Serverless Policies

Automatic policy enforcement

Automatically enforce security and operational best practices with pre-made industry standard policies and custom organizational policies.

Enforce industry standard policies

Serverless Framework comes pre-loaded with configurable policies out of the box. Use these policies to enforce security requirements (e.g. ensure no wildcard IAM roles are created), operational best practices (e.g. ensure a dead letter queues is attached to each function), and organizational conventions (e.g. required tags, or function naming conventions).

Use these out of the box policies to help enforce NIST, CIS, NSA and ISO 27001 requirements.

Create custom policies for your organization

If the pre-loaded policies are not sufficient, you can implement your own. Custom policies are easy to write using Javascript and can enforce rules on any runtime supported by the Serverless Framework, including Node, Python, Go, etc. Use the custom policies to inspect the generated serverless framework configuration and the AWS resources.

Zero-code, yet highly customizable

Enforce policies without touching any code. In the dashboard you can add and configure policies across your organization without needing to change your service configuration or code. Policies are highly customizable, so you can apply policies to different environments, configuring them uniquely for each environment, and configure their enforcement level.

See full architecture diagrams with time-to-market estimates for use cases.