Guardrails are essential for managing infrastructure. While popular IaC tools make provisioning of resources easy, they often lack the capability to prevent changes when their outcome is not desired. Role-based access grants separation of concerns regarding different actions in the system, but is not flexible enough to prevent more granular changes that might happen to the infrastructure.
env0 enables applying approval policies for the environments managed using the app.
env0 leverages the power of the Open Policy Agent engine to allow users to define custom policies for their deployed environments.
There are many cases where approval policies may come useful:
- Requiring more than a certain threshold of approvers
- Deny any change that its expected cost cross a predefined limit
- Prevent removing critical resources from an environment
- Allowing only a sub-set of users to change specific resources within an environment
And the list can go on and on.
Examples may be found in our GitHub repository
Read all about it in our docs - Approval Policies