Policy Packs
Policy packs are collections of rules that enforce compliance and best practices across your infrastructure. Each policy pack contains one or more policies that validate resource properties, configurations, or relationships between resources.
Types of policy packs
Pulumi offers two approaches to policy enforcement:
Pre-built policy packs
Pulumi provides ready-to-use policy packs for common compliance frameworks including CIS, PCI DSS, HITRUST, and NIST. These packs are maintained by Pulumi and cover security, cost, and operational best practices for AWS, Azure, and Google Cloud.
You can enable pre-built packs directly from Pulumi Cloud with no code required.
Explore pre-built policy packs →
Custom policy packs
Write your own policies in TypeScript or Python to enforce organization-specific requirements. Custom policies can validate individual resources or entire stack configurations, with support for:
- Configurable enforcement levels (advisory, mandatory, disabled)
- Custom configuration schemas for flexible policy behavior
- Local testing before publishing
- Version management and updates
Learn to author custom policies →
Next steps
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
