Creating a Custom Policy Pack
Pulumi CrossGuard uses policy-as-code to enforce best practices, compliance, and security requirements across your infrastructure. A policy pack is a collection of policies that can be versioned and reused across projects.
In this tutorial, you will create a custom policy pack that enforces specific policies for your AWS resources, such as enabling S3 bucket versioning, restricting EC2 instance types, and requiring resource tags.
In this tutorial, you'll learn:
- How to define policies using Python and TypeScript
- How to group policies into a policy pack
- How to deploy and enforce the policy pack in your Pulumi organization
- How to define policies involving multiple resources
Prerequisites:-
A Pulumi Cloud account and access token
-
The Pulumi CLI
-
Install Node.js or Python
-
Configure your AWS Credentials
-
Familiarity with infrastructure-as-code and Pulumi
This tutorial focuses on AWS resources, however the same techniques can be used for any resource managed by Pulumi, including Azure, Google Cloud Platform, Kubernetes, etc.
Topics
This tutorial has 3 topics and takes about 15 minutes to complete.
- Create a Custom Policy Pack 5 minutes
- Validate a Custom Policy Pack 5 minutes
- Publish and Enforce a Custom Policy Pack 5 minutes
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
