Skip to content
Cased Documentation

Rules

Define and enforce your organization’s infrastructure, security, and compliance standards

Overview

Custom rules allow you to document your organization’s infrastructure, security, and compliance standards. These standards serve as guidelines for Cased’s built-in checks, helping ensure your infrastructure aligns with both industry best practices and your organization’s specific requirements.

Note that these rules don’t implement custom checks themselves, but rather define the standards and guidelines that Cased should enforce. Think of them as your organization’s infrastructure rulebook that Cased consults when performing its automated analysis.

Creating Custom Rules

Rules are plain text files and stored in your repository as .cased/rules.

Example Rules

Here’s an example of a .cased/rules file that defines your organization’s infrastructure standards:

# Infrastructure Standards
1. All resources must be tagged with:
   - Environment (dev/staging/prod)
   - Team owner
   - Cost center
   - Project name


2. Network Security
   - VPCs must use private subnets for all application resources
   - No public-facing resources except through load balancers
   - All security groups must have explicit ingress/egress rules
   - No 0.0.0.0/0 inbound access except for load balancers on ports 80/443


3. Resource Naming
   - Use underscores instead of dashes
   - Include environment prefix: {env}_{resource}_{purpose}
   - Example: prod_rds_userdb, dev_ec2_worker


4. State Management
   - Use remote state in S3 with state locking
   - One state file per environment
   - State files must be encrypted at rest


5. Module Usage
   - Use company-approved modules from internal registry
   - Pin module versions using git tags
   - Document all module inputs in variables.tf
   - Keep module nesting to maximum 2 levels


6. Cost Optimization
   - Use spot instances for non-production workloads
   - Enable auto-scaling for all production services
   - Configure instance scheduling for dev environments
   - Use appropriate instance sizes based on metrics


7. Monitoring
   - Enable CloudWatch detailed monitoring
   - Set up log retention policies
   - Configure appropriate alarms for:
     * CPU/Memory utilization
     * Error rates
     * Response times
     * Cost thresholds


8. Backup and Recovery
   - Enable automated backups for all databases
   - Configure cross-region replication for critical data
   - Test restore procedures quarterly
   - Maintain point-in-time recovery capability


9. Security Compliance
   - Enable encryption at rest for all data stores
   - Use KMS for key management
   - Rotate access keys every 90 days
   - Enable MFA for all IAM users

Rule Enforcement

Cased automatically enforces these rules during:

  • Pull request reviews
  • Infrastructure changes
  • Compliance audits

Best Practices for Writing Rules

  1. Clarity

    • Write clear, specific descriptions
    • Include both good and bad examples
    • Document the rationale behind each rule

  2. Maintainability

    • Group related rules together
    • Version control your rules
    • Review and update rules regularly