Policy Metadata
Each policy includes metadata that defines its identity, purpose, and behavior. Metadata provides important context for how a policy is displayed, enforced, and remediated. This information helps both authors and users understand what the policy does, how severe its violations are, and how to resolve them.
The table below describes all supported metadata fields and their usage:
| Field | Required | Description |
|---|---|---|
name | Yes | Unique identifier for the policy within the policy pack. |
description | Yes | Short summary of what the policy checks or enforces. |
enforcementLevel | No | Defines how the policy behaves on violation. Options: advisory (warn only), mandatory (block deployment), remediate (auto-fix violations), or disabled (turn off policy). |
severity | No | Indicates the seriousness of violations. Valid values: low, medium, high, critical. |
displayName | No | Human-readable name for the policy (used for display instead of name). |
remediationSteps | No | Guidance for how to fix a violation or bring a resource into compliance. |
url | No | Link to external documentation, references, or remediation guides. |
tags | No | Array of labels or categories for grouping and filtering policies. |
framework | No | Associates the policy with a compliance framework or standard. |
framework.name | Yes* | Name of the compliance framework (e.g., "PCI-DSS", "HIPAA", "SOC 2"). |
framework.version | Yes* | Framework version (e.g., "3.2.1", "2022"). |
framework.reference | Yes* | Specific control or requirement reference within the framework. |
framework.specification | Yes* | Detailed description of the related compliance requirement. |
configSchema | No | Schema defining user-configurable parameters for the policy. For more information on configSchema, see authoring |
configSchema.properties | Yes* | Object describing available configuration options and their types. |
configSchema.required | No | Array of property names that must be supplied when configuring the policy. |
* Required if the parent field is defined.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
