policy
function with a resource
argument that returns True
if the resource is compliant and the policy should not send an alert, or False
if the resource is not complaint and the policy should send an alertpolicy()
function that accepts one argumentbool
from the policy functionpolicy()
function resource
aws_globals
modulepanther
moduleNoneType
values.policy()
body, returning a value of True
indicates the resource is compliant and no alert should be sent. Returning a value of False
indicates the resource is non-compliant.Configuration Required
tag. These policies are designed to be modified by you, the security professional, based on your organization's business logic.Create New
in the top right corner. You have the option of creating a single new policy, or uploading a zip file containing policies created with the panther_analysis_tool
. Clicking single will take you to the policy editor page.policy()
function.Cloud Security
> Resources
, and apply a filter of the resource type you intend to emulate in your test. Select a resource in your environment, and on the Attributes
card you can copy the full JSON representation of that resource by selecting copy button next to the word root
.Resource
field if you are working locally. Now you can manually modify the fields relevant to your policy and the specific test case you are trying to emulate.Error
on a given resource, that means that the policy threw an exception. The best method for troubleshooting these errors is to use option 1 in the Constructing test resources section above and create a test case from the resource causing the exception.