I've been working on a side project called Policy Engine – a Terraform security policy checker that scans your IaC configs for misconfigurations before they hit production.
What it does:
Checks against 60+ security rules across critical, high, medium, and low severity levels
Supports 9 AWS resource types: S3, EC2, RDS, IAM, Lambda, Security Groups, ELB/ALB, CloudTrail, and KMS
Returns results instantly – just paste your Terraform code
REST API available so you can plug it into your CI/CD pipeline
Check history so you can track improvements over time
Why I built it:
Caught a misconfigured S3 bucket in prod one too many times. Wanted something lightweight I could use without spinning up a full Checkov/tfsec setup for smaller projects.
It's completely free to use – no credit card, no sign-up required for basic checks.
🔗 Try it here: https://policy-engine-c7mc.onrender.com/
Would love feedback from this community – what rules or resources would you want added next? Happy to answer any questions.
Top comments (0)