Cloud Configuration Governance policies

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:4分

    • Cloud Configuration Governance policy defines the non-compliant configurations for a given cloud resource type.

    Each Cloud Configuration Governance policy contains the following information:

    • The cloud on which the resource is provisioned.
    • The cloud resource type.
    • Definition of the non-compliant configuration. For example, unencrypted Amazon Web Services (AWS) S3 buckets or insecure Identity and Access Management (IAM) accounts.
    • Definition of the audit violation (policy violation) report.
    注:
    Starting with Cloud Configuration Governance version 1.3.7, the base system contents are moved to the CCG Content Pack. Install the CCG Content Pack to access the base system Cloud Configuration Governance contents.

    Cloud Configuration Governance provides several base system policies. You can either use these policies or create custom policies as per the needs of your organization. Depending on the need and your familiarity with the ServiceNow AI Platform, you can use any one of the following methods to create the policy:

    To use the policy, add the policy to a policy set. Each policy set can contain one or more policies. For more information on creating policy sets, see Create policy set.

    表 : 1. Base system policies
    Name Type Description
    AWS IAM User Activity policy Condition builder Policy to check if the password is enabled for the AWS IAM user.
    To use this policy, ensure that the AWS IAM user account has the following permissions:
    • Iam:GetCredentialReport
    • Iam:GenerateCredentialReport
    AWS S3 Enforce Bucket encryption Condition builder Policy to check if the AWS S3 buckets are encrypted.
    AWS Sample flow policy Integration Hub flow Policy to illustrate an Integration Hub flow-based policy.
    AWS VM HardwareType Condition builder Policy to check if the deployed EC2 VMs are using only the approved hardware types.
    AWS VM IPAddress Script Policy to check if the IP address of the EC2 VM is matching with the Configuration Management Database (CMDB) record.
    AWS VM Monitoring State Condition builder Policy to check if detailed monitoring is enabled for the EC2 VM.
    Azure VM HardwareType Condition builder Policy to check if the deployed Azure VMs are using only the approved hardware types.
    Azure VM IP Address Script Policy to check if the IP address of the Azure VM is matching with the CMDB record.
    Azure VM Monitoring State Condition builder Policy to check if detailed monitoring is enabled for the Azure VM.