Skip to content

ci: Implement Policy as Code Checks #45

New issue
New issue
Open
Open
ci: Implement Policy as Code Checks#45
Labels
🌟enhancementImprovements or optimizations to existing functionality.🔄 needs updateFor issues that require additional changes or fixes.
@carlagesa

Description

@carlagesa
carlagesa
opened on Oct 15, 2025

To enforce organizational standards and security compliance automatically, we should introduce Policy as Code (PaC). Tools like Open Policy Agent (OPA) or Sentinel can be integrated into the CI/CD pipeline to check the Terraform plan against a predefined set of rules (e.g., disallowing public S3 buckets, enforcing specific instance types). This adds a critical layer of automated governance.
Acceptance Criteria:

A Policy as Code tool (e.g., OPA) is chosen and integrated into the CI pipeline.
At least one basic policy is written (e.g., ensure all S3 buckets have logging enabled).
The pipeline generates a Terraform plan and validates it against the policy set.
The pipeline fails if the plan violates any of the defined policies.

Metadata

Metadata

Assignees

No one assigned

    Labels

    🌟enhancementImprovements or optimizations to existing functionality.🔄 needs updateFor issues that require additional changes or fixes.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions