Skip to main content

Policy Engine

Amnify’s deployment policy engine evaluates your Terraform code against 1,000+ pre-configured security policies during the deployment cycle. It catches misconfigurations and security risks before infrastructure is provisioned.

How it works

The policy engine runs automatically during the plan phase of a deployment. Before you approve an apply, policies are evaluated against the planned changes: 
Execute Deployment → Terraform Plan → Policy Evaluation → Review Results → Approve/Fix → Apply

Policy actions

Each policy can be configured to one of three actions:
ActionBehavior
WarnFlag the issue in the plan output, but allow the deployment to proceed
BlockPrevent the deployment from being applied until the issue is resolved
AllowExplicitly skip evaluation for this policy

Pre-configured policies

Amnify includes 1,000+ policies covering all major cloud providers:

AWS policies

  • S3 bucket encryption and public access
  • EC2 security group rules (no open SSH/RDP)
  • RDS encryption and backup configuration
  • IAM password policies and MFA
  • VPC flow logging
  • And hundreds more

Azure policies

  • Storage account encryption and network rules
  • Key Vault access policies
  • VM disk encryption
  • Network security group rules
  • SQL Server auditing and encryption
  • And hundreds more

GCP policies

  • Cloud Storage bucket access controls
  • Compute Engine firewall rules
  • Cloud SQL encryption and backup
  • IAM service account key management
  • VPC network configuration
  • And hundreds more

Custom policies

Beyond the pre-configured rules, you can create custom policies through a form interface to enforce your organization’s specific requirements.

Cost estimation

Cost estimation with configurable thresholds is coming soon. This will allow you to set budget limits and receive warnings when a deployment would exceed them.

Best practices

  • Start with warnings — Enable policies in warn mode first to understand their impact before switching to block mode
  • Review blocked deployments — When a policy blocks a deployment, review the specific issue and fix it in your Terraform code
  • Customize for your environment — Not every policy applies to every organization. Use the allow action to skip policies that don’t match your requirements