Having guardrails for your infrastructure code is very important, but sometimes it feels that Rego (standard query language for writing policies and rules) is not very accessible for engineers who don’t have a lot of programming experience.
That’s not an issue anymore because Spacelift has just released the Policy Library, so you don’t need to write Rego from scratch to create your policies. The library is a collection of templates that you can import as regular policies and can be modified to accommodate your needs.
Inside your Spacelift account, under policies, you will see a new option called Templates:
You can filter the policies based on labels or the policy type, and whenever you find a policy you would like to add to your account, you simply click on the Import option. There are examples available for all supported policy types.
Let’s suppose you want to use the Enforce Instance Type policy. After clicking import, you have to fill in a few details — such as the space you want to use and whether or not you want to keep the same name, change the description, and even add or remove labels.
After you click on Continue, you will be redirected to the policy body, and here, you can optionally make changes to the policy:
Now, you don’t need to know Rego to modify this policy if you want to add more instance types to the allow or deny lists. You can simply go into those lists, and add another string for your type – as simple as that.
After completing your optional changes, click Create, and the policy will be added to your account.
At this point, you can attach the policy to as many stacks as you want by going to the stack settings and selecting the Policies tab.
Even with policies created from templates, the auto-attach based on label functionality is available, so if you add an “autoattach:my_label” to your policy, then all stacks having the “my_label” on them will automatically attach it. You can change “my_label” to whatever label you want.
Rego can be hard, but enforcing guardrails and achieving standardization is a must in today’s market. The policy library aims to reduce the friction and frustration associated with developing Rego policies, especially for junior/middle engineers, as they won’t need to become experts to write policies.
Try Spacelift out today by creating a free account, or book a demo with one of our engineers to learn more.
The Most Flexible CI/CD Automation Tool
Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities for infrastructure management.