Controls with Inline Policy
Use an inline policy to define both your compliance requirement and its technical logic in one YAML file, simplifying management and keeping all details in a single place.
Example
id: aws_access_keys_during_initial_iam_user_setup # Unique ID
title: Access Keys During Initial IAM User Setup # Descriptive title
description: Prevent access key creation during initial IAM user setup.
integration_type:
- aws_cloud_account # Platform this Control applies to
parameters: []
policy:
language: sql # Policy language (e.g., "sql", "rego")
primary_resource: aws_iam_credential_report
definition: |
SELECT
user_name AS resource,
...
CASE
WHEN <condition> THEN 'alarm'
ELSE 'ok'
END AS status,
...
FROM
aws_iam_credential_report
severity: medium # Impact level (Critical, High, Medium, Low, None)
tags:
platform_score_cloud_service_name:
- AWS Identity and Access Management (IAM)
Guidelines
All Keys in YAML need to be snake case
Required Fields:
id
: Unique identifier.policy.language
: Policy language (e.g., "sql", "rego").policy.primary_resource
: Resource type for incident attribution.policy.definition
: Policy logic (must return 'ok' or 'alarm').severity
: Impact level (Critical, High, Medium, Low, None).parameters
: Required if the policy utilizes parameters.
Recommended Fields:
title
,description
: Descriptive information.integration_type
: Platform or environment.tags
: Metadata for categorization.
Last updated