Fugue announced support for automatically checking Amazon Web Services (AWS) cloud environments and infrastructure as code (IaC) for adherence to the AWS Well-Architected Framework.
AWS customers can significantly reduce the time and engineering resources required to prepare for the AWS Well-Architected Framework review process and generate a prioritized remediation plan to meet controls in the security and reliability pillars.
With Fugue, cloud engineering and security teams can evaluate their AWS CloudFormation and Terraform templates pre-deployment for adherence to AWS Well-Architected Framework controls and use those same policies to check their AWS runtime environments. Detailed information on each violation and a remediation roadmap prioritized by severity enable teams to meet AWS Well-Architected Framework controls 80% faster using 50% fewer engineering hours.
“The AWS Well-Architected Framework is a powerful tool for assuring organizations are adhering to architectural best practices, but the assessment and remediation process can be time-consuming and resource intensive,” said Josh Stella, co-founder and CEO of Fugue.
“Fugue makes it easier and faster for engineering and security teams to know where they stand according to the AWS Well-Architected Framework, remediate issues in environments and infrastructure as code, and design new systems with security and reliability baked into the architecture.”
Fugue helps teams ensure continuous cloud security and compliance efficiently across AWS, Microsoft Azure, and Google Cloud as well as build confidence and trust with management, auditors and customers.
In addition to the AWS Well-Architected Framework, Fugue provides turnkey coverage for SOC 2, NIST 800-53, GDPR, PCI, HIPAA, ISO 27001, CSA CCM, CIS Controls, CIS Docker, and CIS Foundations Benchmarks for AWS, Microsoft Azure, Google Cloud, and Kubernetes.
Fugue delivers developer-friendly tooling to develop and test custom policies for validating IaC templates and running cloud environments and also build automated IaC checks into Git workflows and CI/CD pipelines to prevent misconfiguration vulnerabilities in deployments.
Fugue’s Unified Policy Engine leverages Open Policy Agent (OPA), the open standard for policy as code, and Regula, Fugue’s open source implementation of OPA for IaC and cloud security. OPA is a Cloud Native Computing Foundation (CNCF) graduated project.
Credit: Source link