Policies

Overview

Collection policies let you set rules that control how environments run within a collection. They enforce approval workflows, budget limits, and blueprint restrictions so every deployment follows a consistent, auditable process.

Types of collection policies

Bluebricks provides four built-in policies. Each policy is a toggle you enable per collection; some have additional configuration.

Owner Approval

The Owner Approval policy requires collection owners to approve a run before it executes. When enabled, the run pauses until an owner confirms the change.

Use this when you need a review gate for sensitive collections (e.g., staging or production).

Cost Limit

The Cost Limit policy sets a maximum allowed cost for infrastructure changes in the collection. Bluebricks evaluates the projected cost of an IaC change and blocks it if it exceeds the threshold.

• The limit must be between $1 and $1,000,000

• The limit must be greater than the collection's current cost

• Changes that exceed the limit can still proceed with owner approval

Allowed Blueprints

The Allowed Blueprints policy restricts which blueprints can be deployed to the collection. For each allowed blueprint, you can choose to permit any version or only specific versions.

• An empty version list means any version is allowed

• A populated version list restricts deployments to those specific versions

• Users can only see blueprints and versions based on their collection membership

Allow Pre-Release Versions

The Allow Pre-Release Versions policy controls whether pre-release blueprint versions can be deployed to the collection. This is a simple toggle with no additional configuration.

How policy enforcement works

Whenever a run is triggered, Bluebricks evaluates all enabled policies before execution begins. If a policy is violated:

1. The run is paused or blocked

2. A clear explanation shows which policy failed and why

3. You can update inputs, request owner approval, or adjust the policy before retrying