Skip to content
This repository has been archived by the owner on Feb 7, 2023. It is now read-only.

Latest commit

 

History

History
55 lines (40 loc) · 2.29 KB

File metadata and controls

55 lines (40 loc) · 2.29 KB

Securing Terraform IaC with the Regula Policy Engine

This repo contains topics, code snippets, and examples for Fugue's Terraform security masterclass. The focus is on how to use the Regula open source policy engine to prevent misconfigurations and security vulnerabilities from reaching production in your cloud.

Regula

Regula is an open source project on Github. It builds on OPA and the Rego query language to create an easy-to-use policy engine for resources in Infrastructure-As-Code (IaC).

Rules written for Regula are usable with both Terraform HCL and Terraform Plans. Regula can easily be run during development (e.g. via pre-commit hooks) or in CI/CD pipelines to check Terraform Plans prior to deployment.

See each topic below, each of which includes example source code and commands to show how you can eliminate misconfigurations in your Terraform templates.

The Rego Language

Rego is the open source policy language and a key component of the CNCF Open Policy Agent (OPA) project.

Topics

  1. The Rego language
  2. Rego and Terraform
  3. Regula and Terraform
  4. IaC Pre-Commit Checks
  5. Regula Built-in Rules
  6. Regula Usage

References

About Fugue

Fugue helps teams move faster and more securely in the cloud. Our open source projects and SaaS platform help eliminate misconfigurations and ensure security both in IaC templates and for resources running in AWS, Azure, and Google clouds.

You can also check out our careers page if this sounds like something you'd want to help us with!

regula-policy-engine