diff --git a/.travis.yml b/.travis.yml
index be6137961..c48d57e06 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,10 +1,7 @@
 language: rust
 
 script:
-  - cd cfn-guard && cargo build --verbose --all && cargo test --verbose --all
-script:
-  - cd cfn-guard-lambda && cargo build --verbose --all && cargo test --verbose --all
-script:
-  - cd cfn-guard-rulegen && cargo build --verbose --all && cargo test --verbose --all
-script:
-  - cd cfn-guard-rulegen-lambda && cargo build --verbose --all && cargo test --verbose --all
\ No newline at end of file
+  - pushd cfn-guard && cargo build --verbose --all && cargo test --verbose --all; popd
+  - pushd cfn-guard-lambda && cargo build --verbose --all && cargo test --verbose --all; popd
+  - pushd cfn-guard-rulegen && cargo build --verbose --all && cargo test --verbose --all; popd
+  - pushd cfn-guard-rulegen-lambda && cargo build --verbose --all && cargo test --verbose --all; popd
diff --git a/NOTICE b/NOTICE
index 616fc5889..ba8da6855 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1 +1,2 @@
+CloudFormation Guard
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
diff --git a/README.md b/README.md
index 71e51ac59..0054aec61 100644
--- a/README.md
+++ b/README.md
@@ -2,9 +2,11 @@
 
 This repo contains source code for the following tools:
 
-* `CloudFormation Guard` A CLI tool that checks AWS CloudFormation templates for policy compliance using a simple, policy-as-code, declarative syntax 
-* `CloudFormation Guard Lambda` is the AWS Lambda version of `CloudFormation Guard`
-* `CloudFormation Guard Rulegen` automatically generates CloudFormation Guard rules from existing CloudFormation templates
+* `CloudFormation Guard` A CLI tool that 
+	* Checks AWS CloudFormation templates for policy compliance using a simple, policy-as-code, declarative syntax
+	* Can autogenerate rules from existing CloudFormation templates
+* `CloudFormation Guard Lambda` is the AWS Lambda version of CloudFormation Guard's `check` functionality 
+* `CloudFormation Guard Rulegen Lambda` is the AWS Lambda version of CloudFormation Guard's `rulegen` functionality
 
 ## How it works
 
@@ -48,7 +50,7 @@ AWS::EC2::Volume Size <= 100
 You can check the template to ensure that it adheres to the rules.
 
 ```
-$> cfn-guard -t Examples/ebs_volume_template.json -r Examples/ebs_volume_template.ruleset
+$> cfn-guard check -t Examples/ebs_volume_template.json -r Examples/ebs_volume_template.ruleset
 
 [NewVolume2] failed because [Encrypted] is [false] and the permitted value is [true]
 [NewVolume] failed because [Encrypted] is [false] and the permitted value is [true]
@@ -61,7 +63,7 @@ Number of failures: 3
 CloudFormation Guard can be used to evaluate security best practices for infrastructure deployed via CloudFormation. A number of example rules are included:
 
 ```
-$> cfn-guard -t Examples/security_template.json -r Examples/security_rules.ruleset
+$> cfn-guard check -t Examples/security_template.json -r Examples/security_rules.ruleset
    "[AmazonMQBroker] failed because [AutoMinorVersionUpgrade] is [false] and Version upgrades should be enabled to receive security updates"
    "[AmazonMQBroker] failed because [EncryptionOptions.UseAwsOwnedKey] is [true] and CMKs should be used instead of AWS-provided KMS keys"
    "[AmazonMQBroker] failed because [EngineVersion] is [5.15.9] and Broker engine version should be at least 5.15.10"
@@ -71,12 +73,12 @@ $> cfn-guard -t Examples/security_template.json -r Examples/security_rules.rules
 More details on how to write rules and how the tool can work with build systems can be found [here](cfn-guard/README.md).
 
 ### Automatically Generating Rules
-You can also use the `CloudFormation Guard Rulegen` tool to automatically generate rules from known-good CloudFormation templates.
+You can also use the `CloudFormation Guard` tool to automatically generate rules from known-good CloudFormation templates.
 
-Using the same template as above, `cfn-guard-rulegen` would produce:
+Using the same template as above, `cfn-guard rulegen` would produce:
 
 ```
-$> cfn-guard-rulegen Examples/ebs_volume_template.json
+$> cfn-guard rulegen Examples/ebs_volume_template.json
 AWS::EC2::Volume Encrypted == false
 AWS::EC2::Volume Size == 101 |OR| AWS::EC2::Volume Size == 99
 AWS::EC2::Volume AvailabilityZone == us-west-2b |OR| AWS::EC2::Volume AvailabilityZone == us-west-2c 
@@ -84,9 +86,9 @@ AWS::EC2::Volume AvailabilityZone == us-west-2b |OR| AWS::EC2::Volume Availabili
 
 From there, you can pipe them into a file and add, edit or remove rules as you need.
 
-### Checking templates using the Lambda
+### Using the tool as an AWS Lambda
 
-Everything that can be checked from the command-line version of the tool can be checked using [the Lambda version](./cfn-guard-lambda/README.md).
+Everything that can be checked from the command-line version of the tool can be checked using [the Lambda version](./cfn-guard-lambda/README.md).  The same is true for the [rulegen functionality](./cfn-guard-rulegen-lambda/README.md).
 
 ## Setting it up
 
@@ -134,7 +136,7 @@ Details on how to build the tools and use them are available in each tool's READ
 
 [CloudFormation Guard Lambda](cfn-guard-lambda/README.md)
 
-[CloudFormation Guard Rulegen](cfn-guard-rulegen/README.md)
+[CloudFormation Guard Rulegen Lambda](cfn-guard-rulegen-lambda/README.md)
 
 ## Using the Makefile
 
diff --git a/cfn-guard-lambda/Cargo.lock b/cfn-guard-lambda/Cargo.lock
index 8f9091765..229056b28 100644
--- a/cfn-guard-lambda/Cargo.lock
+++ b/cfn-guard-lambda/Cargo.lock
@@ -27,6 +27,12 @@ dependencies = [
  "winapi 0.3.8",
 ]
 
+[[package]]
+name = "ascii"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eab1c04a571841102f5345a8fc0f6bb3d31c315dec879b5c6e42e40ce7ffa34e"
+
 [[package]]
 name = "atty"
 version = "0.2.14"
@@ -80,6 +86,12 @@ dependencies = [
  "iovec",
 ]
 
+[[package]]
+name = "cesu8"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
+
 [[package]]
 name = "cfg-if"
 version = "0.1.10"
@@ -88,9 +100,11 @@ checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
 
 [[package]]
 name = "cfn-guard"
-version = "0.6.0"
+version = "0.7.0"
 dependencies = [
+ "cfn-guard-rulegen",
  "clap",
+ "jni",
  "lazy_static",
  "log",
  "regex",
@@ -102,7 +116,7 @@ dependencies = [
 
 [[package]]
 name = "cfn-guard-lambda"
-version = "0.6.0"
+version = "0.7.0"
 dependencies = [
  "cfn-guard",
  "lambda_runtime",
@@ -113,6 +127,18 @@ dependencies = [
  "simple_logger",
 ]
 
+[[package]]
+name = "cfn-guard-rulegen"
+version = "0.7.0"
+dependencies = [
+ "clap",
+ "log",
+ "serde",
+ "serde_json",
+ "serde_yaml",
+ "simple_logger",
+]
+
 [[package]]
 name = "chrono"
 version = "0.4.11"
@@ -159,6 +185,19 @@ dependencies = [
  "winapi 0.3.8",
 ]
 
+[[package]]
+name = "combine"
+version = "3.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da3da6baa321ec19e1cc41d31bf599f00c783d0517095cdaf0332e3fe8d20680"
+dependencies = [
+ "ascii",
+ "byteorder",
+ "either",
+ "memchr",
+ "unreachable",
+]
+
 [[package]]
 name = "crossbeam-deque"
 version = "0.7.3"
@@ -219,6 +258,16 @@ version = "1.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bb1f6b1ce1c140482ea30ddd3335fc0024ac7ee112895426e0a629a6c20adfe3"
 
+[[package]]
+name = "error-chain"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc"
+dependencies = [
+ "backtrace",
+ "version_check",
+]
+
 [[package]]
 name = "failure"
 version = "0.1.8"
@@ -395,6 +444,26 @@ version = "0.4.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8b7a7c0c47db5545ed3fef7468ee7bb5b74691498139e4b3f6a20685dc6dd8e"
 
+[[package]]
+name = "jni"
+version = "0.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1981310da491a4f0f815238097d0d43d8072732b5ae5f8bd0d8eadf5bf245402"
+dependencies = [
+ "cesu8",
+ "combine",
+ "error-chain",
+ "jni-sys",
+ "log",
+ "walkdir",
+]
+
+[[package]]
+name = "jni-sys"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130"
+
 [[package]]
 name = "kernel32-sys"
 version = "0.2.2"
@@ -730,6 +799,15 @@ version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
 
+[[package]]
+name = "same-file"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "scopeguard"
 version = "1.1.0"
@@ -1134,12 +1212,44 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c"
 
+[[package]]
+name = "unreachable"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "382810877fe448991dfc7f0dd6e3ae5d58088fd0ea5e35189655f84e6814fa56"
+dependencies = [
+ "void",
+]
+
 [[package]]
 name = "vec_map"
 version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
 
+[[package]]
+name = "version_check"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed"
+
+[[package]]
+name = "void"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
+
+[[package]]
+name = "walkdir"
+version = "2.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "777182bc735b6424e1a57516d35ed72cb8019d85c8c9bf536dccb3445c1a2f7d"
+dependencies = [
+ "same-file",
+ "winapi 0.3.8",
+ "winapi-util",
+]
+
 [[package]]
 name = "want"
 version = "0.2.0"
@@ -1179,6 +1289,15 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 
+[[package]]
+name = "winapi-util"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
+dependencies = [
+ "winapi 0.3.8",
+]
+
 [[package]]
 name = "winapi-x86_64-pc-windows-gnu"
 version = "0.4.0"
diff --git a/cfn-guard-lambda/Cargo.toml b/cfn-guard-lambda/Cargo.toml
index a9130376f..fc8863cf2 100644
--- a/cfn-guard-lambda/Cargo.toml
+++ b/cfn-guard-lambda/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cfn-guard-lambda"
-version = "0.6.0"
+version = "0.7.0"
 edition = "2018"
 
 [dependencies]
diff --git a/cfn-guard-lambda/Makefile b/cfn-guard-lambda/Makefile
index 455b19bdb..8ceb1d290 100644
--- a/cfn-guard-lambda/Makefile
+++ b/cfn-guard-lambda/Makefile
@@ -5,7 +5,7 @@ project_name = cfn-guard-lambda
 role_arn := ${CFN_GUARD_LAMBDA_ROLE_ARN}
 request_payload_fail = '{ "template": "{\n    \"Resources\": {\n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}",\
                      "ruleSet": "let require_encryption = true\nlet disallowed_azs = [us-east-1a,us-east-1b,us-east-1c]\n\nAWS::EC2::Volume AvailabilityZone NOT_IN %disallowed_azs\nAWS::EC2::Volume Encrypted != %require_encryption\nAWS::EC2::Volume Size == 101 |OR| AWS::EC2::Volume Size == 99\nAWS::IAM::Role AssumeRolePolicyDocument.Version == 2012-10-18\nAWS::EC2::Volume Lorem == true\nAWS::EC2::Volume Encrypted == %ipsum\nAWS::EC2::Volume AvailabilityZone != /us-east-.*/",\
-                      "strict_checks": true}'
+                      "strictChecks": true}'
 
 #======================================================================
 # Request Payload Fail:
@@ -49,7 +49,7 @@ request_payload_fail = '{ "template": "{\n    \"Resources\": {\n        \"NewVol
 
 request_payload_pass = '{ "template": "{\n    \"Resources\": {\n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}",\
                      "ruleSet": "let require_encryption = true",\
-                      "strict_checks": true}'
+                      "strictChecks": true}'
 
 #======================================================================
 # Request Payload Pass
@@ -83,7 +83,7 @@ request_payload_pass = '{ "template": "{\n    \"Resources\": {\n        \"NewVol
 
 request_payload_err = '{ "template": "{\n    \"Resources\": \n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}",\
                      "ruleSet": "let require_encryption = true",\
-                      "strict_checks": true}'
+                      "strictChecks": true}'
 
 #======================================================================
 # Request Payload Fail
diff --git a/cfn-guard-lambda/README.md b/cfn-guard-lambda/README.md
index 42b3fdd32..82e082fab 100644
--- a/cfn-guard-lambda/README.md
+++ b/cfn-guard-lambda/README.md
@@ -74,7 +74,7 @@ aws lambda update-function-code --function-name cfn-guard-lambda --zip-file file
     "State": "Active",
     "LastUpdateStatus": "Successful"
 }
-aws lambda invoke --function-name cfn-guard-lambda --payload '{ "template": "{\n    \"Resources\": {\n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}", "ruleSet": "let require_encryption = true\nlet disallowed_azs = [us-east-1a,us-east-1b,us-east-1c]\n\nAWS::EC2::Volume AvailabilityZone NOT_IN %disallowed_azs\nAWS::EC2::Volume Encrypted != %require_encryption\nAWS::EC2::Volume Size == 101 |OR| AWS::EC2::Volume Size == 99\nAWS::IAM::Role AssumeRolePolicyDocument.Version == 2012-10-18\nAWS::EC2::Volume Lorem == true\nAWS::EC2::Volume Encrypted == %ipsum\nAWS::EC2::Volume AvailabilityZone != /us-east-.*/", "strict_checks": true}' output.json
+aws lambda invoke --function-name cfn-guard-lambda --payload '{ "template": "{\n    \"Resources\": {\n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}", "ruleSet": "let require_encryption = true\nlet disallowed_azs = [us-east-1a,us-east-1b,us-east-1c]\n\nAWS::EC2::Volume AvailabilityZone NOT_IN %disallowed_azs\nAWS::EC2::Volume Encrypted != %require_encryption\nAWS::EC2::Volume Size == 101 |OR| AWS::EC2::Volume Size == 99\nAWS::IAM::Role AssumeRolePolicyDocument.Version == 2012-10-18\nAWS::EC2::Volume Lorem == true\nAWS::EC2::Volume Encrypted == %ipsum\nAWS::EC2::Volume AvailabilityZone != /us-east-.*/", "strictChecks": true}' output.json
 {
     "StatusCode": 200,
     "ExecutedVersion": "$LATEST"
@@ -95,9 +95,9 @@ cat output.json | jq '.'
     "[NewVolume] failed because it does not contain the required property of [Lorem]",
     "[NewVolume] failed because there is no value defined for [%ipsum] to check [Encrypted] against"
   ],
-  "exit_status": "FAIL"
+  "exitStatus": "FAIL"
 }
-aws lambda invoke --function-name cfn-guard-lambda --payload '{ "template": "{\n    \"Resources\": {\n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}", "ruleSet": "let require_encryption = true", "strict_checks": true}' output.json
+aws lambda invoke --function-name cfn-guard-lambda --payload '{ "template": "{\n    \"Resources\": {\n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}", "ruleSet": "let require_encryption = true", "strictChecks": true}' output.json
 {
     "StatusCode": 200,
     "ExecutedVersion": "$LATEST"
@@ -105,9 +105,9 @@ aws lambda invoke --function-name cfn-guard-lambda --payload '{ "template": "{\n
 cat output.json | jq '.'
 {
   "message": [],
-  "exit_status": "PASS"
+  "exitStatus": "PASS"
 }
-aws lambda invoke --function-name cfn-guard-lambda --payload '{ "template": "{\n    \"Resources\": \n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}", "ruleSet": "let require_encryption = true", "strict_checks": true}' output.json
+aws lambda invoke --function-name cfn-guard-lambda --payload '{ "template": "{\n    \"Resources\": \n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}", "ruleSet": "let require_encryption = true", "strictChecks": true}' output.json
 {
     "StatusCode": 200,
     "ExecutedVersion": "$LATEST"
@@ -117,7 +117,7 @@ cat output.json | jq '.'
   "message": [
     "ERROR:  Template file format was unreadable as json or yaml: while parsing a flow mapping, did not find expected ',' or '}' at line 3 column 21"
   ],
-  "exit_status": "ERR"
+  "exitStatus": "ERR"
 }
 ```
 ## Calling the Lambda Function
@@ -125,7 +125,7 @@ cat output.json | jq '.'
 Requests to `cfn-guard-lambda` require the following 3 fields:
 * `template` - The string version of the YAML or JSON CloudFormation Template
 * `ruleSet` - The string version of the rule set file
-* `strict_checks` - A boolean indicating whether to apply [strict checks](../cfn-guard/README.md#about)
+* `strictChecks` - A boolean indicating whether to apply [strict checks](../cfn-guard/README.md#about)
 
 #### Example
 There are example payloads in the [Makefile](Makefile).  Here's one we use to test a rule set that should not pass:
@@ -133,7 +133,7 @@ There are example payloads in the [Makefile](Makefile).  Here's one we use to te
 ```
 request_payload_fail = '{ "template": "{\n    \"Resources\": {\n        \"NewVolume\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 100,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        },\n        \"NewVolume2\" : {\n            \"Type\" : \"AWS::EC2::Volume\",\n            \"Properties\" : {\n                \"Size\" : 99,\n                \"Encrypted\": true,\n                \"AvailabilityZone\" : \"us-east-1b\"\n            }\n        } }\n}",\
                      "ruleSet": "let require_encryption = true\nlet disallowed_azs = [us-east-1a,us-east-1b,us-east-1c]\n\nAWS::EC2::Volume AvailabilityZone NOT_IN %disallowed_azs\nAWS::EC2::Volume Encrypted != %require_encryption\nAWS::EC2::Volume Size == 101 |OR| AWS::EC2::Volume Size == 99\nAWS::IAM::Role AssumeRolePolicyDocument.Version == 2012-10-18\nAWS::EC2::Volume Lorem == true\nAWS::EC2::Volume Encrypted == %ipsum\nAWS::EC2::Volume AvailabilityZone != /us-east-.*/",\
-                      "strict_checks": true}'
+                      "strictChecks": true}'
 
 #======================================================================
 # Request Payload Fail:
diff --git a/cfn-guard-lambda/src/main.rs b/cfn-guard-lambda/src/main.rs
index 442e0ecfa..b2da516d6 100644
--- a/cfn-guard-lambda/src/main.rs
+++ b/cfn-guard-lambda/src/main.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use std::error::Error;
 
@@ -14,12 +15,14 @@ struct CustomEvent {
     template: String,
     #[serde(rename = "ruleSet")]
     rule_set: String,
+    #[serde(rename = "strictChecks")]
     strict_checks: bool,
 }
 
 #[derive(Serialize)]
 struct CustomOutput {
     message: Vec<String>,
+    #[serde(rename = "exitStatus")]
     exit_status: String,
 }
 
diff --git a/cfn-guard-rulegen-lambda/Cargo.lock b/cfn-guard-rulegen-lambda/Cargo.lock
index 6cb6134a2..49644d9eb 100644
--- a/cfn-guard-rulegen-lambda/Cargo.lock
+++ b/cfn-guard-rulegen-lambda/Cargo.lock
@@ -89,7 +89,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
 name = "cfn-guard-rulegen"
-version = "0.6.0"
+version = "0.7.0"
 dependencies = [
  "clap 2.33.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.4.7 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -101,9 +101,9 @@ dependencies = [
 
 [[package]]
 name = "cfn-guard-rulegen-lambda"
-version = "0.6.0"
+version = "0.7.0"
 dependencies = [
- "cfn-guard-rulegen 0.6.0",
+ "cfn-guard-rulegen 0.7.0",
  "lambda_runtime 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.4.7 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.95 (registry+https://github.com/rust-lang/crates.io-index)",
diff --git a/cfn-guard-rulegen-lambda/Cargo.toml b/cfn-guard-rulegen-lambda/Cargo.toml
index d995eb978..1bb3caca8 100644
--- a/cfn-guard-rulegen-lambda/Cargo.toml
+++ b/cfn-guard-rulegen-lambda/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cfn-guard-rulegen-lambda"
-version = "0.6.0"
+version = "0.7.0"
 edition = "2018"
 
 [dependencies]
diff --git a/cfn-guard-rulegen-lambda/src/main.rs b/cfn-guard-rulegen-lambda/src/main.rs
index 7ae4b01e3..faa93639e 100644
--- a/cfn-guard-rulegen-lambda/src/main.rs
+++ b/cfn-guard-rulegen-lambda/src/main.rs
@@ -1,4 +1,5 @@
-// © 2019 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use std::error::Error;
 use cfn_guard_rulegen;
diff --git a/cfn-guard-rulegen/Cargo.lock b/cfn-guard-rulegen/Cargo.lock
index 18a368308..b25f3064f 100644
--- a/cfn-guard-rulegen/Cargo.lock
+++ b/cfn-guard-rulegen/Cargo.lock
@@ -40,7 +40,7 @@ checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
 
 [[package]]
 name = "cfn-guard-rulegen"
-version = "0.6.0"
+version = "0.7.0"
 dependencies = [
  "clap",
  "log",
diff --git a/cfn-guard-rulegen/Cargo.toml b/cfn-guard-rulegen/Cargo.toml
index fbc22b4be..c1d27ed9b 100644
--- a/cfn-guard-rulegen/Cargo.toml
+++ b/cfn-guard-rulegen/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cfn-guard-rulegen"
-version = "0.6.0"
+version = "0.7.0"
 edition = "2018"
 
 [dependencies]
diff --git a/cfn-guard-rulegen/README.md b/cfn-guard-rulegen/README.md
deleted file mode 100644
index 7a9170515..000000000
--- a/cfn-guard-rulegen/README.md
+++ /dev/null
@@ -1,158 +0,0 @@
-# [PREVIEW] CloudFormation Guard Rulegen
-
-A CLI tool to automatically generate [CloudFormation Guard](https://github.com/aws-cloudformation/cloudformation-guard) rules from CloudFormation Templates.
-
-### Runtime Arguments
-
-Rulegen uses the Rust Clap library to parse arguments.  Its `--help` output will show you what options are available:
-
-```
-$> cfn-guard-rulegen --help
-
-CloudFormation Guard RuleGen
-Generate CloudFormation Guard rules from a CloudFormation template
-
-USAGE:
-    cfn-guard-rulegen [FLAGS] <TEMPLATE>
-
-FLAGS:
-    -h, --help       Prints help information
-    -v               Sets the level of verbosity - add v's to increase output
-    -V, --version    Prints version information
-
-ARGS:
-    <TEMPLATE> 
-```
-# Example
-
-If you supply the `cfn-guard-rulegen` tool with a CloudFormation template:
-
-``` 
-AWSTemplateFormatVersion: '2010-09-09'
-Metadata:
-  License: Apache-2.0
-Description: 'AWS CloudFormation Sample Template for cfn-guard blog, for developers.
-  It creates an Amazon EC2 instance running the latest Amazon Linux AMI, based on the region
-  in which the stack is run, with restricted sizes. It also creates an EC2 security group
-  for the instance to give you SSH access on a non-standard port.
-  **WARNING** This template creates an Amazon EC2 instance, and you will be billed for
-  it once the stack is deployed.  Delete the stack after you have completed your tests to
-  avoid additional charges'
-Parameters:
-  KeyName:
-    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
-    Type: AWS::EC2::KeyPair::KeyName
-    ConstraintDescription: must be the name of an existing EC2 KeyPair.
-  SSHLocation:
-    Description: The IP address range that can be used to SSH to the EC2 instances
-    Type: String
-    MinLength: 9
-    MaxLength: 18
-    Default: 0.0.0.0/0
-    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
-    ConstraintDescription: Must be a company approved, valid IP CIDR range of the form x.x.x.x/x.
-  LatestAmiId:
-    Type:  'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
-    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
-Resources:
-  EC2Instance:
-    Type: AWS::EC2::Instance
-    Properties:
-      InstanceType: t3.medium
-      SecurityGroups: [!Ref 'InstanceSecurityGroup']
-      KeyName: !Ref 'KeyName'
-      ImageId: !Ref 'LatestAmiId'
-  InstanceSecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupDescription: Enable SSH access via custom port 33322
-      SecurityGroupIngress:
-      - IpProtocol: tcp
-        FromPort: 22
-        ToPort: 22
-        CidrIp: !Ref 'SSHLocation'
-  NewVolume:
-    Type: AWS::EC2::Volume
-    Properties:
-      Size: 512
-      AvailabilityZone: !GetAtt [EC2Instance, AvailabilityZone]
-Outputs:
-  InstanceId:
-    Description: InstanceId of the newly created EC2 instance
-    Value: !Ref 'EC2Instance'
-  AZ:
-    Description: Availability Zone of the newly created EC2 instance
-    Value: !GetAtt [EC2Instance, AvailabilityZone]
-  PublicDNS:
-    Description: Public DNSName of the newly created EC2 instance
-    Value: !GetAtt [EC2Instance, PublicDnsName]
-  PublicIP:
-    Description: Public IP address of the newly created EC2 instance
-    Value: !GetAtt [EC2Instance, PublicIp]
-```
-
-It will convert the template resources' properties to CloudFormation Guard rules:
-
-``` 
-⋊>  cfn-guard-rulegen test-ec2.yaml | sort                                                                                                                                    16:57:26
-AWS::EC2::Instance ImageId == LatestAmiId
-AWS::EC2::Instance InstanceType == t3.medium
-AWS::EC2::Instance KeyName == KeyName
-AWS::EC2::Instance SecurityGroups == ["InstanceSecurityGroup"]
-AWS::EC2::SecurityGroup GroupDescription == Enable SSH access via custom port 33322
-AWS::EC2::SecurityGroup SecurityGroupIngress == [{"CidrIp":"SSHLocation","FromPort":22,"IpProtocol":"tcp","ToPort":22}]
-AWS::EC2::Volume AvailabilityZone == ["EC2Instance","AvailabilityZone"]
-AWS::EC2::Volume Size == 512
-```
-
-Given the potential for hundreds or even thousands of rules to emerge, we recommend piping the output through `sort` and into a file for editing:
-
-```
-cfn-guard-rulegen Examples/aws-waf-security-automations.template | sort > ~/waf_rules
-```
-
-# To Build and Run
-
-## Install Rust
-See the instructions in the [top-level README](../README.md#install-rust).
- 
-## Run the tool
-
-Open whatever shell you prefer (eg, `bash` on Mac/Linux or `cmd.exe` on Windows) and cd into the directory where the source has been downloaded.
-
-### Using Cargo
-
-With cargo, you can run right from the git directory, but it won't be as fast as a compiled build-release.
-
-```
-cargo run -- <CloudFormation Template>
-```
-
-(NOTE: The `--` in the middle is necessary to disambiguate whether the flags are being passed to Cargo or to the program)
-
-### Building the binary
-
-**NOTE: By default rust compiles to binaries for whatever platform you run the build on.  [You can cross-compile in rust](https://github.com/japaric/rust-cross), if you need to.**
-
-#### Mac/Linux
-Running
-
-```
-make
-```
-
-will compile the release binary and drop it in the `bin/` directory under the directory you compiled it in.
-
-#### Windows
-1. Run `cargo build --release`.
-2. Run the binary with `target\release\cfn-guard-rulegen.exe`
-
-
-### Logging
-
-If you'd like to see the logic cfn-guard-rulegen is applying at runtime, there are a number of log levels you can access.
-
-To increase the verbosity, simply add more v's to the verbosity flag (eg, -v, -vv, -vvv)
-
-NOTE: The same log levels can be accessed either in the target binary or with `cargo run`
-
diff --git a/cfn-guard-rulegen/src/lib.rs b/cfn-guard-rulegen/src/lib.rs
index 4670649f9..146834dbb 100644
--- a/cfn-guard-rulegen/src/lib.rs
+++ b/cfn-guard-rulegen/src/lib.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use log::{self, debug, error, info, trace};
 use serde_json::Value;
diff --git a/cfn-guard-rulegen/src/main.rs b/cfn-guard-rulegen/src/main.rs
index b13499621..925521175 100644
--- a/cfn-guard-rulegen/src/main.rs
+++ b/cfn-guard-rulegen/src/main.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use std::process;
 #[macro_use]
diff --git a/cfn-guard/Cargo.lock b/cfn-guard/Cargo.lock
index a4e46b5e9..e2736a974 100644
--- a/cfn-guard/Cargo.lock
+++ b/cfn-guard/Cargo.lock
@@ -1,5 +1,20 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
+[[package]]
+name = "addr2line"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b6a2d3371669ab3ca9797670853d61402b03d0b4b9ebf33d677dfa720203072"
+dependencies = [
+ "gimli",
+]
+
+[[package]]
+name = "adler"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee2a4ec343196209d6594e19543ae87a39f96d5534d7174822a3ad825dd6ed7e"
+
 [[package]]
 name = "aho-corasick"
 version = "0.7.10"
@@ -18,6 +33,12 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "ascii"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eab1c04a571841102f5345a8fc0f6bb3d31c315dec879b5c6e42e40ce7ffa34e"
+
 [[package]]
 name = "atty"
 version = "0.2.14"
@@ -35,12 +56,38 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d"
 
+[[package]]
+name = "backtrace"
+version = "0.3.50"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "46254cf2fdcdf1badb5934448c1bcbe046a56537b3987d96c51a7afc5d03f293"
+dependencies = [
+ "addr2line",
+ "cfg-if",
+ "libc",
+ "miniz_oxide",
+ "object",
+ "rustc-demangle",
+]
+
 [[package]]
 name = "bitflags"
 version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
 
+[[package]]
+name = "byteorder"
+version = "1.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de"
+
+[[package]]
+name = "cesu8"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
+
 [[package]]
 name = "cfg-if"
 version = "0.1.10"
@@ -49,9 +96,11 @@ checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
 
 [[package]]
 name = "cfn-guard"
-version = "0.6.0"
+version = "0.7.0"
 dependencies = [
+ "cfn-guard-rulegen",
  "clap",
+ "jni",
  "lazy_static",
  "log",
  "regex",
@@ -61,6 +110,18 @@ dependencies = [
  "simple_logger",
 ]
 
+[[package]]
+name = "cfn-guard-rulegen"
+version = "0.7.0"
+dependencies = [
+ "clap",
+ "log",
+ "serde",
+ "serde_json",
+ "serde_yaml",
+ "simple_logger",
+]
+
 [[package]]
 name = "chrono"
 version = "0.4.11"
@@ -98,12 +159,47 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "combine"
+version = "3.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da3da6baa321ec19e1cc41d31bf599f00c783d0517095cdaf0332e3fe8d20680"
+dependencies = [
+ "ascii",
+ "byteorder",
+ "either",
+ "memchr",
+ "unreachable",
+]
+
 [[package]]
 name = "dtoa"
 version = "0.4.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4358a9e11b9a09cf52383b451b49a169e8d797b68aa02301ff586d70d9661ea3"
 
+[[package]]
+name = "either"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cd56b59865bce947ac5958779cfa508f6c3b9497cc762b7e24a12d11ccde2c4f"
+
+[[package]]
+name = "error-chain"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc"
+dependencies = [
+ "backtrace",
+ "version_check",
+]
+
+[[package]]
+name = "gimli"
+version = "0.22.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aaf91faf136cb47367fa430cd46e37a788775e7fa104f8b4bcb3861dc389b724"
+
 [[package]]
 name = "hermit-abi"
 version = "0.1.13"
@@ -119,6 +215,26 @@ version = "0.4.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8b7a7c0c47db5545ed3fef7468ee7bb5b74691498139e4b3f6a20685dc6dd8e"
 
+[[package]]
+name = "jni"
+version = "0.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1981310da491a4f0f815238097d0d43d8072732b5ae5f8bd0d8eadf5bf245402"
+dependencies = [
+ "cesu8",
+ "combine",
+ "error-chain",
+ "jni-sys",
+ "log",
+ "walkdir",
+]
+
+[[package]]
+name = "jni-sys"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130"
+
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@@ -152,6 +268,15 @@ version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400"
 
+[[package]]
+name = "miniz_oxide"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4d7559a8a40d0f97e1edea3220f698f78b1c5ab67532e49f68fde3910323b722"
+dependencies = [
+ "adler",
+]
+
 [[package]]
 name = "num-integer"
 version = "0.1.43"
@@ -171,6 +296,12 @@ dependencies = [
  "autocfg",
 ]
 
+[[package]]
+name = "object"
+version = "0.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ab52be62400ca80aa00285d25253d7f7c437b7375c4de678f5405d3afe82ca5"
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.18"
@@ -207,12 +338,27 @@ version = "0.6.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26412eb97c6b088a6997e05f69403a802a92d520de2f8e63c2b65f9e0f47c4e8"
 
+[[package]]
+name = "rustc-demangle"
+version = "0.1.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783"
+
 [[package]]
 name = "ryu"
 version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
 
+[[package]]
+name = "same-file"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "serde"
 version = "1.0.111"
@@ -326,12 +472,44 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c"
 
+[[package]]
+name = "unreachable"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "382810877fe448991dfc7f0dd6e3ae5d58088fd0ea5e35189655f84e6814fa56"
+dependencies = [
+ "void",
+]
+
 [[package]]
 name = "vec_map"
 version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
 
+[[package]]
+name = "version_check"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed"
+
+[[package]]
+name = "void"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
+
+[[package]]
+name = "walkdir"
+version = "2.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "777182bc735b6424e1a57516d35ed72cb8019d85c8c9bf536dccb3445c1a2f7d"
+dependencies = [
+ "same-file",
+ "winapi",
+ "winapi-util",
+]
+
 [[package]]
 name = "winapi"
 version = "0.3.8"
@@ -348,6 +526,15 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 
+[[package]]
+name = "winapi-util"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
+dependencies = [
+ "winapi",
+]
+
 [[package]]
 name = "winapi-x86_64-pc-windows-gnu"
 version = "0.4.0"
diff --git a/cfn-guard/Cargo.toml b/cfn-guard/Cargo.toml
index 0628802e9..a3f4b9ec2 100644
--- a/cfn-guard/Cargo.toml
+++ b/cfn-guard/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cfn-guard"
-version = "0.6.0"
+version = "0.7.0"
 edition = "2018"
 
 [lib]
@@ -15,4 +15,5 @@ log = "0.4.6"
 clap = "2.33.0"
 simple_logger = "1.3.0"
 regex = "1.1.9"
+cfn-guard-rulegen = {path = "../cfn-guard-rulegen" }
 jni = "0.14"
diff --git a/cfn-guard/README.md b/cfn-guard/README.md
index a07b5439d..20d5d31b7 100644
--- a/cfn-guard/README.md
+++ b/cfn-guard/README.md
@@ -10,24 +10,6 @@ A command line tool for validating AWS CloudFormation resources against policy.
 * [Testing Code Changes](#to-test)
 
 # About
-```
-CloudFormation Guard
-Check CloudFormation templates against rules
-
-USAGE:
-    cfn-guard [FLAGS] --rule_set <RULE_SET_FILE> --template <TEMPLATE_FILE>
-
-FLAGS:
-    -h, --help             Prints help information
-    -s, --strict-checks    Fail resources if they're missing the property that a rule checks
-    -v                     Sets the level of verbosity - add v's to increase output
-    -V, --version          Prints version information
-    -w, --warn_only        Show results but return an exit code of 0 regardless of rule violations
-
-OPTIONS:
-    -r, --rule_set <RULE_SET_FILE>    Rules to check the template against
-    -t, --template <TEMPLATE_FILE>    CloudFormation Template
-```
 `cfn-guard` is a tool for checking CloudFormation resources for properties using a light-weight, firewall-rule-like syntax.
 
 As an example of how to use it, given a CloudFormation template:
@@ -73,7 +55,7 @@ AWS::EC2::Volume AvailabilityZone != /us-east-.*/
 You can check the compliance of that template with those rules:
 
 ```
-> cfn-guard -t ebs_volume_template.json -r ebs_volume_rule_set
+> cfn-guard check -t ebs_volume_template.json -r ebs_volume_rule_set
 "[NewVolume2] failed because [AvailabilityZone] is [us-east-1b] and the pattern [us-east-.*] is not permitted"
 "[NewVolume2] failed because [Encrypted] is [true] and that value is not permitted"
 "[NewVolume2] failed because [us-east-1b] is in [us-east-1a,us-east-1b,us-east-1c] which is not permitted for [AvailabilityZone]"
@@ -91,6 +73,64 @@ If CloudFormation Guard validates the CloudFormation templates successfully, it
 
 If you want CloudFormation Guard to get the result of the rule check but still get an exit value of `0`, use the `-w` Warn flag.
 
+## Check vs Rulegen
+
+`cfn-guard` has two modes:  
+
+### Check
+`check` (like the example above) checks templates against rulesets.
+```
+cfn-guard-check
+Check CloudFormation templates against rules
+
+USAGE:
+    cfn-guard check [FLAGS] --rule_set <RULE_SET_FILE> --template <TEMPLATE_FILE>
+
+FLAGS:
+    -h, --help             Prints help information
+    -s, --strict-checks    Fail resources if they're missing the property that a rule checks
+    -v                     Sets the level of verbosity - add v's to increase output
+    -V, --version          Prints version information
+    -w, --warn_only        Show results but return an exit code of 0 regardless of rule violations
+
+OPTIONS:
+    -r, --rule_set <RULE_SET_FILE>    Rules to check the template against
+    -t, --template <TEMPLATE_FILE>    CloudFormation Template
+```
+
+### Rulegen
+`rulegen` takes a CloudFormation template and autogenerates a set of `cfn-guard` rules that match the properties of its resources.  This is a useful way to get started rule-writing or just create ready-to-use rulesets from known-good templates.
+
+``` 
+cfn-guard-rulegen
+Autogenerate rules from an existing CloudFormation template
+
+USAGE:
+    cfn-guard rulegen [FLAGS] <TEMPLATE>
+
+FLAGS:
+    -h, --help       Prints help information
+    -v               Sets the level of verbosity - add v's to increase output
+    -V, --version    Prints version information
+
+ARGS:
+    <TEMPLATE>
+```
+For example:
+
+``` 
+> cfn-guard rulegen Examples/ebs-volume-template.json
+AWS::EC2::Volume AvailabilityZone == us-west-2b |OR| AWS::EC2::Volume AvailabilityZone == us-west-2c
+AWS::EC2::Volume Encrypted == false
+AWS::EC2::Volume Size == 50 |OR| AWS::EC2::Volume Size == 500
+```
+
+Given the potential for hundreds or even thousands of rules to emerge, we recommend piping the output through `sort` and into a file for editing:
+
+```
+cfn-guard rulegen Examples/aws-waf-security-automations.template | sort > ~/waf_rules
+```
+
 
 # Writing Rules
 
@@ -769,6 +809,12 @@ And the rule:
 ```
 Whenever your rules aren't behaving as expected, this is great way to see why.
 
+## Troubleshooting FAQ
+
+**Q: I keep trying to force a failure with a bad rule value and I'm not getting any results**
+
+A: This is almost always due to fact that there's a typo in the property name you're trying to check for in your rule.  Turn on `--strict-checks` and you'll get an error if the names don't match.  This is an easy way to spot typos.
+
 
 # To Build and Run
 
diff --git a/cfn-guard/src/guard_types.rs b/cfn-guard/src/guard_types.rs
index 4017b92e5..fea506598 100644
--- a/cfn-guard/src/guard_types.rs
+++ b/cfn-guard/src/guard_types.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 // Structs, Enums and Impls
 
 pub mod enums {
diff --git a/cfn-guard/src/lib.rs b/cfn-guard/src/lib.rs
index 8fe61c37d..c9b396f21 100644
--- a/cfn-guard/src/lib.rs
+++ b/cfn-guard/src/lib.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use log::{self, debug, error, info, trace};
 use serde_json::Value;
@@ -49,7 +50,7 @@ pub fn run(
     }
 }
 
-pub extern fn run_check(
+pub extern "C" fn run_check(
     template_file_contents: &str,
     rules_file_contents: &str,
     strict_checks: bool,
@@ -368,13 +369,13 @@ fn apply_rule(
                 }
             };
             match util::get_resource_prop_value(property_root, &address) {
-                Err(e) => {
+                Err(_) => {
                     if strict_checks {
                         rule_result.push(match &rule.custom_msg {
                             Some(c) => format!("[{}] failed because {}", name, c),
                             None => format!(
                         "[{}] failed because it does not contain the required property of [{}]",
-                        name, e
+                        name, &rule.field
                     ),
                         })
                     }
@@ -424,7 +425,12 @@ fn apply_rule_operation(
         enums::OpCode::Require => {
             match rule.rule_vtype {
                 enums::RValueType::Value | enums::RValueType::Variable => {
-                    if util::format_value(&val) == util::strip_ws_nl(rule_val.to_string()) {
+                    // Rule and template values are stripped of whitespace here for comparison
+                    let f_template_val = util::format_value(&val);
+                    trace!("f_template_val is {}", f_template_val);
+                    let f_rule_val = util::strip_ws_nl(rule_val.to_string());
+                    trace!("f_rule_val is {}", f_rule_val);
+                    if f_template_val == f_rule_val {
                         info!("Result: PASS");
                         None
                     } else {
@@ -434,16 +440,32 @@ fn apply_rule_operation(
                                 "[{}] failed because [{}] is [{}] and {}",
                                 res_name,
                                 &rule.field,
-                                util::format_value(&val),
+                                {
+                                    if val.is_string() {
+                                        //This is necessary to remove extraneous quotes when converting a string
+                                        String::from(val.as_str().unwrap())
+                                    } else {
+                                        //Quotes not added for non-String SerDe values
+                                        val.to_string()
+                                    }
+                                },
                                 c
                             ),
-                            None => format!(
+                            None => {
+                                format!(
                                 "[{}] failed because [{}] is [{}] and the permitted value is [{}]",
                                 res_name,
                                 &rule.field,
-                                util::format_value(&val),
+                                {if val.is_string() {
+                                    //This is necessary to remove extraneous quotes when converting a string
+                                    String::from(val.as_str().unwrap())
+                                } else {
+                                    //Quotes not added for non-String SerDe values
+                                    val.to_string()
+                                }},
                                 rule_val.to_string()
-                            ),
+                            )
+                            }
                         })
                     }
                 }
@@ -755,26 +777,33 @@ pub extern "system" fn Java_com_amazonaws_cfnguard_javawrapper_CfnGuardWrapper_r
     rules_contents: JString,
     strict_checks: JString,
 ) -> jstring {
-    let template_string: String =
-        env.get_string(template_contents).expect("Couldn't get java string for template_contents").into();
-    let rules_string: String =
-        env.get_string(rules_contents).expect("Couldn't get java string for rules_contents").into();
+    let template_string: String = env
+        .get_string(template_contents)
+        .expect("Couldn't get java string for template_contents")
+        .into();
+    let rules_string: String = env
+        .get_string(rules_contents)
+        .expect("Couldn't get java string for rules_contents")
+        .into();
 
     // Anything but "true" is treated as false.
-    let strict_checks_string: String =
-        env.get_string(strict_checks).expect("Couldn't get java string for strict_checks").into();
-    let strict_checks_bool = 
-        match strict_checks_string.parse() {
-            Ok(res) => res,
-            Err(_e) => false,
-        };
+    let strict_checks_string: String = env
+        .get_string(strict_checks)
+        .expect("Couldn't get java string for strict_checks")
+        .into();
+    let strict_checks_bool = match strict_checks_string.parse() {
+        Ok(res) => res,
+        Err(_e) => false,
+    };
 
-    let outcome_string: String = 
+    let outcome_string: String =
         match run_check(&template_string, &rules_string, strict_checks_bool) {
             Ok(res) => res.0.join("\n"),
             Err(e) => e.to_string(),
         };
 
-    let result_jni_string = env.new_string(outcome_string).expect("Couldn't cast check outcome to JNI JString");
+    let result_jni_string = env
+        .new_string(outcome_string)
+        .expect("Couldn't cast check outcome to JNI JString");
     return result_jni_string.into_inner();
 }
diff --git a/cfn-guard/src/main.rs b/cfn-guard/src/main.rs
index 772b2f440..b2f34c49e 100644
--- a/cfn-guard/src/main.rs
+++ b/cfn-guard/src/main.rs
@@ -1,93 +1,139 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use std::process;
 #[macro_use]
 extern crate log;
 extern crate lazy_static;
 extern crate simple_logger;
-use clap::{crate_version, App, Arg};
+use cfn_guard_rulegen;
+use clap::{crate_version, App, AppSettings, Arg, SubCommand};
 use log::Level;
 
 fn main() {
     let matches = App::new("CloudFormation Guard")
+        .setting(AppSettings::ArgRequiredElseHelp)
         .version(crate_version!())
-        .about("Check CloudFormation templates against rules")
-        .arg(
-            Arg::with_name("template")
-                .short("t")
-                .long("template")
-                .value_name("TEMPLATE_FILE")
-                .help("CloudFormation Template")
-                .required(true),
+        .subcommand(
+            SubCommand::with_name("check")
+                .about("Check CloudFormation templates against rules")
+                .arg(
+                    Arg::with_name("template")
+                        .short("t")
+                        .long("template")
+                        .value_name("TEMPLATE_FILE")
+                        .help("CloudFormation Template")
+                        .required(true),
+                )
+                .arg(
+                    Arg::with_name("rule_set")
+                        .short("r")
+                        .long("rule_set")
+                        .value_name("RULE_SET_FILE")
+                        .help("Rules to check the template against")
+                        .required(true),
+                )
+                .arg(
+                    Arg::with_name("warn-only")
+                        .short("w")
+                        .long("warn_only")
+                        .help(
+                        "Show results but return an exit code of 0 regardless of rule violations",
+                    ),
+                )
+                .arg(
+                    Arg::with_name("strict-checks")
+                        .short("s")
+                        .long("strict-checks")
+                        .help("Fail resources if they're missing the property that a rule checks"),
+                )
+                .arg(
+                    Arg::with_name("v")
+                        .short("v")
+                        .multiple(true)
+                        .help("Sets the level of verbosity - add v's to increase output"),
+                ),
         )
-        .arg(
-            Arg::with_name("rule_set")
-                .short("r")
-                .long("rule_set")
-                .value_name("RULE_SET_FILE")
-                .help("Rules to check the template against")
-                .required(true),
-        )
-        .arg(
-            Arg::with_name("v")
-                .short("v")
-                .multiple(true)
-                .help("Sets the level of verbosity - add v's to increase output"),
-        )
-        .arg(
-            Arg::with_name("warn-only")
-                .short("w")
-                .long("warn_only")
-                .help("Show results but return an exit code of 0 regardless of rule violations"),
-        )
-        .arg(
-            Arg::with_name("strict-checks")
-                .short("s")
-                .long("strict-checks")
-                .help("Fail resources if they're missing the property that a rule checks"),
+        .subcommand(
+            SubCommand::with_name("rulegen")
+                .about("Autogenerate rules from an existing CloudFormation template")
+                .arg(Arg::with_name("TEMPLATE").index(1).required(true))
+                .arg(
+                    Arg::with_name("v")
+                        .short("v")
+                        .multiple(true)
+                        .help("Sets the level of verbosity - add v's to increase output"),
+                ),
         )
         .get_matches();
 
-    let log_level = match matches.occurrences_of("v") {
-        0 => Level::Error,
-        1 => Level::Info,
-        2 => Level::Debug,
-        _ => Level::Trace,
-    };
+    if let Some(matches) = matches.subcommand_matches("rulegen") {
+        let log_level = match matches.occurrences_of("v") {
+            0 => Level::Error,
+            1 => Level::Info,
+            2 => Level::Debug,
+            _ => Level::Trace,
+        };
 
-    simple_logger::init_with_level(log_level).unwrap();
+        simple_logger::init_with_level(log_level).unwrap();
 
-    debug!("Parameters are {:#?}", matches);
+        debug!("Parameters are {:#?}", matches);
+        let template_file = matches.value_of("TEMPLATE").unwrap();
+        let mut result = cfn_guard_rulegen::run(template_file).unwrap_or_else(|err| {
+            println!("Problem generating rules: {}", err);
+            process::exit(1);
+        });
 
-    let template_file = matches.value_of("template").unwrap();
-    let rule_set_file = matches.value_of("rule_set").unwrap();
+        if !result.is_empty() {
+            result.sort();
+            for res in result.iter() {
+                println!("{}", res);
+            }
+        }
+        process::exit(0);
+    } else {
+        if let Some(matches) = matches.subcommand_matches("check") {
+            let log_level = match matches.occurrences_of("v") {
+                0 => Level::Error,
+                1 => Level::Info,
+                2 => Level::Debug,
+                _ => Level::Trace,
+            };
 
-    info!(
-        "CloudFormation Guard is checking the template '{}' against the rules in '{}'",
-        &template_file, &rule_set_file
-    );
+            simple_logger::init_with_level(log_level).unwrap();
 
-    let (result, exit_code) = cfn_guard::run(
-        template_file,
-        rule_set_file,
-        matches.is_present("strict-checks"),
-    )
-    .unwrap_or_else(|err| {
-        println!("Problem checking template: {}", err);
-        process::exit(1);
-    });
+            debug!("Parameters are {:#?}", matches);
+            let template_file = matches.value_of("template").unwrap();
+            let rule_set_file = matches.value_of("rule_set").unwrap();
 
-    if !result.is_empty() {
-        for res in result.iter() {
-            println!("{}", res);
-        }
-        println!("Number of failures: {}", result.len());
-        if matches.is_present("warn-only") {
-            process::exit(0);
-        } else {
-            process::exit(exit_code as i32);
+            info!(
+                "CloudFormation Guard is checking the template '{}' against the rules in '{}'",
+                &template_file, &rule_set_file
+            );
+
+            let (result, exit_code) = cfn_guard::run(
+                template_file,
+                rule_set_file,
+                matches.is_present("strict-checks"),
+            )
+            .unwrap_or_else(|err| {
+                println!("Problem checking template: {}", err);
+                process::exit(1);
+            });
+
+            if !result.is_empty() {
+                for res in result.iter() {
+                    println!("{}", res);
+                }
+                println!("Number of failures: {}", result.len());
+                if matches.is_present("warn-only") {
+                    process::exit(0);
+                } else {
+                    process::exit(exit_code as i32);
+                }
+            } else {
+                info!("All CloudFormation resources passed");
+            }
         }
-    } else {
-        info!("All CloudFormation resources passed");
     }
 }
diff --git a/cfn-guard/src/parser.rs b/cfn-guard/src/parser.rs
index 312750b47..6546ad91e 100644
--- a/cfn-guard/src/parser.rs
+++ b/cfn-guard/src/parser.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use std::collections::{HashMap, HashSet};
 use std::env;
@@ -16,8 +17,8 @@ use lazy_static::lazy_static;
 // See: https://docs.rs/regex/1.3.9/regex/#example-avoid-compiling-the-same-regex-in-a-loop
 lazy_static! {
     static ref ASSIGN_REG: Regex = Regex::new(r"let (?P<var_name>\w+) +(?P<operator>\S+) +(?P<var_value>.+)").unwrap();
-    static ref RULE_REG: Regex = Regex::new(r"^(?P<resource_type>\S+) +(?P<resource_property>[\w\.\*]+) +(?P<operator>==|!=|<|>|<=|>=|IN|NOT_IN) +(?P<rule_value>[^\n\r]+)").unwrap();
-    static ref COMMENT_REG: Regex = Regex::new(r#"#(?P<comment>.*)"#).unwrap();
+    static ref RULE_REG: Regex = Regex::new(r"^(?P<resource_type>\S+) +(?P<resource_property>[\w\.\|\*]+) +(?P<operator>==|!=|<|>|<=|>=|IN|NOT_IN) +(?P<rule_value>[^\n\r]+)").unwrap();
+    static ref COMMENT_REG: Regex = Regex::new(r#"^#(?P<comment>.*)"#).unwrap();
     static ref WILDCARD_OR_RULE_REG: Regex = Regex::new(r"(\S+) (\S*\*\S*) (==|IN) (.+)").unwrap();
     static ref RULE_WITH_OPTIONAL_MESSAGE_REG: Regex = Regex::new(
         r"^(?P<resource_type>\S+) +(?P<resource_property>[\w\.\*]+) +(?P<operator>==|!=|<|>|<=|>=|IN|NOT_IN) +(?P<rule_value>[^\n\r]+) +<{2} *(?P<custom_msg>.*)").unwrap();
diff --git a/cfn-guard/src/util.rs b/cfn-guard/src/util.rs
index 925d736e6..921a23e6b 100644
--- a/cfn-guard/src/util.rs
+++ b/cfn-guard/src/util.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 use crate::{enums, structs};
 use lazy_static::lazy_static;
@@ -21,8 +22,10 @@ pub fn fix_stringified_bools(fstr: &str) -> String {
 
 pub fn format_value(v: &Value) -> String {
     let formatted_value = if v.is_string() {
+        //This is necessary to remove extraneous quotes when converting a string
         strip_ws_nl(String::from(v.as_str().unwrap()))
     } else {
+        //Quotes not added for non-String SerDe values
         strip_ws_nl(v.to_string())
     };
     trace!("formatted_value is '{}'", formatted_value);
@@ -31,7 +34,7 @@ pub fn format_value(v: &Value) -> String {
 
 pub fn strip_ws_nl(v: String) -> String {
     trace!("Removing spaces and newline characters from '{}'", &v);
-    v.trim().replace("\n", "")
+    v.replace("\n", "").replace(" ", "")
 }
 
 pub fn convert_list_var_to_vec(rule_val: &str) -> Vec<String> {
@@ -81,14 +84,14 @@ pub fn get_resource_prop_value(props: &Value, field: &[&str]) -> Result<Value, S
     trace!("Getting {:?} from {}", &field, &props);
     let mut field_list = field.to_owned();
     trace!("field_list is {:?}", field_list);
-    let next_field = field_list.remove(0);
-    if next_field == "" {
+    if field_list.is_empty() {
         return Ok(props.clone());
     }
-    if next_field == "." {
-        get_resource_prop_value(&props, &field_list)
-    } else {
-        match next_field.parse::<usize>() {
+    let next_field = field_list.remove(0);
+    match next_field {
+        "" => return Ok(props.clone()),
+        "." => get_resource_prop_value(&props, &field_list),
+        _ => match next_field.parse::<usize>() {
             Ok(n) => {
                 trace!(
                     "next_field is {:?} and field_list is now {:?}",
@@ -104,7 +107,7 @@ pub fn get_resource_prop_value(props: &Value, field: &[&str]) -> Result<Value, S
                             Ok(v.clone())
                         }
                     }
-                    Err(_) => Err(n.to_string()),
+                    Err(_) => destringify_json(props, &n, &mut field_list),
                 }
             }
             Err(_) => {
@@ -121,10 +124,34 @@ pub fn get_resource_prop_value(props: &Value, field: &[&str]) -> Result<Value, S
                             Ok(v.clone())
                         }
                     }
-                    Err(_) => Err(next_field.to_string()),
+                    Err(_) => destringify_json(props, &next_field, &mut field_list),
                 }
             }
-        }
+        },
+    }
+}
+
+fn destringify_json<'a>(
+    props: &'a Value,
+    field: &'a dyn serde_json::value::Index,
+    field_list: &'a mut Vec<&str>,
+) -> Result<Value, String> {
+    match props.as_str() {
+        Some(p) => match serde_json::from_str::<Value>(p) {
+            Ok(s) => {
+                trace!("sub structure is {:#?}", s);
+                // trace!("next_field is {}", field);
+                match match_props(&s, field) {
+                    Ok(v) => {
+                        trace!("next_props is {:#?}", v);
+                        get_resource_prop_value(&v, &field_list)
+                    }
+                    Err(_) => return Err(format!("Invalid address")),
+                }
+            }
+            Err(e) => return Err(e.to_string()),
+        },
+        None => return Err(format!("Could not convert properties to string")),
     }
 }
 
diff --git a/cfn-guard/tests/functional.rs b/cfn-guard/tests/functional.rs
index 88929d7ff..3c9bfb6d1 100644
--- a/cfn-guard/tests/functional.rs
+++ b/cfn-guard/tests/functional.rs
@@ -1,4 +1,5 @@
-// © Amazon Web Services, Inc. or its affiliates. All Rights Reserved. This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 
 // Tests
 use cfn_guard;
@@ -1197,8 +1198,8 @@ AWS::EC2::Volume Size == 101 |OR| AWS::EC2::Volume Size == 99"#,
         .unwrap_or_else(|err| format!("{}", err));
         assert_eq!(
             cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
-            (vec![String::from("[NewVolume2] failed because it does not contain the required property of [Tags]"),
-                  String::from("[NewVolume2] failed because it does not contain the required property of [Tags]"),
+            (vec![String::from("[NewVolume2] failed because it does not contain the required property of [Tags.0.Key]"),
+                  String::from("[NewVolume2] failed because it does not contain the required property of [Tags.1.Key]"),
                   String::from("[NewVolume] failed because [Tags.0.Key] is [uaid] and the permitted value is [uai]"),
                   String::from("[NewVolume] failed because [Tags.1.Key] is [tag2] and the permitted value is [uai]")],
              2)
@@ -1648,4 +1649,124 @@ AWS::EC2::Volume Size == 101 |OR| AWS::EC2::Volume Size == 99"#,
             (vec![], 0)
         )
     }
+    #[test]
+    fn test_stringifed_json_descent() {
+        let template_contents = fs::read_to_string("tests/stringified-json-template.yaml")
+            .unwrap_or_else(|err| format!("{}", err));
+
+        let mut rules_file_contents = String::from(
+            r#"AWS::IAM::Role AssumeRolePolicyDocument.Statement.0 == {      "Effect": "Allow",      "Principal": {        "Service": [          "notlambda.amazonaws.com"        ]      }    } "#,
+        );
+
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+
+        rules_file_contents = String::from(
+            r#"AWS::IAM::Role AssumeRolePolicyDocument.Statement.* == {      "Effect": "Allow",      "Principal": {        "Service": [          "notlambda.amazonaws.com"        ]      }    } "#,
+        );
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+
+        rules_file_contents = String::from(
+            r#"AWS::IAM::Role AssumeRolePolicyDocument.Statement.0 == {"Effect": "Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}"#,
+        );
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+
+        rules_file_contents =
+            String::from(r#"AWS::IAM::Role AssumeRolePolicyDocument.Statement.0.Effect == Allow"#);
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+
+        rules_file_contents =
+            String::from(r#"AWS::IAM::Role AssumeRolePolicyDocument.Statement.*.Effect == Allow"#);
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+
+        rules_file_contents = String::from(
+            r#"AWS::IAM::Role AssumeRolePolicyDocument == {"Statement":[{"Effect": "Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}]}"#,
+        );
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+
+        rules_file_contents = String::from(
+            r#"AWS::IAM::Role AssumeRolePolicyDocument != {"Statement":[{"Effect": "Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}]}
+                  AWS::IAM::Role AssumeRolePolicyDocument.Statement != [{"Effect": "Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}]
+                  AWS::IAM::Role AssumeRolePolicyDocument.Statement.0 != {"Effect": "Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}
+                  AWS::IAM::Role AssumeRolePolicyDocument.Statement.*.Effect != Allow"#,
+        );
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (
+                vec![String::from("[LambdaRoleHelper] failed because [AssumeRolePolicyDocument.Statement.0.Effect] is [Allow] and that value is not permitted"),
+            String::from(r#"[LambdaRoleHelper] failed because [AssumeRolePolicyDocument.Statement.0] is [{"Effect":"Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}] and that value is not permitted"#),
+            String::from(r#"[LambdaRoleHelper] failed because [AssumeRolePolicyDocument.Statement] is [[{"Effect":"Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}]] and that value is not permitted"#),
+            String::from(r#"[LambdaRoleHelper] failed because [AssumeRolePolicyDocument] is [{"Statement":[{"Effect":"Allow","Principal":{"Service":["notlambda.amazonaws.com"]}}]}] and that value is not permitted"#)],
+                2
+            )
+        )
+    }
+    #[test]
+    fn test_correct_whitespace() {
+        // Value comparisons during rule eval remove whitespace but the result message should not to avoid confusing the user
+        let template_contents = String::from(
+            r#"Resources:
+  NewVolume:
+    Type: AWS::EC2::Volume
+    Properties :
+        Description: This is a description"#,
+        );
+        let rules_file_contents =
+            String::from(r#"AWS::EC2::Volume Description == This is  a  description"#); // inserted a space on either side of 'a'
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+    }
+
+    #[test]
+    fn test_for_inline_comment() {
+        let template_contents = String::from(
+            r#"Resources:
+  NewVolume:
+    Type: AWS::EC2::Volume
+    Properties :
+        Description: This is a description"#,
+        );
+        let rules_file_contents = String::from(
+            r#"AWS::EC2::Volume Description == This is  a  description # this comment shouldn't be here"#,
+        );
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![String::from("[NewVolume] failed because [Description] is [This is a description] and the permitted value is [This is  a  description # this comment shouldn't be here]")], 2)
+        );
+    }
+
+    #[test]
+    fn test_for_comments_with_whitespace() {
+        let template_contents = String::from(
+            r#"Resources:
+  NewVolume:
+    Type: AWS::EC2::Volume
+    Properties :
+        Description: This is a description"#,
+        );
+        let rules_file_contents = String::from(r#"                         # Comment!! :-o"#);
+        assert_eq!(
+            cfn_guard::run_check(&template_contents, &rules_file_contents, true).unwrap(),
+            (vec![], 0)
+        );
+    }
 }
diff --git a/cfn-guard/tests/stringified-json-template.yaml b/cfn-guard/tests/stringified-json-template.yaml
new file mode 100644
index 000000000..5f32e4dca
--- /dev/null
+++ b/cfn-guard/tests/stringified-json-template.yaml
@@ -0,0 +1,24 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: "My API Gateway and Lambda function"
+
+Parameters:
+  lambdaFunctionName:
+    Type: "String"
+    Default: "governance-lambda"
+Resources:
+  LambdaRoleHelper:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      AssumeRolePolicyDocument: |
+        {
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "notlambda.amazonaws.com"
+                ]
+              }
+            }
+          ]
+        }