Resourcely Documentation
LoginSign Up
  • Get Started
    • 🎱What is Resourcely?
    • 👋Why Resourcely
    • 🏃Quickstart
      • Terraform policies integrated into CI
      • Remediate policy violations in existing infrastructure
      • Templates for generating Terraform
      • Glossary
  • Concepts
    • Foundry
      • Create Blueprints with Foundry
      • Creating Guardrails with Foundry
      • lmport Terraform Modules
    • Guardrails
      • Writing your own Guardrails
      • Editing Guardrails
      • Releasing Guardrails
      • Enabling Inactive Guardrails
      • Guardrails in Action
        • 🐱GitHub Actions
        • 🦊GitLab Pipelines
    • Campaigns
      • Get started with Campaigns
      • Creating Campaigns
      • Remediate Resources
      • Campaign Agent
        • State File Support
          • Amazon Simple Storage Service (S3)
          • Google Cloud Storage (GCS)
          • HCP Terraform
          • Spacelift
        • Running Campaigns with GitHub Actions and a Repo-Hosted State File
        • Running Campaigns Locally
    • Blueprints
      • Authoring Your Own Blueprints
      • Using Built-in Resourcely Blueprints
      • Configuring Global Contexts
      • Deep Linking
    • Resources
      • Provisioning Infrastructure
      • Editing Infrastructure
      • Shopping Cart
      • Config Roots and Environments
    • Other Features and Settings
      • Global Values
      • Global Context
      • Metrics
      • Resourcely-cli
      • Resourcely.yaml
      • VCS Proxy
      • Settings
        • User management
        • Company Information
        • Notification Settings
        • Change Management
          • 🐱Connect to GitHub
          • 🦊Connect to Gitlab
        • Generate API Token
    • ✨Production Setup
      • Single Sign-On (SSO)
        • Auth0
        • AWS Single Sign-On
        • Azure AD
        • Google Workspace
        • JumpCloud
        • Okta
        • Omnissa Workspace ONE (formerly VMware)
        • OneLogin
        • Ping Identity
        • Other SAML / OIDC Providers
      • Source Code Management
        • Page
        • 🐱GitHub
        • 🦊GitLab
        • Atlassian Bitbucket
        • Azure Repos
  • Tutorials and guides
    • Remediation Use Cases
      • Apply tags to resources for automating backups
      • Implement centralized logging
    • Blueprints Use Cases
      • Automate Data Pipeline Creation
      • Encryption for GCP
      • AWS Account Factory
      • Streamline and govern AI
      • IAM Factory
      • Cost optimization for FinOps
      • Guardrails for Terraform Modules
    • Using the Resourcely Terraform Provider
      • Setup Resourcely Provider
      • Blueprints
      • Guardrails
      • Global Context
  • Integrate
    • CI/CD & Terraform Runners
      • Atlantis
      • 🐟AWS CodeBuild
      • Azure Pipelines
      • Buildkite
      • CircleCI
      • CloudBees CI
      • Codefresh
      • Digger
      • Env0
      • 🎏GitHub Actions
        • 🐱Local Plan
          • 🐹AWS with OpenID Connect
        • 🐶Terraform Cloud Integration
      • 🦊GitLab Pipelines
      • Harness
      • 🗻HashiCorp Cloud Platform (formerly Terraform Cloud)
      • Jenkins
      • Octopus Deploy
      • Scalr
      • 🌌Spacelift
      • Terramate
      • 🌎Terrateam
    • Cloud Providers
      • 🌨️Amazon Web Services (AWS)
      • 🤓Google Cloud Platform (GCP)
        • Guardrail Gaunlet at Google Cloud Next 2025
      • 💾Microsoft Azure
      • Alibaba Cloud
      • Huawei Cloud
      • IBM Cloud
      • Oracle Cloud Infrastructure (OCI)
      • Tencent Cloud
      • VMware vSphere
    • Developer Portals
      • Atlassian Compass
      • Backstage
      • Cortex
      • Harness IDP
      • Home grown internal developer portals
      • OpsLevel
      • Port
      • Roadie
    • ITSM
      • Atlassian Jira
      • FreshWorks
      • ServiceNow ITSM
      • ZenDesk
    • CSPM
      • Wiz
    • More Terraform Provider Integrations
      • 🚂ConductorOne Provider
      • Databricks Provider
      • Kubernetes Provider
      • 🐕Datadog Provider
      • ❄️Snowflake Provider
Powered by GitBook
On this page
  • Ingesting state file findings
  • Creating a Campaign
  • Remediating Resources
  1. Concepts
  2. Campaigns

Get started with Campaigns

PreviousCampaignsNextCreating Campaigns

Last updated 1 month ago

This assumes you are using the .

Campaigns allow security teams to define and identify cloud resources that need updated configuration, and developers to create and deploy the new configuration quickly.

  1. Choose or define policies (Guardrails) you want to enforce

  2. Choose the policies and repositories to scan for vulnerabilities

  3. Guide users through remediation, without causing Terraform drift

Define

  • The campaign manager, often a service owner, defines a set of high-level goals for the required Infrastructure-as-Code (IaC) changes.

  • These high-level goals are translated into Resourcely-specific , providing concrete and actionable guidelines.

Identify

  • Violations across the organization are quickly identified and can be inspected for further analysis.

Fix

  • Developers view the required changes in the Remediation section of the product and take appropriate action.

  • The campaign manager can track progress in real time from their dedicated campaign management view.

Ingesting state file findings

The first step to starting a Campaign is to let Resourcely scan your state file. You can do this in two ways: locally, or using a Campaign agent.

Use a local state file (csv)

See Running Campaigns Locally to set up running a local state file.

Set up an agent to connect to your state file

See Campaign Agent to set up running Campaigns with your remote state file.

Running campaign evaluations via Github Actions

See Running Campaigns with GitHub Actions and a Repo-Hosted State Fileto setup running state in repo.

Creating a Campaign

Now that Resourcely can access your state, it can scan for resources that don't meet your expectations. To do so, navigate to the Campaigns screen and click Create Campaign.

After giving your Campaign a name and target repositories, select the Guardrails that you want the Campaign to scan your state file against.

After creating the Campaign, you will see a summary of findings and status.

You can also view findings by config root or by guardrail and have the ability to trigger a scan by config root.

Now that your Campaign is created, the findings will be exposed in the Remediation tab in order to be fixed.

Remediating Resources

Navigate to the Remediation tab, and select the relevant repo with findings. When you select the repo, a remediation screen is exposed that makes fixing findings easy.

Try clicking through each Guardrail Violation at the bottom. This will bring you to the relevant line of code, and expose the Guardrail the code violates.

After you have changed the code, violations turn orange and code that was changed is underlined in yellow.

Users can request an exception instead of changing code by clicking "Request exception" under the Guardrail Violation.

After you have remediated all findings, click Evaluate Changes and Evaluate your code. This checks to see if your remediations are successfully fixing the violation.

Once that is done, you can submit a PR to fully execute the remediations.

For more information and advanced Campaigns usage, see Creating Campaigns.

Note that you can use this Github actions campaigns to get started. This repo requires that you an IAM role to connect GitHub Actions to AWS

Resourcely Campaigns scaffolding repo
Guardrails
scaffolding
configure
Configure your Campaign
Selecting Guardrails
Findings by config root
Findings by guardrail
Remediation screen
Selecting a Violation
Requesting an exception.