https://pulumi.com logo
Powered by
Title
v

victorious-church-57397

05/23/2022, 8:49 AM
Hey, has anyone used the pulumi policy packs to enforce aws tagging policies? have a problem running the one from the docs, getting the error: 
error: configuring policy pack "aws-mandatory-tags" at "./policy": invalid enforcement level ""
import { PolicyPack } from '@pulumi/policy';
import { isTaggable } from './utils';

new PolicyPack('aws-mandatory-tags', {
  policies: [
    {
      name: 'aws-mandatory-tags',
      description:
        'AWS tagging policy',
      enforcementLevel: 'mandatory',
      configSchema: {
        properties: {
          requiredTags: {
            type: 'array',
            items: { type: 'string' },
          },
        },
      },
      validateResource: (args, reportViolation) => {
        const config = args.getConfig<AwsTagsPolicyConfig>();
        const requiredTags = config.requiredTags;
        if (requiredTags && isTaggable(args.type)) {
          const ts = args.props['tags'];
          for (const rt of requiredTags) {
            if (!ts || !ts[rt]) {
              reportViolation(`Taggable resource '${args.urn}' is missing required tag '${rt}'`);
            }
          }
        }
      },
    },
  ],
});

type AwsTagsPolicyConfig = {
  requiredTags?: string[];
};
as per documentation here: https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/
{
  "all": "mandatory",
  "check-required-tags": {
    "requiredTags": [
      "stack-name",
      "service",
      "environment",
      "owner",
      "data-classification",
      "repository_url"
    ]
  }
}
have tried removing the enforcement level argument from the index.ts and from the policy-config.json, inspected the code and looks like enforcement level is one of ‘disabled’, ‘mandatory’ or advisory
sorted this, was a config mismatch 🙂
#typescriptJoin Slack
Powered by