From dbfba107c7168759c8be6ed5e2d4e9af6030d161 Mon Sep 17 00:00:00 2001 From: Stefan Rotsch Date: Tue, 14 Feb 2023 15:45:58 +0100 Subject: [PATCH] docs: add policy as code to trial --- radar/2022-10-12/policy-as-code.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 radar/2022-10-12/policy-as-code.md diff --git a/radar/2022-10-12/policy-as-code.md b/radar/2022-10-12/policy-as-code.md new file mode 100644 index 0000000..73ab083 --- /dev/null +++ b/radar/2022-10-12/policy-as-code.md @@ -0,0 +1,24 @@ +--- +title: "Policy as Code" +ring: trial +quadrant: methods-and-patterns +tags: [devops, ci/cd] +--- + +With the rise of cloud infrastructure and DevOps practices, traditional methods of policy enforcement such as manual +reviews and audits are no longer sufficient. By using code to express policies for the entire infrastructure and +application stack, automated compliance checks become a natural part of the software development lifecycle, +e.g. via integration into a projects' CI/CD pipeline and could even prevent a configuration change or deployment +if a critical issue was found. + +One of the key benefits of Policy as Code is the ability to catch potential issues before they become risks. For +example, a policy could be defined to ensure that all S3 buckets are encrypted, or that all EC2 instances have a +specific set of tags. + +There are a number of tools and frameworks available for implementing Policy as Code. At AOE, we are mainly relying on +[Checkov](https://www.checkov.io/), [Kyverno](https://kyverno.io/) and [AWS Config](https://aws.amazon.com/config/) +at the time of writing. Each tool provides a way to define policies in code and then automate policy enforcement. +They also provide visibility into the compliance status of infrastructure and application configurations. + +By defining policies as code, development teams can ensure that policies are version-controlled, easily auditable, +and consistent across all environments.