CFT Assessment


You can use the CloudGuard Dome9 Compliance Engine to evaluate AWS CloudFormation Templates (CFTs).

By evaluating the CFT for a proposed cloud environment or extension, you can deal with security issues in the environment before the deployment and ensure that your design meets both your business goals and security needs.

Note: CFT Assessments can be used with AWS CFTs only.

Value to customers

  • evaluate security compliance before actual cloud provisioning

  • security considerations are assessed and addressed earlier in the DevOps process

  • supports Infrastructure as Code (IaC) approach to planning cloud environments


  • assess designs for cloud-elements (templates)

  • assess a template-based extension to a live cloud environment

  • test compliance to security guidelines within the CI/CD pipeline, before push to production (devsecops)

Dome9 CFT Simulator

Dome9 has prepared a CFT Simulator, with which you can run an offline (that is, not executing the stack in AWS environment) simulation of the your CFT, according to various input parameters. This will help you prepare our CFT. Then, use the Dome9 Compliance Engine to evaluate your template for any security issues.


See also

The CloudGuard Domes GSL Core Language

Compliance and Governance


Dome9 CI/CD Pipeline CFT