Skip to main content

Cloud Governance

Welcome to the Cloud Governance platform, your comprehensive solution for managing and enforcing governance policies within your AWS and Azure environments. This overview will guide you through the key features and functionalities that empower you to establish, execute, and monitor custom governance policies seamlessly.

Navigation

Governance > Cloud Governance

Upon accessing the Cloud Governance section, you'll find an intuitive interface designed to streamline your governance processes.

Key features

  • Custom Governance Policies: Customers can establish personalized governance policies for their AWS and Azure environments using a policy-as-code approach with YAML-based policies.

  • Flexible Policy Execution: Users have the option to run policies either On-Demand or set them to run Periodically based on a schedule.

  • Azure Cognitive Service Support: The system includes support for Azure Cognitive Service policies to govern GenAI use cases.

Dashboard

The Cloud Governance Dashboard prioritizes clarity and functionality in its design. Below is an overview of the columns you will find:

cloud_governance.png
  1. Cloud: This column outlines the specific cloud environments under consideration. It offers a quick reference to where your governance policies are being applied, ensuring that you have a comprehensive overview of your entire cloud infrastructure.

  2. Resource: The Resource column provides a granular view of the individual resources within your cloud environment. Whether it's virtual machines, storage, or other components, this column allows you to track and manage resources effectively.

  3. Policy Name: The Policy Name column displays the unique identifiers assigned to each governance policy. This ensures easy identification and reference when reviewing or modifying policies.

  4. Description: The Description column provides a brief yet informative overview of each policy's purpose and scope. Understanding the policy's intent becomes effortless, aiding in decision-making and policy customization.

  5. Execution Mode: The Execution Mode column details how each policy is executed. Whether it's an On-Demand execution or a Periodic schedule, this information allows you to align governance activities with your operational preferences.

  6. Last Run Details: For effective tracking and monitoring, the Last Run Details column provides information on the most recent execution of each policy. This includes timestamps and relevant data to keep you informed about the latest activities and outcomes.

Upload Account Files

"Upload Account Files" in the Cloud Governance likely refers to the process of uploading files or documents containing account-related information to the Cloud Governance platform. This functionality is essential for managing and governing various aspects of cloud resources, policies, and configurations.

The features of "account upload file" and "Upload YAML File with Accounts" in Cloud Governance platforms aim to simplify the management of cloud accounts by providing a structured and efficient way to handle account configurations, especially in environments with multiple accounts.

Upload New Policy

create_new_policy.png
  1. Access the Cloud Governance Dashboard or Policy Management section.

  2. Initiate the policy creation process by clicking on "Upload New Policy.

  3. Upload the policy file, ensuring adherence to specified formats like YAML.

  4. Review policy details, including name, description, and conditions.

  5. Configure parameters such as resource targets, conditions, and response actions if needed.

  6. Test the policy using the "Dry Run" feature to simulate execution.

  7. Save the new policy configuration and activate it to enforce within the cloud environment.

Review Policy

Click on any policy to review it and learn how to read a policy:

Read_policy.png
  • Policy Code Section: The Policy Code section provides the text of the policy, detailing its functionality. For example, a policy named get-non-compliant-sagemaker with the description "My First Sagemaker Policy" returns all Sagemaker notebooks that are public or unencrypted.

  • Dry Run Functionality: Utilize the "Start Dry Run" feature to test a new policy and assess its impact. Virtana strongly recommends testing all new policies before full implementation.

  • Policy Execution: Use the "Run Policy Run" option to execute the policy. Execution Log: Customers can download policy results in a JSON file, and policies can be customized to send results to Slack for easy monitoring.