LogoLogo
  • Guide
    • Introduction
    • Setup
    • CloudQL
    • Compliance
    • Key Terminology
    • Running Audits
    • Embed Compliance Checks in Pipelines
  • Advanced
    • Controls
      • Controls with Inline Policy
      • Controls with References Policies
      • Policies
      • Summary
    • Control Groups
    • Framework
    • Product Architecture
  • advanced-setup
    • Deploy on DigitalOcean / Linode
    • Deploy to AWS
    • Single Sign-On
    • Production Hardening
  • Platform
    • FAQ
Powered by GitBook

© 2025 open governance Inc.

On this page
  • How It All Works Together
  • Benefits
  1. Advanced
  2. Controls

Summary

How It All Works Together

  • Control: Defines the specific compliance requirement (e.g., "IAM keys rotated every 180 days") and references the ID of the corresponding external Policy.

  • External Policy: Contains the actual query or logic used to evaluate compliance. It can dynamically use the parameters provided by the Control.

  • Reusability: This external Policy (aws_iam_access_keys_policy) can be reused by multiple Controls, each with potentially different parameter values (e.g., 90 days vs. 180 days).

Benefits

By separating the Control (what is being checked) from the Policy (how it is checked), this approach promotes:

  • Improved Maintainability: Centralized policy definitions make it easier to update and maintain policy logic.

  • Increased Reusability: Reusing Policies across multiple Controls reduces redundancy and improves efficiency.

  • Enhanced Scalability: Enables easier management of complex compliance requirements within a growing environment.

This approach facilitates a more robust and scalable "compliance-as-code" strategy within Opencomply.

PreviousPoliciesNextControl Groups

Last updated 22 days ago