AJR/TechradarDev
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: fix spellcheck errors

Browse Source
This commit is contained in:
Stefan Rotsch
2023-02-22 16:28:50 +01:00
committed by Bastian
parent dbfba107c7
commit 77d0806181
25 changed files with 141 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
radar/2022-10-12/policy-as-code.md
View File

@@ -5,20 +5,20 @@ quadrant: methods-and-patterns
tags: [devops, ci/cd]
---
With the rise of cloud infrastructure and DevOps practices, traditional methods of policy enforcement such as manual
With the rise of cloud infrastructure and DevOps practices, traditional methods of policy enforcement such as manual
reviews and audits are no longer sufficient. By using code to express policies for the entire infrastructure and
application stack, automated compliance checks become a natural part of the software development lifecycle,
application stack, automated compliance checks become a natural part of the software development lifecycle,
e.g. via integration into a projects' CI/CD pipeline and could even prevent a configuration change or deployment
if a critical issue was found.
One of the key benefits of Policy as Code is the ability to catch potential issues before they become risks. For
example, a policy could be defined to ensure that all S3 buckets are encrypted, or that all EC2 instances have a
specific set of tags.
One of the key benefits of Policy as Code is the ability to catch potential issues before they become risks. For
example, a policy could be defined to ensure that all S3 buckets are encrypted, or that all EC2 instances have a
specific set of tags.
There are a number of tools and frameworks available for implementing Policy as Code. At AOE, we are mainly relying on
[Checkov](https://www.checkov.io/), [Kyverno](https://kyverno.io/) and [AWS Config](https://aws.amazon.com/config/)
at the time of writing. Each tool provides a way to define policies in code and then automate policy enforcement.
at the time of writing. Each tool provides a way to define policies in code and then automate policy enforcement.
They also provide visibility into the compliance status of infrastructure and application configurations.
By defining policies as code, development teams can ensure that policies are version-controlled, easily auditable,
By defining policies as code, development teams can ensure that policies are version-controlled, easily auditable,
and consistent across all environments.