Terramate Cloud Policies

Policies in Terramate Cloud help secure your infrastructure by detecting misconfigurations on a per-resource level. They leverage the industry-standard CIS Benchmarks to automatically analyze your infrastructure as code (IaC) changes and deployed resources.

What Do Policies Do?

Misconfiguration Detection: Policies inspect each resource for potential security misconfigurations. This precise, per-resource analysis helps you catch vulnerabilities early.
Automated Analysis: When you deploy changes or run scheduled drift detection, policies automatically verify that your configurations meet the prescribed security standards.

The CIS Benchmarks

The Center for Internet Security (CIS) is a nonprofit organization that promotes best security practices. CIS develops, validates, and publishes security benchmarks with prescriptive instructions for implementing industry-standard controls. These benchmarks cover:

Major cloud providers like AWS, Google Cloud, and Microsoft Azure
Platforms such as Kubernetes and various operating systems

Using the CIS Benchmarks within Terramate Cloud helps you secure your IT environment, reduce risk, and ensure compliance with best practices. They are widely recognized as the industry standard for securely configuring cloud infrastructure.

How Policies Work

Terramate Cloud integrates more than 500 built-in policies based on the CIS Benchmarks. These policies run during scheduled drift detection workflows, continuously monitoring the deployed infrastructure to ensure that all resources remain compliant with defined security standards. This process regularly identifies any misconfigurations or deviations, helping you maintain a secure and compliant environment over time.

Integration with the Resource Browser

Policy Checks in Terramate Cloud

Policies are tightly integrated with the Resource Browser in Terramate Cloud. This integration provides you with a comprehensive view of:

Current misconfigurations across all your resources
The severity of each detected issue

This centralized dashboard is handy when multiple teams manage IaC across various repositories, allowing you to maintain a strong security posture throughout your organization.

Stacks

Orchestration

Change Detection

CI/CD

GitHub Actions

GitLab CI

Bitbucket Pipelines

Code Generation

Resources

Stacks Inventory

Pull Request Previews

Deployments

Drift Management

GitHub

Profile

Organization

Variable Namespaces

Functions

Terramate

Numeric Functions

String Functions

Collection Functions

Encoding Functions

Filesystem Functions

Date and Time Functions

Hash and Crypto Functions

IP Network Functions

Type Conversion Functions

CLI Commands

Stacks and Orchestration

Terramate Scripts

Code Generation

Terramate Cloud

Misc

Experimental

Terramate Cloud Policies

What Do Policies Do?

The CIS Benchmarks

How Policies Work

Integration with the Resource Browser

Change Detection

GitHub Actions

GitLab CI

Bitbucket Pipelines

GitHub

Terramate Cloud Policies ​

What Do Policies Do? ​

The CIS Benchmarks ​

How Policies Work ​

Integration with the Resource Browser ​

Terramate Cloud Policies

What Do Policies Do?

The CIS Benchmarks

How Policies Work

Integration with the Resource Browser