Fugue Announces IaC Security for AWS CloudFormation in Regula
May 13, 2021

Fugue announced support for AWS CloudFormation in Regula, the open-source infrastructure as code (IaC) policy engine.

Cloud engineering and security teams can now use Regula to secure their AWS CloudFormation and Terraform configurations prior to deployment—and apply those same rules to running cloud environments using the Fugue platform to secure the entire cloud development lifecycle.

Regula is ideal for organizations with DevOps teams that use both AWS CloudFormation and Terraform—and those operating multi-cloud environments. Regula is an AWS CloudFormation security tool that can address vulnerabilities involving multiple resources, and helps teams meet the CIS AWS Foundations Benchmarks 1.2.0 and 1.3.0. Regula easily integrates into CI/CD pipelines and enables pre-commit IaC checks and provides pull request feedback. Fugue provides examples of Regula working with GitHub Actions for CI/CD.

While Regula works independently of Fugue, teams can use Fugue to apply the same Regula rules to assess the security posture of their running AWS, Azure, and Google Cloud cloud infrastructure environments, eliminating the investment and cloud risk associated with using and reconciling different policy frameworks for different stages of the cloud development lifecycle and for different cloud platforms.

“Companies operating at scale in the cloud need a policy as code framework that’s flexible, works with the leading infrastructure as code tools, and can be used across cloud platforms at every stage of the cloud development lifecycle,” said Josh Stella, Co-Founder and CEO of Fugue. “By extending Regula support to AWS CloudFormation, cloud engineering and security teams now have a unified cloud policy framework that works with their tools and workflows, giving them the confidence to move faster in the cloud—without breaking the rules needed to keep cloud infrastructure secure and in compliance.”

Regula’s rule library checks for a wide variety of cloud misconfiguration vulnerabilities, such as dangerously permissive AWS IAM policies and security group rules, S3 buckets without “block public access” options enabled, Lambda function policies allowing global access, VPCs with flow logs disabled, EBS volumes with encryption disabled, and untagged cloud resources.

Regula supports user-defined rules using the Rego query language developed by the Open Policy Agent project—and includes helper libraries that enable users to easily build their own rules that conform to enterprise policies. Fugue created and open-sourced Fregot, a tool that enables developers to easily evaluate Rego expressions, debug code, and test policies.

Share this

Industry News

May 19, 2022

Jellyfish announced the launch of Jellyfish Benchmarks, a way to add context around engineering metrics and performance by introducing a method for comparison.

May 19, 2022

Solo.io announced the addition and integration of Cilium networking into its Gloo Mesh platform, providing a complete application-networking solution for companies’ cloud-native digital transformation efforts.

May 19, 2022

Aqua Security announced multiple updates to Aqua Trivy, making it a unified scanner for cloud native security.

May 18, 2022

Red Hat unveiled updates across its portfolio of developer tools designed to help organizations build and deliver applications faster and more consistently across Kubernetes-based hybrid and multicloud environments.

May 18, 2022

Armory announced public early access to their new Continuous Deployment-as-a-Service product.

May 18, 2022

DataCore Software announced DataCore Bolt, enterprise-grade container-native storage software for DevOps.

May 17, 2022

DevOps Institute, a global professional association for advancing the human elements of DevOps, announced the release of the Upskilling IT 2022 report.

May 17, 2022

Replicated announced a host of new platform features and capabilities that enable their customers to accelerate enterprise adoption of their Kubernetes applications.

May 17, 2022

Codefresh announced that its flagship continuous delivery (CD) platform will be made accessible as a fully-hosted solution for DevOps teams seeking to quickly and easily achieve frictionless, GitOps-based continuous software delivery in the cloud.

May 16, 2022

Red Hat announced new capabilities and enhancements across its portfolio of open hybrid cloud solutions aimed at accelerating enterprise adoption of edge compute architectures through the Red Hat Edge initiative.

May 16, 2022

D2iQ announced a partnership with GitLab.

May 16, 2022

Kasten by Veeam announced the new Kasten by Veeam K10 V5.0 Kubernetes data management platform.

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.