Posted On: Jun 30, 2023
AWS CloudFormation announces the general availability (GA) of AWS CloudFormation Guard 3.0 (cfn-guard). cfn-guard is an open-source domain-specific language (DSL) and command line interface (CLI) that helps enterprises validate that their cloud infrastructure complies with company policy guidelines. Developers use cfn-guard to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Guard 3.0 allows customers to define complex rules and accelerates development velocity with a new deployment method for cfn-guard-lambda.
With this launch, AWS CloudFormation is improving the stability and performance of cfn-guard and introducing three new features. First, cfn-guard 3.0.0 adds built-in functions to allow stateful rules. For example, developers can use the json_parse() to parse a string and use the results in subsequent clauses. This enables developers to write guard rules that depend on the built-in function's result. Second, CloudFormation cfn-guard 3.0.0 adds an alternative deployment method for cfn-guard-lambda with AWS SAM CLI. Using AWS SAM CLI simplifies and improves the deployment experience for cfn-guard. Third, cfn-guard 3.0.0 provides auto-completions for commands, helping developers onboard faster when using cfn-guard commands in the zsh, bash, and fish shells.
The AWS CloudFormation team welcomes feedback on AWS CloudFormation Guard and contributions to the open source project. To get started, install cfn-guard following the instructions in the cfn-guard GitHub Repository.