Get the full comparison

Resourcely and Open Policy Agent (OPA)

Resourcely is an infrastructure configuration platform featuring templates and policies. Rego is a general-purpose policy language used with OPA for evaluating policies.

Read the full compareSee a code example

Resourcely makes infrastructure configuration easy and safe. It includes a policy language called "Really" built specifically for cloud infrastructure.

Rego is a policy language for Open Policy Agent (OPA) built to check data for assertions. It is general purpose and was originally built for making authorization checks, but companies also use it to evaluate cloud infrastructure via Terraform Plan.

How Resourcely and Rego & OPA compare

Summary
Resourcely
Open Policy Agent
Goal
Streamlining cloud configuration and governance
General purpose policy language
Templates for deploying infrastructure

X

Policies
Policy Language
Really
Rego
Evaluation Framework
Resourcely Guardrails
Open Policy Agent (OPA)
Remediation and upgrades of existing infrastructure

X

Deep Dive
Resourcely
Open Policy Agent
Built for...
Evaluating infrastructure configuration during CI and giving feedback at time of configuration
Evaluating general purpose policies during CI only
Easy to read and write

X

Embeddable into CI tooling
Analyzes Terraform plan
Provides feedback at time of configuration

X

Can be used beyond configuration use-cases

X

Expressive

X

Native cloud property understanding

X

Autocomplete

X

Dot property accessors

X

Checks connected resources

X

Context-dependent checks

X

Auto-generated test cases

X

Append configuration

X

Really, Resourcely's policy language

Rego, OPA's policy language

GUARDRAIL "Require private acl"
  WHEN aws_s3_bucket
    REQUIRE acl = "private"
package terraform

import input.tfplan as tfplan

allowed_acls = ["private"]
allowed_sse_algorithms = ["aws:kms", "AES256"]

s3_buckets[r] {
    r := tfplan.resource_changes[_]
    r.type == "aws_s3_bucket"
}

array_contains(arr, elem) {
  arr[_] = elem
}

# Rule to restrict S3 bucket ACLs
deny[reason] {
    r := s3_buckets[_]
    not array_contains(allowed_acls, r.change.after.acl)
    reason := sprintf(
        "%s: ACL %q is not allowed",
        [r.address, r.change.after.acl]
    )
}

Stop struggling to write and maintain Rego

Read and write your cloud infrastructure policies in just seconds

Get Resourcely Today

Your CSPM can't fix cloud infrastructure

Learn how Resourcely can improve your cloud posture in days, not quarters