CSP-Specific Policy Rules Parent topic

Besides the general rules which function for every type of device, SecureCloud has support for one set of CSP-specific policy rules. This set of policy rules is for devices on Amazon EC2.
When a user selects Amazon EC2 on the Add Policy screen, an additional dropdown box for rules specific to Amazon EC2 appears alongside the conditions, as shown in the image below.
policy_rules_amazon_ec2.jpg
The following table identifies the types of Amazon EC2 policy rules available, how to use rules, and examples of rule values.
Note
Note
SecureCloud generally supports these rules only for Amazon EC2 instances with a SecureCloud Agent of version 3.6 or later. Some of these rules also support version 3.5 general, ephemeral, and RAID devices, but not boot devices. The table below identifies whether a rule applies to 3.5 devices, and this information is also displayed on the SecureCloud Web Console.
Rule Type
Description
Applicable to 3.5 Devices?
Example
Multiple Conditions?
Condition Data Type
AMI ID
Identifier for a specific Amazon Machine Image (AMI)
Yes, but not boot devices
ami-9eec0be0
Yes
String
Security Group
User-defined group that controls the traffic to one or more instances
Yes, but not boot devices
sg-edbd9784
Yes
String
Instance Type
User-defined instance size which determines its resources and processing capabilities
Yes, but not boot devices
m1.medium
Yes
String
Owner
Account identifiers of one or more specified owners
No
123975611641
Yes
String
IAM Role
User-defined Identity and Access Management (IAM) role
No
IAM_Full_Access
Yes
String