Rego code samples

Rego is a declarative policy-as-code language from the creators of the Open Policy Agent (OPA) engine. I've written quite a lot of Rego policies to check infrastructure-as-code! Some rules were incorporated into the Fugue policy library. I also wrote most of the custom rules in Fugue's example custom rules repository. Here is a small selection of policies for use with Fugue:

Simple custom rules:

• AWS S3 buckets must have a stage=prod tag
• Azure Virtual Machine instances must be assigned to availability sets
• Google persistent disks must be between 50 and 100 GB in size

Advanced custom rules:

• AWS S3 buckets containing CloudTrail logs must be private
• Azure managed disks running Linux must have an application tag
• Google projects must have a default audit log configuration

Tip

Interested in learning Rego? Check out my Rego 101 blog post series.