Changes to Existing Features
- Policies can now be configured to run on a monthly interval for use cases that require less frequent checks. Simply choose the monthly option under policy schedule when applying your policy.
Skip Action Approvalsoption when applying a policy.
tenancyattribute of the policy template language.
categorythat is defined in the policy template instead of grouping them into an
Organization Summaryoption in the account selector that rolls up data from across all accounts in the organization. Applied policies are grouped together and can be managed from a single page. To check it out, go to the Dashboard page in Policy Manager.
Skip action approvalsin both the UI and the API.
AWS Instance CloudWatch Utilization now supports tags to ignore instances, minimum usage thresholds for reporting, and actions to tag the resources that fail the policy check.
Low Account Usage can now be run against specific billing centers, supports a minimum savings threshold to limit the noise, and reports against the monthly run rate instead of the current usage.
Low Service Usage can now be run against specific billing centers, supports a minimum savings threshold to limit the noise, and reports against the monthly run rate instead of the current usage.
Azure Instance Utilization using Log Analytics uses performance metrics from Azure Log Analytics from the last 30 days to identify underutilized instances.
Unapproved instance types reports on any instances that are running using instance types that are not in a pre-approved list of instances provided by the user.
AWS Reserved Instance Recommendations checks the AWS Cost Explorer API and reports on any RI recommendations with potential savings above a specified threshold.
Azure Reserved Instance Recommendations checks the Azure EA API and reports on any RI recommendations with potential savings above a specified threshold.
body_fieldpage marker in the Pagination section of the policy language documentation.
Policies now give you more control over what conditions cause an incident to be updated, allowing you to specify which fields of data should be used in determining whether or not incident data has changed. This is particularly useful in cases where incident data contains a time element, such as
N days ago, allowing you to ignore the
days ago field when determining if an incident has been updated. For more on this feature, see the
hash_exclude attributes of the
policy declaration, described in the documentation
AWS Subnet Name Sync ensures that all Subnet names in AWS are synchronized to Cloud Management.
AWS VPC Name Sync ensures that all VPC names in AWS are synchronized to Cloud Management.
Azure: Tag Resources with Resource Group Name ensures that all resources contain a user-specified tag containing the name of the Resource Group containing the resource.
Policies now include the option to approve actions prior to execution. Users have the ability to add an approval action as part of escalation or resolution. The
Approval API creates an approval request and blocks further actions from executing until a user approves or denies the action. Parameters can be referenced by subsequent cloud workflows or emails within the same escalation or resolution. Users with policy_approval role can approve or deny an action with the ability to add a comment, the details of which can be seen on the Incident details page as well as the api.
Applied polices API now includes a filtering option on name.
Run Nowoption in either the UI in the Actions menu or the
AppliedPolicy#evaluatemethod in the API.
Each run of a policy now provides a detailed log that can be accessed by users with the
policy_designer role to see a full log of all data and requests made by the policy. Users with the privilege will see this both in the UI in the Actions menu as well as in the AppliedPolicy#log action in the API.
datasource now supports an
ignore_status_code field to allow you to specify any status code responses to ignore, instead of throwing an error. Read more about this in the
Request details for datasource in the documentation.
Applied policies now provide detailed status, including the last time the policy was started and finished as well as the next scheduled time it will run. All of these fields are available in the AppliedPolicy#status action in the API and the last
started time is shown in the UI as
Last ran on.
Announcing a completely redesigned multi-cloud policy management capability in RightScale with built-in Cost, Security, Compliance, and Operational policies to help you achieve quick ROI.
Learn more about RightScale Policies.
Introducing a new dedicated role (
credential_viewer) for view-only permissions on RightScale's Credentials feature. You no longer have to grant
admin role to view credentials. The
credential_viewer role can be assigned to users at an organization level (all accounts), as well as to individual accounts, like other Governance roles.
To increase visibility around billing center level permissions, users with
enterprise_manager role can use Governance to see the list of billing centers a user has access to with the ability to easily navigate to them.
Introducing new frictionless way to manage users, groups, and accounts in bulk. Governance users can now switch the view to update multiple users, roles, accounts, and groups seamlessly.
Governance users can now download a detailed user role report (CSV), broken down by accounts, for better visibility as well as auditing.
Enterprise Manager's View
lack privilegesscreen on login or navigating from Cloud Management.
Enterprise Managers now have the option to navigate to the Invitations Page directly from the Users page.
Enterprise Managers can now seamlessly remove a user, including all it's roles, from the organization.
Usability improvement to reduce number of clicks and time to value by making
Roles as the default tab.
Announcing General Availability of the new Governance application, located within the RightScale product dropdown, to provide enhanced identity access management (IAM). With features like User Groups, Role Inheritance, Full Audit entries etc, users with role
admins will get greater control over the user's permissions.
Organizations: Organization is new concept we have introduced to help you manage multiple accounts within your company. For existing customers, we have automatically created an Organization based on your master account.
Groups: Organize users into Groups based on your organizational needs or other criteria and assign specific roles to the Groups.
Role inheritance: Inheritance is a powerful feature for assigning Roles at the top level, say organization, and then cascading it down to the Group/Account/User level. Roles granted at the organization level will automatically appear at the account level.
All inherited roles are shown explicitly and can only be modified at the level they were assigned.
enterprise_manager can only be granted at the organization level whereas role
admin can only be granted at the account level.
Audit Entries: Gain visibility into which users are making changes to your cloud resources.
New Self-Service User types: New granular roles (
ss_observer) for the Self-Service application designed to give you complete flexibility. Learn more Self-Service User types
Cloud Management User tab, for managing permissions, is now moved under the new Governance application to allow you to manage user permissions in one place.
With the new Self-Service user types, you can now grant Cloud Management and Self-Service roles independently of each other giving you more control over the platform.