Why Organizations, DevOps and DevSecOps Teams Are Choosing Policy as Code

Pulumi strives to enable teams to deliver infrastructure quickly. DevOps and DevSecOps are transforming. Ops is becoming the enabler, not the gatekeeper, empowering teams while enforcing best practices.

Policies set the guardrails for your applications and infrastructure. Security, safe use of resources, and compliance with external standards are just a few examples of what a policy can define.

Historically, policies were written and enforced by compliance and security teams, who set down the rules as text documents. More recently, teams often use a cloud provider’s GUI to set policies. Both of these approaches are error-prone and far too slow to keep up with complex, rapidly changing infrastructure and automated systems. They also can’t take advantage of the accepted best practices for software development.

Instead, just as you define infrastructure as code, you should too define policies as code.

What is Policy as Code?

The short answer to this question is that you can apply software engineering principles and approaches to your policies, just as you do with your applications and infrastructure as code. Watch the video below, Laura Santamaria, Developer Advocate, explains Policy as Code in less than 5 mins.

Policy as Code is an essential tool for building a secure and efficient cloud infrastructure. Pulumi lets you efficiently test resources before deployment and entire stacks when deployed. Learn more about what you can do with Policy as Code.

What are The Benefits of Policy as Code?

The benefits of writing policies as code are evident for developers and operators. The organizational benefits are even more significant:

• Means for automated cost control,
• Compliance to avoid downtime by securing resources,
• Validating infrastructure before creating resources (another cost-saving measure),
• Encoding best practices for resource stacks,
• And working with cloud provider native resources to provide best of breed security and granular control.

The benefits extend beyond DevOps and into the success of an organization. Explore these benefits in-depth.

Policy as Code with Pulumi CrossGuard

Pulumi CrossGuard is a policy as code framework for enforcing policy across Pulumi infrastructure deployments on any cloud or in Kubernetes. You can use CrossGuard to enforce compliance, security, best practices, or cost control.

Pulumi CrossGuard for Everyone

For Organization Administrators

You want your organization to move quickly and deliver business value. To do so, your team needs to be able to self-service their infrastructure. Pulumi CrossGuard gives you the peace of mind that you need to allow your team to work independently. Codify business and security policies to ensure your team meets the requirements you set forth.

For Security Engineers and DevSecOps Teams

There’s a lot of complexity to security, and often the rest of your organization does not have all the knowledge they need to deliver software securely. Express security policies that allow you to share your knowledge and prevent issues from ending up in production.

For DevOps Teams, Developers and Operators

There are a ton of moving pieces in our ecosystems today. It is difficult to know everything about the cloud resources we use. Pulumi CrossGuard ensures you do not fall into insecure or unreasonable defaults.

CrossGuard in Action

In the video below, David Flanagan, developer advocate, shows you two examples:

• Blocking public ACL's on AWS S3 buckets
• Blocking Public LoadBalancer services on Kubernetes

Policy As Code with CrossGuard for Any Cloud Provider

Policy as Code is a powerful tool for protecting and managing your infrastructure. Pulumi supports policies for all resources on all clouds, including AWS, Azure, Google Cloud, Kubernetes, or over three dozen more infrastructure providers.

Discover the Power of CrossGuard.