Practice of defining organizational policies, compliance rules, and governance as executable code that can be automatically enforced. Like having security rules and compliance requirements written as programs that check themselves automatically.
Security teams use policy as code to automatically prevent deployment of resources that don't meet security requirements, like blocking public S3 buckets.
All provide guardrails to enforce governance and security. Azure Policy and GCP Organization Policy are native policy engines; AWS commonly combines SCPs (account-level guardrails) with AWS Config Rules (resource compliance). OCI uses IAM policies for access control and Cloud Guard recipes for detecting and responding to policy violations. In practice, “policy as code” often also uses tools like Open Policy Agent (OPA) or HashiCorp Sentinel to express rules in version-controlled code and run them in CI/CD.