Required Compliance Policy Fields
When writing compliance policies, you need to include the webhook action logic to ensure findings are posted to Kion. Within the webhook action, there are three configurable fields that determine what should be returned.
- resource_name is returned by the Cloud Custodian API.
- data_json is returned by the Cloud Custodian API.
- resource_type is a Kion concept and is free-form text.
To determine what to put in these fields, you can run the policy locally without the action portion. This generates several output files. If you look at the resources.json output file, any of the attributes of the returned JSON structure can be used as the resource_name, resource_type, or data_json in your policy.
To determine resource_name, you can also find the underlying API call that Cloud Custodian makes to AWS. For reference, Cloud Custodian is written in Python and uses Boto3 to communicate with AWS. You can search Boto3 documentation to see what the API calls return. The returns can be used for the resource_name
or data_json
fields.
You can read the basics of writing compliance policies in Writing Cloud Custodian Compliance Policies.