Policy CLI Reference
The pulumi policy command group provides CLI commands for creating, managing, and enforcing policy packs. You can use these commands to author new policy packs, publish them to Pulumi Cloud, and manage policy groups across your organization.
Policy pack commands
| Command | Description |
|---|---|
pulumi policy new | Create a new policy pack from a template |
pulumi policy install | Install required policy packs for a stack |
pulumi policy publish | Publish a policy pack to Pulumi Cloud |
pulumi policy enable | Enable a policy pack for a Pulumi organization |
pulumi policy disable | Disable a policy pack for a Pulumi organization |
pulumi policy ls | List all policy packs for a Pulumi organization |
pulumi policy rm | Remove a policy pack from a Pulumi organization |
pulumi policy validate-config | Validate a policy pack configuration against its schema |
Policy group commands
| Command | Description |
|---|---|
pulumi policy group | Manage policy groups |
pulumi policy group ls | List all policy groups for a Pulumi organization |
Running policies locally
You can run policy packs locally during pulumi preview or pulumi up by using the --policy-pack flag. This does not require Pulumi Cloud and works with any backend, including the self-managed backend.
pulumi preview --policy-pack /path/to/policy-pack
pulumi up --policy-pack /path/to/policy-pack
You can also apply multiple policy packs at the same time:
pulumi up --policy-pack /path/to/pack-1 --policy-pack /path/to/pack-2
When using
--policy-pack, the policy pack must be present on disk. Pulumi Cloud users can skip this flag entirely because policy packs enabled through policy groups are downloaded and applied automatically.Common workflows
Create and test a policy pack
# Create a new policy pack from a template
pulumi policy new aws-typescript
# Test policies locally during preview
pulumi preview --policy-pack .
Publish and enable a policy pack
# Publish the policy pack to Pulumi Cloud
pulumi policy publish
# Enable the latest version for your organization
pulumi policy enable my-org/my-policy-pack latest
Manage policy packs
# List all policy packs in your organization
pulumi policy ls
# Disable a policy pack
pulumi policy disable my-org/my-policy-pack
# Remove a policy pack (must be disabled first)
pulumi policy rm my-org/my-policy-pack
For the full CLI reference, see pulumi policy.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.