Infrastructure as code predeployment compliance testing

Assignee

• Rapid7, Inc. · US

Inventors

• James Witschey · Falls Church, US
• John Jason Senich · Piney Grove, US
• Jun Sung Park · Hwaseong-si, KR
• Val Komarov · Fairfax, US
• Miguel Ledezma · Alexandria, US
• Chris DeRamus · Ashburn, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.