One of the challenges large companies face when adopting cloud native technologies is wrangling a whole new set of data and resources in the cloud. All of these exciting features introduce opportunities for innovation and… compliance and security misconfigurations. Did someone launch a Windows 2012 image that wasn’t supposed to be there? Make an S3 Bucket public that shouldn’t have been? How do you know if your EKS cluster is configured for NIST compliance? What do you have to do for compliance? In this talk, you’re invited to learn how Boeing is leveraging compliance-as-code with cloud-native and open-source tools, including the CNCF project Cloud Custodian, to streamline solutions to these problems in some of our public cloud environments.