Get started with Campaigns
Last updated
Last updated
Campaigns allow security teams to define and identify cloud resources that need updated configuration, and developers to create and deploy the new configuration quickly.
Choose or define policies (Guardrails) you want to enforce
Choose the policies and repositories to scan for vulnerabilities
Guide users through remediation, without causing Terraform drift
Define
The campaign manager, often a service owner, defines a set of high-level goals for the required Infrastructure-as-Code (IaC) changes.
These high-level goals are translated into Resourcely-specific , providing concrete and actionable guidelines.
Identify
Violations across the organization are quickly identified and can be inspected for further analysis.
Fix
Developers view the required changes in the Remediation section of the product and take appropriate action.
The campaign manager can track progress in real time from their dedicated campaign management view.
The first step to starting a Campaign is to let Resourcely scan your state file. You can do this in two ways: locally, or using a Campaign agent.
Now that Resourcely can access your state, it can scan for resources that don't meet your expectations. To do so, navigate to the Campaigns screen and click Create Campaign.
After giving your Campaign a name and target repositories, select the Guardrails that you want the Campaign to scan your state file against.
After creating the Campaign, you will see a summary of findings and status.
You can also view findings by config root or by guardrail and have the ability to trigger a scan by config root.
Now that your Campaign is created, the findings will be exposed in the Remediation tab in order to be fixed.
Navigate to the Remediation tab, and select the relevant repo with findings. When you select the repo, a remediation screen is exposed that makes fixing findings easy.
Try clicking through each Guardrail Violation at the bottom. This will bring you to the relevant line of code, and expose the Guardrail the code violates.
After you have changed the code, violations turn orange and code that was changed is underlined in yellow.
Users can request an exception instead of changing code by clicking "Request exception" under the Guardrail Violation.
After you have remediated all findings, click Evaluate Changes and Evaluate your code. This checks to see if your remediations are successfully fixing the violation.
Once that is done, you can submit a PR to fully execute the remediations.
For more information and advanced Campaigns usage, see Creating Campaigns.
Note that you can use this Github actions campaigns to get started. This repo requires that you an IAM role to connect GitHub Actions to AWS
