🗂️ Navigation
📁 Infrastructure as Code
📋 Pulumi Crossguard
🔧 Pulumi GCP Guard

Pulumi GCP Guard

A policy pack of rules to enforce Google Cloud Platform (GCP) best practices.

Visit Website →

Overview

Pulumi GCP Guard is a configurable library that you can use to enforce GCP best practices for your own Pulumi stacks or organization. It is part of Pulumi's Policy as Code offering, CrossGuard, and can be used to check for common issues like public Cloud Storage buckets, legacy network usage, and insecure firewall rules. Policies can be set to 'advisory' to warn developers or 'mandatory' to block deployments.

✨ Key Features

  • Enforce GCP security best practices
  • Check for cost optimization opportunities
  • Ensure operational reliability
  • Configurable enforcement levels (advisory, mandatory, disabled)
  • Integrates directly into `pulumi up` and `pulumi preview`

🎯 Key Differentiators

  • Policy written in general-purpose languages (TypeScript)
  • Integrated into the Pulumi deployment lifecycle
  • Prevents misconfigurations before deployment ('shift-left')

Unique Value: Enforce GCP best practices using familiar programming languages, catching and preventing issues before they are deployed.

🎯 Use Cases (4)

Preventing public Cloud Storage buckets Ensuring Compute Engine instances do not use default service accounts Enforcing encryption with Customer-Managed Encryption Keys (CMEK) Requiring logs and monitoring for critical services

✅ Best For

  • Enforcing security policies in CI/CD pipelines before deployment to GCP.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Runtime security monitoring (it's a pre-deployment tool)
  • Policy enforcement for non-GCP clouds

🏆 Alternatives

gcloud asset inventory Forseti Security Checkov

Unlike runtime tools like Forseti, GCP Guard prevents misconfigurations from ever being deployed. Compared to other IaC scanners, it's natively integrated with the Pulumi workflow.

💻 Platforms

API

✅ Offline Mode Available

🔌 Integrations

Pulumi CLI Pulumi Cloud

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The policy pack itself is open-source and free.

Visit Pulumi GCP Guard Website →

🔄 Similar Tools in Pulumi Crossguard

Pulumi AWS Guard

Codifies best practices for AWS, allowing enforcement across Pulumi stacks....

Contact

Pulumi Azure Compliance Policies

Enforces common security and compliance policies (PCI DSS, ISO 27001, CIS) for Azure....

Contact

Pulumi Open Policy Agent (OPA) Integration

Enforce security, compliance, and best practices using the Rego language....

Contact

Pulumi Snyk Integration

Integrates Snyk's container scanning capabilities directly into the Pulumi workflow....

Contact

Pulumi Vault Provider

Manage Vault resources like policies, secrets, and auth methods using Pulumi....

Contact

Pulumi Best Practices Pack

A pre-built policy pack from Pulumi that enforces foundational security and governance....

Contact