Fugue announced support for AWS CloudFormation in Regula, the open-source
infrastructure as code (IaC) policy engine. Cloud engineering and security
teams can now use Regula to secure their AWS CloudFormation and Terraform
configurations prior to deployment-and apply those same rules to running cloud
environments using the Fugue platform to secure the entire cloud development
lifecycle. Expanding Regula capabilities represents Fugue's continued
leadership in innovating on policy as code for IaC and running cloud
infrastructure since 2015.
Regula
is ideal for organizations with DevOps teams that use both AWS CloudFormation
and Terraform-and those operating multi-cloud environments. Regula is the only
AWS CloudFormation security tool that can address vulnerabilities involving
multiple resources, and the only one that helps teams meet the CIS AWS
Foundations Benchmarks 1.2.0 and 1.3.0. Regula easily integrates into CI/CD
pipelines and enables pre-commit IaC checks and provides pull request feedback.
Fugue provides examples of Regula working with GitHub Actions for
CI/CD.
"At
Cadwell, we needed an effective way to check our infrastructure as code to
ensure our cloud infrastructure deployments are secure so we can move faster in
the cloud with confidence," said Sawyer Ward, Enterprise Support Specialist at
Cadwell Industries, Inc. "Regula is ideal for our infrastructure as code
security requirements, and the ability to apply those same rules to our cloud
environment with Fugue means we can keep our infrastructure in continuous
compliance and avoid the risks and overhead of maintaining multiple policy
frameworks."
While
Regula works independently of Fugue, teams can use Fugue to apply the same
Regula rules to assess the security posture of their running AWS, Azure, and
Google Cloud cloud infrastructure environments, eliminating the investment and
cloud risk associated with using and reconciling different policy frameworks
for different stages of the cloud development lifecycle and for different cloud
platforms.
"Companies
operating at scale in the cloud need a policy as code framework that's
flexible, works with the leading infrastructure as code tools, and can be used
across cloud platforms at every stage of the cloud development lifecycle," said
Josh Stella, co-founder and CEO of Fugue. "By extending Regula support to AWS
CloudFormation, cloud engineering and security teams now have a unified cloud
policy framework that works with their tools and workflows, giving them the
confidence to move faster in the cloud-without breaking the rules needed to
keep cloud infrastructure secure and in compliance."
Regula's
rule library checks for a wide variety of cloud misconfiguration vulnerabilities,
such as dangerously permissive AWS IAM policies and security group rules, S3
buckets without "block public access" options enabled, Lambda function policies
allowing global access, VPCs with flow logs disabled, EBS volumes with
encryption disabled, and untagged cloud resources. View the full set of Regula
rules here.
Regula
supports user-defined rules using the Rego query language developed by the Open
Policy Agent project-and includes helper libraries that enable users to easily
build their own rules that conform to enterprise policies. Fugue created and
open-sourced Fregot, a tool that enables
developers to easily evaluate Rego expressions, debug code, and test
policies.
Regula
is available today on Fugue's public GitHub repository and on DockerHub.