnex Security Solution

The MVISION platform and Security wing of IBM's partnership endgame are to extend increased protection …

Amazon MSK Connect Launched to Better Apache Kafka UX

Amazon follows up on its 2018 data streaming software, Amazon Managed Streaming for Apache Kafka, …

Cloud: Zone Redundant Storage Released on General Availability

The report is drafted from a press release of the Microsoft Azure team on the …

Security: IBM Traces Two-Thirds of Compromises to Misconfigured APIs

The report is drafted from a sweeping survey of dark web analysis and various X-Force …