Skip to content

feat:[NEXT-625] Added Tagging Policy for AWS AMI #2375

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
arunpaladin wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat:[NEXT-625] Added Tagging Policy for AWS AMI #2375

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion installer/resources/pacbot_app/files/DB_Policy.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -606,8 +606,9 @@ INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisp
INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('contrast_library_low_vulnerabilities_found','contrast_library_low_vulnerabilities_found','Scan and Remediate Low Vulnerability Library Policy','Contrast Found Low Vulnerabilities', 'Contrast Library Security provides a comprehensive approach to identifying and managing vulnerabilities in software libraries. It scans updated libraries using Contrast\'s extensive vulnerability database to extract essential details such as CVE identifiers, suggested solutions, affected resources, Contrast\'s severity classification, and comprehensive descriptions. Proactively scanning and remediating high-risk libraries within cloud environments, such as AWS, facilitates the early detection and mitigation of potential security threats. This approach significantly reduces the risk of security breaches and fortifies the integrity of the cloud infrastructure.', NULL,'https://paladincloud.io/docs/vuln-policies','library','contrast','LibraryVulnerabilityCheck','{\"params\":[{\"encrypt\":\"false\",\"value\":\"true\",\"key\":\"threadsafe\"},{\"key\":\"policyKey\",\"value\":\"check-vulnerability-exists-for-library\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"low\",\"key\":\"severityToCheck\"},{\"encrypt\":false,\"value\":\"low\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"contrast_library_low_vulnerabilities_found\",\"autofix\":false,\"policyRestUrl\":\"\",\"targetType\":\"library\",\"pac_ds\":\"contrast\",\"assetGroup\":\"contrast\",\"policyUUID\":\"contrast_library_low_vulnerabilities_found\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *', NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/contrast_library_low_vulnerabilities_found','low','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC', '2022-06-03','2022-06-03','ENABLED');
INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('red_hat_acs_not_scanning_gcp_gke','red_hat_acs_not_scanning_gcp_gke','Enable Red Hat ACS On Kubernetes Cluster','Enable Red Hat ACS On Kubernetes Cluster', 'The policy aims to validate and enforce the adherence of Kubernetes clusters to the requirement of being scanned by Red Hat security tools, specifically RHACS. It ensures that all Kubernetes clusters within the organization\'s infrastructure have undergone the necessary security scanning provided by Red Hat to mitigate vulnerabilities, threats, and compliance risks.', NULL,'https://github.com/PaladinCloud/CE/wiki/RedHat-Policy#enable-red-hat-acs-on-kubernetes-cluster','gke','gcp','RedHatACSNotScanningKubernetesCluster','{\"params\":[{\"encrypt\":\"false\",\"value\":\"true\",\"key\":\"threadsafe\"},{\"key\":\"policyKey\",\"value\":\"redhat-not-scanning-clusters\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"red_hat_acs_not_scanning_gcp_gke\",\"autofix\":false,\"policyRestUrl\":\"\",\"targetType\":\"gke\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"red_hat_acs_not_scanning_gcp_gke\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *', NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/red_hat_acs_not_scanning_gcp_gke','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC', '2024-01-03','2024-01-03','ENABLED');
INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('remove_unused_scale_set','remove_unused_scale_set',' Delete Unused Scale Set',' Delete Unused Scale Set','Identify any empty virtual machine scale sets available within your Microsoft Azure cloud account and delete them in order to eliminate unnecessary costs and meet compliance requirements when it comes to unused resources.','Every empty virtual machine scale set should be removed for cost optimization and better management of your cloud resources.','','virtualmachinescaleset','azure','remove_unused_scale_set','{"params":[{"encrypt":false,"value":"check-for-unused-Virtual-machine-scale-set","key":"policyKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags","isMandatory":true,"description":"Assets should have these mandatory tags","defaultVal":"Application,Environment,Stack,Role","displayName":"Mandatory tags"},{"encrypt":false,"value":"low","key":"severity"},{"encrypt":false,"value":"security","key":"policyCategory"},{"encrypt":false,"value":"","key":"policyOwner"}],"environmentVariables":[],"policyId":"remove_unused_scale_set","autofix":false,"alexaKeyword":"remove_unused_scale_set","policyRestUrl":"","targetType":"virtualmachinescaleset","pac_ds":"azure","assetGroup":"azure","policyUUID":"remove_unused_scale_set","policyType":"ManagePolicy"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/remove_unused_scale_set','high','cost','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2023-07-19','2023-07-19','ENABLED');

INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('delete_unused_vm_disk','delete_unused_vm_disk',' Delete Unused VM Disk','Delete Unused VM Disk','Identify any unattached (unused) Gcp virtual machine disk volumes available within yourcloud account and delete them in order to lower the cost of your monthly bill and reduce the risk of sensitive data leakage.','Every unused virtual machine disk should be removed for cost optimization and better management of your cloud resources.','','gcpdisks','gcp','delete_unused_vm_disk','{"params":[{"encrypt":false,"value":"delete-unused-vm-disk","key":"policyKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags","isMandatory":true,"description":"Assets should have these mandatory tags","defaultVal":"Application,Environment,Stack,Role","displayName":"Mandatory tags"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"cost","key":"policyCategory"},{"encrypt":false,"value":"","key":"policyOwner"}],"environmentVariables":[],"policyId":"delete_unused_vm_disk","autofix":false,"alexaKeyword":"delete_unused_vm_disk","policyRestUrl":"","targetType":"gcpdisks","pac_ds":"gcp","assetGroup":"gcp","policyUUID":"delete_unused_vm_disk","policyType":"ManagePolicy"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/delete_unused_vm_disk','high','cost','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2023-07-19','2023-07-19','ENABLED');
INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('taggingRule_version-1_aws_ami','taggingRule_version-1_aws_ami','taggingRule_version-1_aws_ami','Assign Mandatory Tags to AWS AMI','Assigning mandatory tags to AMI is important for identifying resources, allocating costs, automation, security, and compliance purposes. Mandatory tags ensure consistency, manageability, cost-effectiveness, security, and compliance across your aws infrastructure.','Add the mandatory tags to the assets,Follow the Cloud Asset Tagging guidelines.','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#Assign-Mandatory-Tags-to-AWS-AMI','ami','aws','awsamitaggingrule','{\"params\":[{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"tagging\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"taggingRule_version-1_aws_ami\",\"autofix\":false,\"alexaKeyword\":\"amitagginrule\",\"policyRestUrl\":\"\",\"targetType\":\"ami\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"taggingRule_version-1_aws_ami\",\"policyType\":\"ManagePolicy\"}','0 0/12 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/taggingRule_version-1_aws_ami','high','tagging','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2025-08-28','2025-08-28','ENABLED');
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Aug 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Fix inconsistencies and typos in new AWS AMI tagging policy row; align naming and params

  • policyName should be human-readable (consistent with other rows).
  • resolution has punctuation/spacing issues.
  • resolutionUrl likely needs a lowercase GitHub anchor.
  • JSON alexaKeyword has a typo and disagrees with the table column.
  • Add threadsafe param for consistency with other policies.

Apply this diff:

-INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('taggingRule_version-1_aws_ami','taggingRule_version-1_aws_ami','taggingRule_version-1_aws_ami','Assign Mandatory Tags to AWS AMI','Assigning mandatory tags to AMI is important for identifying resources, allocating costs, automation, security, and compliance purposes. Mandatory tags ensure consistency, manageability, cost-effectiveness, security, and compliance across your aws infrastructure.','Add the mandatory tags to the assets,Follow the Cloud Asset Tagging guidelines.','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#Assign-Mandatory-Tags-to-AWS-AMI','ami','aws','awsamitaggingrule','{\"params\":[{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"tagging\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"taggingRule_version-1_aws_ami\",\"autofix\":false,\"alexaKeyword\":\"amitagginrule\",\"policyRestUrl\":\"\",\"targetType\":\"ami\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"taggingRule_version-1_aws_ami\",\"policyType\":\"ManagePolicy\"}','0 0/12 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/taggingRule_version-1_aws_ami','high','tagging','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2025-08-28','2025-08-28','ENABLED');
+INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('taggingRule_version-1_aws_ami','taggingRule_version-1_aws_ami','Assign Mandatory Tags to AWS AMI','Assign Mandatory Tags to AWS AMI','Assigning mandatory tags to AMI is important for identifying resources, allocating costs, automation, security, and compliance purposes. Mandatory tags ensure consistency, manageability, cost-effectiveness, security, and compliance across your AWS infrastructure.','Add the mandatory tags to the assets. Follow the Cloud Asset Tagging guidelines.','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#assign-mandatory-tags-to-aws-ami','ami','aws','awsamitaggingrule','{\"params\":[{\"encrypt\":false,\"value\":\"true\",\"key\":\"threadsafe\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"tagging\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"taggingRule_version-1_aws_ami\",\"autofix\":false,\"alexaKeyword\":\"awsamitaggingrule\",\"policyRestUrl\":\"\",\"targetType\":\"ami\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"taggingRule_version-1_aws_ami\",\"policyType\":\"ManagePolicy\"}','0 0/12 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/taggingRule_version-1_aws_ami','high','tagging','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2025-08-28','2025-08-28','ENABLED');
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('taggingRule_version-1_aws_ami','taggingRule_version-1_aws_ami','taggingRule_version-1_aws_ami','Assign Mandatory Tags to AWS AMI','Assigning mandatory tags to AMI is important for identifying resources, allocating costs, automation, security, and compliance purposes. Mandatory tags ensure consistency, manageability, cost-effectiveness, security, and compliance across your aws infrastructure.','Add the mandatory tags to the assets,Follow the Cloud Asset Tagging guidelines.','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#Assign-Mandatory-Tags-to-AWS-AMI','ami','aws','awsamitaggingrule','{\"params\":[{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"tagging\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"taggingRule_version-1_aws_ami\",\"autofix\":false,\"alexaKeyword\":\"amitagginrule\",\"policyRestUrl\":\"\",\"targetType\":\"ami\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"taggingRule_version-1_aws_ami\",\"policyType\":\"ManagePolicy\"}','0 0/12 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/taggingRule_version-1_aws_ami','high','tagging','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2025-08-28','2025-08-28','ENABLED');
INSERT IGNORE INTO cf_PolicyTable (
policyId,
policyUUID,
policyName,
policyDisplayName,
policyDesc,
resolution,
resolutionUrl,
targetType,
assetGroup,
alexaKeyword,
policyParams,
policyFrequency,
policyExecutable,
policyRestUrl,
policyType,
policyArn,
severity,
category,
autoFixAvailable,
autoFixEnabled,
allowList,
waitingTime,
maxEmailNotification,
templateName,
templateColumns,
fixType,
warningMailSubject,
fixMailSubject,
warningMessage,
fixMessage,
violationMessage,
elapsedTime,
userId,
createdDate,
modifiedDate,
status
) VALUES (
'taggingRule_version-1_aws_ami',
'taggingRule_version-1_aws_ami',
'Assign Mandatory Tags to AWS AMI',
'Assign Mandatory Tags to AWS AMI',
'Assigning mandatory tags to AMI is important for identifying resources, allocating costs, automation, security, and compliance purposes. Mandatory tags ensure consistency, manageability, cost-effectiveness, security, and compliance across your AWS infrastructure.',
'Add the mandatory tags to the assets. Follow the Cloud Asset Tagging guidelines.',
'https://github.com/PaladinCloud/CE/wiki/AWS-Policy#assign-mandatory-tags-to-aws-ami',
'ami',
'aws',
'awsamitaggingrule',
'{"params":[{"encrypt":false,"value":"true","key":"threadsafe"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"check-for-missing-mandatory-tags","key":"policyKey"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags","isMandatory":true,"description":"Assets should have these mandatory tags","defaultVal":"Application,Environment,Stack,Role","displayName":"Mandatory tags"},{"isValueNew":true,"encrypt":false,"value":"tagging","key":"policyCategory"}],"environmentVariables":[],"policyId":"taggingRule_version-1_aws_ami","autofix":false,"alexaKeyword":"awsamitaggingrule","policyRestUrl":"","targetType":"ami","pac_ds":"aws","assetGroup":"aws","policyUUID":"taggingRule_version-1_aws_ami","policyType":"ManagePolicy"}',
'0 0/12 * * ? *',
'',
'',
'ManagePolicy',
'arn:aws:events:us-east-1:***REMOVED***:rule/taggingRule_version-1_aws_ami',
'high',
'tagging',
'false',
'false',
NULL,
24,
1,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
24,
'ASGC',
'2025-08-28',
'2025-08-28',
'ENABLED'
);
🤖 Prompt for AI Agents 
In installer/resources/pacbot_app/files/DB_Policy.sql around line 610, the new
AWS AMI tagging policy row contains naming/format inconsistencies and typos:
change policyName to a human-readable string consistent with other rows; fix the
resolution text punctuation and spacing; update resolutionUrl to use the
lowercase GitHub anchor; correct the JSON alexaKeyword typo so it matches the
table column name and ensure the JSON is valid; and add the threadsafe parameter
(set consistently with other policy rows). Make only these edits in that row so
the row’s columns align with the rest of the table.


update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/gcp-policy/#articleTOC_104',policyDesc='Deleting unused VM disks in GCP is essential for cost savings, resource management, security, and performance optimization. It streamlines your cloud environment, reduces expenses, and ensures compliance with data protection regulations.' where policyId='delete_unused_vm_disk';

update cf_PolicyTable set policyUUID='deny_public_access_to_ebs_snapshot' where policyId='EbsSnapShot_version-1_EbsSnapShot_snapshot';
Expand Down Expand Up @@ -2430,6 +2431,11 @@ INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `def
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('red_hat_acs_not_scanning_gcp_gke','policyKey','redhat-not-scanning-clusters','','false','false','false','','');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('red_hat_acs_not_scanning_gcp_gke','policyName','Enable Red Hat ACS On Kubernetes Cluster','','false','false','false','','');

INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('taggingRule_version-1_aws_ami','mandatoryTags','Application,Environment,Stack,Role','Application,Environment,Stack,Role','false','true','false','Mandatory tags','Assets should have these mandatory tags');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('taggingRule_version-1_aws_ami','policyKey','check-for-missing-mandatory-tags','','false','false','false','policyKey','');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('taggingRule_version-1_aws_ami','splitterChar',',','','false','false','false','splitterChar','');


UPDATE cf_PolicyParams SET encrypt ='false' WHERE policyID IN (
'Ec2StoppedInstanceForLong_version-1_Ec2StoppedInstanceForLong_ec2_inNDays',
'Ec2WithPubAccPort1434_version-1_Ec2WithPubAccPort1434_ec2',
Expand Down
Loading