Skip to main content

Overview

The Overview tab provides insight into the Workflow or Stack's compliance, cost estimation and managed resources.

Overview

1. Policy Checks

Overview

The Policy Checks feature provides organizations with a centralized, transparent way to enforce compliance and governance controls across Workflows and Stacks.

Each Policy Checks are located inside the Overview tab, this feature helps teams validate actions, configurations, and runtime executions against predefined policy rules.

The design emphasizes clarity, automation, and traceability, ensuring that both configuration-time and runtime evaluations are easy to understand, monitor, and manage.

Policy Checks

Key Features

Policy Rule Types

Policy Checks are divided into two categories:

  • Runtime Rules – Enforced during Workflow or Stack execution.

    These validations run when a Workflow or Stack is executed, ensuring security and compliance in real time.

  • Configuration Rules – Enforced at configuration level, when a Workflow or Stack is created, saved, or updated.

    Defined when the policy provider references a SG Workflow/Stack(JSON) provider.

If both types of rules exist, they are displayed under two separate tabs — Runtime Rules and Configuration Rules.

If only one type is available, the interface automatically adjusts to show just that set.

Rule Cards and Status

Each rule appears as a collapsible card, showing:

  • Policy Rule name

  • Associated Policy

  • Policy description

  • Status

Expanding a card reveals more details about evaluation results once the policy has run.

If the rule applies to a Stack, the evaluation may include results across multiple workflows contained within that Stack.

Statuses include:

  • Pass – The policy rule was successfully validated and met all defined conditions. No further action is required.

  • Fail – The policy rule did not meet the defined conditions and was rejected. Depending on the setup, the workflow, stack, or configuration may be blocked.

  • Warning – The rule triggered a cautionary condition but did not block execution or save. It highlights potential issues that should be reviewed.

  • Pending – The rule requires explicit approval before proceeding. This occurs when a policy action is set to Approval Required. Approvals can only be made during Workflow or Stack Runs.

  • Skipped – Intentionally marked to be bypassed during evaluation. It exists and was processed, but its results are not enforced or counted.

  • Unevaluated - The policy rule has not yet been checked. This state appears when no configuration change or execution has occurred since the rule was added.

Note:

  • Runtime Rule results appear only after the Workflow or Stack has been executed.

  • Configuration Rules are evaluated upon saving, and their results are displayed right after the configuration is saved.

Approval Behavior

When a rule action is set to Approval Required, approvals can only be granted during Workflow or Stack Runs.

Configuration updates cannot be approved directly, even if a Configuration Rule requests approval, it will only apply during Workflow/Stack runs.

Notes from Developers

  • Runtime Rules → evaluated dynamically during Workflow or Stack run execution.

  • Configuration Rules → evaluated immediately at save or update time.

  • Approvals → only available during Workflow or Stack Runs; not supported during settings or metadata edits.

  • Status visibility → updated only after at least one execution.

  • Tabs → displayed dynamically based on rule presence (both or single type).

  • Actions supported: Pass, Fail, Warn, Approval Required, Unevaluated.

2. Infracost Estimation

Estimates the cost of infrastructure changes before deployment.

For Stacks, this reflects the aggregated cost estimation across all workflows included in the Stack.

  • Displays estimated hourly and monthly cost based on detected resources.

  • Highlights differences between the current and previous runs.

  • Shows:

    • Total Estimated Cost

    • Cost change compared to last run

    • Breakdown by resource or service

    • By default the on-demand cost per resource is shown

    • When linking the infracost.io account to StackGuardian a custom discount or pricebook will be applied

This helps ensure cost visibility and control before applying infrastructure changes for both Workflows and Stacks.

Infracost Estimation

3. Resources

Lists all resources managed or created by the Workflow or Stack.

For a Stack, resources managed by any of the workflows inside it are included.

  • Displays name, type, status, and cloud provider details.

  • Supports search, filter, and sort functions.

  • Clicking a resource reveals details such as:

    • Resource ID and type

    • Provider

    • Lifecycle state (created, updated, deleted)

    • Cloud console link (if available)

This section provides an instant view of what infrastructure the Workflow or Stack manages.

Resources