|   Trend Micro Cloud One™
Open menu

Template Scanner

Last updated: 13 January 2020

Location

Top navigation bar > Template Scanner

The Template Scanner add-on enables you to run Cloud Conformity Rules on your AWS CloudFormation template, Cloud Conformity Profiles, and Accounts. You can add preventative security and governance controls to the workflow to identify and remediate issues prior to launching any services and resources.

Contents

How to use Template Scanner?

You can use the Template Scanner in two ways:

  1. Scanning a CloudFormation Template, Profile, or an Account via UI
  2. Template Scanner API

Scan via UI

  1. Select the type of rule settings you want to scan for:
    1. Default rule settings: upload and scan for rule settings in your default CloudFormation template in either JSON or YAML format.

      You can also use the ! Condition in YAML templates

    2. Profile rule settings: upload and scan for rule settings for a selected Profile.
    3. Account rule settings: upload and scan for rule settings for a selected Account.
  2. Click on Upload and scan to view scan results for your selected rule settings.
  3. You will get a message for missing parameters while scanning your template. Decide whether you want to Proceed or Cancel the scanning process.

    Note: Resources with missing parameters will not be scanned and thereby result in partial scan results.

  4. Review Checks from scan results. Failed checks will display a Resolve button with a link to resolution steps. For more information on the anatomy of the rule, see Rules.

    Resolution steps provided with failed checks are for workflows via CLI or Console. You can also use these steps as a guide for resolution within CloudFormation.

Why do I not see any scan results?

You may receive an empty response or an error for any of the following reasons:

  1. Unsupported resource type: See supported resource types. We have plans to add support for more source types over time. If there is a specific resource type you need as a priority, please log in to Cloud Conformity and submit a ticket to our support team.
  2. Unsupported rules: Template Scanner only supports resource level rules. Refer to Cloud Conformity service catalog for a list of rules and services
  3. Parameter(s) with no default value: CloudFormation templates with parameters that have no default values may fail to be processed.