This section of the documentation outlines managing IaC Security configurations that will be used for scanning. For a high-level overview of IaC Security (including prerequisites to get started) check out IaC Overview or take a look at the IaC Workflow.
Configurations are a critical component for IaC Analyzer scans and allow users to determine what “checks” to scan for, with regard to resources and Insights.
The Configurations section of the IaC Security interface is available under "Security → Infrastructure as Code → Configurations". Each configuration includes a link to its associated Insight Pack (Compliance Packs or Custom Packs) as well as various statistics about IaC Analyzer scans against the configuration.
- Use the search or pagination features at the top of the page to filter the list of configurations
- Click the context menu (three dots) next to a configuration to access the following additional options:
- Add to favorites
- Usage documentation
- View recent scans for the configuration
Here are a few things to keep in mind when creating your configuration:
- There are currently no limitations on the number of configurations. However, only a single configuration can be used for scanning at one time.
- Configurations are limited to a maximum of 300 Insights.
- Configurations are only available to Domain Admins, Organization Admins, and Editor/Admin-entitled users. See the User Entitlements Matrix for more information.
Users have two options to create a new configuration:
- For users that are launching IaC Security for the first time, click the “Create Configuration” button on the blank "Scan List" page to create a new configuration.
- For users that may have an account with existing configurations, select the "Configurations" tab from the top of the “Infrastructure as Code” landing page then click the “Create New Configuration” button in the top right corner.
The “Create Configuration” form launches from either of the options specified above.
1. Under “General Details”, provide a Name and Description for the new configuration.
2. Under “Insight Configuration” select an Insight Pack to use for your IaC Security analysis.
- InsightCloudSec provides support for both out-of-the-box Compliance Packs and for Custom Packs (based on user-specific configurations of Insights).
- Selecting an Insight Pack (custom or otherwise) will expose a list of the Insights included in the specified pack, along with buttons to configure your desired Insight settings.
3. Select whether to fail, warn, or ignore the Insight upon verification during IaC Security analysis.
- Insights can be configured all at once (“Warn All", "Ignore All", or the default “Fail All”), or on an individual basis by selecting the desired behavior next to each Insight name.
- The level of support is specified under each Insight name in grey text. If no grey text is present, the insight has full resource support.
- Partial Support - Resources are not supported for certain CSPs; these will be specifically identified.
- Unsupported - Resources specific to this Insight are not supported on any of the CSPs; these will be hidden by default. Click the "Show Unsupported Insights" button at the bottom of the "Insight Configuration" list to display them.
4. Optionally, provide a Slack channel and/or email address(s) to notify once the scan is complete.
5. When you are satisfied with your settings click “Save Configuration”. Your completed configuration will be available under the “Configurations” tab on the IaC Security landing page.
1. To edit or delete an existing configuration, click the ellipsis menu to the left of the configuration item within the "Configurations" list and select "Edit".
2. Make your desired changed and select “Save Configuration” to finalize your changes.
Updated about a month ago