Ability to call AWS/ GCP/ Azure SDK during Policy execution

pulumi / pulumi-policy

Pulumi's Policy as Code SDK, CrossGuard. Define infrastructure checks in code to enforce security, compliance, cost, and other practices, enforced at deployment time.

https://www.pulumi.com/docs/guides/crossguard/

Apache License 2.0

35 stars 5 forks source link

Ability to call AWS/ GCP/ Azure SDK during Policy execution #122

Open ekrengel opened 5 years ago

ekrengel commented 5 years ago

A lot of Policies when we wrote during the Pac-athon required calls to AWS/GCP/Azure/etc. We need to provide a recommendation on how to call these SDKs.

Currently Policy Packs dont have access to credentials.

ekrengel commented 5 years ago

At the very least we want to provide docs on our recommended approach

ekrengel commented 4 years ago

@lukehoban what do you think the priority here is?

lukehoban commented 4 years ago

I believe this is already possible to the same degree it is possible for normal Pulumi code. I believe for handling more advanced cases - like first class providers, and for simplifying more broadly, we should actually focus on a more foundational improvement to expose configured sdk objects from providers and enable use of things like aws.sdk at deployment (and policy execution) time.

This does not feel like a PaC GA requirement though.