# Infrastructure as Code Security (IaC)

## Overview

Arnica's IaC Security engine provides real-time visibility and remediation for misconfigurations and security risks in Infrastructure-as-Code files like Terraform, Docker, etc. As part of Arnica’s pipelineless security platform, this capability protects your cloud infrastructure from being deployed insecurely — before it ever leaves the developer’s hands.

Misconfigurations in IaC can open the door to data breaches, privilege escalation, or service outages often without developers realizing it until it's too late. Common risks include:

* Publicly exposed cloud resources
* Weak security group rules
* Missing encryption or logging settings
* Insecure Docker image practices, and more.

Arnica automatically detects these issues in real-time **at the moment of code change** (on code push, and Pull/Merge Request), giving your team a chance to fix them before they hit production.

## IaC Types Support Matrix

| Platform                                |
| --------------------------------------- |
| Terraform (for AWS, GCP, Azure and OCI) |
| CloudFormation (including AWS SAM)      |
| Azure Resource Manager (ARM)            |
| Serverless framework                    |
| Helm charts                             |
| Kubernetes                              |
| Dockerfile                              |
| Kustomize                               |
| Ansible                                 |
| Bicep                                   |
| ARM                                     |
| OpenTofu template files                 |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.arnica.io/arnica-documentation/code-risks/infrastructure-as-code-security-iac.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.