Visual Editor

📘

See Custom Policies - Overview for a conceptual explanation of Custom Policies in Bridgecrew Cloud.

Creating a Custom Policy

To build a Custom Policy:

  1. Under Policies, select New Policy.
  1. Select Visual Editor.

Policy Details, Name, Category and Severity Level

  1. Under Policy Details, enter the Policy Name and Guidelines. Note: the name and guidelines appear in Incidents based on this policy.
  2. Select Category and Severity Level.

Select Framework and Cloud Provider

  1. Select the framework, Terraform or CloudFormation, whose syntax you will use to define the Policy.
  • For runtime Policies - select Terraform (Bridgecrew uses Terraform arguments to express configuration states for runtime Policies).
  • If you select both Terraform and CloudFormation, create separate Rules rule for each framework.

Associate with Benchmark (Optional)

  1. You also have the option of associating your Custom Policy with one or more benchmark reports (see Compliance Reports). Choose the Benchmark and the section in which this Policy will appear within the report.

📘

Multi-Rule Policies

You can also define Policies with multiple Rules, using AND/OR operators. See examples further down this page.

Define Policy Rule

  1. Under Definition, create one or more Policy rule.
    The elements of a Rule (Resource Type, Key, Argument, Value) are detailed in the table below.

📘

Note

Bridgecrew uses Terraform arguments to express configuration states. See further details and examples here.

Rule Element

Description

Note

Resource Type

The dropdown includes Resource Types relevant to the cloud platform selected.
To quickly find a Resource Type, enter any part of its name. For example, type "s3" to see only Resource Types that include "s3".

Select the syntax appropriate for the framework. For example, for Terraform you may select aws_s3_bucket and to create an identical rule for CloudFormation, you would select AWS::S3::BUCKET.

Key

Select a key

The dropdown list shows key that are relevant to the Resource Type.

Argument

Select an argument, for example, Not Equal or Contains

Preview

  1. When you complete the rule, a preview appears in the right pane with a list of Resources that are not compliant with the new Policy.
    In the example below, the Resource is non-compliant because the ACL is public and not private.
  1. Select Done.
    The Policies page will open. You can filter by Created by to quickly find your custom Policies.

📘

Note

Your new Policy will be included in Bridgecrew Cloud's next scan.

Multi-Rule Policies

You can create Policies with multiple rules using AND/OR conditions.
Select OR to the right of the Rule to add a Rule with an OR relationship.
Use OR for:

  • Complex logic
  • Multi-framework environments (Terraform and CloudFormation)
Multi-Rule Policy: OR ExampleMulti-Rule Policy: OR Example

Multi-Rule Policy: OR Example

Select AND under the Rule to add a Rule with an AND relationship.

Multi-Rule Policy: AND ExampleMulti-Rule Policy: AND Example

Multi-Rule Policy: AND Example

Editing, Deleting, Inspecting a Custom Policy

Custom Policies can be viewed on the Policy Dashboard.
To edit, delete or inspect a Custom Policy, hover over the date at the end of the Policy row.


What’s Next
Did this page help you?