...
Description for the violation, when input object is INAPPLICABLE (if a policy sets this status), for example:
This policy is inapplicable for this object since the object has been deleted on %DELETED_FROM_AMAZON%, and the policy only checks the objects that still existDescription for the violation, when input object is COMPLIANT with the policy:
This account is compliant with the policy, because it has %NUMBER_OF_PASSWORDS_TO_REMEMBER% number of passwords to remember, which is greater than %NUMBER_OF_PASSWORDS_SAFE_LIMIT_FROM_POLICY_CONFIGURATION%Description for the violation, when input object is INCOMPLIANT with the policy:
%POLICY.DESCRIPTION%
This security group has %NUMBER_OF_VIOLATING_RULES% incompliant rules:// - iterate rules
%PROTOCOL% %DIRECTION% [%FROM PORT% - %TO PORT% if not empty] %CIDRIP OR GROUP% - iterate descriptions for each rule
Sample description for the policy evaluating that evaluates AWS EC2 Security Groups and attached AWS EC2 Security Group Rules attached:
This security group has 3 incompliant rules:
TCP inbound [port range] 0.0.0.0/0
TCP inbound [port range] 0.0.0.0/0
TCP inbound [port range] 0.0.0.0/0
...
Custom policy requests are handled only via the service deskCloudaware Service Desk portal.
Expected turn around from 3-5 business days depends on the policy complexity and completeness of the original request.
...