Applying Cloud Rules with Action Plans
Action plans can be used to automate cloud rule application on projects and OUs via labels. There are two approaches to applying cloud rules with action plans:
- Apply the associated cloud rules to resources that do have the label.
- Apply the associated cloud rules to resources that do not have the label.
For information on creating labels before getting started with action plans, see What is a Label?
Cloud rules are very powerful and can affect access, compliance, enforcements, and provisioning. We recommend reviewing Cloud Rule Best Practices before creating action plans that apply cloud rules.
Cloud rules applied by action plans are still subject to inheritance rules. For more information, see Cloud Rule Inheritance and Exemption.
Creating an Action Plan
- Navigate to Cloud Management > Action Plans.
- Click Add.
- Enter a name for the action plan.
- (Optional) Enter a description of the action plan, its purpose, or what it applies.
- Select which types of resources are targeted.
- Select what the state of the label needs to be.
- Select which label to look for.
- Select which cloud rules to apply.
- View the Impact Report to ensure the cloud rules will be applied to the correct resources.
- Select whether the action plan should be enabled upon creation or if it will be enabled manually at a later time. For more information, see Managing Action Plans.
- Confirm that you understand the action plan will begin applying cloud rules to resources automatically once enabled.
- Click Create.
Once the action plan is enabled, it will automatically apply the selected cloud rules based on the configured criteria. Labels that are part of an action plan and cloud rules that are applied by an action plan are both indicated with a lightening bolt icon .
Example Criteria
If projecthas labelproduction
then apply cloud rule.
If OUdoes not have labelDepartment: DevOps
then apply cloud rule.