We’ve launched Policies in the CloudQuery Platform - SQL-based detective controls that continuously evaluate your cloud infrastructure and alert you when something’s off.
What it does
Write a SQL query that defines what “good” looks like for your infrastructure. Policies runs it continuously across your synced data and flags violations. When something triggers, you get context on the affected resources - ownership, cost, related assets - plus alerts via Slack, Jira, Linear, email, or webhooks.
Why this matters
IaC scanners catch misconfigurations at deploy time, but they miss everything else: console-created resources, long-lived infrastructure that’s drifted, resources across accounts nobody’s auditing. Policies covers all of it - every account, every provider, regardless of how or when the resource was created.
Example use cases
- Flag running instances missing cost center tags
- Detect unencrypted RDS databases
- Find unattached EBS volumes still racking up charges
- Enforce compliance standards across multi-cloud environments
Getting started
Policies is available now in the CloudQuery Platform. Write your first policy in SQL against any of our 70+ sources - no Rego, no proprietary DSLs.
Resources
- Blog post - full overview with examples
- Product page - feature details
- Docs - general setup guide
Questions or feedback? Reply to this thread!