Cloud Configuration Governance Policy form
Summarize
Summary of Cloud Configuration Governance Policy form
The Cloud Configuration Governance Policy form in ServiceNow provides a detailed interface for defining and managing cloud resource compliance policies. It enables customers to specify the cloud provider, resource types, policy conditions, and how violations are reported. This form is essential for enforcing governance and ensuring cloud resources meet organizational standards.
Show less
Key Features
- Policy Identification: Define a unique Policy name and provide a brief Description to clarify the policy’s purpose.
- Resource Specification: Select the Cloud provider hosting the resources and specify the Resource type to be scanned. If the required resource type does not exist, customers can create new resource collectors.
- Policy Conditions: Choose among three policy creation methods:
- Condition Builder: A no-code interface for defining key-value conditions using logical operators (AND, OR).
- Integration Hub Flow: A low-code method using integration flows and configuration keys.
- Script: Full code-based policies with scripting capabilities, including the use of scriptable objects and external script includes for reusable logic.
- Audit Violation Reporting: Configure how policy violations are reported by associating them with violation definitions. Customers can create new violation definitions with unique names, default severity levels, and optional descriptions to standardize compliance reporting. If severity is not specified in the policy, the default from the violation definition applies.
Practical Use for ServiceNow Customers
This form allows customers to enforce cloud governance by creating precise policies that detect non-compliant resources based on customizable conditions or scripts. It supports flexibility ranging from simple no-code conditions to advanced scripted logic. The violation reporting configuration ensures that compliance issues are captured consistently and clearly in audit reports, supporting effective remediation and governance oversight.
The Cloud Configuration Governance Policy form displays detailed information about the policy such as cloud provider, resource type, policy type, and policy violation reporting settings.
| Field | Description |
|---|---|
| Policy name | Name that uniquely identifies the policy. |
| Description | Brief description of the policy. |
Resource type
Define the resource type for which you want to create the policy.
| Field | Description |
|---|---|
| Cloud provider | Cloud that hosts the resources to be scanned. |
| Resource type | Cloud resource type to be scanned through the policy. If the required resource type is not available, you can create a resource type. For more information, see Create a resource collector. |
Policy condition
Define the policy type and the non-compliant resource configuration.
| Field | Description |
|---|---|
| Type | Cloud Configuration Governance supports the following types:
Select the show available keys icon ( |
| Condition | Conditions for reporting the non-compliant cloud resource configuration. Always specify the key and value in a pair. Use the OR operator and the AND operator to perform logical operations in the policy condition. Syntax For example, This field appears only when Condition Builder is selected from the Type field. |
| Configuration key | Configuration keys for the policy. This field appears only when Integration Hub Flow is selected from the Type field. |
| Integration flow | The appropriate Integration Hub flow. This field appears only when Integration Hub Flow is selected from the Type field. |
| Condition script | Script that implements the policy conditions to identify and report the policy violations. Cloud Configuration Governance contains several scriptable objects and variables for use in the policy scripts. For more information see, Scripting reference. You can create script includes to externalize the decision making and reuse the code across different scripts. For more information on creating the script includes, see Script includes. Note: If you create a custom audit result record through the script, then the
Audit Violation Reporting configuration defined in the
policy doesn’t take effect. This field appears only when Script is selected from the Type field. |
) to view the list of all available configuration keys for the selected resource type. You can use any of the keys in the policy.Audit violation reporting
Define how Cloud Configuration Governance reports the policy violation.
| Field | Description |
|---|---|
| Report violation as | Violation definition to be included in the audit violation
report. Cloud Configuration Governance uses the violation
definition to report the policy non-compliances. If an
appropriate violation definition is not available, you can
create one as follows:
|
| Severity | Severity level of the violation. If you do not select the severity level in the policy, Cloud Configuration Governance uses the default severity defined in the violation definition. |
).