Get started with Campaigns

This assumes you are using the .

Campaigns allow security teams to define and identify cloud resources that need updated configuration, and developers to create and deploy the new configuration quickly.

Choose or define policies (Guardrails) you want to enforce
Choose the policies and repositories to scan for vulnerabilities
Guide users through remediation, without causing Terraform drift

Define

The campaign manager, often a service owner, defines a set of high-level goals for the required Infrastructure-as-Code (IaC) changes.
These high-level goals are translated into Resourcely-specific , providing concrete and actionable guidelines.

Identify

Violations across the organization are quickly identified and can be inspected for further analysis.

Fix

Developers view the required changes in the Remediation section of the product and take appropriate action.
The campaign manager can track progress in real time from their dedicated campaign management view.

Ingesting state file findings

The first step to starting a Campaign is to let Resourcely scan your state file. You can do this in two ways: locally, or using a Campaign agent.

Use a local state file (csv)

See Running Campaigns Locally to set up running a local state file.

Set up an agent to connect to your state file

See Campaign Agent to set up running Campaigns with your remote state file.

Running campaign evaluations via Github Actions

See Running Campaigns with GitHub Actions and a Repo-Hosted State Fileto setup running state in repo.

Creating a Campaign

Now that Resourcely can access your state, it can scan for resources that don't meet your expectations. To do so, navigate to the Campaigns screen and click Create Campaign.

After giving your Campaign a name and target repositories, select the Guardrails that you want the Campaign to scan your state file against.

After creating the Campaign, you will see a summary of findings and status.

You can also view findings by config root or by guardrail and have the ability to trigger a scan by config root.

Now that your Campaign is created, the findings will be exposed in the Remediation tab in order to be fixed.

Remediating Resources

Navigate to the Remediation tab, and select the relevant repo with findings. When you select the repo, a remediation screen is exposed that makes fixing findings easy.

Try clicking through each Guardrail Violation at the bottom. This will bring you to the relevant line of code, and expose the Guardrail the code violates.

After you have changed the code, violations turn orange and code that was changed is underlined in yellow.

Users can request an exception instead of changing code by clicking "Request exception" under the Guardrail Violation.

After you have remediated all findings, click Evaluate Changes and Evaluate your code. This checks to see if your remediations are successfully fixing the violation.

Once that is done, you can submit a PR to fully execute the remediations.

For more information and advanced Campaigns usage, see Creating Campaigns.

PreviousCampaigns NextCreating Campaigns

Last updated 1 month ago