Create and manage IaC scan configurations
Copy link

Configurations are a critical component for IaC Analyzer scans and determine what Insights to scan your infrastructure templates against. To view all your configurations, go to Security > Infrastructure as Code > Configurations.

To learn more about a configuration:

  • Click the Configuration name to open the Manage Configuration panel, which shows configuration details
  • Click the Insight Pack name to open the Insights Library filtered to the pack

Configurations are only available to Domain Admins, Organization Admins, and Editor- or Admin-entitled users. See the User Entitlements Matrix for more information.

ℹ️

Using Terraform Cloud/Enterprise?

If you use Terraform Cloud/Enterprise, this requires additional configuration. See Integrate with Terraform Cloud/Enterprise (TFC/E) for more information.

To create a configuration:

  1. Log in to InsightCloudSec and go to Security > Infrastructure as Code > Configurations.
  2. Click + New Configuration.
  3. Provide a Name and optional Description.
  4. Under Insight Settings, select an Insight Pack to use for scans. Resource or cloud service provider support is specified with the description under each Insight name. Click the Unsupported Insights list at the bottom of the Insight Settings tab to display Insights in the selected pack that IaC scanning does not support.
⚠️

Selecting a custom Insight Pack?

Ensure your custom Insight Pack has less than 300 Insights.

  1. Optionally:
    1. Toggle on Developer Exceptions. Developer Exceptions provide a way for users to not flag resources as having Insight findings during the IaC analysis. See Create IaC Exceptions for details.
    2. Toggle on Analysis Settings to reveal the Analysis column where you can choose the type of analysis used per Insight:
      • Harvester and Mimics - The Insight is analyzed by both the Harvester and Mimics analyzers for maximum coverage.
      • Mimics Only - The Insight is analyzed by Mimics only, which can include recommendations for how to fix a failure in the output. Currently, not all Insights support the Mimics analyzer, so you should only use this if directed by support.
    3. Use the Set All column header to select a setting (fail, warn, or ignore) for all Insights or select a setting for each Insight.
    4. Click Notifications to configure a Slack channel or email address to notify after a scan using this configuration. This requires a previously configured Slack Integration or SMTP (Email Notifications) integration.
  2. Click Apply.

There are currently no limitations on the number of configurations. However, only a single configuration can be used for scanning at one time.

To edit a configuration:

  1. Log in to InsightCloudSec and go to Security > Infrastructure as Code > Configurations.
  2. Find a configuration.
  3. Next to the configuration, click Action (…) > Edit Configuration.
  4. Update the configuration as needed.
  5. Click Apply.

To delete a configuration:

  1. Log in to InsightCloudSec and go to Security > Infrastructure as Code > Configurations.
  2. Find a configuration.
  3. Next to the configuration, click Action (…) > Delete Configuration.
  4. Click OK.