Posted On: Oct 1, 2020
AWS CloudFormation announces the general availability (GA) of AWS CloudFormation Guard (cfn-guard), which enhances the preview release of cfn-guard (June 2020) with new features. Cfn-guard is an open-source command line interface (CLI) that checks CloudFormation templates for policy compliance using a simple, policy-as-code, declarative language.
This GA release enables developers to create advanced rules, including rules based on conditions, rules comparing resource properties to numbers, comments on rule sets, and more. For example, along with rules on resource properties (e.g. Encryption), developers can now create rules on resource attributes (e.g. Deletion Policy).
This release simplifies the installation of cfn-guard. Developers on macOS and Windows machines can now quickly install cfn-guard using the Homebrew and Chocolatey package managers respectively. You can also save time installing cfn-guard-rulegen (a companion CLI that extracts rules from existing compliant CloudFormation templates) because the package managers of cfn-guard include pre-built binaries for cfn-guard-rulegen and you don’t have to install cfn-guard-rulegen separately. Finally, this release improves stability and performance of cfn-guard.