🗂️ Navigation
📁 Infrastructure as Code
📋 Pulumi Crossguard
🔧 Pulumi CloudFormation Guard Integration

Pulumi CloudFormation Guard Integration

Use AWS CloudFormation Guard to write policies for Pulumi stacks.

Visit Website →

Overview

This integration enables teams to use AWS CloudFormation Guard (cfn-guard), an open-source policy-as-code tool from AWS, to validate Pulumi infrastructure. It works by converting the Pulumi plan into a CloudFormation template representation and then running `cfn-guard` against it. This allows organizations with an existing investment in cfn-guard rules to apply them to Pulumi-managed infrastructure, ensuring consistency and reusing policy logic.

✨ Key Features

  • Use cfn-guard's declarative rule language
  • Leverage existing cfn-guard policy libraries
  • Enforce policies on AWS resources managed by Pulumi
  • Integrates into the Pulumi preview/update lifecycle
  • Provides a bridge for teams migrating from CloudFormation to Pulumi

🎯 Key Differentiators

  • Uses AWS's native policy-as-code tool (cfn-guard)
  • Declarative, simple syntax for rules
  • Allows reuse of existing CloudFormation-centric policies

Unique Value: Apply your existing AWS CloudFormation Guard policies to infrastructure defined in Pulumi, enabling policy reuse and consistency.

🎯 Use Cases (3)

Reusing existing cfn-guard rules for compliance Enforcing AWS-specific best practices with a declarative syntax Validating that resources conform to organizational standards written for CloudFormation

✅ Best For

  • A team migrating from CloudFormation to Pulumi uses this integration to continue enforcing their existing cfn-guard security policies during the transition.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Policy enforcement for non-AWS resources
  • Teams who prefer writing policies in imperative languages like TypeScript or Python

🏆 Alternatives

Pulumi AWS Guard Open Policy Agent AWS Config

Instead of rewriting established cfn-guard rules in TypeScript or Python for CrossGuard, this integration provides a direct path to use them as-is with Pulumi.

💻 Platforms

API

✅ Offline Mode Available

🔌 Integrations

Pulumi CLI AWS CloudFormation Guard

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The integration and cfn-guard are both open-source and free.

Visit Pulumi CloudFormation Guard Integration Website →

🔄 Similar Tools in Pulumi Crossguard

Pulumi AWS Guard

Codifies best practices for AWS, allowing enforcement across Pulumi stacks....

Contact

Pulumi Azure Compliance Policies

Enforces common security and compliance policies (PCI DSS, ISO 27001, CIS) for Azure....

Contact

Pulumi Open Policy Agent (OPA) Integration

Enforce security, compliance, and best practices using the Rego language....

Contact

Pulumi Snyk Integration

Integrates Snyk's container scanning capabilities directly into the Pulumi workflow....

Contact

Pulumi Vault Provider

Manage Vault resources like policies, secrets, and auth methods using Pulumi....

Contact

Pulumi Best Practices Pack

A pre-built policy pack from Pulumi that enforces foundational security and governance....

Contact