Creating a Custom Policy Pack
Pulumi CrossGuard uses policy-as-code to enforce best practices, compliance, and security requirements across your infrastructure. A policy pack is a collection of policies that can be versioned and reused across projects.
In this tutorial, you will create a custom policy pack that enforces specific policies for your AWS resources, such as enabling S3 bucket versioning, restricting EC2 instance types, and requiring resource tags.
In this tutorial, you'll learn:
- How to define policies using Python and TypeScript
- How to group policies into a policy pack
- How to deploy and enforce the policy pack in your Pulumi organization
- How to define policies involving multiple resources
Prerequisites:-
A Pulumi Cloud account and access token
-
The Pulumi CLI
-
Install Node.js or Python
-
Configure your AWS Credentials
-
Familiarity with infrastructure-as-code and Pulumi
Topics
This tutorial has 3 topics and takes about 15 minutes to complete.
- Create a Custom Policy Pack 5 minutes
- Validate a Custom Policy Pack 5 minutes
- Publish and Enforce a Custom Policy Pack 5 minutes