We are pleased to announce the latest enhancement to our Terraform CI/CD solution for infrastructure – ControlPolicy Groups.

Our Terraform CI/CD solution for infrastructure enables ControlMonkey users to define proactive policies that will be enforced at the Pull Request level and prevent security, cost, and compliance misconfigurations.
Starting today, our users can group together control policies and apply them to specific environments by namespaces or stacks.

This allows for custom-made policy packages that meet your organization’s guardrails. For example, if your organization requires each resource to be tagged with specific keys and all data volumes to be encrypted, you can now group these two policies together to create your own custom compliance.
You can enforce these groups on a specific ControlMonkey namespace or stack, providing the granularity you need.

Your development environment has its own requirements, while your production environment likely requires more rigid policies to be enforced. Unlike account-level policy mechanisms (e.g., AWS SecurityHub), with ControlMonkey policies, you can mix and match the appropriate policies for the relevant infrastructure stacks

You can select the severity level for each policy, which is then translated to an enforcement level (Warning, Hard/Soft Mandatory).

ControlMonkey also makes it super easy to granularly apply a policy group to a certain namespace or stack. For example, you can group together all of your SOC2 compliance policies and enforce those policies only in production environments that are required to be SOC-compliant.

Enforce the guardrails of your cloud environment with our out-of-the-box policy manager and prevent costly misconfigurations.

We are pleased to announce that we have enhanced the Terraform Plan and Deployment capabilities that are available from the ControlMonkey dashboard.

Starting today, ControlMonkey customers can run advanced ‘Terraform Plan’ and ‘Terraform Apply’ with ‘Target’ and ‘Replace’ flags on their deployments.
This is a request we got from multiple customer and we always love to make sure our customers get what they need.

A target flag (Target Resources) runs a deployment on specific resources rather than the entire branch.

A replace flag (Resource re-creation) is used to force a re-creation of specific resources rather than the entire branch.

Through the ControlMonkey dashboard, you can now send a flag in a simplified way that makes it easier to modify a specific resource.

Looking to improve your Terraform automation? Let’s talk.

We are very excited to announce that we have reinforced our Terraform Insights solution by allowing users to generate an SBOM (Software bill of materials) report of the Terraform Modules used in your environment with a click of a button.

A couple of months ago, we announced the release of our Terraform Modules Explorer, which provides DevOps teams with visibility into which Terraform Modules are being used, whether their source is a registry or local Git repository, where they are used in the code, and whether or not they are running on the latest version.

Starting today, ControlMonkey users can generate an easy-to-read and digest SBOM report that is based on the information of the Terraform Modules Explorer with a click of a button.
This is extremely handy for teams that need to provide this information during security audits.

Create a Terraform Modules report that contains:

• Which Terraform Modules are being used
• Is their source Registry or Local
• How many modules
• Version control

Gain full control over your Terraform Modules and take another step forward to being on top of your infrastructure.

ControlMonkey is the most comprehensive Terraform Automation Platform. Do you want to know why?
Book a 30-minute intro call with us and find out!

Today, we’re excited to announce that ControlMonkey now supports Terraform Microsoft Teams integration for real-time infrastructure notifications. With this new capability, DevOps teams can receive critical updates—such as drift detection, deployment successes or failures, and compliance guardrail alerts—directly inside their Microsoft Teams channels.

Real-time visibility is essential in modern Terraform workflows. Without instant alerts, misconfigurations or failed deployments can go unnoticed, slowing down response times and increasing operational risk. By connecting Terraform with Microsoft Teams, ControlMonkey ensures your team stays aligned, reacts faster, and collaborates on issues in the same space where they already communicate daily.

How to Use Terraform Microsoft Teams Integration in ControlMonkey

With ControlMonkey notifications, you can get notified about various important events that happen on your infrastructure directly to your team collaboration application.
Events such as ‘Drift detected’ or ‘Deployment is done/failed’ and more.

So if you’re using Microsoft Teams, you can get these event notifications directly to a Teams channel and ensure you never miss them.

What is Microsoft Teams?

Microsoft Teams is one of the most widely used collaboration platforms, trusted by millions of organizations worldwide. It brings together chat, video meetings, file sharing, and integrations with hundreds of business applications in a single workspace. For distributed engineering teams, it acts as the central hub for daily communication and decision-making.

In a DevOps environment, Microsoft Teams goes beyond messaging. It enables ChatOps workflows, where infrastructure events and alerts flow directly into team channels. Engineers can discuss issues, approve changes, and resolve incidents without leaving the collaboration space they already use. By integrating Terraform notifications into Teams, DevOps teams gain faster visibility into infrastructure changes, reducing context-switching and accelerating incident response.

Today ControlMonkey is pleased to announce that we have added the capability to easily import NeptuneDB, Amazon Neptune, instances to Terraform and OpenTofu Code using our Terraform Import Engine.

What is Amazon Neptune and why import to Terrafrom and OpenTofu?

NeptuneDB (Amazon Neptune) is a fully managed graph database service developed by Amazon Web Services (AWS) for storing and querying highly connected data. It allows users to store and query relationships between data points efficiently, facilitating complex data analysis and traversal.

Managing and governing NeptuneDB instances with Terraform code is crucial for disaster recovery and version control.
NeptuneDB instances usually rely on ‘option group’ and ‘parameter group’ that enhance its performance, therefore it’s important also to manage those satellite resources with Terraform, and not only the instance itself.

ControlMonkey Import NeptuneDB to Terraform and OpenTofu

ControlMonkey now supports the one-click Terraform Import of the following NeptuneDB resources:

Neptune::DBCluster (aws_neptune_cluster)
Neptune::DBClusterParameterGroup (aws_neptune_cluster_parameter_group)
Neptune::DBInstance (aws_neptune_cluster_instance)
Neptune::DBParameterGroup (aws_neptune_parameter_group)

ControlMonkey generates the Terraform Code to represent your NeptuneDB configuration alongside the Terraform state file, so you don’t have to import those resources one by one, and you also don’t need to reprovision the DB instance and cause a service interruption.

Are you using NeptuneDB and have resources you would like to shift to Terraform?

Feel free to book an intro meeting  with us to learn more about how ControlMonkey generates the Terraform code that represents your existing NeptuneDB instance, parameter group, and option group, making the shift to Terraform as seamless as possible.

Today we are glad to announce that we have added NIST Compliance to our Proactive Compliance Packages enforcement, as part of the Terraform CI/CD solution.

ControlMonkey Terraform CI/CD solution enables DevOps teams to proactively enforce compliance and security policies during the infrastructure CI/CD and prevent issues and misconfigurations in production.

Starting today, our users can enforce NIST 800-53 compliance standards on any Terraform pull request, and ControlMonkey will validate the resources configuration, as part of the infrastructure CI/CD.

Organizations usually run compliance validations in a detective way, after the resources are deployed to production, using tools like AWS Security Hub.

This capability enables DevOps teams to easily enforce NIST Compliance standards proactively, rather than responding to non-compliant resources in production, and risk getting penalized for NIST compliance violations.

If regulation requires your infrastructure to be NIST compliant, you can validate every resource’s compliance proactively, out of the box, with zero effort.

On top of that, users have enhanced customization and granularity and can enforce compliance using various enforcement levels and apply them to specific stacks or namespaces.

Shift left your infrastructure compliance, keep your environment in ‘Always-Compliant’ mode, and allow your team to build faster without sacrificing control.

Today ControlMonkey is pleased to announce that we have reinforced our Terraform Import Engine with the ability to Import AWS Direct Connect resources to Terraform.

AWS Direct Connect is a networking service that provides an alternative to using the internet to connect to AWS. Using AWS Direct Connect, data that would have previously been transported over the internet is delivered through a private network connection between private facilities and AWS.

ControlMonkey now supports one-click Terraform Import of the following Direct Connect resources:

Connections (aws_dx_connection)
Lag (aws_dx_lag)
Virtual Interface (aws_dx_private_virtual_interface)

Are you using Direct Connect and have resources that you would like to shift to Terraform?
Feel free to book an intro meeting  with us to learn more!

Today we are happy to announce the release of the latest enhancement to our Terraform Insights product, Terraform Providers Explorer.

DevOps teams leveraging Terraform don’t have any real visibility into which Terraform Providers are being used in their Terraform code, where are they used in the code, and whether or not they are not the latest version is being used.

Moreover, once you click on one of the providers, you can drill down into each provider and gain visibility into:

• The code path in which the provider is being used
• Which ControlMonkey stack is that provider related to
• What is the version constraint
• What is the used version
• What are the latest versions available

Want to upgrade your Terraform provides? The days of scrolling through 1000s lines of Terraform code to discover which providers are being used and with which versions are over.

With ControlMonkey you get end-to-end visibility of everything related to Terraform Operations in a single dashboard so you will never be left in the dark.

Interested in learning more?
Join our Live Product Showdown next week to see our platform’s capabilities!

Here at ControlMonkey, we strive to provide a completely customer-centric Terraform Operations platform for our users, right from the onboarding.

So today we are happy to announce a huge enhancement to the ControlMonkey platform onboarding with our new release, Terraform Repo Scanner.
This new capability automatically scans all the repos that contain the Terraform/Terragrunt/OpenTofu code and displays all the paths that are not managed by ControlMonkey, the IaC type, and the number of resources under that path, and with a single click enables the user to create “Stacks” in the ControlMonkey platform.

This is big news for new ControlMonkey customers who are onboarding their accounts because rather than manually creating “stacks” based on existing paths in the repo, they can generate all the stacks in one shot, saving them precious time.

So if you have your own Terraform Code and are looking to leverage ControlMonkey’s advanced solutions like Terraform CI/CD with proactive policies and Drift Detection & Remediation, you can now onboard in a few clicks, with absolutely zero code changes.

Onboarding ControlMonkey has never been easier, and we’re happy seeing our new customers save time starting from the onboarding.

As part of the main dashboard view in the ControlMonkey platform, our users gain visibility into several metrics of interest that provide an overview of the AWS account’s status in terms of IaC coverage, Unmanaged Resources, Terraform Drifts, and Console Operations (ClickOps).

About IaC Posture Dashboard

These metrics help our customers understand the level of control they have over their cloud accounts and point out the gaps that require resolution.
For example, Console Operations are a source for Terraform drifts that can potentially cause misconfigurations.

However, our large customers who hold dozens of AWS accounts requested a holistic view that will help them oversee the bigger picture of their organization. Meaning, that rather than toggling between accounts to get the environments’ status, they wanted to get a 30K feet view of all their accounts in one dashboard.

So today we are pleased to announce the latest enhancement to our Cloud Inventory dashboard, Organization View.

Organization View: IaC Posture Dashboard

The Dashboard Organization View is a Cross-organization visualization of all your AWS accounts, with the option to drill down into any specific account, with a click of a button.
This dashboard provides DevOps with a clear and general view of all their AWS accounts so they can understand the gaps and level of control they have over their cloud.

Do you have dozens of accounts and are interested in learning how ControlMonkey helps you manage them more efficiently?
Our team is waiting to speak with you !