Skip to main content

Resolutions

Resolutions definitions describe a sequence of action items to be taken when a failing policy is resolved. A policy is resolved when the underlying checks which caused the policy to go into a failed state have been corrected, either by Escalations or by manual intervention. Resolutions may not happen as soon as the condition is fixed; conditions are checked on a schedule (typically 15 minutes) chosen when the policy is applied. An applied policy may be manually run by selecting Run Now on the Applied Policies page for a given account.

Syntax:

resolution <name> do 
automatic <term>
label <string literal>
description <string literal>
parameter <parameter definition 1>
parameter <parameter definition 2>
parameter ...
<action item 1>
<action item 2>
<action item 3>
<action item ...>
end

Where:

  • name is the name of the resolution. It may be referenced in validate and validate_each blocks by resolve $<name>.
  • label gives a human readable label for the resolution.
  • description is optional and should give a description of what will happen when the action is run.
  • automatic controls whether the resolution is automatically run when an incident is resolved, or is manually run. Automatic can be true or false, or a function that evaluates to true or false. If unspecified, it defaults to true for backwards compatibility. Functions used can operate Parameters to the applied policy in order to make whether actions are automatically run configurable.
  • parameter can appear any number of times. parameters are optional parameters to inject into the request approval. They can be referenced by subsequent actions such as Cloud Workflows or emails within the same resolution. See the Parameters section for more information about defining parameters.

Resolution Action Items

Action items for resolutions follow the exact same format as action items for escalations. email, request_approval, and run are supported.

Resolution Example

resolution "handle_unencrypted_volumes" do 
label "Email resolution"
description "Email the resolution report to the email list"
email $escalate_to do
subject_template "Unencrypted volumes resolved in project {{ rs_project_name }}"
body_template <<-EOS
Unencrypted volumes have all been encrypted or deleted.
EOS
end