Moeve: Controlling resource deployment at scale with AWS CloudFormation Guard Hooks

DevOps & Developer Productivity Blog

Moeve, a global energy company, implemented AWS CloudFormation Guard Hooks to improve resource deployment governance and security across their multi-account AWS environment. The key aspects of their solution include:

Centralized S3 bucket for storing Guard Hook rules across the organization
Deployment of hooks using CloudFormation StackSets to multiple accounts
Custom hooks to validate and enforce security configurations, specifically for API Gateway deployments
Preventing resource deployments that do not meet security requirements
Providing clear error messages to help developers quickly address configuration issues

The implementation allows Moeve to balance infrastructure flexibility with robust governance, ensuring secure and consistent cloud resource deployments while maintaining developer autonomy.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Nov 21
2024

Introducing AWS CloudFormation Hooks invoked via AWS Cloud Control API (CCAPI)

Nov 21
2024

AWS CloudFormation Hooks now allows AWS Cloud Control API resource configurations evaluation

Nov 20
2024

Author AWS CloudFormation Hooks using the CloudFormation Guard domain specific language

Jan 4
2024

How to use AWS Config proactive rules and AWS CloudFormation Hooks to prevent creation of noncompliant cloud resources

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Moeve: Controlling resource deployment at scale with AWS CloudFormation Guard Hooks

Related articles