Operational Standard Management

1. Standard policy settings screen 

1.1. Menu Guide

Open

1. search

   1. Provides the ability to search for the policy you want to view.

   2. Ignore lowercase/uppercase, and search tooltip content too.

   3. You can search by entering text and pressing the magnifying glass button. You can return to the original state by deleting all text and pressing the magnifying glass button again.

2. Policy registration

   1. You can register a policy by clicking the Register New Policy button.

3. Table Toolbar

   1. EXPAND: Expand the details of all policies to see them at a glance. Click again to return to the default form.

   2. COLUMNS: You can select the columns you want to search. (You can additionally select the description, creation date, and last inspection time columns.)

   3. FILTERS: Advanced filter functions.

   4. EXPORT: You can download the policy list as a CSV file.

4. Sort by policy template

   1. The list of policies is displayed sorted by template. The number in parentheses indicates the number of policies.

5. condition

   1. Basically, only the number of conditions is displayed, and if you click on the blue text, you can check the detailed condition contents in sentence format.

6. Policy Amendment

   1. You can edit the policy by clicking the pencil button.

7. Delete Policy

   1. You can delete a policy by clicking the trash can button.

8. Total number

   1. You can check the total number of policies. If you used the search function, you can check the number of search results.
      
      
      

Setting up a policy template

Open

When you click the 'Register New Policy' button, you can select a policy template supported by CXP.

1.2. Table Guide

• Policy Name

  • A user-specified name to identify the role of the policy.

  • This is a required value, up to 100 characters long, and can be duplicated.

• range

  • It can be divided into services and accounts.

  • Services: Easily create policies for multiple accounts as a 'service' unit within your company.

  • Accounts: You can create policies for each account.

• Target

  • Displays information about a scope (service, account). You can check details with a tooltip.

• CSP

  • Supports AWS, Azure, and GCP.

• resource

  • Refers to the type of cloud resource affected by the policy.

  • If there are multiple, the number will be displayed and you can check the details with a tooltip.

• condition

  • Refers to parameters and operations for evaluating whether a resource violates a policy.

• Description (default: Hide)

  • A user-written description to help you understand the policy's contents.

  • This is not a required field and can be up to 200 characters long.

• Recent changes

  • You can see information about when the policy was last modified and who modified it.

• Creation date (default: Hide)

  • You can check the time the policy was created and information about the user who created it.

• Last checked time (default: Hide)

  • You can check the time when the policy was most recently evaluated.

  • Policy evaluations occur internally within the system at regular intervals. 

• activate

  • You can find out whether the policy is enabled/disabled.

• alarm

  • You can find out whether notification reception is set up.

  • You can set it in the ‘Notification Settings’ menu.

  • For the service scope policy, if an alarm is set for some accounts, it will be displayed as On.

• Actions

  • Provides the ability to edit/delete policies.

1.3. New resource management policy for above instance types

• Description: Rules for VM, SQL Server types. 

• Resources: AWS::EC2, RDS,
               Azure :: Virtual Machine, SQL Database,
               GCP::VM Instance, SQL Instance

• Operations: must be equal to , must not be equal to , must start with , must not start with , must end with , must not end with 

  • (Example) [EC2] The resource type must not start with m6.

1.4. New resource management policy in unused regions

• Description: Rules for a specific region when creating or modifying region resources. 

• Resources: AWS :: EC2, EBS, Image, Snapshot, EFS, RDS, EKS, EC2 RI, RDS RI, ElastiCache RI, Redshift RI, Opensearch RI, Savings Plan
               Azure :: Virtual Machine, Disk, Snapshot, SQL Server, SQL Database, Cluster
               GCP :: VM Instance, Disk, Image, Snapshot, SQL Instance, Cluster

• The condition resources of the corresponding policy template can be multi-selected.

• Operation: must be equal to , must not be equal to , must start with , must not start with , must end with , must not end with

  • (Example) The region of [all] resources must be ap-northeast-2.

1.5. Description of the policy registration screen

Open

1. Enter basic information

   1. Policy Name/Target are required and cannot be modified after policy creation.

   2. Targets can be set by service unit or account unit, and a list of selected accounts is displayed in the cloud navigation bar.

2. activate

   1. Provides On/Off functionality for policies. Policies can be modified at any time after they are created.

3. Activation list by account

   1. If the target is a service scope, you can specify whether to activate it on an account-by-account basis.

   2. You can modify a policy at any time after it is created.

4. condition

   1. Select a resource. (EC2) → Enter parameters. (m6) → Select an operation. (Must not start with .)

5. Parameter list switching button

   1. Clicking the checkbox button will provide a parameter list box. Clicking the pencil button again will provide an input box. 

   2. Only available for 'New resource management policy in unused regions'. You can view the list of regions available for each CSP.

6. Delete condition

   1. You can delete conditions.

7. Add condition

   1. You can add conditions.

8. Apply/Cancel

   1. The Apply button is enabled when policy creation is possible.

   2. If policy creation is not possible: If policy name/target/condition is empty

2. Check the detection results

Open

• In the Compliance tab of Cloud Advisor, you can view a list of resources that are in violation of a policy by policy template.

• Capture Time refers to the time when it was first detected.

• When a policy is deleted or its conditions are changed, the list of resources that violate that policy is also deleted.

• Advisors are synchronized every morning.

Open

• Enter the information of the user who will receive the notification in the recipient information and click the 'Save' button.

• Turn On/Off the subscription to receive notifications from the recipient and select the target company/service/account.

  • Inventory - Instance Type Restriction Notification: 'New Resource Management Policy for Abnormal Instance Types' template violation notification

  • Inventory - Region Restriction Alert: 'New Resource Management Policy in Unused Region' template violation alert

  • Inventory - Cloud Standards Non-Compliance Alert (Default): Notifications that can be received by default even in exceptions where meta information does not exist.

• Notification channels support email, Slack, and Teams.

• Each policy is sent individually.

• Because it detects resource(s) that violate the standard at regular time intervals (1 hour).
  You can check the list of resources that violated within the detection cycle.

Notification Email (Sample)

Open

3. Notes

• It can only detect resources that were created or changed after the policy was registered.