Cloud Configuration Governance Policy form

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：6分

The Cloud Configuration Governance Policy form displays detailed information about the policy such as cloud provider, resource type, policy type, and policy violation reporting settings.


Field	Description
Policy name	Name that uniquely identifies the policy.
Description	Brief description of the policy.

Resource type

Define the resource type for which you want to create the policy.


Field	Description
Cloud provider	Cloud that hosts the resources to be scanned.
Resource type	Cloud resource type to be scanned through the policy. If the required resource type is not available, you can create a resource type. For more information, see Create a resource collector.

Policy condition

Define the policy type and the non-compliant resource configuration.


Field	Description
Type	Cloud Configuration Governance supports the following types: Condition builder: The no-code method for creating policies. Integration Hub Flow: The low-code method for creating policies. Script: The code-based method for creating policies. Select the show available keys icon () to view the list of all available configuration keys for the selected resource type. You can use any of the keys in the policy.
Condition	Conditions for reporting the non-compliant cloud resource configuration. Always specify the key and value in a pair. Use the OR operator and the AND operator to perform logical operations in the policy condition. Syntax `Key is <key_name> <data_type> Value <condition> <value>` For example, `Key is AWS:IAM:User:PasswordEnabled Boolean Value is true` This field appears only when Condition Builder is selected from the Type field.
Configuration key	Configuration keys for the policy. This field appears only when Integration Hub Flow is selected from the Type field.
Integration flow	The appropriate Integration Hub flow. This field appears only when Integration Hub Flow is selected from the Type field.
Condition script	Script that implements the policy conditions to identify and report the policy violations. Cloud Configuration Governance contains several scriptable objects and variables for use in the policy scripts. For more information see, Scripting reference. You can create script includes to externalize the decision making and reuse the code across different scripts. For more information on creating the script includes, see Script includes. 注: If you create a custom audit result record through the script, then the Audit Violation Reporting configuration defined in the policy doesn’t take effect. This field appears only when Script is selected from the Type field.

Audit violation reporting

Define how Cloud Configuration Governance reports the policy violation.


Field	Description
Report violation as	Violation definition to be included in the audit violation report. Cloud Configuration Governance uses the violation definition to report the policy non-compliances. If an appropriate violation definition is not available, you can create one as follows: Select the lookup using list icon (). Select New. Enter a name that uniquely identifies the violation definition. Cloud Configuration Governance includes the name of the violation definition in the audit issue report. Select the default severity for the violation definition. (Optional) Enter a brief description of the violation.
Severity	Severity level of the violation. If you do not select the severity level in the policy, Cloud Configuration Governance uses the default severity defined in the violation definition.