🗂️ Navigation
📁 Infrastructure as Code
📋 Infrastructure Policy
🔧 Pulumi Policy as Code

Pulumi Policy as Code

Define and enforce policies on your cloud infrastructure.

Visit Website →

Overview

Pulumi Policy as Code, also known as CrossGuard, is a feature of the Pulumi Infrastructure as Code platform. It allows you to write policies in familiar programming languages like TypeScript, Python, and Go, just like your infrastructure code. These policies are executed during `pulumi up` and can validate resource configurations, enforce security best practices, and ensure compliance before any infrastructure is deployed.

✨ Key Features

  • Write policies in TypeScript, Python, Go, etc.
  • Integrated into the Pulumi CLI and Cloud service
  • Enforcement levels (advisory, mandatory)
  • Policy packs for reusable policies
  • Validate infrastructure before deployment

🎯 Key Differentiators

  • Use general-purpose programming languages for policy, enabling reuse of existing skills and tools
  • Seamlessly integrated with the Pulumi IaC workflow
  • Policies can be unit tested like any other software

Unique Value: Allows developers to use the same familiar programming languages and tools they use for their infrastructure to define and enforce policies, creating a unified and powerful IaC and PaC experience.

🎯 Use Cases (3)

Enforcing security policies for Pulumi-managed infrastructure Ensuring compliance with organizational standards Preventing costly or insecure resource configurations

✅ Best For

  • Writing a Python policy to ensure all S3 buckets have encryption enabled.
  • Creating a mandatory policy pack in TypeScript that is applied to all stacks in an organization.
  • Using an advisory policy to warn developers when they are not using recommended instance types.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Organizations not using Pulumi for Infrastructure as Code
  • Policy enforcement for Terraform, CloudFormation, etc.

🏆 Alternatives

HashiCorp Sentinel Open Policy Agent

Unlike Sentinel or OPA which require learning a new, domain-specific language (DSL), Pulumi Policy as Code lets teams leverage their existing programming skills, which can lower the barrier to adoption and allow for more complex logic.

💻 Platforms

Desktop (CLI) Web (Pulumi Cloud)

🔌 Integrations

Pulumi

🛟 Support Options

  • ✓ Email Support
  • ✓ Live Chat
  • ✓ Phone Support
  • ✓ Dedicated Support (Enterprise tier)

🔒 Compliance & Security

✓ SOC 2 ✓ GDPR ✓ SSO ✓ SOC 2 Type II

💰 Pricing

Contact for pricing

✓ 21-day free trial

Free tier: Policy as Code is a feature of paid Pulumi tiers.

Visit Pulumi Policy as Code Website →

🔄 Similar Tools in Infrastructure Policy

Snyk IaC

Developer-first IaC security tool that finds and fixes misconfigurations in Terraform, CloudFormatio...

$25.00/mo

Prisma Cloud (by Palo Alto Networks)

Secures applications from code to cloud across multicloud environments....

Contact

Checkov

An open-source static analysis tool for scanning Infrastructure as Code for misconfigurations and se...

Contact

Wiz

A CNAPP that provides full stack visibility, risk prioritization, and security for cloud environment...

Contact

Terrascan

An open-source static code analyzer for IaC that helps developers build secure infrastructure from t...

Contact

tfsec

An open-source static analysis tool for finding security misconfigurations in Terraform code....

Contact