Cloud Configuration Governance Policy form

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Cloud Configuration Governance Policy form

The Cloud Configuration Governance Policy form in ServiceNow enables customers to define and manage policies for monitoring cloud resources. It provides detailed configuration options to specify the cloud provider, resource type, policy type, and settings for reporting policy violations. This form helps ensure compliance and governance of cloud configurations by allowing the creation of precise, customizable policies.

Show full answer Show less

Key Features

Policy Identification: Assign a unique name and description to clearly identify each policy.
Resource Specification: Select the cloud provider hosting the resources and the specific cloud resource type to be scanned. Customers can create new resource types if needed.
Policy Condition Types: Choose among three methods to define policies:
- Condition Builder: No-code interface to create policy conditions using keys and values with logical operators.
- Integration Hub Flow: Low-code option using integration flows and configuration keys.
- Script: Code-based method allowing advanced scripting for complex policy logic, with support for reusable script includes.
Condition Definition: Specify exact keys and values to detect non-compliant configurations, supporting logical expressions with AND/OR operators.
Audit Violation Reporting: Define how policy violations are reported by selecting or creating violation definitions, including naming, severity levels, and optional descriptions. The severity can be set at the policy level or defaults to the violation definition severity.

Key Outcomes

Enables precise governance of cloud configurations by defining detailed, customizable policies tailored to specific resources and compliance needs.
Supports multiple policy creation approaches to accommodate different skill levels and complexity requirements.
Facilitates effective compliance tracking through configurable violation reporting, ensuring that non-compliance issues are clearly identified and prioritized.
Allows customers to extend policy logic and reuse code efficiently through scripting capabilities.

The Cloud Configuration Governance Policy form displays detailed information about the policy such as cloud provider, resource type, policy type, and policy violation reporting settings.


Field	Description
Policy name	Name that uniquely identifies the policy.
Description	Brief description of the policy.

Resource type

Define the resource type for which you want to create the policy.


Field	Description
Cloud provider	Cloud that hosts the resources to be scanned.
Resource type	Cloud resource type to be scanned through the policy. If the required resource type is not available, you can create a resource type. For more information, see Create a resource collector.

Policy condition

Define the policy type and the non-compliant resource configuration.


Field	Description
Type	Cloud Configuration Governance supports the following types: Condition builder: The no-code method for creating policies. Integration Hub Flow: The low-code method for creating policies. Script: The code-based method for creating policies. Select the show available keys icon () to view the list of all available configuration keys for the selected resource type. You can use any of the keys in the policy.
Condition	Conditions for reporting the non-compliant cloud resource configuration. Always specify the key and value in a pair. Use the OR operator and the AND operator to perform logical operations in the policy condition. Syntax `Key is <key_name> <data_type> Value <condition> <value>` For example, `Key is AWS:IAM:User:PasswordEnabled Boolean Value is true` This field appears only when Condition Builder is selected from the Type field.
Configuration key	Configuration keys for the policy. This field appears only when Integration Hub Flow is selected from the Type field.
Integration flow	The appropriate Integration Hub flow. This field appears only when Integration Hub Flow is selected from the Type field.
Condition script	Script that implements the policy conditions to identify and report the policy violations. Cloud Configuration Governance contains several scriptable objects and variables for use in the policy scripts. For more information see, Scripting reference. You can create script includes to externalize the decision making and reuse the code across different scripts. For more information on creating the script includes, see Script includes. Note: If you create a custom audit result record through the script, then the Audit Violation Reporting configuration defined in the policy doesn’t take effect. This field appears only when Script is selected from the Type field.

Audit violation reporting

Define how Cloud Configuration Governance reports the policy violation.


Field	Description
Report violation as	Violation definition to be included in the audit violation report. Cloud Configuration Governance uses the violation definition to report the policy non-compliances. If an appropriate violation definition is not available, you can create one as follows: Select the lookup using list icon (). Select New. Enter a name that uniquely identifies the violation definition. Cloud Configuration Governance includes the name of the violation definition in the audit issue report. Select the default severity for the violation definition. (Optional) Enter a brief description of the violation.
Severity	Severity level of the violation. If you do not select the severity level in the policy, Cloud Configuration Governance uses the default severity defined in the violation definition.