diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/auditConfigChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/auditConfigChanges.yaml
index 3ba8593a7..2b46eba13 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/auditConfigChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/auditConfigChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   auditConfigChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/binaryAuthorizationPolicyChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/binaryAuthorizationPolicyChanges.yaml
index 61260d694..699f92c5b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/binaryAuthorizationPolicyChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/binaryAuthorizationPolicyChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   binaryAuthorizationPolicyChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/cloudsqlInstanceChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/cloudsqlInstanceChanges.yaml
index 892ab2b2e..5d5145e98 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/cloudsqlInstanceChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/cloudsqlInstanceChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   cloudsqlInstanceChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/customRoleChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/customRoleChanges.yaml
index 11d67937d..6692dcdf3 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/customRoleChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/customRoleChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   customRoleChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/firewallPolicyRuleChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/firewallPolicyRuleChanges.yaml
index 014088b64..2317f6db9 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/firewallPolicyRuleChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/firewallPolicyRuleChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   firewallPolicyRuleChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/firewallRuleChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/firewallRuleChanges.yaml
index f13d4f640..340573e4a 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/firewallRuleChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/firewallRuleChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   firewallRuleChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/networkChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/networkChanges.yaml
index eaa112c0e..03fffedaa 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/networkChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/networkChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   networkChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/networkRouteChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/networkRouteChanges.yaml
index 24f3412e3..5b1696ed7 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/networkRouteChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/networkRouteChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   networkRouteChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/projectOwnershipChange.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/projectOwnershipChange.yaml
index e9fb297aa..8c500f653 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/projectOwnershipChange.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/projectOwnershipChange.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   projectOwnershipChange:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/observability/storageIamChanges.yaml b/fast/stages/0-org-setup/datasets/hardened/observability/storageIamChanges.yaml
index 445f35ff1..f98acba62 100644
--- a/fast/stages/0-org-setup/datasets/hardened/observability/storageIamChanges.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/observability/storageIamChanges.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../schemas/observability.schema.json
+
 alerts:
   storageIamChanges:
     combiner: OR
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
index 7e72e8fb5..5f793c165 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.accesscontextmanagerDisableBridgePerimeters.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.accesscontextmanagerDisableBridgePerimeters:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudbuildDisableWorkerPoolExternalIP.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudbuildDisableWorkerPoolExternalIP.yaml
index 73b31bcbc..8f7b37603 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudbuildDisableWorkerPoolExternalIP.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudbuildDisableWorkerPoolExternalIP.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudbuildDisableWorkerPoolExternalIP:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedAlgorithms.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedAlgorithms.yaml
index db0f24fe2..0d4289456 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedAlgorithms.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedAlgorithms.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudkmsAllowedAlgorithms:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedProtectionLevel.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedProtectionLevel.yaml
index 9e3665ef0..81befc383 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedProtectionLevel.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedProtectionLevel.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudkmsAllowedProtectionLevel:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedRotationPeriod.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedRotationPeriod.yaml
index fe3074669..0d1a4e9ae 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedRotationPeriod.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudkmsAllowedRotationPeriod.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudkmsAllowedRotationPeriod:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
index 6e8a76f40..d82763f54 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunDisableEnvironmentVariablePattern.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunDisableEnvironmentVariablePattern:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobDisableDefaultServiceAccount.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobDisableDefaultServiceAccount.yaml
index 5a2def08b..ba524d7bd 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobDisableDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobDisableDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunJobDisableDefaultServiceAccount:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
index 124742a94..2a7867f92 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunJobRequireBinaryAuthorization.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunJobRequireBinaryAuthorization:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceDisableDefaultServiceAccount.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceDisableDefaultServiceAccount.yaml
index 91f53439b..700ddf3e2 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceDisableDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceDisableDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunServiceDisableDefaultServiceAccount:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
index 52df5e670..13c47efb9 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudrunServiceRequireBinaryAuthorization.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudrunServiceRequireBinaryAuthorization:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
index 1e6cfeb57..318b980f7 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlDisablePublicAuthorizedNetworks.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlDisablePublicAuthorizedNetworks:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
index 636f23b70..601a4c12f 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlEnforcePasswordComplexity.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlEnforcePasswordComplexity:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
index 0abe78c6e..ab133186d 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireAutomatedBackup.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireAutomatedBackup:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireHighAvailability.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireHighAvailability.yaml
index c74cb70c2..b0a95d4b2 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireHighAvailability.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireHighAvailability.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireHighAvailability:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
index fd23ef012..6df16dd57 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireMySQLDatabaseFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireMySQLDatabaseFlags:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
index 5972e0adf..5d2b4b5fc 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePointInTimeRecovery.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequirePointInTimeRecovery:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
index 2820223c0..5790d2342 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequirePostgreSQLDatabaseAdditionalFlags:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
index a44029f4b..c7e1c6329 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequirePostgreSQLDatabaseFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequirePostgreSQLDatabaseFlags:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
index cce520793..0ec93d379 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireRootPassword.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireRootPassword:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
index 2f3216495..217ac9453 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSQLServerDatabaseFlags.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireSQLServerDatabaseFlags:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
index c1a58b39c..300891581 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.cloudsqlRequireSSLConnection.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.cloudsqlRequireSSLConnection:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocDisableDefaultServiceAccount.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocDisableDefaultServiceAccount.yaml
index 9b4b55387..eb3da46ae 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocDisableDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocDisableDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocDisableDefaultServiceAccount:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireDiskCmekEncryption.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireDiskCmekEncryption.yaml
index e9bda23da..19927aee1 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireDiskCmekEncryption.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireDiskCmekEncryption.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocRequireDiskCmekEncryption:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireInternalIp.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireInternalIp.yaml
index ec5fc02ef..4cef5742f 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireInternalIp.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireInternalIp.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocRequireInternalIp:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireKerberos.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireKerberos.yaml
index be2c75fc2..63ce4fb69 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireKerberos.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dataprocRequireKerberos.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dataprocRequireKerberos:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
index d301810d1..c0c0af9cb 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsAllowedSigningAlgorithms.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dnsAllowedSigningAlgorithms:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
index c1ffe64d7..d4668fd68 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequireManageZoneDNSSEC.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dnsRequireManageZoneDNSSEC:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
index 5ab51b295..4ee588c9a 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.dnsRequirePolicyLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.dnsRequirePolicyLogging:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
index abcc0eb1a..7de8a4680 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforcePolicyRuleLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallEnforcePolicyRuleLogging:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
index c625f51ff..84ca6102f 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallEnforceRuleLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallEnforceRuleLogging:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRequireDescription.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRequireDescription.yaml
index 1229fa641..0be1809ce 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRequireDescription.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRequireDescription.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRequireDescription:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesPolicyRule.yaml
index fa0b38052..c202fd19b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictCacheSearchDatabasesPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesRule.yaml
index d4e24143e..3461c0d52 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictCacheSearchDatabasesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictCacheSearchDatabasesRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesPolicyRule.yaml
index 116aed1ab..8dfa7b84e 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictDirectoryServicesPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesRule.yaml
index 9c94b85c4..38bb43d1c 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictDirectoryServicesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictDirectoryServicesRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsPolicyRule.yaml
index 31c3e9090..f6f472562 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictExplicitAllPortsPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsRule.yaml
index 191c7c5a8..fbeb1014c 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictExplicitAllPortsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictExplicitAllPortsRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsPolicyRule.yaml
index e6abf64ec..7bb9ad8e1 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictInsecureProtocolsPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsRule.yaml
index af163c13a..64b472db3 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictInsecureProtocolsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictInsecureProtocolsRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsPolicyRule.yaml
index c68f87893..edbdf944c 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictMailProtocolsPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsRule.yaml
index f35648a51..8e4837de9 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictMailProtocolsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictMailProtocolsRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsPolicyRule.yaml
index 5d9378d0f..6ec10d303 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictManagementPortsPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsRule.yaml
index d958561f0..500c6878a 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictManagementPortsRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictManagementPortsRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesPolicyRule.yaml
index 9a930d343..2a66e9574 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNetworkServicesPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesRule.yaml
index ed0f6892f..37bff1cea 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNetworkServicesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNetworkServicesRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesPolicyRule.yaml
index a91402eb5..50d20c897 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNoSQLDatabasesPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesRule.yaml
index 14a57d11c..9b78f6ab6 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictNoSQLDatabasesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictNoSQLDatabasesRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessPolicyRule.yaml
index a96f37578..baf8b2c2b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictPublicAccessPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessRule.yaml
index 4e548cf4a..9a09c5c9a 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictPublicAccessRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictPublicAccessRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
index 6074bbac9..9c2682da5 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictRdpPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
index 6640402b7..937281c66 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictRdpRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictRdpRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesPolicyRule.yaml
index cdad9f2eb..01217e3fb 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSQLDatabasesPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesRule.yaml
index 549e213b1..3b5937a5b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSQLDatabasesRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSQLDatabasesRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
index f2e5d8994..7b5b80823 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshPolicyRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSshPolicyRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
index b10723338..959d18dd8 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.firewallRestrictSshRule.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.firewallRestrictSshRule:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
index afe36af55..e8ec2f9bb 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedNodePoolImages.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeAllowedNodePoolImages:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
index 97c54801e..c7a00d7a0 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeAllowedReleaseChannels.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeAllowedReleaseChannels:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
index e0c354ee9..d76ed0705 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableAlphaCluster.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableAlphaCluster:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
index 053dff095..6bcead9a6 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableKubernetesDashboard.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableKubernetesDashboard:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
index 69a0e4294..4d103777b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyAbac.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableLegacyAbac:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
index bbea18c81..004e65558 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeDisableLegacyMetadataEndpoints.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeDisableLegacyMetadataEndpoints:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
index 099e6e4c8..7e4c96f53 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireCOSImage.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireCOSImage:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireConfidentialNodes.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireConfidentialNodes.yaml
index 3dd4fd157..df29c8e8a 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireConfidentialNodes.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireConfidentialNodes.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireConfidentialNodes:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
index 1242373a8..991f59158 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireDataplaneV2.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireDataplaneV2:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
index 8fad83b2a..31a7bd2bc 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireGKEMetadataServer.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireGKEMetadataServer:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
index 928ebdac0..586d19929 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntegrityMonitoring.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireIntegrityMonitoring:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
index 2863cbc36..08016f647 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireIntraNodeVisibility.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireIntraNodeVisibility:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
index ba496bbfc..e4812e74d 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMasterAuthorizedNetworks.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireMasterAuthorizedNetworks:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
index 2962a2f21..6137b0f53 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireMonitoring.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireMonitoring:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
index 491c52d6e..4344c4291 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoRepair.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolAutoRepair:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
index 9d62cfb02..3e74f9564 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolAutoUpgrade.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolAutoUpgrade:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
index 5054042c2..8eee4d029 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolCMEKEncryption.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolCMEKEncryption:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
index c21850ff1..1c0d30d09 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireNodePoolSandbox.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireNodePoolSandbox:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
index 6c8f81a51..0158f22f1 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequirePrivateEndpoint.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequirePrivateEndpoint:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
index 9f0ea5c90..c7c429a2f 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireRegionalClusters.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireRegionalClusters:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
index 6bae09764..0b51287bd 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireSecureBoot.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireSecureBoot:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
index e7171b9ee..cc3c37a74 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.gkeRequireVPCNativeCluster.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.gkeRequireVPCNativeCluster:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
index 505d75977..c4cbb5986 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamAllowedMembers.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamAllowedMembers:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableAdminServiceAccount.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableAdminServiceAccount.yaml
index d50775090..6cbebc3f9 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableAdminServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableAdminServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableAdminServiceAccount:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableBasicRoles.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableBasicRoles.yaml
index 5a2eba910..0be7dbd72 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableBasicRoles.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableBasicRoles.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableBasicRoles:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableProjectServiceAccountImpersonationRoles.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableProjectServiceAccountImpersonationRoles.yaml
index 3293330db..a4670ce58 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableProjectServiceAccountImpersonationRoles.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableProjectServiceAccountImpersonationRoles.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableProjectServiceAccountImpersonationRoles:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
index 27e179543..344711690 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisablePublicBindings.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisablePublicBindings:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
index c4e63e2ef..3cf58b93b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.iamDisableRedisAdminRoles.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.iamDisableRedisAdminRoles:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
index 2d8c63ce5..01b867bbe 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableTargetHTTPProxy.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkDisableTargetHTTPProxy:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
index 7fda224f9..7b7f11c6e 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkDisableWeakSSLPolicy.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkDisableWeakSSLPolicy:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireBackendServiceLogging.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireBackendServiceLogging.yaml
index 92fbe5cb6..5ae9ba5f9 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireBackendServiceLogging.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireBackendServiceLogging.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkRequireBackendServiceLogging:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
index a4a604936..02263f9ef 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireCustomModeVpc.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkRequireCustomModeVpc:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
index 81bb8e7a9..b57bc4451 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.networkRequireSubnetPrivateGoogleAccess.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.networkRequireSubnetPrivateGoogleAccess:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
index fe80d3dd3..d8ca32bac 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/custom-constraints/custom.storageRequireBucketObjectVersionning.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/custom-constraint.schema.json
+
 custom.storageRequireBucketObjectVersionning:
   action_type: DENY
   condition: |-
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/artifactregistryRequireCMEK.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/artifactregistryRequireCMEK.yaml
index 42dff4663..20b490d2c 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/artifactregistryRequireCMEK.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/artifactregistryRequireCMEK.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 artifactregistryRequireCMEK:
   description: Detect if Artifact Registry repositories are not encrypted using CMEK
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml
index 0865ea8ee..acdf5d1c2 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireIngressInternalAndLoadBalancer.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudfunctionsV1RequireIngressInternalAndLoadBalancer:
   description:
     Detect if Gen1 Cloud Functions are not configured to allow only internal traffic and traffic from load balancer
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml
index 64a81408e..7e6a1e479 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudfunctionsV1RequireVPCConnector.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudfunctionsV1RequireVPCConnector:
   description: Detect if Gen1 Cloud Functions are configured without any VPC Connector
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedAlgorithms.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedAlgorithms.yaml
index dd69e09a2..46bd3f6fd 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedAlgorithms.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedAlgorithms.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudkmsAllowedAlgorithms:
   description: Detect if the the algorithm for Cloud KMS keys is not configured correctly
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedProtectionLevel.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedProtectionLevel.yaml
index b27e53631..4708432d1 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedProtectionLevel.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudkmsAllowedProtectionLevel.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudkmsAllowedProtectionLevel:
   description: Detect if the protection level for Cloud KMS keys is not configured correctly
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableJobDefaultServiceAccount.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableJobDefaultServiceAccount.yaml
index 2af3a60b8..cc5b38916 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableJobDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableJobDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudrunDisableJobDefaultServiceAccount:
   description: Detect if default service accounts are used by Cloud Run jobs
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableServiceDefaultServiceAccount.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableServiceDefaultServiceAccount.yaml
index d6d2086fd..031faed23 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableServiceDefaultServiceAccount.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunDisableServiceDefaultServiceAccount.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudrunDisableServiceDefaultServiceAccount:
   description: Detect if default service accounts are used by Cloud Run services
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml
index 0138ab0bb..3d68d3121 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireBinaryAuthorization.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudrunRequireBinaryAuthorization:
   description: Detect if Cloud Run services are configured without Binary Authorization enabled
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireEgressAllTraffic.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireEgressAllTraffic.yaml
index 5676e28f8..ee1397f63 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireEgressAllTraffic.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireEgressAllTraffic.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudrunRequireEgressAllTraffic:
   description:
     Detect if Cloud Run services and jobs are not configured to route all egress traffic through the VPC network
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml
index 9df048aa5..eb6502494 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudrunRequireIngressInternalAndLoadBalancer.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudrunRequireIngressInternalAndLoadBalancer:
   description:
     Detect if Cloud Run services are not configured to allow only internal traffic and traffic from load balancer
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequireHighAvailability.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequireHighAvailability.yaml
index 3fb2f3339..5c0dbf5e6 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequireHighAvailability.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequireHighAvailability.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudsqlRequireHighAvailability:
   description: Detect if the high availability (HA) configuration for Cloud SQL instances is not set to regional
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml
index f07959943..01eebe53b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/cloudsqlRequirePointInTimeRecovery.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 cloudsqlRequirePointInTimeRecovery:
   description: Detect if the CloudSQL instances have point in time recovery disabled
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml
index 7dc623385..8f99746fe 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/computeDisableNestedVirtualization.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 computeDisableNestedVirtualization:
   description: Detect Compute Instances with nested virtualization enabled
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml
index 128def0bd..efa56dba9 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeDisableClientCertificateAuth.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 gkeDisableClientCertificateAuth:
   description: Detect if any GKE clusters uses client certificate authentication
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireConfidentialNodes.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireConfidentialNodes.yaml
index 665e9ce98..af66d8154 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireConfidentialNodes.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireConfidentialNodes.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 gkeRequireConfidentialNodes:
   description: Detect if any GKE clusters are running without Confidential GKE nodes
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml
index cf133e8b9..2899d604b 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireDataplaneV2.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 gkeRequireDataplaneV2:
   description: Detect if GKE clusters are configured with a version different than Dataplane V2
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml
index 4755346e5..8fb5d4e7d 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/gkeRequireRegionalCluster.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 gkeRequireRegionalCluster:
   description: Detect if any non regional GKE clusters are used
   predicate:
diff --git a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/secretmanagerAllowedRotationPeriod.yaml b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/secretmanagerAllowedRotationPeriod.yaml
index 9089c4179..ae9057270 100644
--- a/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/secretmanagerAllowedRotationPeriod.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/organization/scc-sha-custom-modules/secretmanagerAllowedRotationPeriod.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# yaml-language-server: $schema=../../../../schemas/scc-sha-custom-modules.schema.json
+
 secretmanagerAllowedRotationPeriod:
   description: Detect if the rotation period for secrets are not configured correctly
   predicate:
diff --git a/fast/stages/0-org-setup/schemas/custom-constraint.schema.json b/fast/stages/0-org-setup/schemas/custom-constraint.schema.json
index fd7fc5c7f..3be08e39c 100644
--- a/fast/stages/0-org-setup/schemas/custom-constraint.schema.json
+++ b/fast/stages/0-org-setup/schemas/custom-constraint.schema.json
@@ -4,7 +4,7 @@
   "type": "object",
   "additionalProperties": false,
   "patternProperties": {
-    "^[a-z-]+\\.[a-zA-Z]+$": {
+    "^custom\\.[a-zA-Z0-9_-]+$": {
       "type": "object",
       "additionalProperties": false,
       "required": [
diff --git a/fast/stages/0-org-setup/schemas/custom-constraint.schema.md b/fast/stages/0-org-setup/schemas/custom-constraint.schema.md
index 6b6f33729..d119ed55d 100644
--- a/fast/stages/0-org-setup/schemas/custom-constraint.schema.md
+++ b/fast/stages/0-org-setup/schemas/custom-constraint.schema.md
@@ -6,7 +6,7 @@
 
 *additional properties: false*
 
-- **`^[a-z-]+\.[a-zA-Z]+$`**: *object*
+- **`^custom\.[a-zA-Z0-9_-]+$`**: *object*
   <br>*additional properties: false*
   - **display_name**: *string*
   - **description**: *string*
diff --git a/fast/stages/0-org-setup/schemas/observability.schema.json b/fast/stages/0-org-setup/schemas/observability.schema.json
new file mode 100644
index 000000000..cf3eb2f0a
--- /dev/null
+++ b/fast/stages/0-org-setup/schemas/observability.schema.json
@@ -0,0 +1,514 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Observability Schema",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "alerts": {
+      "$ref": "#/$defs/alerts"
+    },
+    "logging_metrics": {
+      "$ref": "#/$defs/logging_metrics"
+    },
+    "notification_channels": {
+      "$ref": "#/$defs/notification_channels"
+    }
+  },
+  "$defs": {
+    "alerts": {
+      "title": "Alerts",
+      "type": "object",
+      "additionalProperties": false,
+      "patternProperties": {
+        "^[a-zA-Z0-9-]+$": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "combiner": {
+              "type": "string"
+            },
+            "display_name": {
+              "type": "string"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "notification_channels": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            },
+            "severity": {
+              "type": "string"
+            },
+            "user_labels": {
+              "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              }
+            },
+            "alert_strategy": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "auto_close": {
+                  "type": "string"
+                },
+                "notification_prompts": {
+                  "type": "string"
+                },
+                "notification_rate_limit": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "properties": {
+                    "period": {
+                      "type": "string"
+                    }
+                  }
+                },
+                "notification_channel_strategy": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "properties": {
+                    "notification_channel_names": {
+                      "type": "array",
+                      "items": {
+                        "type": "string"
+                      }
+                    },
+                    "renotify_interval": {
+                      "type": "string"
+                    }
+                  }
+                }
+              }
+            },
+            "conditions": {
+              "type": "array",
+              "items": {
+                "$ref": "#/$defs/condition"
+              }
+            },
+            "documentation": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "content": {
+                  "type": "string"
+                },
+                "mime_type": {
+                  "type": "string"
+                },
+                "subject": {
+                  "type": "string"
+                },
+                "links": {
+                  "type": "array",
+                  "items": {
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                      "display_name": {
+                        "type": "string"
+                      },
+                      "url": {
+                        "type": "string"
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          },
+          "required": [
+            "combiner"
+          ]
+        }
+      }
+    },
+    "logging_metrics": {
+      "title": "Logging Metrics",
+      "type": "object",
+      "additionalProperties": false,
+      "patternProperties": {
+        "^[a-zA-Z0-9-]+$": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "filter": {
+              "type": "string"
+            },
+            "bucket_name": {
+              "type": "string"
+            },
+            "description": {
+              "type": "string"
+            },
+            "disabled": {
+              "type": "boolean"
+            },
+            "label_extractors": {
+              "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              }
+            },
+            "value_extractor": {
+              "type": "string"
+            },
+            "bucket_options": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "explicit_buckets": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "properties": {
+                    "bounds": {
+                      "type": "array",
+                      "items": {
+                        "type": "number"
+                      }
+                    }
+                  }
+                },
+                "exponential_buckets": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "properties": {
+                    "num_finite_buckets": {
+                      "type": "number"
+                    },
+                    "growth_factor": {
+                      "type": "number"
+                    },
+                    "scale": {
+                      "type": "number"
+                    }
+                  }
+                },
+                "linear_buckets": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "properties": {
+                    "num_finite_buckets": {
+                      "type": "number"
+                    },
+                    "width": {
+                      "type": "number"
+                    },
+                    "offset": {
+                      "type": "number"
+                    }
+                  }
+                }
+              }
+            },
+            "metric_descriptor": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "metric_kind": {
+                  "type": "string"
+                },
+                "value_type": {
+                  "type": "string"
+                },
+                "display_name": {
+                  "type": "string"
+                },
+                "unit": {
+                  "type": "string"
+                },
+                "labels": {
+                  "type": "array",
+                  "items": {
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                      "key": {
+                        "type": "string"
+                      },
+                      "description": {
+                        "type": "string"
+                      },
+                      "value_type": {
+                        "type": "string"
+                      }
+                    },
+                    "required": [
+                      "key"
+                    ]
+                  }
+                }
+              },
+              "required": [
+                "metric_kind",
+                "value_type"
+              ]
+            }
+          },
+          "required": [
+            "filter"
+          ]
+        }
+      }
+    },
+    "notification_channels": {
+      "title": "Notification Channels",
+      "type": "object",
+      "additionalProperties": false,
+      "patternProperties": {
+        "^[a-zA-Z0-9-]+$": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "type": {
+              "type": "string"
+            },
+            "description": {
+              "type": "string"
+            },
+            "display_name": {
+              "type": "string"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "labels": {
+              "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              }
+            },
+            "user_labels": {
+              "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              }
+            },
+            "sensitive_labels": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "auth_token": {
+                  "type": "string"
+                },
+                "password": {
+                  "type": "string"
+                },
+                "service_key": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "required": [
+            "type"
+          ]
+        }
+      }
+    },
+    "condition": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "display_name": {
+          "type": "string"
+        },
+        "condition_absent": {
+          "$ref": "#/$defs/absent_condition"
+        },
+        "condition_matched_log": {
+          "$ref": "#/$defs/matched_log_condition"
+        },
+        "condition_monitoring_query_language": {
+          "$ref": "#/$defs/monitoring_query_condition"
+        },
+        "condition_prometheus_query_language": {
+          "$ref": "#/$defs/prometheus_query_condition"
+        },
+        "condition_threshold": {
+          "$ref": "#/$defs/threshold_condition"
+        }
+      },
+      "required": [
+        "display_name"
+      ]
+    },
+    "absent_condition": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "duration": {
+          "type": "string"
+        },
+        "filter": {
+          "type": "string"
+        },
+        "aggregations": {
+          "$ref": "#/$defs/aggregations"
+        },
+        "trigger": {
+          "$ref": "#/$defs/trigger"
+        }
+      },
+      "required": [
+        "duration"
+      ]
+    },
+    "matched_log_condition": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "filter": {
+          "type": "string"
+        },
+        "label_extractors": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "filter"
+      ]
+    },
+    "monitoring_query_condition": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "duration": {
+          "type": "string"
+        },
+        "query": {
+          "type": "string"
+        },
+        "evaluation_missing_data": {
+          "type": "string"
+        },
+        "trigger": {
+          "$ref": "#/$defs/trigger"
+        }
+      },
+      "required": [
+        "duration",
+        "query"
+      ]
+    },
+    "prometheus_query_condition": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "query": {
+          "type": "string"
+        },
+        "alert_rule": {
+          "type": "string"
+        },
+        "disable_metric_validation": {
+          "type": "boolean"
+        },
+        "duration": {
+          "type": "string"
+        },
+        "evaluation_interval": {
+          "type": "string"
+        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
+        "rule_group": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "query"
+      ]
+    },
+    "threshold_condition": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "comparison": {
+          "type": "string"
+        },
+        "duration": {
+          "type": "string"
+        },
+        "denominator_filter": {
+          "type": "string"
+        },
+        "evaluation_missing_data": {
+          "type": "string"
+        },
+        "filter": {
+          "type": "string"
+        },
+        "threshold_value": {
+          "type": "number"
+        },
+        "aggregations": {
+          "$ref": "#/$defs/aggregations"
+        },
+        "denominator_aggregations": {
+          "$ref": "#/$defs/aggregations"
+        },
+        "forecast_options": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "forecast_horizon": {
+              "type": "string"
+            }
+          }
+        },
+        "trigger": {
+          "$ref": "#/$defs/trigger"
+        }
+      },
+      "required": [
+        "comparison",
+        "duration"
+      ]
+    },
+    "aggregations": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "per_series_aligner": {
+          "type": "string"
+        },
+        "group_by_fields": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "cross_series_reducer": {
+          "type": "string"
+        },
+        "alignment_period": {
+          "type": "string"
+        }
+      }
+    },
+    "trigger": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "count": {
+          "type": "number"
+        },
+        "percent": {
+          "type": "number"
+        }
+      }
+    }
+  }
+}
diff --git a/fast/stages/0-org-setup/schemas/observability.schema.md b/fast/stages/0-org-setup/schemas/observability.schema.md
new file mode 100644
index 000000000..e3e411782
--- /dev/null
+++ b/fast/stages/0-org-setup/schemas/observability.schema.md
@@ -0,0 +1,166 @@
+# Observability Schema
+
+<!-- markdownlint-disable MD036 -->
+
+## Properties
+
+*additional properties: false*
+
+- **alerts**: *reference([alerts](#refs-alerts))*
+- **logging_metrics**: *reference([logging_metrics](#refs-logging_metrics))*
+- **notification_channels**: *reference([notification_channels](#refs-notification_channels))*
+
+## Definitions
+
+- **alerts**<a name="refs-alerts"></a>: *object*
+  <br>*additional properties: false*
+  - **`^[a-zA-Z0-9-]+$`**: *object*
+    <br>*additional properties: false*
+    - ⁺**combiner**: *string*
+    - **display_name**: *string*
+    - **enabled**: *boolean*
+    - **notification_channels**: *array*
+      - items: *string*
+    - **severity**: *string*
+    - **user_labels**: *object*
+      <br>*additional properties: string*
+    - **alert_strategy**: *object*
+      <br>*additional properties: false*
+      - **auto_close**: *string*
+      - **notification_prompts**: *string*
+      - **notification_rate_limit**: *object*
+        <br>*additional properties: false*
+        - **period**: *string*
+      - **notification_channel_strategy**: *object*
+        <br>*additional properties: false*
+        - **notification_channel_names**: *array*
+          - items: *string*
+        - **renotify_interval**: *string*
+    - **conditions**: *array*
+      - items: *reference([condition](#refs-condition))*
+    - **documentation**: *object*
+      <br>*additional properties: false*
+      - **content**: *string*
+      - **mime_type**: *string*
+      - **subject**: *string*
+      - **links**: *array*
+        - items: *object*
+          <br>*additional properties: false*
+          - **display_name**: *string*
+          - **url**: *string*
+- **logging_metrics**<a name="refs-logging_metrics"></a>: *object*
+  <br>*additional properties: false*
+  - **`^[a-zA-Z0-9-]+$`**: *object*
+    <br>*additional properties: false*
+    - ⁺**filter**: *string*
+    - **bucket_name**: *string*
+    - **description**: *string*
+    - **disabled**: *boolean*
+    - **label_extractors**: *object*
+      <br>*additional properties: string*
+    - **value_extractor**: *string*
+    - **bucket_options**: *object*
+      <br>*additional properties: false*
+      - **explicit_buckets**: *object*
+        <br>*additional properties: false*
+        - **bounds**: *array*
+          - items: *number*
+      - **exponential_buckets**: *object*
+        <br>*additional properties: false*
+        - **num_finite_buckets**: *number*
+        - **growth_factor**: *number*
+        - **scale**: *number*
+      - **linear_buckets**: *object*
+        <br>*additional properties: false*
+        - **num_finite_buckets**: *number*
+        - **width**: *number*
+        - **offset**: *number*
+    - **metric_descriptor**: *object*
+      <br>*additional properties: false*
+      - ⁺**metric_kind**: *string*
+      - ⁺**value_type**: *string*
+      - **display_name**: *string*
+      - **unit**: *string*
+      - **labels**: *array*
+        - items: *object*
+          <br>*additional properties: false*
+          - ⁺**key**: *string*
+          - **description**: *string*
+          - **value_type**: *string*
+- **notification_channels**<a name="refs-notification_channels"></a>: *object*
+  <br>*additional properties: false*
+  - **`^[a-zA-Z0-9-]+$`**: *object*
+    <br>*additional properties: false*
+    - ⁺**type**: *string*
+    - **description**: *string*
+    - **display_name**: *string*
+    - **enabled**: *boolean*
+    - **labels**: *object*
+      <br>*additional properties: string*
+    - **user_labels**: *object*
+      <br>*additional properties: string*
+    - **sensitive_labels**: *object*
+      <br>*additional properties: false*
+      - **auth_token**: *string*
+      - **password**: *string*
+      - **service_key**: *string*
+- **condition**<a name="refs-condition"></a>: *object*
+  <br>*additional properties: false*
+  - ⁺**display_name**: *string*
+  - **condition_absent**: *reference([absent_condition](#refs-absent_condition))*
+  - **condition_matched_log**: *reference([matched_log_condition](#refs-matched_log_condition))*
+  - **condition_monitoring_query_language**: *reference([monitoring_query_condition](#refs-monitoring_query_condition))*
+  - **condition_prometheus_query_language**: *reference([prometheus_query_condition](#refs-prometheus_query_condition))*
+  - **condition_threshold**: *reference([threshold_condition](#refs-threshold_condition))*
+- **absent_condition**<a name="refs-absent_condition"></a>: *object*
+  <br>*additional properties: false*
+  - ⁺**duration**: *string*
+  - **filter**: *string*
+  - **aggregations**: *reference([aggregations](#refs-aggregations))*
+  - **trigger**: *reference([trigger](#refs-trigger))*
+- **matched_log_condition**<a name="refs-matched_log_condition"></a>: *object*
+  <br>*additional properties: false*
+  - ⁺**filter**: *string*
+  - **label_extractors**: *object*
+    <br>*additional properties: string*
+- **monitoring_query_condition**<a name="refs-monitoring_query_condition"></a>: *object*
+  <br>*additional properties: false*
+  - ⁺**duration**: *string*
+  - ⁺**query**: *string*
+  - **evaluation_missing_data**: *string*
+  - **trigger**: *reference([trigger](#refs-trigger))*
+- **prometheus_query_condition**<a name="refs-prometheus_query_condition"></a>: *object*
+  <br>*additional properties: false*
+  - ⁺**query**: *string*
+  - **alert_rule**: *string*
+  - **disable_metric_validation**: *boolean*
+  - **duration**: *string*
+  - **evaluation_interval**: *string*
+  - **labels**: *object*
+    <br>*additional properties: string*
+  - **rule_group**: *string*
+- **threshold_condition**<a name="refs-threshold_condition"></a>: *object*
+  <br>*additional properties: false*
+  - ⁺**comparison**: *string*
+  - ⁺**duration**: *string*
+  - **denominator_filter**: *string*
+  - **evaluation_missing_data**: *string*
+  - **filter**: *string*
+  - **threshold_value**: *number*
+  - **aggregations**: *reference([aggregations](#refs-aggregations))*
+  - **denominator_aggregations**: *reference([aggregations](#refs-aggregations))*
+  - **forecast_options**: *object*
+    <br>*additional properties: false*
+    - **forecast_horizon**: *string*
+  - **trigger**: *reference([trigger](#refs-trigger))*
+- **aggregations**<a name="refs-aggregations"></a>: *object*
+  <br>*additional properties: false*
+  - **per_series_aligner**: *string*
+  - **group_by_fields**: *array*
+    - items: *string*
+  - **cross_series_reducer**: *string*
+  - **alignment_period**: *string*
+- **trigger**<a name="refs-trigger"></a>: *object*
+  <br>*additional properties: false*
+  - **count**: *number*
+  - **percent**: *number*
diff --git a/fast/stages/0-org-setup/schemas/scc-sha-custom-modules.schema.json b/fast/stages/0-org-setup/schemas/scc-sha-custom-modules.schema.json
new file mode 100644
index 000000000..f70f354e5
--- /dev/null
+++ b/fast/stages/0-org-setup/schemas/scc-sha-custom-modules.schema.json
@@ -0,0 +1,51 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "SCC Security Health Analytics Custom Modules",
+  "type": "object",
+  "patternProperties": {
+    "^[a-z][a-zA-Z0-9_]*$": {
+      "type": "object",
+      "required": [
+        "predicate",
+        "resource_selector",
+        "severity"
+      ],
+      "properties": {
+        "description": {
+          "type": "string"
+        },
+        "predicate": {
+          "type": "object",
+          "required": [
+            "expression"
+          ],
+          "properties": {
+            "expression": {
+              "type": "string"
+            }
+          }
+        },
+        "recommendation": {
+          "type": "string"
+        },
+        "resource_selector": {
+          "type": "object",
+          "required": [
+            "resource_types"
+          ],
+          "properties": {
+            "resource_types": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
+        },
+        "severity": {
+          "type": "string"
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/fast/stages/0-org-setup/schemas/scc-sha-custom-modules.schema.md b/fast/stages/0-org-setup/schemas/scc-sha-custom-modules.schema.md
new file mode 100644
index 000000000..685da6bed
--- /dev/null
+++ b/fast/stages/0-org-setup/schemas/scc-sha-custom-modules.schema.md
@@ -0,0 +1,19 @@
+# SCC Security Health Analytics Custom Modules
+
+<!-- markdownlint-disable MD036 -->
+
+## Properties
+
+- **`^[a-z][a-zA-Z0-9_]*$`**: *object*
+  - **description**: *string*
+  - ⁺**predicate**: *object*
+    - ⁺**expression**: *string*
+  - **recommendation**: *string*
+  - ⁺**resource_selector**: *object*
+    - ⁺**resource_types**: *array*
+      - items: *string*
+  - ⁺**severity**: *string*
+
+## Definitions
+
+
diff --git a/modules/folder/schemas/scc-mute-config.schema.json b/modules/folder/schemas/scc-mute-config.schema.json
index 6a46cb581..a5ae84bdb 100644
--- a/modules/folder/schemas/scc-mute-config.schema.json
+++ b/modules/folder/schemas/scc-mute-config.schema.json
@@ -3,7 +3,7 @@
   "title": "SCC Mute Configurations",
   "type": "object",
   "patternProperties": {
-    "^[a-zA-Z]+$": {
+    "^[a-z]([a-z0-9-]*[a-z0-9])?$": {
       "type": "object",
       "required": [
         "filter"
@@ -26,4 +26,4 @@
       }
     }
   }
-}
+}
\ No newline at end of file
diff --git a/modules/folder/schemas/scc-mute-config.schema.md b/modules/folder/schemas/scc-mute-config.schema.md
index 15db0d6ce..3d542a312 100644
--- a/modules/folder/schemas/scc-mute-config.schema.md
+++ b/modules/folder/schemas/scc-mute-config.schema.md
@@ -4,8 +4,12 @@
 
 ## Properties
 
-- **`^[a-zA-Z]+$`**: *object*
+- **`^[a-z]([a-z0-9-]*[a-z0-9])?$`**: *object*
   - **description**: *string*
   - ⁺**filter**: *string*
   - **type**: *string*
     - enum: `DYNAMIC`, `STATIC`
+
+## Definitions
+
+
diff --git a/modules/folder/schemas/scc-sha-custom-modules.schema.json b/modules/folder/schemas/scc-sha-custom-modules.schema.json
index 2f0794b6f..f70f354e5 100644
--- a/modules/folder/schemas/scc-sha-custom-modules.schema.json
+++ b/modules/folder/schemas/scc-sha-custom-modules.schema.json
@@ -3,7 +3,7 @@
   "title": "SCC Security Health Analytics Custom Modules",
   "type": "object",
   "patternProperties": {
-    "^[a-zA-Z]+$": {
+    "^[a-z][a-zA-Z0-9_]*$": {
       "type": "object",
       "required": [
         "predicate",
@@ -12,38 +12,38 @@
       ],
       "properties": {
         "description": {
-            "type": "string"
+          "type": "string"
         },
         "predicate": {
-            "type": "object",
-            "required": [
-              "expression"
-            ],
-             "properties": {
-                "expression": {
-                    "type": "string"
-                }
-             }
+          "type": "object",
+          "required": [
+            "expression"
+          ],
+          "properties": {
+            "expression": {
+              "type": "string"
+            }
+          }
         },
         "recommendation": {
-            "type": "string"
+          "type": "string"
         },
         "resource_selector": {
-            "type": "object",
-            "required": [
-              "resource_types"
-            ],
-             "properties": {
-                "resource_types": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                }
-             }
+          "type": "object",
+          "required": [
+            "resource_types"
+          ],
+          "properties": {
+            "resource_types": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
         },
         "severity": {
-            "type": "string"
+          "type": "string"
         }
       }
     }
diff --git a/modules/folder/schemas/scc-sha-custom-modules.schema.md b/modules/folder/schemas/scc-sha-custom-modules.schema.md
index f071c9558..685da6bed 100644
--- a/modules/folder/schemas/scc-sha-custom-modules.schema.md
+++ b/modules/folder/schemas/scc-sha-custom-modules.schema.md
@@ -4,7 +4,7 @@
 
 ## Properties
 
-- **`^[a-zA-Z]+$`**: *object*
+- **`^[a-z][a-zA-Z0-9_]*$`**: *object*
   - **description**: *string*
   - ⁺**predicate**: *object*
     - ⁺**expression**: *string*
diff --git a/modules/organization/schemas/org-policy-custom-constraint.schema.json b/modules/organization/schemas/org-policy-custom-constraint.schema.json
index fd7fc5c7f..3be08e39c 100644
--- a/modules/organization/schemas/org-policy-custom-constraint.schema.json
+++ b/modules/organization/schemas/org-policy-custom-constraint.schema.json
@@ -4,7 +4,7 @@
   "type": "object",
   "additionalProperties": false,
   "patternProperties": {
-    "^[a-z-]+\\.[a-zA-Z]+$": {
+    "^custom\\.[a-zA-Z0-9_-]+$": {
       "type": "object",
       "additionalProperties": false,
       "required": [
diff --git a/modules/organization/schemas/org-policy-custom-constraint.schema.md b/modules/organization/schemas/org-policy-custom-constraint.schema.md
index 6b6f33729..d119ed55d 100644
--- a/modules/organization/schemas/org-policy-custom-constraint.schema.md
+++ b/modules/organization/schemas/org-policy-custom-constraint.schema.md
@@ -6,7 +6,7 @@
 
 *additional properties: false*
 
-- **`^[a-z-]+\.[a-zA-Z]+$`**: *object*
+- **`^custom\.[a-zA-Z0-9_-]+$`**: *object*
   <br>*additional properties: false*
   - **display_name**: *string*
   - **description**: *string*
diff --git a/modules/organization/schemas/scc-mute-config.schema.json b/modules/organization/schemas/scc-mute-config.schema.json
index 6a46cb581..a5ae84bdb 100644
--- a/modules/organization/schemas/scc-mute-config.schema.json
+++ b/modules/organization/schemas/scc-mute-config.schema.json
@@ -3,7 +3,7 @@
   "title": "SCC Mute Configurations",
   "type": "object",
   "patternProperties": {
-    "^[a-zA-Z]+$": {
+    "^[a-z]([a-z0-9-]*[a-z0-9])?$": {
       "type": "object",
       "required": [
         "filter"
@@ -26,4 +26,4 @@
       }
     }
   }
-}
+}
\ No newline at end of file
diff --git a/modules/organization/schemas/scc-mute-config.schema.md b/modules/organization/schemas/scc-mute-config.schema.md
index 15db0d6ce..3d542a312 100644
--- a/modules/organization/schemas/scc-mute-config.schema.md
+++ b/modules/organization/schemas/scc-mute-config.schema.md
@@ -4,8 +4,12 @@
 
 ## Properties
 
-- **`^[a-zA-Z]+$`**: *object*
+- **`^[a-z]([a-z0-9-]*[a-z0-9])?$`**: *object*
   - **description**: *string*
   - ⁺**filter**: *string*
   - **type**: *string*
     - enum: `DYNAMIC`, `STATIC`
+
+## Definitions
+
+
diff --git a/modules/organization/schemas/scc-sha-custom-modules.schema.json b/modules/organization/schemas/scc-sha-custom-modules.schema.json
index 2f0794b6f..f70f354e5 100644
--- a/modules/organization/schemas/scc-sha-custom-modules.schema.json
+++ b/modules/organization/schemas/scc-sha-custom-modules.schema.json
@@ -3,7 +3,7 @@
   "title": "SCC Security Health Analytics Custom Modules",
   "type": "object",
   "patternProperties": {
-    "^[a-zA-Z]+$": {
+    "^[a-z][a-zA-Z0-9_]*$": {
       "type": "object",
       "required": [
         "predicate",
@@ -12,38 +12,38 @@
       ],
       "properties": {
         "description": {
-            "type": "string"
+          "type": "string"
         },
         "predicate": {
-            "type": "object",
-            "required": [
-              "expression"
-            ],
-             "properties": {
-                "expression": {
-                    "type": "string"
-                }
-             }
+          "type": "object",
+          "required": [
+            "expression"
+          ],
+          "properties": {
+            "expression": {
+              "type": "string"
+            }
+          }
         },
         "recommendation": {
-            "type": "string"
+          "type": "string"
         },
         "resource_selector": {
-            "type": "object",
-            "required": [
-              "resource_types"
-            ],
-             "properties": {
-                "resource_types": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                }
-             }
+          "type": "object",
+          "required": [
+            "resource_types"
+          ],
+          "properties": {
+            "resource_types": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
         },
         "severity": {
-            "type": "string"
+          "type": "string"
         }
       }
     }
diff --git a/modules/organization/schemas/scc-sha-custom-modules.schema.md b/modules/organization/schemas/scc-sha-custom-modules.schema.md
index f071c9558..685da6bed 100644
--- a/modules/organization/schemas/scc-sha-custom-modules.schema.md
+++ b/modules/organization/schemas/scc-sha-custom-modules.schema.md
@@ -4,7 +4,7 @@
 
 ## Properties
 
-- **`^[a-zA-Z]+$`**: *object*
+- **`^[a-z][a-zA-Z0-9_]*$`**: *object*
   - **description**: *string*
   - ⁺**predicate**: *object*
     - ⁺**expression**: *string*
diff --git a/modules/project/schemas/scc-mute-config.schema.json b/modules/project/schemas/scc-mute-config.schema.json
index 6a46cb581..a5ae84bdb 100644
--- a/modules/project/schemas/scc-mute-config.schema.json
+++ b/modules/project/schemas/scc-mute-config.schema.json
@@ -3,7 +3,7 @@
   "title": "SCC Mute Configurations",
   "type": "object",
   "patternProperties": {
-    "^[a-zA-Z]+$": {
+    "^[a-z]([a-z0-9-]*[a-z0-9])?$": {
       "type": "object",
       "required": [
         "filter"
@@ -26,4 +26,4 @@
       }
     }
   }
-}
+}
\ No newline at end of file
diff --git a/modules/project/schemas/scc-mute-config.schema.md b/modules/project/schemas/scc-mute-config.schema.md
index 15db0d6ce..3d542a312 100644
--- a/modules/project/schemas/scc-mute-config.schema.md
+++ b/modules/project/schemas/scc-mute-config.schema.md
@@ -4,8 +4,12 @@
 
 ## Properties
 
-- **`^[a-zA-Z]+$`**: *object*
+- **`^[a-z]([a-z0-9-]*[a-z0-9])?$`**: *object*
   - **description**: *string*
   - ⁺**filter**: *string*
   - **type**: *string*
     - enum: `DYNAMIC`, `STATIC`
+
+## Definitions
+
+
diff --git a/modules/project/schemas/scc-sha-custom-modules.schema.json b/modules/project/schemas/scc-sha-custom-modules.schema.json
index 2f0794b6f..f70f354e5 100644
--- a/modules/project/schemas/scc-sha-custom-modules.schema.json
+++ b/modules/project/schemas/scc-sha-custom-modules.schema.json
@@ -3,7 +3,7 @@
   "title": "SCC Security Health Analytics Custom Modules",
   "type": "object",
   "patternProperties": {
-    "^[a-zA-Z]+$": {
+    "^[a-z][a-zA-Z0-9_]*$": {
       "type": "object",
       "required": [
         "predicate",
@@ -12,38 +12,38 @@
       ],
       "properties": {
         "description": {
-            "type": "string"
+          "type": "string"
         },
         "predicate": {
-            "type": "object",
-            "required": [
-              "expression"
-            ],
-             "properties": {
-                "expression": {
-                    "type": "string"
-                }
-             }
+          "type": "object",
+          "required": [
+            "expression"
+          ],
+          "properties": {
+            "expression": {
+              "type": "string"
+            }
+          }
         },
         "recommendation": {
-            "type": "string"
+          "type": "string"
         },
         "resource_selector": {
-            "type": "object",
-            "required": [
-              "resource_types"
-            ],
-             "properties": {
-                "resource_types": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                }
-             }
+          "type": "object",
+          "required": [
+            "resource_types"
+          ],
+          "properties": {
+            "resource_types": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
         },
         "severity": {
-            "type": "string"
+          "type": "string"
         }
       }
     }
diff --git a/modules/project/schemas/scc-sha-custom-modules.schema.md b/modules/project/schemas/scc-sha-custom-modules.schema.md
index f071c9558..685da6bed 100644
--- a/modules/project/schemas/scc-sha-custom-modules.schema.md
+++ b/modules/project/schemas/scc-sha-custom-modules.schema.md
@@ -4,7 +4,7 @@
 
 ## Properties
 
-- **`^[a-zA-Z]+$`**: *object*
+- **`^[a-z][a-zA-Z0-9_]*$`**: *object*
   - **description**: *string*
   - ⁺**predicate**: *object*
     - ⁺**expression**: *string*