> For the complete documentation index, see [llms.txt](https://docs.gomboc.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.gomboc.ai/orl/agent-skills/examples/user-variables-rule.md). # User Variables Pass variables at remediation time and reference them in audit logic, skip conditions, or remediation values. This example sets the AMI from `vars.custom.ami_id`. ## Prompt The following can be used with the [gomboc-enterprise-skills](/orl/agent-skills/gomboc-enterprise-skills.md). ```markdown /gomboc:fix I want to create an ORL rule that checks that the AMI used for EC2 instances, launch configurations, or launch templates is one of the following: - ami-0a1b2c3d4e5f67890 - ami-0987654321fedcba0 - ami-0ff11223344556677 - ami-0abcdef1234567890 - ami-0123456789abcdef0 The rule should use the variable `vars.custom.ami_id` to set the value. The rule should skip itself (using `skip_expression`) if the variable is not set. If skipped the `skip_reason` should be in the form "Variable 'vars.custom.ami_id' is not defined. Set it to one of: ". ``` {% hint style="info" %} Use `/gomboc-community:fix` if you have the [gomboc-community-skills](/orl/agent-skills/gomboc-community-skills.md) installed. {% endhint %} Name the variable and define behavior when it is missing (here, skip the rule with a clear reason). ## Rule Output Example ```yaml # yaml-language-server: $schema=../schema/ruleset.json --- type: Ruleset version: v1 metadata: name: ensure-approved-ami-is-used display_name: Ensure EC2 instances and auto-scaling groups use an approved AMI description: | Ensures that all aws_instance, aws_launch_configuration, and aws_launch_template resources use one of the approved AMI IDs, supplied via vars.custom.ami_id. skip_expression: "vars.custom?.ami_id == nil" skip_reason: "Variable 'vars.custom.ami_id' is not defined. Set it to one of: ami-0a1b2c3d4e5f67890, ami-0987654321fedcba0, ami-0ff11223344556677, ami-0abcdef1234567890, ami-0123456789abcdef0" spec: template: language: terraform audit_language: ast rules: - name: ensure-aws_instance-ami-is-approved audit: | {{ aResource("aws_instance", anAttribute("ami")) }} skip_finding: "trim($.value, \"\\\"\" ) == vars.custom.ami_id" remediation: - command: replace path: value value: "\"{{ vars.custom.ami_id }}\"" - name: ensure-aws_launch_configuration-image_id-is-approved audit: | {{ aResource("aws_launch_configuration", anAttribute("image_id")) }} skip_finding: "trim($.value, \"\\\"\" ) == vars.custom.ami_id" remediation: - command: replace path: value value: "\"{{ vars.custom.ami_id }}\"" - name: ensure-aws_launch_template-image_id-is-approved audit: | {{ aResource("aws_launch_template", anAttribute("image_id")) }} skip_finding: "trim($.value, \"\\\"\" ) == vars.custom.ami_id" remediation: - command: replace path: value value: "\"{{ vars.custom.ami_id }}\"" ``` Each rule audits one resource type. Values that do not match `vars.custom.ami_id` are replaced with the variable value. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.gomboc.ai/orl/agent-skills/examples/user-variables-rule.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.