pulumi / compliance-policies

A library of policies for Pulumi's Policy as Code
Apache License 2.0
16 stars 2 forks source link

Pulumi Compliance-Ready Policies

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

These policies make it easy to create policy packs for enforcing common security and compliance policies (PCI DSS, ISO 27001 and CIS) across a broad range of cloud providers (AWS, Azure, Google Cloud and Kubernetes), and dozens of services within each platform.

import { PolicyPack } from "@pulumi/policy";
import { policyManager } from "@pulumi/compliance-policy-manager";

new PolicyPack("aws-iso27001-compliance-ready-policies-typescript", {
    policies:[
        ...policyManager.selectPolicies({
            vendors: ["aws"],
            services: ["ec2", "eks"],
            severities: ["critical", "high"],
            frameworks: ["iso27001"]
        }, "advisory"),
    ],
});

Getting Started

You can get started with Compliance-Ready Policies by running the following commands, which will guide you through selecting from the available compliance-ready policy templates:

pulumi policy new

And then publishing the selected policies into your Pulumi organization.

pulumi policy publish

Resources

Read more about Compliance-Ready Policies at https://www.pulumi.com/docs/using-pulumi/crossguard/compliance-ready-policies/.