Fugue announces IaC Security for AWS CloudFormation in Regula

Fugue, the company helping organisations innovate faster and more securely in the cloud, announced support for AWS CloudFormation in Regula, the open-source infrastructure as code (IaC) policy engine.

Cloud engineering and security teams can now use Regula to secure their AWS CloudFormation and Terraform configurations before deployment and apply those same rules to running cloud environments using the Fugue platform to secure the entire cloud development lifecycle.

Expanding Regula capabilities represents Fugue’s continued leadership in innovating on the policy as code for IaC and running cloud infrastructure since 2015.

Ideal for multi-cloud environments

Regula is ideal for organisations with DevOps teams that use both AWS CloudFormation and Terraform and those operating multi-cloud environments.

Regula is the only AWS CloudFormation security tool that can address vulnerabilities involving multiple resources, and the only one that helps teams meet the CIS AWS Foundations Benchmarks 1.2.0 and 1.3.0.

Regula easily integrates into CI/CD pipelines and enables pre-commit IaC checks and provides pull request feedback

Regula easily integrates into CI/CD pipelines and enables pre-commit IaC checks and provides pull request feedback. Fugue provides examples of Regula working with GitHub Actions for CI/CD.

Code security requirements

“At Cadwell, we needed an effective way to check our infrastructure as code to ensure our cloud infrastructure deployments are secure so we can move faster in the cloud with confidence,” said Sawyer Ward, Enterprise Support Specialist at Cadwell Industries, Inc.

“Regula is ideal for our infrastructure as code security requirements, and the ability to apply those same rules to our cloud environment with Fugue means we can keep our infrastructure in continuous compliance and avoid the risks and overhead of maintaining multiple policy frameworks.”

Independent working software

While Regula works independently of Fugue, teams can use Fugue to apply the same Regula rules to assess the security posture of their running AWS, Azure, and Google Cloud cloud infrastructure environments, eliminating the investment and cloud risk associated with using and reconciling different policy frameworks for different stages of the cloud development lifecycle and different cloud platforms.  

Unified cloud policy framework

Regula can be used across cloud platforms at every stage of the cloud development lifecycle

“Companies operating at scale in the cloud need a policy as code framework that’s flexible, works with the leading infrastructure as code tools, and can be used across cloud platforms at every stage of the cloud development lifecycle,” said Josh Stella, co-founder, and CEO of Fugue.

“By extending Regula support to AWS CloudFormation, cloud engineering and security teams now have a unified cloud policy framework that works with their tools and workflows, giving them the confidence to move faster in the cloud—without breaking the rules needed to keep cloud infrastructure secure and in compliance.”

Rules are user-defined

Regula’s rule library checks for a wide variety of cloud misconfiguration vulnerabilities, such as dangerously permissive AWS IAM policies and security group rules, S3 buckets without “block public access” options enabled, Lambda function policies allowing global access, VPCs with flow logs disabled, EBS volumes with encryption disabled, and untagged cloud resources.

Regula supports user-defined rules using the Rego query language developed by the Open Policy Agent project and includes helper libraries that enable users to easily build their own rules that conform to enterprise policies.

Fugue created and open-sourced Fregot, a tool that enables developers to easily evaluate Rego expressions, debug code, and test policies.