Policy-as-code is the idea of expressing rules using a high-level programming language and treating them as you normally treat code, which includes version control as well as continuous integration and deployment. This approach extends the infrastructure-as-code approach to also cover the rules governing this infrastructure, and the platform that manages it.
Spacelift as a development platform is built around this concept and allows defining policies that involve various decision points in the application. User-defined policies can decide:
- who gets to log in to your Spacelift account and with what level of access;
- who gets to access individual Stacks and with what level of access;
- how Git push events are interpreted;
- which Runs and Tasks can be started;
- which changes can be applied;
- which one-off commands can be executed;
- what happens when blocking runs terminate;
You can refer to this section to learn more about commonalities and differences between these policies, or to the dedicated article about each policy to dive deep into its details.