Skip to content

Managing Policies in Aegis

Aegis Policies are powerful tools that dynamically group and apply your Rulesets to resources. This guide covers how to create, manage, and evaluate policies from the Aegis UI.

Key Concepts

Before diving in, it's important to understand two core principles of Aegis policies:

  1. Dynamic Aggregation: Policies do not contain a static list of rulesets. Instead, they use a label-based query to dynamically aggregate rulesets. Any ruleset whose labels match the policy's query is automatically included. This makes policies incredibly flexible, as they adapt automatically when you create or modify rulesets.

  2. Audited Evaluations: Every time a policy is evaluated, the result is recorded in the Aegis audit log. This provides a complete, immutable history of your compliance status, which is essential for security and regulatory purposes. In contrast, direct evaluations of rulesets are for testing and are not audited.

Policies Inventory

The Policies Inventory page provides a comprehensive overview of all the policies in your environment. To access it, navigate to Policies > Policies Inventory from the left-hand menu.

Here you can:

  • Search for policies by name.
  • View key details for each policy, including its Name, Version, Labels, and the Query it uses to select rulesets.
  • See how many Rulesets are currently matched by each policy.
  • Access Actions to edit, evaluate, or delete a policy.

Creating and Updating Policies

You can create a new policy or update an existing one from the Manage Policy page.

Step-by-Step Guide

  1. Navigate to Manage Policy: From the main menu, click Policies > Manage Policy.

  2. Set Policy Name: Provide a unique, descriptive name for your policy (e.g., gcp-iam-best-practices).

  3. Define Instructions: In the Instructions field, use natural language to describe the criteria for selecting rulesets. This is the most critical step, as Aegis uses these instructions to generate the label query.

    • Example: "Create a policy that filters rulesets to include only those with a platform value of kubernetes and a resource value of deployment."
    • Aegis will convert this into a query like (platform == 'kubernetes') and (resource == 'deployment').

  4. Add Labels (Optional): Assign labels to the policy itself for organization and filtering.

  5. Create the Policy: Click Manage Policy to save your changes. The policy will now appear in the inventory and will begin aggregating any rulesets that match its query.

Evaluating a Policy

Evaluating a policy allows you to test it against sample data, such as a Kubernetes manifest or a Terraform plan, to see the outcome before applying it in a live environment. Remember, these evaluations are always audited.

  1. Navigate to Evaluate Policy: From the menu, click Policies > Evaluate Policy.

  2. Select Policy: Search for and select the policy you want to evaluate.

  3. Provide Input Data: You can either drag and drop a file (e.g., deployment.yaml) or paste the content directly using the Manual Input tab.

  4. Run Evaluation: Click Evaluate Policy. The results will appear on the right, showing whether the input data passed or failed and which rules were violated.