diff --git a/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go b/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go
index 393cb26b..39b44f20 100644
--- a/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go
+++ b/sysdig/data_source_sysdig_secure_aws_ml_policy_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws
 
 package sysdig_test
 
diff --git a/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go b/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go
index 5985fd01..9a778618 100644
--- a/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go
+++ b/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure
 
 package sysdig_test
 
diff --git a/sysdig/resource_sysdig_secure_aws_ml_policy_test.go b/sysdig/resource_sysdig_secure_aws_ml_policy_test.go
index 801adf27..017cc695 100644
--- a/sysdig/resource_sysdig_secure_aws_ml_policy_test.go
+++ b/sysdig/resource_sysdig_secure_aws_ml_policy_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig_secure || tf_acc_policies_aws || tf_acc_onprem_secure
+//go:build tf_acc_sysdig_secure || tf_acc_policies_aws
 
 package sysdig_test
 
diff --git a/sysdig/resource_sysdig_secure_custom_policy.go b/sysdig/resource_sysdig_secure_custom_policy.go
index 1f89f8a7..7b7d3185 100644
--- a/sysdig/resource_sysdig_secure_custom_policy.go
+++ b/sysdig/resource_sysdig_secure_custom_policy.go
@@ -3,7 +3,6 @@ package sysdig
 import (
 	"context"
 	"errors"
-	"fmt"
 	"net/http"
 	"strconv"
 	"time"
@@ -51,7 +50,7 @@ func resourceSysdigSecureCustomPolicy() *schema.Resource {
 				ValidateDiagFunc: validateDiagFunc(validation.IntBetween(0, 7)),
 			},
 			"rules": {
-				Type:     schema.TypeList,
+				Type:     schema.TypeSet,
 				Optional: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -100,11 +99,11 @@ func customPolicyFromResourceData(d *schema.ResourceData) v2.Policy {
 
 	policy.Rules = []*v2.PolicyRule{}
 
-	rules := d.Get("rules").([]interface{})
-	for index := range rules {
+	for _, ruleItr := range d.Get("rules").(*schema.Set).List() {
+		ruleInfo := ruleItr.(map[string]interface{})
 		rule := &v2.PolicyRule{
-			Name:    d.Get(fmt.Sprintf("rules.%d.name", index)).(string),
-			Enabled: d.Get(fmt.Sprintf("rules.%d.enabled", index)).(bool),
+			Name:    ruleInfo["name"].(string),
+			Enabled: ruleInfo["enabled"].(bool),
 		}
 		policy.Rules = append(policy.Rules, rule)
 	}
@@ -147,13 +146,14 @@ func customPolicyToResourceData(policy *v2.Policy, d *schema.ResourceData) {
 }
 
 func getPolicyRulesFromResourceData(d *schema.ResourceData) []*v2.PolicyRule {
-	rules := d.Get("rules").([]interface{})
+	rules := d.Get("rules").(*schema.Set).List()
 	policyRules := make([]*v2.PolicyRule, len(rules))
 
-	for i, rule := range rules {
+	for i, ruleItr := range rules {
+		ruleInfo := ruleItr.(map[string]interface{})
 		policyRules[i] = &v2.PolicyRule{
-			Name:    rule.(map[string]interface{})["name"].(string),
-			Enabled: rule.(map[string]interface{})["enabled"].(bool),
+			Name:    ruleInfo["name"].(string),
+			Enabled: ruleInfo["enabled"].(bool),
 		}
 	}
 
diff --git a/sysdig/resource_sysdig_secure_custom_policy_test.go b/sysdig/resource_sysdig_secure_custom_policy_test.go
index 37e70020..0591a163 100644
--- a/sysdig/resource_sysdig_secure_custom_policy_test.go
+++ b/sysdig/resource_sysdig_secure_custom_policy_test.go
@@ -10,12 +10,54 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
+	"github.com/draios/terraform-provider-sysdig/buildinfo"
 	"github.com/draios/terraform-provider-sysdig/sysdig"
 )
 
 func TestAccCustomPolicy(t *testing.T) {
 	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
 	policy1 := rText()
+
+	steps := []resource.TestStep{
+		{
+			Config: customPolicyWithName(policy1),
+		},
+		{
+			ResourceName:      "sysdig_secure_custom_policy.sample",
+			ImportState:       true,
+			ImportStateVerify: true,
+		},
+		{
+			Config: customPolicyWithRulesOrderChange(policy1),
+		},
+		{
+			Config: customPolicyWithoutActions(rText()),
+		},
+		{
+			Config: customPolicyWithoutNotificationChannels(rText()),
+		},
+		{
+			Config: customPolicyWithMinimumConfiguration(rText()),
+		},
+		{
+			Config: customPoliciesWithDifferentSeverities(rText()),
+		},
+		{
+			Config: customPoliciesWithKillAction(rText()),
+		},
+		{
+			Config: customPoliciesWithDisabledRules(rText()),
+		},
+	}
+
+	if !buildinfo.OnpremSecure {
+		steps = append(steps,
+			resource.TestStep{Config: customPoliciesForAWSCloudtrail(rText())},
+			resource.TestStep{Config: customPoliciesForGCPAuditLog(rText())},
+			resource.TestStep{Config: customPoliciesForAzurePlatformlogs(rText())},
+		)
+	}
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck: preCheckAnyEnv(t, SysdigSecureApiTokenEnv),
 		ProviderFactories: map[string]func() (*schema.Provider, error){
@@ -23,46 +65,7 @@ func TestAccCustomPolicy(t *testing.T) {
 				return sysdig.Provider(), nil
 			},
 		},
-		Steps: []resource.TestStep{
-			{
-				Config: customPolicyWithName(policy1),
-			},
-			{
-				ResourceName:      "sysdig_secure_custom_policy.sample",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
-			{
-				Config: customPolicyWithRulesOrderChange(policy1),
-			},
-			{
-				Config: customPolicyWithoutActions(rText()),
-			},
-			{
-				Config: customPolicyWithoutNotificationChannels(rText()),
-			},
-			{
-				Config: customPolicyWithMinimumConfiguration(rText()),
-			},
-			{
-				Config: customPoliciesWithDifferentSeverities(rText()),
-			},
-			{
-				Config: customPoliciesWithKillAction(rText()),
-			},
-			{
-				Config: customPoliciesForAWSCloudtrail(rText()),
-			},
-			{
-				Config: customPoliciesForGCPAuditLog(rText()),
-			},
-			{
-				Config: customPoliciesForAzurePlatformlogs(rText()),
-			},
-			{
-				Config: customPoliciesWithDisabledRules(rText()),
-			},
-		},
+		Steps: steps,
 	})
 }
 
diff --git a/sysdig/resource_sysdig_secure_policy_test.go b/sysdig/resource_sysdig_secure_policy_test.go
index bb757e26..2f7418c2 100644
--- a/sysdig/resource_sysdig_secure_policy_test.go
+++ b/sysdig/resource_sysdig_secure_policy_test.go
@@ -10,12 +10,50 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
+	"github.com/draios/terraform-provider-sysdig/buildinfo"
 	"github.com/draios/terraform-provider-sysdig/sysdig"
 )
 
 func TestAccPolicy(t *testing.T) {
 	rText := func() string { return acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) }
 
+	steps := []resource.TestStep{
+		{
+			Config: policyWithName(rText()),
+		},
+		{
+			ResourceName:      "sysdig_secure_policy.sample",
+			ImportState:       true,
+			ImportStateVerify: true,
+		},
+		{
+			Config: policyWithoutActions(rText()),
+		},
+		{
+			Config: policyWithoutNotificationChannels(rText()),
+		},
+		{
+			Config: policyWithMinimumConfiguration(rText()),
+		},
+		{
+			Config: policiesWithDifferentSeverities(rText()),
+		},
+		{
+			Config: policiesWithKillAction(rText()),
+		},
+	}
+
+	if !buildinfo.OnpremSecure {
+		steps = append(steps,
+			resource.TestStep{Config: policiesForAWSCloudtrail(rText())},
+			resource.TestStep{Config: policiesForGCPAuditLog(rText())},
+			resource.TestStep{Config: policiesForAzurePlatformlogs(rText())},
+			resource.TestStep{Config: policiesForFalcoCloudAWSCloudtrail(rText())},
+			resource.TestStep{Config: policiesForOkta(rText())},
+			resource.TestStep{Config: policiesForGithub(rText())},
+		)
+	}
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck: preCheckAnyEnv(t, SysdigSecureApiTokenEnv),
 		ProviderFactories: map[string]func() (*schema.Provider, error){
@@ -23,49 +61,7 @@ func TestAccPolicy(t *testing.T) {
 				return sysdig.Provider(), nil
 			},
 		},
-		Steps: []resource.TestStep{
-			{
-				Config: policyWithName(rText()),
-			},
-			{
-				ResourceName:      "sysdig_secure_policy.sample",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
-			{
-				Config: policyWithoutActions(rText()),
-			},
-			{
-				Config: policyWithoutNotificationChannels(rText()),
-			},
-			{
-				Config: policyWithMinimumConfiguration(rText()),
-			},
-			{
-				Config: policiesWithDifferentSeverities(rText()),
-			},
-			{
-				Config: policiesWithKillAction(rText()),
-			},
-			{
-				Config: policiesForAWSCloudtrail(rText()),
-			},
-			{
-				Config: policiesForGCPAuditLog(rText()),
-			},
-			{
-				Config: policiesForAzurePlatformlogs(rText()),
-			},
-			{
-				Config: policiesForFalcoCloudAWSCloudtrail(rText()),
-			},
-			{
-				Config: policiesForOkta(rText()),
-			},
-			{
-				Config: policiesForGithub(rText()),
-			},
-		},
+		Steps: steps,
 	})
 }