---
title: Policy Packs
url: /docs/insights/policy/policy-packs/
---
Policy packs are collections of rules that enforce compliance and best practices across your infrastructure. Each policy pack contains one or more policies that validate resource properties, configurations, or relationships between resources.

## Types of policy packs

Pulumi offers two approaches to policy enforcement:

### Pre-built policy packs

Pulumi provides ready-to-use policy packs for common compliance frameworks including CIS, PCI DSS, HITRUST, and NIST. These packs are maintained by Pulumi and cover security, cost, and operational best practices for AWS, Azure, and Google Cloud.

You can enable pre-built packs directly from Pulumi Cloud with no code required.

[Explore pre-built policy packs →](/docs/insights/policy/policy-packs/pre-built-packs/)

### Custom policy packs

Write your own policies in TypeScript, Python, or [OPA (Rego)](/docs/insights/policy/policy-packs/authoring/#opa) to enforce organization-specific requirements. Custom policies can validate individual resources or entire stack configurations, with support for:

- Configurable enforcement levels (advisory, mandatory, disabled)
- Custom configuration schemas for flexible policy behavior
- Local testing before publishing
- Version management and updates

[Learn to author custom policies →](/docs/insights/policy/policy-packs/authoring/)

## Next steps

- [Browse pre-built policy packs](/docs/insights/policy/policy-packs/pre-built-packs/)
- [Write custom policy packs](/docs/insights/policy/policy-packs/authoring/)
- [PulumiPolicy.yaml project file reference](/docs/insights/policy/policy-packs/project-file/)
- [Configure policy groups](/docs/insights/policy/policy-groups/)
- [View policy findings](/docs/insights/policy/policy-findings/)