Policy pack best practices
Naming Policies
Each policy within a Policy Pack must have a unique name. The name must be between 1 and 100 characters and may contain letters, numbers, dashes (-), underscores (_) or periods(.).
Policy Assertions
Policy assertions should be complete sentences, specify the resource that has violated the policy, and be written using an imperative tone. The table below provides some examples of policy assertions.
✅ | ❌ |
---|---|
“The RDS cluster must specify a node type.” | “Specify a node type.” |
“The RDS cluster must have audit logging enabled.” | “Enable audit logging.” |
This format provides a clear message to end users, allowing them to understand what and why a policy is failing.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.