HN Showcase
Back to browse
Compliance-as-Code for Cloud Infra

Compliance-as-Code for Cloud Infra

by mjkamalika·Feb 26, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemNiche Gem

Terraform-native ISO controls are table stakes; unclear if reports actually satisfy auditors.

Strengths
  • Codifies compliance drift detection into IaC—controls run continuously, not just at audit time
  • Audit Manager automation saves real time on recurring internal audit cycles
  • Consolidates 5+ major frameworks (ISO 27001, PCI DSS, NIST, SOC2, HIPAA) in one module set
Weaknesses
  • Compliance-as-code market exists (Terraform Cloud, Snyk, Wiz, Lacework all do policy enforcement)
  • No evidence that generated reports meet auditor requirements in practice—compliance still gatekeeps on human judgment
  • Locked to AWS; Terraform expertise required, limiting addressable market
Target Audience

Cloud architects, compliance/security teams, DevOps engineers managing regulated workloads

Similar To

Terraform Cloud Policy as Code · Snyk IaC · Lacework

Post Description

Launch real-world environments with built-in security controls for ISO 27001, PCI DSS, NIST, SOC2 & more. Compliance that actually runs in your infrastructure, not just in documents.

Similar Projects