Modern applications, while offering scalability and rapid updates, have introduced significant complexity, especially concerning infrastructure configuration and security. Even managed cloud services require additional setups to ensure security, with common breaches often stemming from misconfigured resources like AWS S3 Buckets and Elasticsearch instances. Policy as Code (PaC) tools, such as Pulumi's CrossGuard, can preemptively address these issues by verifying infrastructure configurations against best practices before deployment. CrossGuard, an SDK for writing policies, includes playbooks for cloud providers like AWS, Azure, and Google Cloud Platform, and can enforce policies to prevent common errors like public access to S3 buckets or unsecured Elasticsearch deployments. These practices are demonstrated through examples, using Pulumi to create and test policies that prevent public exposure and mandate encryption for Elasticsearch. As of Pulumi 2.0, CrossGuard is set to expand its features, including OPA integration, enhancing its capability to secure infrastructure proactively.