🗂️ Navigation
📁 Infrastructure as Code
📋 Pulumi Cloud
🔧 Pulumi CrossGuard (Policy as Code)

Pulumi CrossGuard (Policy as Code)

Enforce security, compliance, and cost policies for cloud infrastructure.

Visit Website →

Overview

Pulumi CrossGuard is a policy-as-code offering that enables organizations to define and enforce policies on their cloud infrastructure. Policies are written in familiar programming languages (like TypeScript or Python) and can prevent non-compliant resource deployments. It can be used to enforce security best practices, cost controls, and organizational standards, gating or blocking updates that are in violation.

✨ Key Features

  • Policy as Code in TypeScript, Python, and OPA Rego
  • Enforcement during CI/CD and deployments
  • Governs resources across AWS, Azure, GCP, and Kubernetes
  • Configurable enforcement levels (advisory or mandatory)
  • Reusable Policy Packs
  • Governs both IaC-managed and discovered cloud resources

🎯 Key Differentiators

  • Write policies in general-purpose programming languages, not a DSL
  • Unified policy for both IaC and discovered resources
  • IDE support for policy development (autocompletion, type checking)

Unique Value: Define and enforce infrastructure compliance using the same programming languages you use to build applications, enabling a consistent and powerful policy-as-code workflow.

🎯 Use Cases (4)

Preventing creation of public S3 buckets Enforcing mandatory resource tagging for cost allocation Restricting deployments to specific geographic regions Ensuring security group rules are not overly permissive

✅ Best For

  • Blocking infrastructure deployments that violate security policies
  • Ensuring all created resources have required tags
  • Validating that infrastructure changes do not exceed a defined budget

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Runtime application security (focus is on infrastructure provisioning)
  • Static code analysis for application code

🏆 Alternatives

HashiCorp Sentinel Open Policy Agent (OPA) AWS Config Rules Azure Policy

Unlike DSL-based tools like Sentinel, CrossGuard allows for more complex logic, unit testing, and code reuse by leveraging the full power of languages like Python and TypeScript.

💻 Platforms

CLI API

✅ Offline Mode Available

🔌 Integrations

Pulumi Deployments GitHub Actions GitLab CI Azure DevOps Open Policy Agent (OPA)

🛟 Support Options

  • ✓ Email Support
  • ✓ Live Chat
  • ✓ Phone Support
  • ✓ Dedicated Support (Business Critical tier)

🔒 Compliance & Security

✓ SOC 2 ✓ GDPR ✓ SSO ✓ SOC 2 Type II

💰 Pricing

Contact for pricing

✓ 14-day free trial

Free tier: N/A

Visit Pulumi CrossGuard (Policy as Code) Website →

🔄 Similar Tools in Pulumi Cloud

Kubernetes

Pulumi's Kubernetes provider allows you to manage Kubernetes resources using languages like TypeScri...

Contact

Datadog

The Pulumi Datadog provider allows you to provision and manage Datadog resources like monitors, dash...

Contact

Cloudflare

The Pulumi Cloudflare provider lets you manage DNS records, firewall rules, workers, and other Cloud...

Contact

DigitalOcean

The Pulumi DigitalOcean provider lets you manage Droplets, Kubernetes clusters, databases, and other...

$4.00/mo

Auth0

The Pulumi Auth0 provider allows you to configure your Auth0 tenant, including applications, APIs, u...

Contact

Okta

The Pulumi Okta provider allows you to manage Okta resources like applications, users, groups, and p...

Contact