Policy-as-Code

Use ORL as Policy-as-Code (PaC) by setting remediation to audit with level: ERROR. ORL then exits with a non-zero status when a finding is reported.

Prompt

The following can be used with the gomboc-enterprise-skills.

/gomboc:fix

I want to create an ORL rule or ruleset that checks that the AMI used for EC2 instances, launch configurations, or launch templates is one of the following:

- ami-0a1b2c3d4e5f67890
- ami-0987654321fedcba0
- ami-0ff11223344556677
- ami-0abcdef1234567890
- ami-0123456789abcdef0

The rule should not attempt to remediate the finding.  It should simply audit using an error message that explains what the valid AMIs are.  The message should be prefixed with "(PaC)"

Use /gomboc-community:fix if you have the gomboc-community-skills installed.

Tell the agent not to remediate because by default fix attempts to create a code change rule

Rule Output Example

skip_finding skips compliant values. Non-compliant values trigger an audit error with the valid AMI list.

Last updated