Skip to main content

Create a rule

Creates a new policy rule. Policy rules determine how a policy should be assigned to assets. Additionally, to create a rule in the context of another Organizational Unit, refer to the

Getting Started documentation.
Request Body
  • action object required

    An action to be applied subject to the rule criteria.

  • assign_policy object

    Apply a policy to assets.

  • policy_id string

    The policy to be applied to the assets.

  • condition string required

    The following table describes the possible conditions for a rule.

    FieldRule ConditionDescription
    aws_account_native_id$eq, $inDenotes the AWS account to conditionalize on {"aws_account_native_id":{"$eq":"111111111111"}} {"aws_account_native_id":{"$in":["111111111111", "222222222222"]}}
    aws_region$eq, $inDenotes the AWS region to conditionalize on {"aws_region":{"$eq":"us-west-2"}} {"aws_region":{"$in":["us-west-2", "us-east-1"]}}
    aws_tag$eq, $in, $all, $contains, $not_eq, $not_in, $not_all, $not_containsDenotes the AWS tag(s) to conditionalize on. Max 100 tags allowed in each rule and tag key can be upto 128 characters and value can be upto 256 characters long. {"aws_tag":{"$eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$contains":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_contains":{"key":"Environment", "value":"Prod"}}}
    entity_type$eq, $inDenotes the AWS entity type to conditionalize on. (Required) {"entity_type":{"$eq":"aws_rds_instance"}} {"entity_type":{"$in":["aws_rds_instance", "aws_ebs_volume", "aws_ec2_instance","aws_dynamodb_table", "aws_rds_cluster"]}}
  • name string required

    Name of the rule. Max 100 characters.

  • priority object

    A priority relative to other rules.

  • before_rule_id string

    The rule ID before which this rule should be inserted.

Responses

Success

Schema
  • _links object

    URLs to pages related to the resource.

  • _self object

    The HATEOAS link to this resource.

  • href string

    The URI for the referenced operation.

  • templated boolean

    Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  • type string

    The HTTP method to be used with the "href" link for the referenced operation.

  • read-task object

    A HATEOAS link to the task associated with this resource.

  • href string

    The URI for the referenced operation.

  • templated boolean

    Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  • type string

    The HTTP method to be used with the "href" link for the referenced operation.

  • rule object

    A rule applies an action subject to a condition criteria.

  • _embedded object

    Embedded responses related to the resource.

  • read-policy-definition Embeds the associated policy of a protected resource in the response if requested using the `embed` query parameter. Unprotected resources will not have an associated policy.

    Embeds the associated policy of a protected resource in the response if requested using the embed query parameter. Unprotected resources will not have an associated policy.

  • _links object

    URLs to pages related to the resource.

  • _self object

    The HATEOAS link to this resource.

  • href string

    The URI for the referenced operation.

  • templated boolean

    Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  • type string

    The HTTP method to be used with the "href" link for the referenced operation.

  • delete-policy-rule object

    A resource-specific HATEOAS link.

  • href string

    The URI for the referenced operation.

  • templated boolean

    Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  • type string

    The HTTP method to be used with the "href" link for the referenced operation.

  • read-policy-definition object

    A HATEOAS link to the policy protecting this resource. Will be omitted for unprotected entities.

  • href string

    The URI for the referenced operation.

  • templated boolean

    Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  • type string

    The HTTP method to be used with the "href" link for the referenced operation.

  • update-policy-rule object

    A resource-specific HATEOAS link.

  • href string

    The URI for the referenced operation.

  • templated boolean

    Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  • type string

    The HTTP method to be used with the "href" link for the referenced operation.

  • action object

    An action to be applied subject to the rule criteria.

  • assign_policy object

    Apply a policy to assets.

  • policy_id string

    The policy to be applied to the assets.

  • condition string

    The following table describes the possible conditions for a rule.

    FieldRule ConditionDescription
    aws_account_native_id$eq, $inDenotes the AWS account to conditionalize on {"aws_account_native_id":{"$eq":"111111111111"}} {"aws_account_native_id":{"$in":["111111111111", "222222222222"]}}
    aws_region$eq, $inDenotes the AWS region to conditionalize on {"aws_region":{"$eq":"us-west-2"}} {"aws_region":{"$in":["us-west-2", "us-east-1"]}}
    aws_tag$eq, $in, $all, $contains, $not_eq, $not_in, $not_all, $not_containsDenotes the AWS tag(s) to conditionalize on. Max 100 tags allowed in each rule and tag key can be upto 128 characters and value can be upto 256 characters long. {"aws_tag":{"$eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$contains":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_contains":{"key":"Environment", "value":"Prod"}}}
    entity_type$eq, $inDenotes the AWS entity type to conditionalize on. (Required) {"entity_type":{"$eq":"aws_rds_instance"}} {"entity_type":{"$in":["aws_rds_instance", "aws_ebs_volume", "aws_ec2_instance","aws_dynamodb_table", "aws_rds_cluster"]}}
  • id string

    The Clumio-assigned ID of the policy rule.

  • name string

    Name of the rule. Max 100 characters.

  • organizational_unit_id string

    The Clumio-assigned ID of the organizational unit (OU) to which the policy rule belongs.

  • priority object

    A priority relative to other rules.

  • before_rule_id string

    The rule ID before which this rule should be inserted.

  • task_id string

    The Clumio-assigned ID of the task generated by this request.

Loading...