Supercharge Guardrails
The Guardrails Hub helps you discover providers that power cloud compliance automation, and catalogs our most popular examples & best practices into deployable policy packs.
Guardrails Mods
Featured Policy Packs
Enable Regional Event Handlers for AWS Accounts
aws/guardrails/enable_regional_event_handlers
The Guardrails Event Handlers are responsible for conveying events from AWS CloudTrail back to Guardrails for processing. This is a requirement for Guardrails to process and respond in real-time.
aws
Enable Reporting for AWS CIS v3.0.0
aws/guardrails/enable_reporting_for_cis_v300
Enable AWS CIS v3.0.0 reporting in guardrails to check security best practices.
aws-cisv3-0
Enforce AWS IAM Access Keys Are Not Older Than 90 Days
aws/iam/enforce_access_keys_are_not_older_than_90_days
Reduce the risk of compromised credentials by ensuring keys are regularly rotated.
aws-iam
Enforce Block Public Access Is Enabled for AWS S3 Buckets
aws/s3/enforce_block_public_access_is_enabled_for_buckets
Prevent unintended exposure of sensitive data to the public internet for S3 buckets.
aws-s3
Enforce IMDSv2 for AWS EC2 Instances
aws/ec2/enforce_imdsv2_for_instances
Mitigate the risk of unauthorized metadata exposure through vulnerabilities like Server-Side Request Forgery (SSRF).
aws-ec2
Enable Reporting for Azure CIS v2.0.0
azure/guardrails/enable_reporting_for_cis_v200
Enable Azure CIS v2.0.0 reporting in guardrails to check security best practices.
azure-cisv2-0
Enforce Azure Compute Virtual Machines Use Approved AMIs From Trusted Publishers
azure/compute/enforce_vms_use_approved_amis_from_trusted_publishers
Ensure that only trusted, validated images are used, reducing the risk of security vulnerabilities and ensuring compliance with organizational policies and security standards.
azure-compute
Enforce Azure Network Security Groups to Reject All Ingress, RDP, and SSH Inbound Access
azure/network/enforce_security_groups_to_reject_all_rdp_ssh_inbound_access
Ensure remote administrative access is blocked unless explicitly allowed, reducing the risk of malicious attacks and enhancing overall security posture.
azure-network
Enforce RBAC for Azure AKS Managed Clusters
azure/aks/enforce_enable_rbac_for_managed_clusters
Ensure that only authorized users and applications can perform actions within clusters.
azure-aks
Enforce Secure TLS Version for Azure App Service Web Apps
azure/appservice/enforce_secure_tls_version_for_webapps
Ensure data is protected by using strong encryption protocols, reducing the risk of vulnerabilities associated with older TLS versions
azure-appservice
Enable Event Handlers for GCP Projects
gcp/guardrails/enable_event_handlers
The Guardrails Event Handlers are responsible for conveying events from GCP Logging back to Guardrails for processing. This is a requirement for Guardrails to process and respond in real-time.
gcp
Enable Reporting for GCP CIS v2.0.0
gcp/guardrails/enable_reporting_for_cis_v200
Enable GCP CIS v2.0.0 reporting in guardrails to check security best practices.
gcp-cisv2-0
Enforce Block Project-Wide SSH Keys for GCP Compute Engine Instances
gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances
Restrict the use of universally accessible SSH keys, thereby reducing the risk of unauthorized access.
gcp-computeengine
Enforce Encryption for Secrets Is Enabled for GCP GKE Clusters
gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters
Ensure that secrets, such as passwords and API keys, are encrypted, thereby safeguarding them from unauthorized access and potential breaches.
gcp-kubernetesengine
Enforce GCP BigQuery Datasets Are Not Publicly Accessible
gcp/bigquery/enforce_datasets_are_not_publicly_accessible
Protect sensitive and proprietary data from unauthorized access and potential breaches.
gcp-bigquery
Enforce GCP IAM User-Managed Service Accounts Do Not Have Admin Privileges
gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges
Minimize the risk of unauthorized access and potential misuse of administrative capabilities.
gcp-iam
Go beyond reporting with Guardrails.
Turbot Guardrails is the leading platform for policy-based control and automatic remediation of enterprise clouds.