Skip to main content
⏳ Estimated read time: 2 min read

Resource Policies

Policies in StackGen are essential for ensuring that your cloud infrastructure complies with security, governance, and operational best practices. These policies help enforce standards across environments by automatically validating resource configurations during the design and deployment phases.

There are two types of policies that can be configured in StackGen:

Let's look into each of these in detail.

StackGen-Provided Policies

StackGen provides a set of built-in policies that can be selected during appStack creation. These policies are designed to align with industry standards and regulatory requirements, ensuring a secure and compliant infrastructure by default.

Key Features:

  • Predefined Compliance: Includes policies for major regulatory frameworks, such as:

    FrameworkFrameworkFramework
    FedRAMPGDPRHIPAA
    MARS-ENIST-800-171NIST-800-53
    NIST-CSFSOC 2PCI DSS

  • Automatic Enforcement: Policies are applied automatically to all resources within the appStack.

  • Real-Time Validation: Continuous compliance checks during infrastructure configuration.

When creating an appStack, you can select from these predefined policies based on their organisational needs.

Custom Policies

Custom Policies in StackGen allow organisations to define their own compliance rules tailored to specific infrastructure requirements. These policies are created via the StackGen CLI using JSON files that describe policy rules and conditions.

Types of Custom Policies:

  • Resource Configuration Policies: Ensure specific configurations are applied to resources (e.g., enforcing encryption for storage services).
  • Access Control Policies: Define rules for IAM roles and permissions to support least privilege principles.
  • Networking Policies: Govern network configurations, including firewall rules, VPC setups, and traffic flow restrictions.

Create Custom Policies:

  • Via CLI: Use the StackGen CLI to create and manage custom policies.
  • JSON-Based: Policies are defined in JSON format, specifying:
    • Conditions
    • Rules
    • Remediation steps
  • Flexible Application: Apply custom policies to specific appStacks or organisation-wide.

Policy Violations

The Policy Violations section in StackGen helps you identify and resolve compliance issues. It flags resources that do not meet the defined policy criteria, whether from StackGen-provided or custom policies. When policy violations occur, they can be viewed in the Policy Violations tab, where you can review detailed information about each violation and follow recommended steps to resolve them.

For more deatiled information refer to Policy Violations page.

Last updated on