Make secure configuration mandatory
Ensure your cloud configurations do not leak sensitive customer data.
Embed security best practices into our guardrails and blueprints for secure configuration at scale👇
Ensure your cloud configurations do not leak sensitive customer data.
Embed security best practices into our guardrails and blueprints for secure configuration at scale👇
Secure-by-default configuration
Policy-as-code built for humans
From reactive to proactive security posture
Scale security best practices
Resourcely blueprints and guardrails give security teams tools to enforce security policy without impeding development teams
1checkRequireSSLEnabled[db_instance.id] {
2 db_instance := input.google_sql_database_instance[_]
3 setting := db_instance.config.settings[_]
4 not setting.ip_configuration
5} {
6 db_instance := input.google_sql_database_instance[_]
7 setting := db_instance.config.settings[_]
8 ip_configuration = setting.ip_configuration[_]
9 not ip_configuration.require_ssl
10} {
11 db_instance := input.google_sql_database_instance[_]
12 setting := db_instance.config.settings[_]
13 ip_configuration = setting.ip_configuration[_]
14 ip_configuration.require_ssl == false
15}
16
17checkNoPublicAccess[db_instance.id] {
18 db_instance := input.google_sql_database_instance[_]
19 setting := db_instance.config.settings[_]
20 count(setting.ip_configuration) > 0
21 ip_configuration = setting.ip_configuration[_]
22 count(ip_configuration.authorized_networks) > 0
23 authorized_network = ip_configuration.authorized_networks[_]
24 authorized_network.value == "0.0.0.0"
25}
1GUARDRAIL "GCP database network config"
2 WHEN google_sql_database_instance
3 REQUIRE settings.ip_configuration HAS
4 require_ssl = true
5 NO authorized_networks.value = "0.0.0.0"
Resourcely helps keep developers shipping fast in a secure fashion, reducing guess work and avoiding incidents that stem from misconfiguration.