pulumi policy group new | CLI commands
Generated for Pulumi CLI v3.247.0.
[EXPERIMENTAL] Create a new Policy Group
Synopsis
[EXPERIMENTAL] Create a new Policy Group.
Creates a new Policy Group in the given organization. Policy Groups define which Policy Packs are enforced on which stacks or cloud accounts, with configurable enforcement levels per pack.
When run interactively, prompts for required values that aren’t provided via flags. Pass –yes to accept defaults without prompting.
pulumi policy group new <name> [flags]
Examples
# Create a Policy Group interactively
pulumi policy group new prod-policies
# Create a stack Policy Group non-interactively
pulumi policy group new prod-policies --entity-type stacks --yes
# Create an audit-mode account Policy Group
pulumi policy group new compliance \
--entity-type accounts --mode audit --yes
# Emit JSON
pulumi policy group new prod-policies --entity-type stacks \
--yes --output json
Options
--agent-pool-id string Agent pool ID for policy evaluation (optional)
--entity-type string The type of entities: stacks or accounts
-h, --help help for new
--mode string The enforcement mode: audit or preventative
--org string The organization to create the Policy Group in
--output string Output format. Supported values are: default and json (default "default")
-y, --yes Skip prompts and proceed with default values
Options inherited from parent commands
--color string Colorize output. Choices are: always, never, raw, auto (default "auto")
-C, --cwd string Run pulumi as if it had been started in another directory
--disable-integrity-checking Disable integrity checking of checkpoint files
-e, --emoji Enable emojis in the output
-Q, --fully-qualify-stack-names Show fully-qualified stack names
--logflow Flow log settings to child processes (like plugins)
--logtostderr Log to stderr instead of to files
--memprofilerate int Enable more precise (and expensive) memory allocation profiles by setting runtime.MemProfileRate
--non-interactive Disable interactive mode for all commands
--otel-traces string Export OpenTelemetry traces to the specified endpoint. Use file:// for local JSON files, grpc:// for remote collectors
--profiling string Emit CPU and memory profiles and an execution trace to '[filename].[pid].{cpu,mem,trace}', respectively
--tracing file: Emit tracing to the specified endpoint. Use the file: scheme to write tracing data to a local file
-v, --verbose int Enable verbose logging (e.g., v=3); anything >3 is very verbose
SEE ALSO
- pulumi policy group - Manage policy groups
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.