CloudFormation Security Check
Describing infrastructure as code has become a powerful tool for operations teams. AWS CloudFormation has enabled this practice within AWS environments by accepting JSON (and now YAML) templates that describe the AWS resources that should be created. As with all AWS services, these resources must be configured properly to prevent introducing security risks into your environment.
Until now, CloudSploit’s scans have been reactive in nature — detecting risks after they are already present. This is a critical aspect of security in the cloud, but we can do more. To help our users be more proactive with AWS security, we have developed a new tool. Starting today, all CloudSploit accounts have access to the CloudFormation Security Check — accessible from the dashboard.
Using this new feature is incredibly simple — just drag-and-drop or paste a properly formatted AWS CloudFormation JSON template (YAML support coming soon) onto the page and receive a scan report within seconds. Each result is marked as either “PASS,” “WARN,” or “FAIL,” just like CloudSploit’s traditional scan reports. Additionally, a message provides more information about the risk, and can be clicked to expose the original offending resource.
This feature is currently in beta. We perform over 95 different checks across over 40 different AWS resource types, with support for more being added as AWS extends CloudFormation to more services. We are providing this feature as part of all CloudSploit accounts, completely free. For our Premium Plan users, scans can also be invoked via the CloudSploit API, integrating CloudSploit’s security scan into your build systems and other tools.
— The CloudSploit Team
