Learn how to implement automated Terraform resource analysis for AWS policy control in this 22-minute DevSecCon talk. Discover how Yelp integrates static analysis into their Infra-as-Code (IaC) pipeline, reducing security reviewer fatigue and improving developer productivity. Explore the benefits of using tools like Regula and Atlantis to catch vulnerabilities during code review, shifting security left and eliminating manual security reviews. Gain insights into formatting output, creating custom rules, implementing waivers, and handling critical security vulnerabilities. Join speaker Muhammad Ahmed, a Software Engineer in Infrastructure Security at Yelp, as he shares his experience and expertise in cloud security and network security.