Enabling Security with Open Policy Agent (OPA)

“How do you scale security policies and controls for developers?”

Open Policy Agent, or OPA, is a great answer to this question. OPA is a policy engine that allows enforcement across software stacks and infrastructure.

Using OPA, you can codify organizational policies and standards for enforcement, allowing you to have technical and verifiable controls to protect and enable your developers and engineers building services for customers.

Developing OPA policies using Rego is straight forward, and doesn’t require heavy programming expertise to learn the basics (although programming skills are a plus).

I’ve created some basic examples I’ve used for protecting cloud infrastructure, such as limiting security groups that have SSH open to everyone, and ensuring tags are on S3 resources: https://github.com/hackersifu/example_opa_security_policies

I’m curious of any rules that others would be interested in, security related or otherwise!