@pulumi/policy
Advanced tools
Define and manage policy for cloud resources deployed through Pulumi.
Policy rules run during pulumi preview and pulumi up, asserting that cloud resource definitions
comply with the policy immediately before they are created or updated. Policies may optionally define
remediations that automatically fix policy violations rather than issue warnings.
During preview, every rule is run on every resource, and policy violations are batched up
into a final report. During the update, the first policy violation will halt the deployment.
Policy violations can have enforcement levels that are advisory, which results in a printed
warning, or mandatory, which results in an error after pulumi preview or pulumi up completes.
The enforcement level remediate is stronger than both and enables automatic remediations.
Please see Get Started with Policy as Code to get started authoring and enforcing policies.
For additional documentation, guides, best practices, and FAQs, see Policy as Code.
Looking for examples? Please refer to the examples repo.
Policies can be written in TypeScript/JavaScript (Node.js) or Python and can be applied to Pulumi stacks written in any language.
| Language | Status | |
|---|---|---|
 | TypeScript | Stable |
 | JavaScript | Stable |
 | Python | Preview |
 | .NET | Coming Soon |
 | Go | Coming Soon |
FAQs
A framework for writing policy as code
We found that @pulumi/policy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
