Conf42: DevSecOps 2021

...

Compliance As Code with Cloud Custodian

Ismael Hommani
Cloud Native Developer @ Wescale

Ismael Hommani's LinkedIn account Ismael Hommani's twitter account

Tanguy Combe
Cloud Builder @ Wescale

Tanguy Combe's LinkedIn account


Compliance is about risk management and the Cloud is no exception to that. Data leaks, privilege escalation and so on happen all the time. Cloud Custodian is a rule engine that sets a comprehensive and scalable way to bake compliance into your Cloud Platform. This session will show you how.

Aligned with the Everything As Code approach, the Policy As Code consists in describing a number of rules that our cloud platform should abide by. However, unlike Infrastructure As Code which is now widely adopted, this approach remains vastly unheard of.

We usually observe hand crafted solutions to complete the limited services that Cloud providers already provide. Cloud Custodian is an open source solution that enables Policy As Code with AWS, Azure and GCP.

Through the example of a common Finops problem, this session will demonstrate the benefits of such an approach and its straightforwardness compared to an empirical and manual approach filled with copy-pasted boilerplates.

Awesome conferences for

Priority access to all content

Community Discord

Exclusive promotions and giveaways