Our great sponsors
-
cloudformation-guard
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
When you use CloudFormation Guard in combination with CodeBuild Reports it makes it easier to see what rules have failed and keeps a history. When you have a solid set of compliance rules. It gives you a report that you can use to prove that the build of the infrastructure was compliant. You are also able to prevent non-compliant code rollout in production.
But by default cfn-guard does not generate compatible reports. And when you execute it, and has failures it will exit with an exit code of 1. I have written a conversion tool to help you with this called report2junit. It merges and coverts the JSON reports into the JUnit format used by CodeBuild Reports. By using the || true postfix the CodeBuild execution will continue. Instead, the report2junit tool will return an exit code of 1 after it generated the report. And because the report is there when it fails you can use that to see what rule failed.