4504f88e8d
* 📄 compliance ready policies documentation * revert unwanted change * 🐛 typo * 📄 add a section to mention Compliance Ready Polcies. * 📄 remove `aliases` since they shouldn't be necessary * 📄 suggestion from Mitch * 📄 list existing policy docs 🔥 remove details about PULUMI_ACCESS_TOKEN * 🌿 add back azurenative policies docs 🐛 fix package names in the generated docs * 🐛 fix list style * 📄 suggested changes to improve documentation Co-authored-by: Christian Nunciato <c@nunciato.org> * Fix a lint --------- Co-authored-by: Christian Nunciato <c@nunciato.org>
5.7 KiB
title_tag, meta_desc, title, h1, meta_image, menu, aliases
| title_tag | meta_desc | title | h1 | meta_image | menu | aliases | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CrossGuard Guides (Policy as Code) | Pulumi's Policy as Code offering, CrossGuard, allows you to set guardrails for resources so best practices and security compliance are always followed. | Policy as code | Pulumi policy as code | /images/docs/meta-images/docs-meta.png |
|
|
CrossGuard is Pulumi's Policy as Code offering. CrossGuard empowers you to set guardrails to enforce compliance for resources so developers within an organization can provision their own infrastructure while sticking to best practices and security compliance. Using Policy as Code, you can write flexible business or security policies.
Using CrossGuard, organization administrators can apply these rules to particular stacks within their organization. When policies are executed as part of your Pulumi deployments, any violation will gate or block that update from proceeding. Policy remediations also allow you to automatically fix violations.
Learn more about Policy as Code core concepts.
Languages
Policies can be written in TypeScript/JavaScript (Node.js) or Python and can be applied to Pulumi stacks written in any language.
| Language | Status | |
|---|---|---|
 |
TypeScript | Stable |
 |
JavaScript | Stable |
 |
Python | Stable |
 |
Open Policy Agent (OPA) | Preview |
 |
.NET | Future |
 |
Go | Future |
Getting Started
To get started with Pulumi CrossGuard, download and install Pulumi. Afterwards, try the Getting Started tutorial.
Compliance Ready Policy Packs
With Pulumi Compliance Ready Policies, you get a comprehensive set of predefined policies for AWS, Azure, Google, and Kubernetes, and an enhanced level of control and governance over your cloud resources. Learn more about Pulumi Compliance Ready Policies.
Pulumi CrossGuard policies for AWS (AWSGuard)
In addition to being able to implement your own CrossGuard policies, or use the Compliance Ready policies, we've also created a set of policies that codifies best practices for AWS that you can adopt and use in a Policy Pack. AWSGuard is a configurable library that you can use to enforce best practices for your own Pulumi stacks or organization. Learn more and get started with AWSGuard.
Configuring Policy Packs
Using configurable Policy Packs, you can write flexible policies that can be re-used across your organization. By default, some fields like enforcement level, are configurable. You may also specify configurable variables alongside each policy. Learn more about configurable Policy Packs.
Examples
If you're looking for some example Policy Packs, take a look at these:
{{< chooser language "typescript,python" >}}
{{% choosable language typescript %}}
{{% /choosable %}} {{% choosable language python %}}
{{% /choosable %}}
{{< /chooser >}}
FAQ
Get the answers to some Frequently Asked Questions about CrossGuard.