Cloud Configuration Governance Policy form

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Cloud Configuration Governance Policy form

    The Cloud Configuration Governance Policy form is part of the IT Operations Management suite, specifically designed for managing cloud resources. This form provides comprehensive details regarding policies, including cloud provider, resource type, policy type, and settings for reporting policy violations.

    Show full answer Show less

    Key Features

    • Policy Name and Description: Each policy has a unique identifier and a brief description.
    • Resource Type: Specify the type of cloud resource for policy creation. If needed, custom resource types can be created.
    • Policy Condition: Define the type of policy and the conditions for identifying non-compliant configurations through various methods:
      • Condition Builder: A no-code approach.
      • Integration Hub Flow: A low-code option.
      • Script: A code-based method for more complex policies.
    • Conditions for Reporting: Specify logical conditions for non-compliance using key-value pairs and operators.
    • Audit Violation Reporting: Define how violations are reported, including severity levels and violation definitions.

    Key Outcomes

    By utilizing the Cloud Configuration Governance Policy form, ServiceNow customers can effectively create and manage cloud resource policies, ensuring compliance and streamlined reporting of policy violations. This structured approach enables better governance of cloud configurations, leading to enhanced operational efficiency and risk management in cloud environments.

    The Cloud Configuration Governance Policy form displays detailed information about the policy such as cloud provider, resource type, policy type, and policy violation reporting settings.

    Field Description
    Policy name Name that uniquely identifies the policy.
    Description Brief description of the policy.

    Resource type

    Define the resource type for which you want to create the policy.

    Field Description
    Cloud provider Cloud that hosts the resources to be scanned.
    Resource type Cloud resource type to be scanned through the policy.

    If the required resource type is not available, you can create a resource type. For more information, see Create a resource collector.

    Policy condition

    Define the policy type and the non-compliant resource configuration.

    Field Description
    Type Cloud Configuration Governance supports the following types:
    • Condition builder: The no-code method for creating policies.
    • Integration Hub Flow: The low-code method for creating policies.
    • Script: The code-based method for creating policies.

    Select the show available keys icon (Show available keys icon.) to view the list of all available configuration keys for the selected resource type. You can use any of the keys in the policy.
    Condition

    Conditions for reporting the non-compliant cloud resource configuration. Always specify the key and value in a pair. Use the OR operator and the AND operator to perform logical operations in the policy condition.

    Syntax

    Key is <key_name>
<data_type> Value <condition> <value>

    For example,

    Key is AWS:IAM:User:PasswordEnabled
Boolean Value is true

    This field appears only when Condition Builder is selected from the Type field.
    Configuration key

    Configuration keys for the policy.

    This field appears only when Integration Hub Flow is selected from the Type field.
    Integration flow

    The appropriate Integration Hub flow.

    This field appears only when Integration Hub Flow is selected from the Type field.
    Condition script

    Script that implements the policy conditions to identify and report the policy violations. Cloud Configuration Governance contains several scriptable objects and variables for use in the policy scripts. For more information see, Scripting reference.

    You can create script includes to externalize the decision making and reuse the code across different scripts. For more information on creating the script includes, see Script includes.

    Note:
    If you create a custom audit result record through the script, then the Audit Violation Reporting configuration defined in the policy doesn’t take effect.

    This field appears only when Script is selected from the Type field.

    Audit violation reporting

    Define how Cloud Configuration Governance reports the policy violation.

    Field Description
    Report violation as Violation definition to be included in the audit violation report. Cloud Configuration Governance uses the violation definition to report the policy non-compliances.
    If an appropriate violation definition is not available, you can create one as follows:
    1. Select the lookup using list icon (Lookup using list icon.).
    2. Select New.
    3. Enter a name that uniquely identifies the violation definition.

      Cloud Configuration Governance includes the name of the violation definition in the audit issue report.

    4. Select the default severity for the violation definition.
    5. (Optional) Enter a brief description of the violation.
    Severity Severity level of the violation.

    If you do not select the severity level in the policy, Cloud Configuration Governance uses the default severity defined in the violation definition.