Posted On: May 17, 2021

AWS CloudFormation announces the general availability of AWS CloudFormation Guard 2.0. This release makes Guard a general-purpose policy-as-code evaluation tool. With Guard 2.0, developers can write policy rules for any JSON- and YAML-formatted file such as Kubernetes configurations and Terraform JSON configurations, in addition to already supported CloudFormation templates.

Guard is an open-source command line interface that provides developers a simple, domain-specific language (DSL) to write policy rules and validate their structured hierarchical JSON- and YAML-data against those rules. The rules can represent company policy guidelines around security, compliance, and more. The structured hierarchical data can represent cloud infrastructure described as code. For example, developers can create rules to ensure that they always model encrypted Amazon S3 buckets in their CloudFormation templates.

This release also enhances Guard’s DSL, making your rule writing experience simple and unambiguous. It also enables you to create advanced rules as your use cases and cloud environments get more complex. For example, named rules feature enables you to define a set of rules that you can reference in another set of rules. To learn more about all the new features of Guard 2.0, visit GitHub.

The AWS CloudFormation team welcomes feedback on Guard 2.0 and contributions to the open-source project. To get started, install Guard 2.0 following instructions on  the Guard GitHub repository. We also recommend leveraging the new migration feature to transition your existing Guard 1.0 rules to Guard 2.0.