Subscribe to the Blog

Get articles sent directly to your inbox.

Charles Kim

TL;DR

  1. Cloudrail can be used as a Static Analysis tool
  2. Cloudrail Static Analysis will be made free across all tiers

Background

Starting today, Cloudrail can be used as a Static Analysis tool to validate your Terraform code. It has been made free for unlimited scans. Cloudrail Static Analysis will be available across all price tiers and has been made available immediately to existing users.

Cloudrail Static Analysis enables organizations to get started with IaC security. Today, we have mapped over 100+ rules to the AWS well architected framework and lead in tool-compare’s security benchmark as of May 19th.

We wanted to give back by automating compliance for developers with their IaC, and so, we’ve made this capability free for anyone to use. Cloudrail gives organizations visibility and auditing for infrastructure deployment workflows for their cloud native infrastructure.

I currently use a Static Analysis tool. Why use Cloudrail Static Analysis?

The answer is simple: Cloudrail’s Static Analysis is a step towards Cloudrail’s Dynamic Analysis, where you can:

1. Find issues in your IaC resources that can only be seen in the live environment. For example, finding roles that aren’t used, IAM policy attachments that were modified directly in the live account (drift), S3 buckets used without VPC endpoints, and more.
2. Automatically monitor account-wide drift, by detecting resources that are not managed by IaC at all (any of your repositories), and flagging those that are violating your security policy. This way you get visibility into your entire cloud environment.

Cloudrail Static Analysis is a great first step to enabling IaC security in your organization. As you begin to explore further security challenges, understanding the IaC with your live environment in-context becomes necessary.

Related Article  Securing S3 Buckets Built in Terraform, using IaC Security Tools

Using Cloudrail Static Analysis is simple. If you haven’t yet, you can sign up for Cloudrail here:

  1. Click on Run Assessment
  1. Choose Static analysis
  1. Run a scan and get remediation steps provided in the UI and CLI