Policy Types & Categories
Policy Types
A Policy Type defines a specific policy that may be configured for
resources. For example, AWS > S3 > Bucket > Approved.
Each policy type targets a set of Resource Types.
AWS > S3 > Bucket > Approved targets a resource type of AWS > S3 > Bucket, thus every instance of AWS > S3 > Bucket will have an AWS > S3 > Bucket > Approved policy. Each of these instances may have its own policy setting, and will have its own policy value.Valid values for a policy type are defined through it's JSON schema.
AWS > S3 > Bucket > Approved has a specific enumerated list of valid values: `Skip`, `Check: Approved`, `Enforce: Delete unapproved if new & empty`.Policy types are defined in a type hierarchy.
Approved policy type is actually a child of the AWS > S3 > Bucket resource type and has child policies such as Regions with a full path of AWS > S3 > Bucket > Approved > Regions.Policy types are defined in Mods.
Policy Categories
Guardrails may include hundreds or thousands of policy types covering similar concepts (e.g. Approved, Data Protection) across various services (e.g. AWS, Azure). The policy type hierarchy provides grouping of policies, but in a structured service oriented manner. Policy Categories provide an alternate, vendor agnostic, categorization of policy types.
Turbot > Approved includes many Approved style policies including AWS > S3 > Bucket > Approved.Policy categories are typically used for reporting, providing useful aggregation and filtering of data.
Example - Policy Types and Categories
