It takes about 5 minutes to integrate.
Hey there! ๐
โก๏ธ CDK just released a new killer feature that increases user experience for those ones who develop infrastructure in CDK. ๐ฅ
Note: Keep in mind that you can use different plugins (such as OPA, Chekov, KICS, etc) instead of Cloudfromation Guard to validate your infrastructure with the feature.
What is the benefit?
From what I see the biggest benefit of this feature is improved development flow of the CDK code. Being able to check your code on the fly against a ruleset of policies will warn you earlier which saves a lot of time and prevents accidental deployments of vulnerable infrastructure.
That being said do note this is an experimental feature in the CDK which comes with its own pros/cons.
How to integrate the plugin into your project?
First thing first go to the terminal and add this dependency to your project:
$ npm install @cdklabs/cdk-validator-cfnguard
The next step is to pass this into your cdk.App
object
const app = new cdk.App({
policyValidationBeta1: [
new CfnGuardValidator({
rules: [
"/workspace/aws-guard-rules-registry/rules/aws/amazon_s3/",
]
})
]
});
All done ๐ โ Now you are ready to run use the plugin.
$ cdk synth
Performing Policy Validations
Validation Report
-----------------
Policy Validation Report Summary
โโโโโโโโโโโโโโโโโโโโโโโโโโคโโโโโโโโโโ
โ Plugin โ Status โ
โโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโข
โ cdk-validator-cfnguard โ success โ
โโโโโโโโโโโโโโโโโโโโโโโโโโงโโโโโโโโโโ
Policy Validation Successful!
.....
What if I'm new to Guard?
Well, it's totally fine. Guard is less known to the general public. I will not talk about Guard in this blog post, and it deserves a separate article to talk about the pros/cons.
I want to mention repository created by AWS that didn't get a lot of attention. The repository contains a collection of rules written in Guard DSL, which covers 80% of use cases. If you're just starting off with your journey on increasing security posture definitely follow the link.
Wrapping Up
Looks like it is a good step forward to improve the framework. So go there and give it a try!
Thank you for your time! Stay awesome ๐
Max
Links:
Top comments (0)