Create a cloud policy
A cloud policy can override a property value set by a user, create an approval task, reserve an IP address, pre-populate or hide form fields, execute custom scripts, call the Cloud API, or start or abort subflows. A cloud policy gives you system-wide control over approvals, resource operations, blueprint operations, or catalog item settings.
Before you begin
- Optional: Create one or more cloud policy groups.
- Role required: sn_cmp.cloud_governor or admin
About this task
Procedure
-
Click New and then fill in the form.
Figure 1. Example policy form Field Description Policy Name A descriptive name that includes the word Policy. Do not start the name with a number. Description A description of the intent of the policy. Policy Group A policy group to which the policy belongs. Policy Trigger A trigger that specifies when the policy should be applied. For example, the on Lease end trigger applies the policy when the lease for a stack ends. See Triggers for cloud policies. Resource Block [appears when the on Resource Operation trigger is selected]
The resource block that the policy applies to. Operation [appears when the on Blueprint provision, on Blueprint provision (approval) or on Resource Operation trigger is selected]
Select the operation that the policy applies to. For example, a policy can apply to the Deprovision operation only or to all operations on the blueprint or catalog item. Note:If no operation is specified, then the policy applies for every operation. This condition can decrease performance.- All: Any operation executes.
- Start: The resource starts.
- Stop: The resource stops.
- Provision: The resource is provisioned.
- Deprovision: The resource is no longer available to users.
- Execute Script: A script runs on the resource.
Moment [appears when the on Resource Operation trigger is selected]
Specify when the policy should be enforced: - Pre-operation: Before the specified operation starts.
- Post-operation: After the specified operation finishes.
Note:If you are integrating with Infoblox, use Pre-operation for a vSphere virtual machine. Use Post-operation for AWS and Azure clouds because AWS and Azure control the allocation of IP addresses. You can register the IP address that is provided with Infoblox.Catalog item [appears when an on Catalog item launch, on Catalog item request start, or on Catalog item request end trigger is selected]
Select the catalog item that the policy applies to. Start Date / End Date Specify the start date when the policy should be considered and the end date when the policy should no longer be considered. Order of Execution Specify a number that represents the order in which the policy is applied. A policy with a lower number runs before a policy with a higher number. For example, a policy with Order of 100 runs before a policy with an Order of 200.
Note:The Order of Execution property does not apply for on Blueprint provision (approval), on Stack operation (approval), on Stack resource operation (approval), and on Task remediation policies. See Create a cloud approval policy for details.Status - Published policies are enforced. You cannot edit a policy in the Published state. To edit a policy that is in the Published state, click Draft on the form header.
- You can edit Draft policies. Draft policies are not enforced. To enforce a policy, click Publish on the form header.