
Enforce ISO 27001 Across Your AWS Infrastructure
ISO/IEC 27001 is the international standard for information security management. Proving you meet it usually means months of mapping abstract security controls to concrete cloud configuration, then authoring custom checks one resource at a time. We’re changing that.
Today we’re shipping a pre-built ISO/IEC 27001:2022 policy pack for AWS, live now in Pulumi Cloud as iso-27001-aws. It encodes the standard’s security expectations as 238 ready-to-run policies, so you can align your AWS estate to ISO 27001 in minutes, not months.
Why ISO 27001 matters
For many companies, ISO 27001 is what stands between them and a customer or a market. The sooner you can reach a certifiable state and prove you stay there, the less compliance slows the business down. The pack collapses months of policy work into something you run continuously, so security keeps pace with growth instead of blocking it.
How the pack maps to ISO 27001
The hard part of ISO 27001 has always been translation: its controls are written in the language of governance and risk management, not in the language of AWS resources. Every team has had to interpret each control and decide what it means for an S3 bucket or an RDS instance.
The pack does that interpretation for you. Its 238 policies are aligned to the relevant ISO 27001 controls, so each result connects back to the standard instead of leaving you to map it yourself. You can browse the full pack in the pack reference.
Audit and prevent
The same pack works two ways, so you can both reach compliance and stay there:
- Audit. Scan your existing AWS estate against the pack, including resources that Pulumi doesn’t manage. You get an honest baseline of where you stand against ISO 27001 today, with every finding tied back to the control it affects.
- Prevent. Run the same pack as a preventative policy during
pulumi upto block non-compliant resources before they’re ever created. New infrastructure is born aligned to the standard.
Audit gets you clean. Preventative policies keep you clean.
A growing library of pre-built packs
ISO 27001 joins a growing library of pre-built packs for AWS, each authored and maintained by Pulumi and kept current with its source standard:
- ISO/IEC 27001:2022
- CIS Controls v8.1
- NIST SP 800-53 Rev. 5
- PCI DSS v4.0
- HITRUST CSF v11.5
- Pulumi Best Practices
Adopting any pack means you skip the authoring work entirely, inherit framework mappings maintained by Pulumi, and apply a consistent baseline across every stack and account.
Get started today
The ISO 27001 pack is available now to every Pulumi Cloud user:
- Browse the pack reference to see all 238 policies and how they map to the standard’s controls.
- Explore the full pre-built packs index.
- Follow the get-started guide to run your first audit.
Try Pulumi policies
Ready to align your AWS infrastructure to ISO 27001? Sign up for Pulumi Cloud and run the pack against your estate, or read the policy get-started guide to dig in.
Need a compliance pack for a framework that isn’t listed here? Open a request in pulumi/pulumi-cloud-requests or come tell us in the community Slack. We’re listening.