...
Description for the violation, when input object is INAPPLICABLE (if a policy sets this status), for example:
This policy is inapplicable for this object since the object has been deleted on %DELETED_FROM_AMAZON%, and the policy only checks the objects that still existDescription for the violation, when input object is COMPLIANT with the policy:
This account is compliant with the policy, because it has %NUMBER_OF_PASSWORDS_TO_REMEMBER% number of passwords to remember, which is greater than %NUMBER_OF_PASSWORDS_SAFE_LIMIT_FROM_POLICY_CONFIGURATION%Description for the violation, when input object is INCOMPLIANT with the policy:
%POLICY.DESCRIPTION%
This security group has %NUMBER_OF_VIOLATING_RULES% incompliant rules:// - please iterate rules
%PROTOCOL% %DIRECTION% [%FROM PORT% - %TO PORT% if not empty] %CIDRIP OR GROUP% - please iterate descriptions for each rule
Sample description for the policy evaluating AWS EC2 security groups and security group rules attached:
This security group has 3 incompliant rules:
TCP inbound [port range] 0.0.0.0/0
TCP inbound [port range] 0.0.0.0/0
TCP inbound [port range] 0.0.0.0/0
4. Instructions for other fields in the similar format if needed.
...