Skip to content

Policies

Policies apply rulesets to specific resources or environments, ensuring that security requirements are enforced consistently.

Overview

  • Policies are dynamic label selectors that apply rulesets to resources based on defined criteria.
  • Policies can be versioned and audited.
  • Policies can be evaluated against resources to check compliance.

Example

# Policy for Kubernetes deployments on AWS in production
# Instruction: platform=kubernetes, provider=aws, environment=production

What is a Policy?

A policy in Aegis is a directive that connects one or more rulesets to a set of target resources. Policies define:

  • Which security rules should be enforced
  • Where those rules should be applied

The policy filters and selects rulesets based on labels, ensuring that only relevant rules are applied to the appropriate resources.

All Policy Evaluations are recorded in the Aegis platform, allowing for compliance tracking and reporting.

Policy Best Practices

  • Use Descriptive Names: Clearly name policies to reflect their purpose (e.g., "K8s AWS Production").
  • Organize by Labels: Use labels to categorize policies for easier management and filtering.
  • Version Control: Maintain versions of policies to track changes and ensure rollback capabilities. This done automatically by the Aegis platform.
  • Test Policies: Always evaluate policies against sample resources before deploying them to environments.
  • Monitor Compliance: Regularly review policy evaluations to ensure compliance with security standards.
  • Document Policies: Provide clear documentation for each policy, including its purpose and the rulesets it applies. Our guidance is to create policies for outcomes that need to be audited an tracked over time, such as "K8s AWS Production".