Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Docs
  2. Pulumi Cloud
  3. Pulumi Cloud REST API
  4. Policy Packs

Policy Packs

    Policy Packs are collections of policies that define governance rules for infrastructure deployments. The Policy Packs API allows you to create, manage, and apply policy packs to enforce governance rules across your organization.

    Policy Pack Operations

    The API provides endpoints for the following operations:

    • Listing policy packs available in an organization
    • Getting policy pack details at specific versions
    • Creating new policy packs
    • Applying policy packs to the default policy group
    • Deleting policy packs and specific versions

    List Policy Packs

    List policy packs by organization.

    GET /api/orgs/{organization}/policypacks

    Parameters

    ParameterTypeInDescription
    organizationstringpathorganization name

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  https://api.pulumi.com/api/orgs/{organization}/policypacks

    Default response

    Status: 200 OK

    {
  "policyPacks": [
    {
      "name": "aws-iso27001-compliance-ready-policies-typescript",
      "displayName": "",
      "versions": [
        1
      ],
      "versionTags": [
        "0.0.1"
      ]
    },
    {
      "name": "aws-typescript",
      "displayName": "",
      "versions": [
        1
      ],
      "versionTags": [
        "0.0.1"
      ]
    },
    {
      "name": "continuous-policy",
      "displayName": "",
      "versions": [
        3,
        2,
        1
      ],
      "versionTags": [
        "0.0.3",
        "0.0.2",
        "0.0.1"
      ]
    }
  ]
}

    Get Latest Policy Pack Version

    Get policy pack information including config schema for the latest version.

    GET /api/orgs/{organization}/policypacks/{policyPack}/latest

    Parameters

    ParameterTypeInDescription
    organizationstringpathorganization name
    policyPackstringpathpolicy pack name

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  https://api.pulumi.com/api/orgs/{organization}/policypacks/{policyPack}/latest

    Default response

    Status: 200 OK

    {
  "name": "continuous-policy",
  "displayName": "",
  "version": 3,
  "versionTag": "0.0.3",
  "policies": [
    {
      "name": "continuous-policy",
      "displayName": "",
      "description": "Continuous global policies that can be configured dynamically across the entire org using Pulumi Resource Search.",
      "enforcementLevel": "mandatory",
      "message": "",
      "configSchema": {
        "properties": {
          "enforcementLevel": {
            "enum": [
              "advisory",
              "mandatory",
              "remediate",
              "disabled"
            ],
            "type": "string"
          },
          "policies": {
            "items": {
              "properties": {
                "assertion": {
                  "properties": {
                    "operator": {
                      "enum": [
                        "eq",
                        "gt",
                        "lt",
                        "lte",
                        "gte"
                      ],
                      "type": "string"
                    },
                    "value": {
                      "type": "number"
                    }
                  },
                  "type": "object"
                },
                "label": {
                  "type": "string"
                },
                "mode": {
                  "enum": [
                    "query",
                    "ai"
                  ],
                  "type": "string"
                },
                "query": {
                  "type": "string"
                }
              },
              "type": "object"
            },
            "type": "array"
          }
        },
        "type": "object"
      }
    }
  ],
  "applied": false
}

    Get Policy Pack at Specific Version

    Get policy pack information including config schema for a specific version.

    GET /api/orgs/{organization}/policypacks/{policyPack}/versions/{version}

    Parameters

    ParameterTypeInDescription
    organizationstringpathorganization name
    policyPackstringpathpolicy pack name
    versionstringpathversion identifier

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  https://api.pulumi.com/api/orgs/{organization}/policypacks/{policyPack}/versions/{version}

    Get Policy Pack Schema at Specific Version

    Get policy pack config schema for a specific version.

    GET /api/orgs/{organization}/policypacks/{policyPack}/versions/{version}/schema

    Parameters

    ParameterTypeInDescription
    organizationstringpathorganization name
    policyPackstringpathpolicy pack name
    versionstringpathversion identifier

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  https://api.pulumi.com/api/orgs/{organization}/policypacks/{policyPack}/versions/{version}/schema

    Create Policy Pack

    Create policy pack.

    POST /api/orgs/{organization}/policypacks

    Parameters

    ParameterTypeInDescription
    organizationstringpathorganization name
    namestringbodypolicy pack name
    displayNamestringbodypolicy pack display name
    versionTagstringbodypolicy pack version tag name
    policiesarraybodypolicy pack policies - see following parameters
    policies[].namestringobjectpolicy name
    policies[].displayNamestringobjectpolicy display name
    policies[].descriptionstringobjectpolicy description
    policies[].enforcementLevelstringobjectpolicy enforcement level - possible values are advisory, mandatory, remediate, disabled
    policies[].messagestringobjectpolicy message
    policies[].configSchemaobjectobjectpolicy config schema
    policies[].configSchema.propertieskey/valueobjectconfig schema properties
    policies[].configSchema.requiredstring arrayobjectconfig schema required properties
    policies[].configSchema.typestringobjectconfig schema type

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  --request POST \
  --data '{"name":"myPolicyPack", "displayName": "My policy pack", "versionTag":"stable", "policies":[{"name": "myPolicy", "displayName": "My policy", "description": "awesome policy", "enforcementLevel": "mandatory","message":"my policy violation", "configSchema":{"properties": {"foo": "bar}, "required": "foo", "type": "object"}}]}' \
  https://api.pulumi.com/api/orgs/{organization}/policypacks

    Apply Policy Pack

    Applies the latest version of a policy pack using the organization’s default policy group.

    POST /api/orgs/{organization}/policypacks/{policyPack}/latest

    Parameters

    ParameterTypeInDescription
    organizationstringpathorganization name
    policyPackstringpathpolicy pack name

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  --request POST \
  https://api.pulumi.com/api/orgs/{organization}/policypacks/{policyPack}/latest

    Delete Policy Pack

    DELETE /api/orgs/{organization}/policypacks/{policyPack}
    ParameterTypeInDescription
    organizationstringpathorganization name
    policyPackstringpathpolicy pack name

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  --request DELETE \
  https://api.pulumi.com/api/orgs/{organization}/policypacks/{policyPack}

    Delete Policy Pack Version

    DELETE /api/orgs/{organization}/policypacks/{policyPack}/versions/{version}
    ParameterTypeInDescription
    organizationstringpathorganization name
    policyPackstringpathpolicy pack name
    versionnumberpathpolicy pack version

    Example

    curl \
  -H "Accept: application/vnd.pulumi+8" \
  -H "Content-Type: application/json" \
  -H "Authorization: token $PULUMI_ACCESS_TOKEN" \
  --request DELETE \
  https://api.pulumi.com/api/orgs/{organization}/policypacks/{policyPack}/versions/{version}