Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Select

Under the section POLICY LIST click the policy name. Click Editor → the tab 'Editor' on the left → open the tab Code* to review the policy code.

1) // SObject Type

Define an input object your policy will be checking (e.g. AWS EC2 instances)

2) // Output SObject Type

Select the output object type which will store the policy check results (e.g. CloudAware Policy Violation).

Note

You will not be able to make any changes to the input object and the output object type selected once the policy is deployed! As for other changes, you can make updates to unmanaged policies. Managed policies can be updated by Cloudaware only.


3) // How many objects will be processed per job call

You can change the batch size (final Integer batchSize = ???). 

Note

Maximum size is 2000. If exceeded, you can receive the error "Apex CPU time limit exceeded".

4) // Lifecycle configuration

Configure the lifecycle to define under what conditions the output objects are created or closed after evaluation of input objects (e.g. incomplianceСreates means that the output object is created only in cases when an input object is incompliant).

Note

You can customize your policy either using pre-built lifecycles or writing a lifecycle of your own applying available methods. Use the following methods to define the conditions when an output object is created or closed:

  • incomplianceCreates() - if an input object is considered to be incompliant based on evaluation in Process, the corresponding output object gets the status 'incompliant';

...

  • externalIdField(SObjectField field) - use this parameter to define externalIdField.


5) // Start code

Use the variable context to work with a policy context (global void start() {...);


6) // SOQL Query

Define input objects that will enter the policy scope. You can make changes to SOQL query to define what objects will be evaluated and what will not.


7) // Process

Set up the logic your policy will use to check an input object for compliance and assign the corresponding statuses to output objects. Input objects are evaluated one-by-one.

The policy logic may be the following: For each AWS EC2 Instance with a value A in <FIELD1> assign the status 'incompliant' to the output object. If <FIELD1> is B - assign the status 'compliant'. 

Note

By default, every object which is evaluated in Process is considered Inapplicable.

The policy logic may be customized any way you like, however, Salesforce limits must be observed. Keep in mind that you should re-configure output objects in the policy lifecycle in order they could be saved with the corresponding statuses (see step 3).


8) // Finish Code

Customize your policy. This part of the policy is run after all objects are evaluated.