Controls with Inline Policy

Use an inline policy to define both your compliance requirement and its technical logic in one YAML file, simplifying management and keeping all details in a single place.

Example

id: aws_access_keys_during_initial_iam_user_setup  # Unique ID 
title: Access Keys During Initial IAM User Setup   # Descriptive title
description: Prevent access key creation during initial IAM user setup. 
integration_type:
  - aws_cloud_account                   # Platform this Control applies to
parameters: []
policy:
  language: sql               # Policy language (e.g., "sql", "rego")
  primary_resource: aws_iam_credential_report 
  definition: |
    SELECT
      user_name AS resource, 
      ...
      CASE 
        WHEN <condition> THEN 'alarm'
        ELSE 'ok'
      END AS status,
      ...
    FROM
      aws_iam_credential_report
severity: medium               # Impact level (Critical, High, Medium, Low, None)
tags: 
  platform_score_cloud_service_name:
    - AWS Identity and Access Management (IAM)

Guidelines

All Keys in YAML need to be snake case

Required Fields:

id: Unique identifier.
policy.language: Policy language (e.g., "sql", "rego").
policy.primary_resource: Resource type for incident attribution.
policy.definition: Policy logic (must return 'ok' or 'alarm').
severity: Impact level (Critical, High, Medium, Low, None).
parameters: Required if the policy utilizes parameters.

Recommended Fields:

title, description: Descriptive information.
integration_type: Platform or environment.
tags: Metadata for categorization.

PreviousControls NextControls with External Policies

Last updated 6 days ago