When you Select resource(s) and the Remediate option becomes available Bridgecrew prepares to remediate the selected resource(s).
Depending on the type of Incident, you may be offered these types of Remediation:
In addition to these methods of Remediation, in some cases, the Guidelines detail steps that can be taken to Remediate an Incident using local access keys from your workstation.
A Playbook is a set of steps that modify the configuration of your cloud environment in order to correct a Policy Violation. Not all incidents have corresponding Playbooks.
When a Playbook exists for the Incident, specific Playbook details are displayed.
- The name of the Playbook (for example, Security Groups Delete) will appear with the number of resources associated with it.
- When additional details are available, press Change Action for a pop-up display.
- The high-level description of the playbook is shown.
Select the relevant Resources and press Remediate.
If you'd like to review the Playbook's code before running it, press </> and then Back .
Alternatively, you may prefer to copy the Playbook's code and run it from your workstation using local access keys.
For this approach:
- Press </> .
- Now you can either (a) Copy the Playbook code into your clipboard or (b) Download the Playbook code (it will be saved in a ".js" file).
- Copy the CLI command and run it from the same directory where you saved the Playbook code.
- Mark the Incident as Remediated.
If you download or copy the Playbook and Remediate from your workstation using local access keys but forget to Mark as Remediated, the Incident will appear on the next scan, but since it has actually been fixed, the number of Resources will be 0. This is to allow you to then Mark as Remediated.
Resources are grouped per Open Fix PR. All resources in a group may be selected for remediation. Alternatively, expand the group and select the resources you wish to remediate.
- Select Resources(s) to Remediate.
- Press Remediate for Bridgecrew to create a Pull Request in Github with the Incident's details. Github will open in a new tab detailing the name of the Pull Request, details of the files changed and links to Details and Guidelines for the related Policy.
See an example in the image below.
Alternatively, press Cancel.
Updated over 2 years ago