Learn OPA-REGO with Real Code Examples

Updated Nov 27, 2025

Introduction & Fundamentals Setup & Configuration Architecture & Deep Internals Performance & Security Development Workflow Learning & Career Growth Business & Strategy Examples

Code Sample Descriptions

Simple OPA Rego Policy

# opa/demo/deny_public_s3.rego
package s3

default allow = true

allow {
    input.resource_type != "aws_s3_bucket"
}

allow {
    input.resource_type == "aws_s3_bucket"
    input.acl != "public-read"
    input.acl != "public-read-write"
}

A simple Rego policy to deny creation of public S3 buckets in AWS.

Let’s Try →