While Configuration Audit reports and makes sure that currently deployed infrastructure is compliant and secure, extending those checks to DevOps templates allows you to keep up with how new resources are deployed or existing ones are updated. On-Demand Scans for DevOps identify compliance issues and enforce remediation steps earlier in the cycle, which saves time and effort.
DevOps Scan Workflow
An On-Demand Scan for DevOps evaluates active Config Audit policies on the templates according to the scan configuration for the specified AWS S3 buckets or Azure Blob Containers. After the scan is complete, you can view the IaaS provider's DevOps template in the Analytics > Resources page using the filter Resource Type, or the specific template name in the table view.
You can also:
- View different types of resources that are deployed by the template
- Filter based on compliance status
- View specific policies and incidents attributing to a template being non-compliant
- AWS CloudFormation
- Azure Resource Manager
- Amazon ECS Fargate CloudFormation