Policies Overview
Policies are used to regulate cloud usage within an organization. env0 supports runtime and deployment policies as described below.
Policies are used to:
- Enforce organizational policies of cloud resources provisioning (who can provision, when can they provision, and what resources can they provision)
- Implement best practices
- Mitigate risks by applying guardrails
All while maintaining flexibility and autonomy within env0.
Runtime Policies
Runtime policies are native to the env0 system, and are consistently monitored and enforced, when creating, deploying or configuring environments.
The policies are enforced both in the UI and when using the API.
Runtime policies include
- Environment Destroy Protection
- Environment Limits
- Environment Time to Live
- Default Auto-Approve
- Cost Estimation
- Skip Apply Step
- Skip Redundant Deployments
- Skip PR Plan on Merge Commits
- Do Not Report Skipped Status Check
- Force Remote Backend
- Drift Detection
- Allow Saving Secrets
Deployment Policies
Deployment policies are enforced when deploying or redeploying an environment (whenever changes are made to the environment) to ensure compliance with security, governance, or other standards.
Deployment policies are based on the Open Policy Agent (OPA) framework and are invoked at the appropriate deployment stage using the Approval Policies feature.
Updated 18 days ago