A compliance check is an item in cloudtamer.io that performs an analysis on a cloud resource to see if it matches an undesirable configuration. You would typically use these checks to find resources with insecure configurations, so an example would be a check for an S3 bucket that is configured as publicly accessible.
There are different types of checks available:
- Cloud Custodian: cloudtamer.io includes the open-source Cloud Custodian rules engine, which allows you to easily write and run YAML policies against your cloud resources like EC2 instances, VPCs, root users, etc.
- Azure Policy Check: you can add Azure policy definitions to cloudtamer.io with JSON policy code specifically configured to check for compliance in your Azure resources.
- External: cloudtamer.io also supports ingesting data from external tools, so compliance checks serve as metadata for those external checks as well.
- Tenable.sc Integration: a compliance check that is used by the Tenable.sc middleware (requires login; learn more here). These compliance checks are created automatically based on the filters that you set.
To get you started, there are 75 Cloud Custodian compliance checks available in your environment as of release 2.18.
Compliance checks are applied through compliance standards. To create a compliance check, read Add a Compliance Check in the knowledge base. To add compliance checks to compliance standards, read Add a Compliance Standard.