📘
See Custom Policies - Overview for a conceptual explanation of Custom Policies in Bridgecrew Cloud.

Creating a Custom Policy

To build a Custom Policy:

Under Policies, select New Policy.

Select Visual Editor.

Policy Details, Name, Category and Severity Level

Under Policy Details, enter the Policy Name and Guidelines. Note: the name and guidelines appear in Incidents based on this policy.
Select Category and Severity Level.

Select Framework and Cloud Provider

Select the framework, Terraform or CloudFormation, whose syntax you will use to define the Policy.

For runtime Policies - select Terraform (Bridgecrew uses Terraform arguments to express configuration states for runtime Policies).
If you select both Terraform and CloudFormation, create separate Rules rule for each framework.

Associate with Benchmark (Optional)

You also have the option of associating your Custom Policy with one or more benchmark reports (see Compliance Reports). Choose the Benchmark and the section in which this Policy will appear within the report.

📘
Multi-Rule Policies
You can also define Policies with multiple Rules, using AND/OR operators. See examples further down this page.

Define Policy Rule

Under Definition, create one or more Policy rule.
The elements of a Rule (Resource Type, Key, Argument, Value) are detailed in the table below.

📘
Note
Bridgecrew uses Terraform arguments to express configuration states. See further details and examples here.

Rule Element	Description	Note
Resource Type	The dropdown includes Resource Types relevant to the cloud platform selected. To quickly find a Resource Type, enter any part of its name. For example, type "s3" to see only Resource Types that include "s3".	Select the syntax appropriate for the framework. For example, for Terraform you may select aws_s3_bucket and to create an identical rule for CloudFormation, you would select AWS::S3::BUCKET.
Key	Select a key	The dropdown list shows key that are relevant to the Resource Type.
Argument	Select an argument, for example, Not Equal or Contains

Preview

When you complete the rule, a preview appears in the right pane with a list of Resources that are not compliant with the new Policy.
In the example below, the Resource is non-compliant because the ACL is public and not private.

Select Done.
The Policies page will open. You can filter by Created by to quickly find your custom Policies.

📘
Note
Your new Policy will be included in Bridgecrew Cloud's next scan.

Multi-Rule Policies

You can create Policies with multiple rules using AND/OR conditions.
Select OR to the right of the Rule to add a Rule with an OR relationship.
Use OR for:

Complex logic
Multi-framework environments (Terraform and CloudFormation)

Select AND under the Rule to add a Rule with an AND relationship.

Editing, Deleting, Inspecting a Custom Policy

Custom Policies can be viewed on the Policy Dashboard.
To edit, delete or inspect a Custom Policy, hover over the date at the end of the Policy row.

Visual Editor

📘

Creating a Custom Policy

Policy Details, Name, Category and Severity Level

Select Framework and Cloud Provider

Associate with Benchmark (Optional)

📘
Multi-Rule Policies

Define Policy Rule

📘
Note

Preview

📘
Note

Multi-Rule Policies

Editing, Deleting, Inspecting a Custom Policy

📘

Creating a Custom Policy

Policy Details, Name, Category and Severity Level

Select Framework and Cloud Provider

Associate with Benchmark (Optional)

📘Multi-Rule Policies

Define Policy Rule

📘Note

Preview

📘Note

Multi-Rule Policies

Editing, Deleting, Inspecting a Custom Policy

📘
Multi-Rule Policies

📘
Note

📘
Note