First you will need to install the VSCode IDE in your machine to install the Cloud Conformity Security Plugin as you can see here: Link
Second you will need to create one account in Conformity using this link here Create Account, login into your account, and generate an API Token.
Log in to Trend Micro Cloud One Platform:
1. Click on the bottom left User Management
2. Click the API Key icon on the left side
3. Click on New to create the API Key
4. Select Read Only Access Role, the prefer language for you and the prefer Timezone. After you can click Next
5. This will generate the API Key you will need to click Copy to Clipboard and save it properly. Because after you close this screen you will not be able to retrieve it later.
Remember to copy the key and save it safely. You won't be able to get it again.
Now you will be able to scan the CloudFormation templates based on hundreds of checks that help you comply with the AWS Well-Architected Framework among others standards and frameworks to ensure you are building superior cloud infrastructure. Here is one example of a bad CloudFormation template NOT following the engineering best practices for you to test:
Copy the CloudFormation template example below and save the file with the YAML format (.yml). If you do not save the file, the template scanner will fail.
#This is an CloudFormation template example NOT following the AWS Well-Architected Framework
Resources:
Ec2Instance:
Type: 'AWS::EC2::Instance'
Properties:
SecurityGroups:
- !Ref InstanceSecurityGroup
KeyName: ec2-keypair
ImageId: ami-0ff8a91507f77f867
Tags:
-
Key: "Environment"
Value: "TM_Lab"
InstanceSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH access via port 22 test
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Tags:
-
Key: "Environment"
Value: "TM_Lab"
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: test-tm-lab-s3-bucket
Tags:
-
Key: "Environment"
Value: "TM_Lab"
To test the extension, open the CloudFormation template above with the VSCode IDE and open the Command Pallet with:
- MAC OS: ⇧ + ⌘ + P
- Windows/Linux: Ctrl+Shift+P
Search for Cloud One Conformity: Scan the Current Open Template and hit enter to start automatically scanning your CloudFormation template:
The result will appear in a second tab called Scan Result like the image below.
You can also check out the Conformity Knowledge Base, which can help you better understand more about any best practice check violations and how to remediate and fix them in your CloudFormation template or in production environments: