Resource Types & Categories

Resource Types

Every resource managed by Guardrails is an instance of a Resource Type. The resource type defines the properties that belong to a resource, as well as the Policies that apply to it. Each Policy Type targets one or more resource types.

The policy type AWS > S3 > Bucket > Approved targets a resource type of AWS > S3 > Bucket, thus every instance of AWS > S3 > Bucket will have an AWS > S3 > Bucket > Approved policy.

Resource types are defined in a type hierarchy.

The AWS > S3 > Bucket resource type is a child of the AWS > S3 resource type.

Note that the resource type hierarchy is separate and distinct from the Resource Hierarchy.

Resource types are defined in Mods.

Resource Categories

The Guardrails Resource Type hierarchy provides grouping of resources, but in a structured, service-oriented manner. Resource Categories provide an alternate, vendor agnostic, categorization of resource types.

The AWS > S3 > Bucket, Azure > Storage > Storage Account, and GCP > Storage > Bucket resource types all have a resource category of Storage > Object.

Resource categories are typically used for reporting, providing useful aggregation and filtering of data.

Example - Resource Types and Categories