Create a rule

Creates a new policy rule. Policy rules determine how a policy should be assigned to assets. Additionally, to create a rule in the context of another Organizational Unit, refer to the

Getting Started documentation.

application/json

Request Body

• action object required

  An action to be applied subject to the rule criteria.

  assign_policy object

  Apply a policy to assets.

  policy_id string

  The policy to be applied to the assets.

• condition string required

  The following table describes the possible conditions for a rule.

  Field	Rule Condition	Description
  aws_account_native_id	$eq, $in	Denotes the AWS account to conditionalize on {"aws_account_native_id":{"$eq":"111111111111"}} {"aws_account_native_id":{"$in":["111111111111", "222222222222"]}}
  aws_region	$eq, $in	Denotes the AWS region to conditionalize on {"aws_region":{"$eq":"us-west-2"}} {"aws_region":{"$in":["us-west-2", "us-east-1"]}}
  aws_tag	$eq, $in, $all, $contains, $not_eq, $not_in, $not_all, $not_contains	Denotes the AWS tag(s) to conditionalize on. Max 100 tags allowed in each rule and tag key can be upto 128 characters and value can be upto 256 characters long. {"aws_tag":{"$eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$contains":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_contains":{"key":"Environment", "value":"Prod"}}}
  entity_type	$eq, $in	Denotes the AWS entity type to conditionalize on. (Required) {"entity_type":{"$eq":"aws_rds_instance"}} {"entity_type":{"$in":["aws_rds_instance", "aws_ebs_volume", "aws_ec2_instance","aws_dynamodb_table", "aws_rds_cluster"]}}

• name string required

  Name of the rule. Max 100 characters.

• priority object

  A priority relative to other rules.

  before_rule_id string

  The rule ID before which this rule should be inserted.

Responses

• 200
• default

---

Success

application/api.clumio.policy-rules=v1+json

• Schema
• Example (from schema)

---

Schema

• _links object

  URLs to pages related to the resource.

  _self object

  The HATEOAS link to this resource.

  href string

  The URI for the referenced operation.

  templated boolean

  Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  type string

  The HTTP method to be used with the "href" link for the referenced operation.

  read-task object

  A HATEOAS link to the task associated with this resource.

  href string

  The URI for the referenced operation.

  templated boolean

  Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  type string

  The HTTP method to be used with the "href" link for the referenced operation.

• rule object

  A rule applies an action subject to a condition criteria.

  _embedded object

  Embedded responses related to the resource.

  read-policy-definition Embeds the associated policy of a protected resource in the response if requested using the `embed` query parameter. Unprotected resources will not have an associated policy.

  Embeds the associated policy of a protected resource in the response if requested using the embed query parameter. Unprotected resources will not have an associated policy.

  _links object

  URLs to pages related to the resource.

  _self object

  The HATEOAS link to this resource.

  href string

  The URI for the referenced operation.

  templated boolean

  Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  type string

  The HTTP method to be used with the "href" link for the referenced operation.

  delete-policy-rule object

  A resource-specific HATEOAS link.

  href string

  The URI for the referenced operation.

  templated boolean

  Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  type string

  The HTTP method to be used with the "href" link for the referenced operation.

  read-policy-definition object

  A HATEOAS link to the policy protecting this resource. Will be omitted for unprotected entities.

  href string

  The URI for the referenced operation.

  templated boolean

  Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  type string

  The HTTP method to be used with the "href" link for the referenced operation.

  update-policy-rule object

  A resource-specific HATEOAS link.

  href string

  The URI for the referenced operation.

  templated boolean

  Determines whether the "href" link is a URI template. If set to true, the "href" link is a URI template.

  type string

  The HTTP method to be used with the "href" link for the referenced operation.

  action object

  An action to be applied subject to the rule criteria.

  assign_policy object

  Apply a policy to assets.

  policy_id string

  The policy to be applied to the assets.

  condition string

  The following table describes the possible conditions for a rule.

  Field	Rule Condition	Description
  aws_account_native_id	$eq, $in	Denotes the AWS account to conditionalize on {"aws_account_native_id":{"$eq":"111111111111"}} {"aws_account_native_id":{"$in":["111111111111", "222222222222"]}}
  aws_region	$eq, $in	Denotes the AWS region to conditionalize on {"aws_region":{"$eq":"us-west-2"}} {"aws_region":{"$in":["us-west-2", "us-east-1"]}}
  aws_tag	$eq, $in, $all, $contains, $not_eq, $not_in, $not_all, $not_contains	Denotes the AWS tag(s) to conditionalize on. Max 100 tags allowed in each rule and tag key can be upto 128 characters and value can be upto 256 characters long. {"aws_tag":{"$eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$contains":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_eq":{"key":"Environment", "value":"Prod"}}} {"aws_tag":{"$not_in":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_all":[{"key":"Environment", "value":"Prod"}, {"key":"Hello", "value":"World"}]}} {"aws_tag":{"$not_contains":{"key":"Environment", "value":"Prod"}}}
  entity_type	$eq, $in	Denotes the AWS entity type to conditionalize on. (Required) {"entity_type":{"$eq":"aws_rds_instance"}} {"entity_type":{"$in":["aws_rds_instance", "aws_ebs_volume", "aws_ec2_instance","aws_dynamodb_table", "aws_rds_cluster"]}}

  id string

  The Clumio-assigned ID of the policy rule.

  name string

  Name of the rule. Max 100 characters.

  organizational_unit_id string

  The Clumio-assigned ID of the organizational unit (OU) to which the policy rule belongs.

  priority object

  A priority relative to other rules.

  before_rule_id string

  The rule ID before which this rule should be inserted.

• task_id string

  The Clumio-assigned ID of the task generated by this request.

{
  "_links": {
    "_self": {
      "href": "string",
      "templated": true,
      "type": "string"
    },
    "read-task": {
      "href": "string",
      "templated": true,
      "type": "string"
    }
  },
  "rule": {
    "_embedded": {},
    "_links": {
      "_self": {
        "href": "string",
        "templated": true,
        "type": "string"
      },
      "delete-policy-rule": {
        "href": "string",
        "templated": true,
        "type": "string"
      },
      "read-policy-definition": {
        "href": "string",
        "templated": true,
        "type": "string"
      },
      "update-policy-rule": {
        "href": "string",
        "templated": true,
        "type": "string"
      }
    },
    "action": {
      "assign_policy": {
        "policy_id": "string"
      }
    },
    "condition": "string",
    "id": "string",
    "name": "string",
    "organizational_unit_id": "string",
    "priority": {
      "before_rule_id": "string"
    }
  },
  "task_id": "string"
}

Error

application/json

• Schema
• Example (from schema)

---

Schema

• errors object[]

  A list of errors encountered during runtime.

  error_code uint32

  error_message string

  The reason for the error.

{
  "errors": [
    {
      "error_code": 0,
      "error_message": "string"
    }
  ]
}

POST /policies/rules    

Authorization

Request

Click Edit to configure Base URL

https://us-west-2.api.clumio.com

Bearer Token

Body

{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}

curl -L -X POST 'https://us-west-2.api.clumio.com/policies/rules' \
-H 'Content-Type: application/json' \
-H 'Accept: application/api.clumio.policy-rules=v1+json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}'

curl -L -X POST 'https://us-west-2.api.clumio.com/policies/rules' \
-H 'Content-Type: application/json' \
-H 'Accept: application/api.clumio.policy-rules=v1+json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}'

curl -L -X POST 'https://us-west-2.api.clumio.com/policies/rules' \
-H 'Content-Type: application/json' \
-H 'Accept: application/api.clumio.policy-rules=v1+json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}'

curl -L -X POST 'https://us-west-2.api.clumio.com/policies/rules' \
-H 'Content-Type: application/json' \
-H 'Accept: application/api.clumio.policy-rules=v1+json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}'

curl -L -X POST 'https://us-west-2.api.clumio.com/policies/rules' \
-H 'Content-Type: application/json' \
-H 'Accept: application/api.clumio.policy-rules=v1+json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}'

curl -L -X POST 'https://us-west-2.api.clumio.com/policies/rules' \
-H 'Content-Type: application/json' \
-H 'Accept: application/api.clumio.policy-rules=v1+json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}'

curl -L -X POST 'https://us-west-2.api.clumio.com/policies/rules' \
-H 'Content-Type: application/json' \
-H 'Accept: application/api.clumio.policy-rules=v1+json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "action": {
    "assign_policy": {
      "policy_id": "string"
    }
  },
  "condition": "string",
  "name": "string",
  "priority": {
    "before_rule_id": "string"
  }
}'