A Playbook is a set of steps that modify the configuration of your runtime cloud environment in order to correct a Policy Violation.
The image below displays the main elements on a Playbook screen.
Playbook Screen Elements (shown below)
A. The name of the Playbook (for example, Security Groups Delete) will appear with the number of resources associated with it.
B. The high-level description of the playbook.
C. When more than one Playbook is available, press Change Action to select an option. For further details on working Working with Multiple Remediation Options, see below.
Select Resources and then press Remediate.
If you would like to review the Playbook's code before running it, press </>, then Back and then Remediate.
Alternatively, you may prefer to copy the Playbook's code and run it from your workstation using local access keys.
For this approach:
- Press </> .
- Now you can either (a) Copy the Playbook code into your clipboard or (b) Download the Playbook code (it will be saved in a ".js" file).
- Copy the CLI command and run it from the same directory where you saved the Playbook code.
- Mark the Incident as Remediated.
If you download or copy the Playbook and Remediate from your workstation using local access keys but forget to Mark as Remediated, the Incident will appear on the next scan, but since it has actually been fixed, the number of Resources will be 0. This is to allow you to then Mark as Remediated.
If you have connected Bridgecrew to multiple cloud accounts, separate Remediation groupings with the same Playbook options may appear for each account. You can choose the Playbook to use to Remediate resources across relevant accounts.
- Click on Remediation grouping.
The Change Action option displays.
- Press Change Action to display a list of Playbooks.
- Select an alternative Playbook. Playbook names and descriptions will automatically change on the page.
Updated 4 months ago