AWS CloudFormation Guard – an open-source CLI for infrastructure compliance – is now generally available

Posted on: Oct 1, 2020

AWS CloudFormation announces the general availability (GA) of AWS CloudFormation Guard (cfn-guard), which enhances the preview release of cfn-guard (June 2020) with new features. Cfn-guard is an open-source command line interface (CLI) that checks CloudFormation templates for policy compliance using a simple, policy-as-code, declarative language.  

This GA release enables developers to create advanced rules, including rules based on conditions, rules comparing resource properties to numbers, comments on rule sets, and more. For example, along with rules on resource properties (e.g. Encryption), developers can now create rules on resource attributes (e.g. Deletion Policy). 

This release simplifies the installation of cfn-guard. Developers on macOS and Windows machines can now quickly install cfn-guard using the Homebrew and Chocolatey package managers respectively. You can also save time installing cfn-guard-rulegen (a companion CLI that extracts rules from existing compliant CloudFormation templates) because the package managers of cfn-guard include pre-built binaries for cfn-guard-rulegen and you don’t have to install cfn-guard-rulegen separately. Finally, this release improves stability and performance of cfn-guard.  

The AWS CloudFormation team welcomes feedback on AWS CloudFormation Guard and contributions to the open source project. To get started, install cfn-guard following the instructions in cfn-guard GitHub repository. We also recommend exploring sample rules from the community.