Skip to main content
Policies are the rules engine behind Draftt’s governance. Every resource in your inventory is continuously evaluated against your active policies, assigned a status, and surfaced wherever that status matters: the dashboard, inventory views, and downstream integrations. Draftt ships two policy types: Lifecycle policies (system-managed) and Governance policies (custom-defined).

Policy Types

Lifecycle Policies

Lifecycle policies track technology lifetime events: end-of-life dates, version currency, certificate expiration, and compatibility windows. These are system policies, configured and maintained by Draftt. System policies available today:
PolicyWhat It Tracks
End of LifeVendor EOL dates for every technology in your inventory. Assigns statuses based on proximity to EOL.
LatestWhether each component runs the latest stable or LTS version.
Certificate ExpirationSSL/TLS certificate validity windows across your infrastructure.
Kubernetes CompatibilityKubernetes version compatibility between clusters, nodes, and workloads.
Lifecycle policy statuses follow a standard progression: Supported, Impending, Outdated, Deprecated. Each status carries a criticality level that determines how it appears in dashboards and reports.
System policies are managed by Draftt and cannot be edited. Customizable system policies are on the roadmap.

Governance Policies

Governance policies let you define your own standards. You set the rules, define the statuses, and Draftt evaluates every matching resource on every scan cycle. Use governance policies to enforce standards around configuration, compatibility, alignment with golden configurations, tagging, resource-specific settings, and anything else you can express as a filter condition. Currently supported resource types:
Resource TypeStatus
InfrastructureEarly Access
CertificateEarly Access
KubernetesEarly Access

How Policies Work

Every policy, whether lifecycle or governance, follows the same evaluation loop:
  1. Scope - A query defines which resources the policy evaluates. If no query is set, the policy evaluates all resources of its type.
  2. Evaluate - For each resource in scope, Draftt walks through status assignments from highest criticality to lowest, testing each rule block.
  3. Assign - The first matching status wins. If no rules match (and prerequisites existed but none were met), the resource gets an “Unknown” status. Otherwise it receives the default status.
  4. Surface - Statuses appear on the Policies page, in dashboard breakdowns, and in inventory sidebar filters.
Policies are re-evaluated automatically on every scan cycle. You can also trigger a manual re-evaluation from the Policies page; the policy status will show Analyzing until evaluation completes, then return to Active.

Anatomy of a Governance Policy

Each governance policy consists of:

Status Map

Define the statuses that matter for this policy. Each status has a name, a criticality number (higher = more critical), and an optional color (hex). For example, a tagging compliance policy might define:
StatusCriticalityMeaning
Compliant0Resource meets all tagging requirements
Non-Compliant10Resource is missing required tags
You choose the status names, the criticality ordering, and the colors. Governance policies default to Compliant / Non-Compliant / Unknown, but you can define any status vocabulary that fits your organization.

Default Status

The status assigned to any resource that does not match any rule. For governance policies this is typically “Compliant” (the resource passes by default unless a rule explicitly flags it).

Status Assignment Rules

For each non-default status, you define one or more rule blocks. Each rule block contains: Prerequisites (optional) - Filter conditions that determine whether the rule block should evaluate a given resource at all. If a resource does not match the prerequisites, that rule block is skipped for that resource. Example: A rule checking autoMinorUpgrade on RDS instances would set a prerequisite filtering to only RDS resources, so the rule does not evaluate non-RDS infrastructure. Conditions - Filter conditions (key, operator, value) that determine whether a resource matches this rule block. Conditions within a block use AND logic. Multiple condition blocks under the same status use OR logic: a resource matching any block is assigned that status.

Resource Scope (Query)

An optional query that narrows which resources this policy evaluates. Without a query, the policy runs against all resources of its type.

Creating a Custom Policy

Custom policies let you define your own governance standards and evaluate matching resources against them.
1

Navigate to Policies

Open Policies from the main navigation. You will see system policies and any existing custom policies.
2

Create New Policy

Click Create Policy. Give your policy a name and optional description.
3

Define Statuses

Add the statuses you need. Set a criticality number for each (higher = more severe). Optionally assign a color. Choose which status is the default.
4

Build Rules

For each non-default status, add one or more rule blocks:
  • Set prerequisites if the rule only applies to a subset of resources (e.g., only RDS instances, only resources in a specific region).
  • Add conditions using the field dropdown, an operator, and a value. Conditions within a block are AND-joined. Add multiple blocks under the same status for OR logic.
Available fields include all resource properties plus technology-specific fields (e.g., autoMinorUpgrade for RDS, invocationCount for Lambda).Some fields automatically add implicit prerequisites when selected.
5

Scope (Optional)

Narrow the policy to specific resources using a query. Leave empty to evaluate all resources of the selected type.
6

Save and Evaluate

Save the policy. Draftt immediately begins evaluation. The policy shows Analyzing status until evaluation completes, then switches to Active.

Policy Templates

Policy templates are pre-built custom policies for common infrastructure standards, security requirements, lifecycle controls, configuration checks, and cost optimization opportunities. Each template includes predefined policy logic for a specific technology, service, or resource type, along with rule conditions that identify matching resources. You can use a template as-is or customize it before saving. Policy templates are available from the From Template option when creating a new custom policy. The Recommended tab highlights policy templates that are relevant to your connected infrastructure. Draftt recommends templates based on active gaps in your environment, so the most impactful policy opportunities appear first. Use the Recommended tab when you want to quickly create policies that address current risks, lifecycle gaps, or optimization opportunities in your environment. Recommended policy templates

Browse all templates

To explore the full template catalog, open the All Templates tab. Templates are grouped by categories, so you can browse policies by governance domain:
CategoryIncludes
ComplianceSecurity, encryption, access, and governance controls
LifecycleRetention, aging resources, versioning, and maintenance readiness
CostOptimization opportunities and unused or underused resources
ConfigurationInfrastructure setup, operational standards, and baseline configuration
A template may appear in more than one scope when it supports multiple use cases.

Where Policies Appear

Once active, policy data is available across the platform: Policies Page - View all policies, their status breakdowns, configuration, and last evaluation timestamp. Re-evaluate any policy on demand. Dashboard - Select any policy from the dropdown to view its status breakdown over time. Track governance trends alongside lifecycle trends. Inventory - Filter the inventory sidebar by policy. View all resources under a policy with their assigned status. For governance policies, the table shows only relevant columns (no due date or urgency fields).

Policy Evaluation Details (Early Access)

A detailed explanation of which specific rule blocks and conditions caused a resource to be assigned its current status. This will be visible per-resource when inspecting policy results.

Policy API (Early Access)

Create, edit, and evaluate policies programmatically via the Draftt API. Currently, all policy management is through the UI.

Notifications (Early Access)

Trigger notifications when a resource enters a specific status under a policy. Route alerts to Slack, email, or ticketing integrations based on status transitions.

Next Steps

  • Review your Tech Debt Inventory to understand what resources policies will evaluate
  • Connect Integrations to route policy violations to your ticketing and collaboration tools