Visual Editor

πŸ“˜

See Custom Policies - Overview for a conceptual explanation of Custom Policies in Bridgecrew Cloud.

Creating a Custom Policy

To build a Custom Policy:

  1. Under Policies, select New Policy.
936
  1. Select Visual Editor.
1016

Policy Details, Name, Category and Severity Level

  1. Under Policy Details, enter the Policy Name and Guidelines. Note: the name and guidelines appear in Incidents based on this policy.
  2. Select Category and Severity Level.
1011

Select Framework and Cloud Provider

  1. Select the framework, Terraform or CloudFormation, whose syntax you will use to define the Policy.
  • For runtime Policies - select Terraform (Bridgecrew uses Terraform arguments to express configuration states for runtime Policies).
  • If you select both Terraform and CloudFormation, create separate Rules rule for each framework.
1007

Associate with Benchmark (Optional)

  1. You also have the option of associating your Custom Policy with one or more benchmark reports (see Compliance Reports). Choose the Benchmark and the section in which this Policy will appear within the report.
401

πŸ“˜

Multi-Rule Policies

You can also define Policies with multiple Rules, using AND/OR operators. See examples further down this page.

Define Policy Rule

  1. Under Definition, create one or more Policy rule.
    The elements of a Rule (Resource Type, Key, Argument, Value) are detailed in the table below.
1008

πŸ“˜

Note

Bridgecrew uses Terraform arguments to express configuration states. See further details and examples here.

Rule ElementDescriptionNote
Resource Type The dropdown includes Resource Types relevant to the cloud platform selected.
To quickly find a Resource Type, enter any part of its name. For example, type "s3" to see only Resource Types that include "s3".
Select the syntax appropriate for the framework. For example, for Terraform you may select aws_s3_bucket and to create an identical rule for CloudFormation, you would select AWS::S3::BUCKET.
Key Select a keyThe dropdown list shows key that are relevant to the Resource Type.
Argument Select an argument, for example, Not Equal or Contains

Preview

  1. When you complete the rule, a preview appears in the right pane with a list of Resources that are not compliant with the new Policy.
    In the example below, the Resource is non-compliant because the ACL is public and not private.
1737
  1. Select Done.
    The Policies page will open. You can filter by Created by to quickly find your custom Policies.

πŸ“˜

Note

Your new Policy will be included in Bridgecrew Cloud's next scan.

Multi-Rule Policies

You can create Policies with multiple rules using AND/OR conditions.
Select OR to the right of the Rule to add a Rule with an OR relationship.
Use OR for:

  • Complex logic
  • Multi-framework environments (Terraform and CloudFormation)
1009

Multi-Rule Policy: OR Example

Select AND under the Rule to add a Rule with an AND relationship.

893

Multi-Rule Policy: AND Example

Editing, Deleting, Inspecting a Custom Policy

Custom Policies can be viewed on the Policy Dashboard.
To edit, delete or inspect a Custom Policy, hover over the date at the end of the Policy row.

1838

What’s Next