Cloud Configuration Governance Policy form

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Cloud Configuration Governance Policy Form

    The Cloud Configuration Governance Policy form provides detailed insights into policies governing cloud resources, including information on the cloud provider, resource type, policy type, and how violations are reported. This tool is essential for creating and managing compliance policies within your cloud environment.

    Show full answer Show less

    Key Features

    • Policy Name and Description: Unique identifier and brief overview of the policy.
    • Resource Type: Specify the type of cloud resource for which the policy applies. If needed, you can create a new resource type.
    • Policy Condition: Defines the type of policy and the configuration that is considered non-compliant.
    • Condition Builder: A no-code option for policy creation.
    • Integration Hub Flow: A low-code method for policy setup.
    • Script: A code-based method for advanced policy creation, allowing for the use of scriptable objects and variables.
    • Audit Violation Reporting: Configurable settings for how policy violations are reported, including severity levels and violation definitions.

    Key Outcomes

    By utilizing the Cloud Configuration Governance Policy form, customers can ensure their cloud configurations comply with defined standards, effectively manage non-compliance through automated reporting, and maintain a secure cloud environment. You can expect a streamlined approach to policy management that enhances visibility and control over cloud resources, allowing for proactive compliance and governance measures.

    The Cloud Configuration Governance Policy form displays detailed information about the policy such as cloud provider, resource type, policy type, and policy violation reporting settings.

    Field Description
    Policy name Name that uniquely identifies the policy.
    Description Brief description of the policy.

    Resource type

    Define the resource type for which you want to create the policy.

    Field Description
    Cloud provider Cloud that hosts the resources to be scanned.
    Resource type Cloud resource type to be scanned through the policy.

    If the required resource type is not available, you can create a resource type. For more information, see Create a resource collector.

    Policy condition

    Define the policy type and the non-compliant resource configuration.

    Field Description
    Type Cloud Configuration Governance supports the following types:
    • Condition builder: The no-code method for creating policies.
    • Integration Hub Flow: The low-code method for creating policies.
    • Script: The code-based method for creating policies.

    Select the show available keys icon (Show available keys icon.) to view the list of all available configuration keys for the selected resource type. You can use any of the keys in the policy.
    Condition

    Conditions for reporting the non-compliant cloud resource configuration. Always specify the key and value in a pair. Use the OR operator and the AND operator to perform logical operations in the policy condition.

    Syntax

    Key is <key_name>
<data_type> Value <condition> <value>

    For example,

    Key is AWS:IAM:User:PasswordEnabled
Boolean Value is true

    This field appears only when Condition Builder is selected from the Type field.
    Configuration key

    Configuration keys for the policy.

    This field appears only when Integration Hub Flow is selected from the Type field.
    Integration flow

    The appropriate Integration Hub flow.

    This field appears only when Integration Hub Flow is selected from the Type field.
    Condition script

    Script that implements the policy conditions to identify and report the policy violations. Cloud Configuration Governance contains several scriptable objects and variables for use in the policy scripts. For more information see, Scripting reference.

    You can create script includes to externalize the decision making and reuse the code across different scripts. For more information on creating the script includes, see Script includes.

    Note:
    If you create a custom audit result record through the script, then the Audit Violation Reporting configuration defined in the policy doesn’t take effect.

    This field appears only when Script is selected from the Type field.

    Audit violation reporting

    Define how Cloud Configuration Governance reports the policy violation.

    Field Description
    Report violation as Violation definition to be included in the audit violation report. Cloud Configuration Governance uses the violation definition to report the policy non-compliances.
    If an appropriate violation definition is not available, you can create one as follows:
    1. Select the lookup using list icon (Lookup using list icon.).
    2. Select New.
    3. Enter a name that uniquely identifies the violation definition.

      Cloud Configuration Governance includes the name of the violation definition in the audit issue report.

    4. Select the default severity for the violation definition.
    5. (Optional) Enter a brief description of the violation.
    Severity Severity level of the violation.

    If you do not select the severity level in the policy, Cloud Configuration Governance uses the default severity defined in the violation definition.