Infrastructure as code has become a powerful tool for deploying cloud resources. Unlike "point and click" deployments using the UI, infrastructure as code templates can be checked into source control, versioned, and audited for security vulnerabilities, all before the infrastructure itself is ever deployed.

 

Aqua Wave can help secure your infrastructure as code templates with its built-in IaC scanning engine.


TABLE OF CONTENTS


Introduction to IaC Scanning

Aqua Wave supports scanning the following template types:

  • AWS CloudFormation (JSON)
  • AWS CloudFormation (YAML)
  • AWS Terraform
  • Azure Terraform
  • GCP Terraform


IaC scanning works by uploading the source template or folder to Aqua Wave CSPM, either via our UI dashboard, or API. The template is processed server-side and the response to the API call includes a breakdown of potential security risks that could be introduced by the template.


Scanning Templates in the Aqua Wave Dashboard

Aqua Wave provides a simple interface for uploading and processing IaC templates. To get started:

  1. Log into Aqua Wave and navigate to "Tools" > "CloudFormation Scan" (or "Terraform Scan")
  2. Upload your template using the drag-and-drop interface, or copy and paste it into the textbox.
  3. Click "Run CloudFormation Scan" to begin processing the template (note: when dragging a file, this will occur automatically).
  4. The results will appear at the bottom of the page.


Scanning Templates via API in CI/CD

The Aqua Wave IaC scanning service is designed to be consumed via API and can easily be integrated into CLI or API-based CI/CD systems for processing. To get started:

  1. Ensure you have an Aqua Wave API key (generated from the "API Keys" page)
  2. Follow the API access instructions for generating a scan
  3. View the code samples for more examples