Pulumi's Policy as Code SDK, CrossGuard. Define infrastructure checks in code to enforce security, compliance, cost, and other practices, enforced at deployment time.
I'm currently using the @pulumi/awsguard package for a default set of policies, but regularly add one or two additional stack-specific policies. It would be nice to not to have to create an entirely new policy pack with its own directory and dependencies, but rather do something like:
new PolicyPack('aws-custom-policies', {
extends: new AwsGuard(),
policies: [...]
});
I'm currently using the
@pulumi/awsguardpackage for a default set of policies, but regularly add one or two additional stack-specific policies. It would be nice to not to have to create an entirely new policy pack with its own directory and dependencies, but rather do something like:This could be similar to the mechanism that ESLint uses to extend configurations
Affected feature
PolicyPacks