Member-only story
Policy as Code (PaC) with Terraform, Sentinel, and AWS.
If you are not doing Policy as Code, you are losing money.
Policy as Code (PaC) is a DevOps practice that utilizes code to manage and enforce policies, rather than relying on manual processes. PaC can help improve security, compliance, and operational efficiency.
In another article, I provided an introduction to the same topic, utilizing tools such as AWS CloudFormation Guard and cfn_nag.
Policy as code is the idea of writing code in a high-level language to manage and automate policies.
FinOps is about changing how a company manages its cloud resources and costs. Together with a healthy PaC practice, it can help us avoid the lack of centralized governance, resulting in a fragmented cloud environment, with duplicate resources, overlapping services, and inconsistent policies (if any) scattered across providers.
Without proper oversight and management, the “pay-as-you-go” model can quickly turn into “pay-for-what-you-forgot” as companies struggle to handle what they’re spending and why.
