No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

```import { PolicyPack } from '@pulumi/policy';
import { isTaggable } from './utils';

new PolicyPack('aws-mandatory-tags', {
  policies: [
    {
      name: 'aws-mandatory-tags',
      description:
        'AWS tagging policy',
      enforcementLevel: 'mandatory',
      configSchema: {
        properties: {
          requiredTags: {
            type: 'array',
            items: { type: 'string' },
          },
        },
      },
      validateResource: (args, reportViolation) =&gt; {
        const config = args.getConfig&lt;AwsTagsPolicyConfig&gt;();
        const requiredTags = config.requiredTags;
        if (requiredTags &amp;&amp; isTaggable(args.type)) {
          const ts = args.props['tags'];
          for (const rt of requiredTags) {
            if (!ts || !ts[rt]) {
              reportViolation(`Taggable resource '${args.urn}' is missing required tag '${rt}'`);
            }
          }
        }
      },
    },
  ],
});

type AwsTagsPolicyConfig = {
  requiredTags?: string[];
};```

as per documentation here: <https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/>

```{
  "all": "mandatory",
  "check-required-tags": {
    "requiredTags": ["stack-name", "service", "environment", "owner", "data-classification", "repository_url"]
  }
}```

have tried removing the enforcement level argument from the index.ts and from the policy-config.json, inspected the code and looks like enforcement level is one of ‘disabled’, ‘mandatory’ or advisory

sorted this, was a config mismatch :slightly_smiling_face: