Policy Packs for Guardrails: The fast track to meet your control objectives
Accelerate delivery of your control objectives with 100+ open-source policy pack examples implementing automated best practices for security, FinOps and cloud operations compliance.
In the ever-evolving landscape of cloud services, ensuring that your organization meets its control objectives for security, FinOps, and cloud operations best practices can be a complex and time-consuming task.
Turbot Guardrails provides a powerful governance platform to address these challenges across AWS, Azure, GCP and Kubernetes. However, with a vast library of over 300 mods and 12,000 policies, knowing how to configure Guardrails to meet specific control objectives can be daunting for new users. This is where Policy Packs come into play.
Policy Packs (feat. Smart Folders)
To simplify and streamline the process of meeting specific control objectives, we are introducing a new core concept named Policy Packs. We have renamed the feature previously known as "Smart Folders" to "Policy Packs" and re-imagined how we can use this capability to accelerate the development and delivery of cloud governance automation.
Policies are the primary configuration language of Guardrails, they store metadata used to assess resources and define the automated actions Guardrails takes when responding to unapproved configuration of your cloud resources.
Policy Packs are targeted collections of these policies that work together to achieve specific control objectives.
Key Benefits of Policy Packs:
- Simplicity: Pre-packaged policies mean you don’t have to start from scratch.
- Efficiency: Quickly find, test and deploy policies to meet specific control objectives.
- Consistency: Standardized configurations ensure uniformity across your cloud environment.
- Flexibility: Customize and extend Policy Packs to fit your unique needs.
Howl at the Hub
An exciting part of this transformation is the addition of the Guardrails Hub. The Hub serves as a central library and reference tool for Policy Packs. It is fed from Guardrails Samples, an open source GitHub repo containing tons of example scripts, API tools, GraphQL queries and (now) policy packs.
We welcome contributions to this repo both in terms of new code/examples and in raising issues against the existing content.
100+ best practice examples
To launch the Guardrails Hub, we have reviewed, polished and published 100+ common control objectives requested by Guardrails customers, across a wide range of categories:
Naming
Each pack is named in a way that makes it possible to understand the underlying control objective. The opening action word is designed to communicate the type of action the control pack is designed to take:
- Check: Controls that do not have an enforcement option and can only notify on error.
- Enforce: Controls where Guardrails can take an enforcement action against misconfiguration.
- Configure: Change configuration of a resource.
- Deny: Guardrails IAM preventative controls.
- Prevent: Cloud native preventative controls.
The action verb is followed by a descriptive sentence indicating the resource types involved and the criteria they are measured against. The verbosity of the names is intentional, to make it easy to find control objectives using search and to quickly grok the intent without needed to read the underlying policy settings or code in detail. Here are some examples:
- "Check MFA is Enabled for AWS IAM Root Accounts"
- "Enforce Approved Extensions Are Installed on Azure Compute Virtual Machines"
- "Configure Uniform Access is Enabled for GCP Storage Buckets"
How to use
Existing guardrails users can get started using policy packs today:
- Navigate to https://hub.guardrails.turbot.com
- Search for an applicable policy pack.
- Read and follow the installation instructions.
For a detailed walk-through of how to deploy and use policy packs in guardrails watch the video below.
See it in action
Control your cloud with Guardrails
Take your operational controls and compliance to the next level with Turbot Guardrails' auto-remediation policies. With continuous monitoring, instant remediation, and detailed audit trails, Guardrails makes it effortless to maintain a secure and compliant cloud environment.
Try it now with a 14-day free trial and see how easy it is to keep your cloud environment aligned with best practices.