diff --git a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects.go b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects.go
index 937e0ff4d..d380f44ef 100644
--- a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects.go
+++ b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects.go
@@ -52,7 +52,16 @@ func TemplateToPolicyDefinition(template *templates.ConstraintTemplate) (*admiss
 				APIVersion: fmt.Sprintf("%s/%s", apiconstraints.Group, templatesv1beta1.SchemeGroupVersion.Version),
 				Kind:       template.Spec.CRD.Spec.Names.Kind,
 			},
-			MatchConstraints: nil, // We cannot support match constraints since `resource` is not available shift-left
+			MatchConstraints: &admissionregistrationv1alpha1.MatchResources{
+				ResourceRules: []admissionregistrationv1alpha1.NamedRuleWithOperations{
+					{
+						RuleWithOperations: admissionregistrationv1alpha1.RuleWithOperations{
+							Operations: []admissionregistrationv1alpha1.OperationType{admissionregistrationv1alpha1.OperationAll},
+							Rule:       admissionregistrationv1alpha1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*"}},
+						},
+					},
+				},
+			},
 			MatchConditions:  matchConditions,
 			Validations:      validations,
 			FailurePolicy:    failurePolicy,
diff --git a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go
index dea90e27e..2cb467f27 100644
--- a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go
+++ b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go
@@ -60,6 +60,16 @@ func TestTemplateToPolicyDefinition(t *testing.T) {
 						APIVersion: "constraints.gatekeeper.sh/v1beta1",
 						Kind:       "SomePolicy",
 					},
+					MatchConstraints: &admissionregistrationv1alpha1.MatchResources{
+						ResourceRules: []admissionregistrationv1alpha1.NamedRuleWithOperations{
+							{
+								RuleWithOperations: admissionregistrationv1alpha1.RuleWithOperations{
+									Operations: []admissionregistrationv1alpha1.OperationType{admissionregistrationv1alpha1.OperationAll},
+									Rule:       admissionregistrationv1alpha1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*"}},
+								},
+							},
+						},
+					},
 					MatchConditions: []admissionregistrationv1alpha1.MatchCondition{
 						{
 							Name:       "must_match_something",