Regula

Self assessments performed by development, security, and operations teams provides them with the knowledge they need to improve.

Regula is an open-source static code analysis tool for Terraform maintained by Fugue. It checks for misconfigurations terraform, cloudformation, and kubernetes files. Which can be useful when you wish to test a variety of different infrastructure as code files for misconfigurations.

Installation

To install regula you can refer to their installation documentation as well as their release page.

brew tap fugue/regula
brew install regula

Usage

Getting started with regula is as simple as regula run . to scan the current directory recursively. Regula will immediately begin to scan your IaC and identify the locations of those misconfigurations.

Findings

DynamoDB Encryption

FG_R00069: DynamoDB tables should be encrypted with AWS or customer managed KMS keys [Medium]
           https://docs.fugue.co/FG_R00069.html

  [1]: aws_dynamodb_table.dynamodb_table
       in remotestate/main.tf:38:1

CloudFront Geo-Restrictions

FG_R00018: CloudFront distributions should have geo-restrictions specified [Medium]
           https://docs.fugue.co/FG_R00018.html

  [1]: aws_cloudfront_distribution.distribution
       in s3_static_site/main.tf:5:1

Regula

Installation #

Usage #

Findings #

DynamoDB Encryption #

CloudFront Geo-Restrictions #

Installation

Usage

Findings

DynamoDB Encryption

CloudFront Geo-Restrictions