Skip to content

IaC ↔ application alignment (PoLP++)

Full workflow

Complete guide (limitations, CI, published lens): iac-alignment

Why use CCE

Terraform and IAM policies often grant more than application code uses — or miss actions code actually calls. Drift between declared infrastructure permissions and observed SDK usage creates audit findings and blast-radius risk.

CCE produces the application-side entitlement map; diff that JSON against parsed IaC/IAM output in your pipeline.

Example command

cce -folder . -language AUTO -filter cloud -format json -output scan.json