{"library":"pulumi-policy","title":"Pulumi Policy Python SDK","description":"Pulumi's Policy Python SDK defines and manages policies for cloud resources deployed through Pulumi. Policy rules run during `pulumi preview` and `pulumi up`, asserting that cloud resource definitions comply with policies immediately before they are created or updated. It is currently at version 1.20.0 and follows a regular release cadence as part of the broader Pulumi ecosystem.","language":"python","status":"active","last_verified":"Mon May 18","install":{"commands":["pip install pulumi-policy"],"cli":{"name":"pulumi-policy","version":"sh: 1: pulumi-policy: not found"}},"imports":["from pulumi_policy import PolicyPack","from pulumi_policy import ResourceValidationPolicy","from pulumi_policy import StackValidationPolicy","from pulumi_policy import EnforcementLevel","from pulumi_policy import validateResourceOfType"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import pulumi\nfrom pulumi_policy import PolicyPack, ResourceValidationPolicy, EnforcementLevel, validateResourceOfType\nimport pulumi_aws as aws\n\ndef s3_bucket_no_public_read_policy(args: aws.s3.Bucket, report_violation):\n    if args.acl == 'public-read' or args.acl == 'public-read-write':\n        report_violation(f\"S3 Bucket '{args.id}' should not be publicly readable.\")\n\nPolicyPack(\n    name=\"aws-s3-security\",\n    policies=[\n        ResourceValidationPolicy(\n            name=\"s3-no-public-read\",\n            description=\"Prohibits setting the publicRead or publicReadWrite permission on AWS S3 buckets.\",\n            enforcement_level=EnforcementLevel.MANDATORY,\n            validate=validateResourceOfType(aws.s3.Bucket, s3_bucket_no_public_read_policy)\n        )\n    ]\n)\n","lang":"python","description":"This example defines a Pulumi Policy Pack in Python that includes a single policy. The `s3-no-public-read` policy ensures that no AWS S3 bucket can be created or updated with a `public-read` or `public-read-write` ACL. If such a bucket is detected during `pulumi preview` or `pulumi up`, the deployment will be halted due to the `MANDATORY` enforcement level. This code would typically reside in `__main__.py` within a policy pack directory created by `pulumi policy new aws-python`.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":{"tag":null,"tag_description":null,"last_tested":"2026-05-18","installed_version":"1.19.0","pypi_latest":"1.20.0","is_stale":true,"summary":{"python_range":"3.10–3.9","success_rate":100,"avg_install_s":6.4,"avg_import_s":1.26,"wheel_type":"wheel"},"results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1.4,"mem_mb":23.6,"disk_size":"86.2M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":7,"import_time_s":0.71,"mem_mb":18.4,"disk_size":"72M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1.87,"mem_mb":25.6,"disk_size":"92.3M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":6.1,"import_time_s":1.06,"mem_mb":20.5,"disk_size":"78M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1.81,"mem_mb":25.5,"disk_size":"92.3M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":5.7,"import_time_s":1.22,"mem_mb":20.5,"disk_size":"81M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1.78,"mem_mb":26.6,"disk_size":"92.1M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":6,"import_time_s":1.17,"mem_mb":21.6,"disk_size":"81M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":null,"import_time_s":1.03,"mem_mb":19.9,"disk_size":"75.4M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"pulumi-policy","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":7.1,"import_time_s":0.52,"mem_mb":15.3,"disk_size":"61M"}]}}