> For the complete documentation index, see [llms.txt](https://docs.arnica.io/arnica-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.arnica.io/arnica-documentation/code-risks/infrastructure-as-code-security-iac.md). # Infrastructure as Code Security (IaC) ## Overview Arnica's IaC Security engine provides real-time visibility and remediation for misconfigurations and security risks in Infrastructure-as-Code files like Terraform, Docker, etc. As part of Arnica’s pipelineless security platform, this capability protects your cloud infrastructure from being deployed insecurely — before it ever leaves the developer’s hands. Misconfigurations in IaC can open the door to data breaches, privilege escalation, or service outages often without developers realizing it until it's too late. Common risks include: * Publicly exposed cloud resources * Weak security group rules * Missing encryption or logging settings * Insecure Docker image practices, and more. Arnica automatically detects these issues in real-time **at the moment of code change** (on code push, and Pull/Merge Request), giving your team a chance to fix them before they hit production. ## IaC Types Support Matrix | Platform | | --------------------------------------- | | Terraform (for AWS, GCP, Azure and OCI) | | CloudFormation (including AWS SAM) | | Azure Resource Manager (ARM) | | Serverless framework | | Helm charts | | Kubernetes | | Dockerfile | | Kustomize | | Ansible | | Bicep | | ARM | | OpenTofu template files | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.arnica.io/arnica-documentation/code-risks/infrastructure-as-code-security-iac.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.