I’m excited to announce the launch of Styra Declarative Authorization Service (DAS) and Open Policy Agent (OPA) as a Red Hat Ansible Certified Content Collection. Teams can now automate infrastructure deployments with the right guardrails in place to enable security-enhanced operations and align with regulatory compliance.
Enterprises are rapidly adopting cloud-native automation platforms like Ansible Automation Platform to improve business agility and accelerate time-to-market. Such platforms enable infrastructure automation across major cloud providers like Amazon Web Services (AWS), Google Cloud and Microsoft Azure, as well as infrastructure-as-code tools like HashiCorp Terraform. However, these advancements shouldn’t come at the expense of security or compliance. Here, policy as code plays a major role — allowing teams to enforce security, compliance and operational guardrails to ensure that infrastructure automation works as expected, by default.
Using Policy as Code to accelerate automated infrastructure deployments
Together, Ansible Automation Platform and Styra DAS deliver a best-in-class way to optimize infrastructure security while enabling automation at scale.
“Ansible Automation Platform enables organizations to tackle the size and complexity of cloud infrastructure deployments by automating and simplifying common management tasks. This offering with Styra DAS using Ansible Automation Platform provides a powerful new way for customers to extend that approach to security and compliance with policy as code,” said Richard Henshall, Director of Ansible Product Management at Red Hat.
“This collection provides platform engineering teams and cloud administrators with the confidence that any cloud infrastructure stack is securely optimized and compliant, automatically,” said Chris Hendrix, Director of Product at Styra. “Not only can teams check their current deployments for non-compliance using best-practice policies, but automatically generate playbooks to mitigate problems.”
For organizations managing cloud infrastructure deployments, this offering:
- Works with any Infrastructure-as-Code stack.
- Allows developers to pretest code before submitting it into a repository, thereby validating the code without moving it offsite.
- Provides the ability to check existing environments, or mitigate environments to align new or updated policies.
- Automatically generates playbooks to fix non-compliance, or even adjust code to maintain compliance.
- Provides a central management and workflow engine to develop and deploy the policies, and also takes steps based on the IaC alignment to the policies.
- Uses the Ansible Automation Platform role-based access control (RBAC) capabilities to easily assign the right tasks to the right roles.
Overview of the Ansible Content Collection
Leveraging Ansible Automation Platform and Styra DAS, organizations can help enable security-focused and compliant infrastructure-as-code deployments using OPA policy as code. Here, platform engineering teams and cloud administrators can define or select predefined best-practice security and compliance policies, before auditing their cloud resource configurations against those policies — either validating those plans or identifying mitigation areas. Then, it is possible to automatically generate playbooks to fix non-compliant resources. In all, this offering provides an end-to-end way to help enforce security and compliance guardrails with automation at scale.
What is Red Hat Ansible Automation Platform?
Ansible Automation Platform is Red Hat’s industry-leading enterprise IT automation solution that includes everything needed to build, deploy, and manage end-to-end automation at scale. Built on a powerful, agentless framework, Ansible Automation Platform is engineered to help organizations create, manage, and scale their automation workloads. It offers a flexible, stable, and security-focused foundation for deploying end-to-end automation solutions—from IT processes, to hybrid cloud, to edge locations.
What is Styra DAS?
Styra DAS allows platform engineers and cloud administrators to improve the security of their workloads and clusters deployed with Ansible Automation Platform. Based on OPA, the industry’s leading open-source policy engine, Styra DAS dramatically simplifies policy implementation and management for infrastructure deployments. It can empower enterprises to:
- Enable Developers
- Make it easy for developers and engineers managing infrastructure to deploy automated policy-as-code guardrails for security and compliance in their infrastructure-as-code pipelines.
- Manage Policy
- Manage the policy lifecycle and governance across teams and deliver fine-grained access controls to cloud resources.
- Reduce Risk
- Start with pre-built policies mapped to PCI, MITRE ATT&CK for cloud and CIS benchmarks. Enable security, audit and compliance teams to engage as needed. Moreover, test the impact of policy changes before deployment.