Infrastructure as code

Terraform, Cloudformation, ARM - what standards and controls are you putting around your SDI / IAC?

@felipecosta your article spoke directly about this topic, so I feel like you could provide some insight. Care to lend your voice to the topic?

1 Like

The teams I work with (deploying on AWS with CloudFormation) use Cloud One Conformity’s template scanner for security / compliance scanning, plus cfn-lint with some custom rules we built in-house to remind folks about our internal standards. We’ve briefly looked at cfn-guard and are excited about the recent 2.0 release, but it’s not part of our toolset yet.