See Custom Policies - Overview for a conceptual explanation of Custom Policies in Bridgecrew Cloud.
Creating a Custom Policy
To build a Custom Policy:
- Under Policies, select New Policy.
- Select Visual Editor.
Policy Details, Name, Category and Severity Level
- Under Policy Details, enter the Policy Name and Guidelines. Note: the name and guidelines appear in Incidents based on this policy.
- Select Category and Severity Level.
Select Framework and Cloud Provider
- Select the framework, Terraform or CloudFormation, whose syntax you will use to define the Policy.
- For runtime Policies - select Terraform (Bridgecrew uses Terraform arguments to express configuration states for runtime Policies).
- If you select both Terraform and CloudFormation, create separate Rules rule for each framework.
Associate with Benchmark (Optional)
- You also have the option of associating your Custom Policy with one or more benchmark reports (see Compliance Reports). Choose the Benchmark and the section in which this Policy will appear within the report.
You can also define Policies with multiple Rules, using AND/OR operators. See examples further down this page.
Define Policy Rule
- Under Definition, create one or more Policy rule.
The elements of a Rule (Resource Type, Key, Argument, Value) are detailed in the table below.
Bridgecrew uses Terraform arguments to express configuration states. See further details and examples here.
|Resource Type||The dropdown includes Resource Types relevant to the cloud platform selected.|
To quickly find a Resource Type, enter any part of its name. For example, type "s3" to see only Resource Types that include "s3".
|Select the syntax appropriate for the framework. For example, for Terraform you may select aws_s3_bucket and to create an identical rule for CloudFormation, you would select AWS::S3::BUCKET.|
|Key||Select a key||The dropdown list shows key that are relevant to the Resource Type.|
|Argument||Select an argument, for example, Not Equal or Contains|
- When you complete the rule, a preview appears in the right pane with a list of Resources that are not compliant with the new Policy.
In the example below, the Resource is non-compliant because the ACL is public and not private.
- Select Done.
The Policies page will open. You can filter by Created by to quickly find your custom Policies.
Your new Policy will be included in Bridgecrew Cloud's next scan.
You can create Policies with multiple rules using AND/OR conditions.
Select OR to the right of the Rule to add a Rule with an OR relationship.
Use OR for:
- Complex logic
- Multi-framework environments (Terraform and CloudFormation)
Select AND under the Rule to add a Rule with an AND relationship.
Editing, Deleting, Inspecting a Custom Policy
Custom Policies can be viewed on the Policy Dashboard.
To edit, delete or inspect a Custom Policy, hover over the date at the end of the Policy row.
Updated over 1 year ago