| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2022-06-22 |
monitoring for code engine, performance metrics, monitor, metrics, requests, pods, application, attributes, jobrun, panic mode |
codeengine |
{{site.data.keyword.attribute-definition-list}}
{: #manage-security-compliance}
{{site.data.keyword.codeenginefull_notm}} is integrated with the {{site.data.keyword.compliance_short}} to help you manage security and compliance for your organization. {: shortdesc}
By using {{site.data.keyword.compliance_short}}, you can define rules for {{site.data.keyword.codeengineshort}} to standardize your resource configuration.
With the {{site.data.keyword.compliance_short}}, you can:
- Monitor for controls and goals that pertain to {{site.data.keyword.codeengineshort}}.
- Define rules for {{site.data.keyword.codeengineshort}} that can help to standardize resource configuration.
{: #monitor-security-compliance}
As a security or compliance focal, you can use the {{site.data.keyword.codeengineshort}} goals{: term} to help ensure that your organization is adhering to the external and internal standards for your industry. By using the {{site.data.keyword.compliance_short}} to validate the resource configurations in your account against a profile{: term}, you can identify potential issues as they arise.
All the goals for {{site.data.keyword.codeengineshort}} are added to the {{site.data.keyword.cloud_notm}} Control Library but can also be mapped to other profiles. {: note}
To start monitoring your resources, see Getting started with {{site.data.keyword.compliance_short}}
{: #ce-available-goals}
- Check whether {{site.data.keyword.codeengineshort}} projects are located in authorized regions only.
To review the pre-defined goal parameters for {{site.data.keyword.codeengineshort}}, access the {{site.data.keyword.compliance_full}}. In the {{site.data.keyword.cloud_notm}} console, click the menu icon and select Security and compliance > Configure > Goals and navigate to the Goal parameters table. Expand the {{site.data.keyword.cloud_notm}} Services Goals Input Parameters to review the values for {{site.data.keyword.codeengineshort}} region. If needed, you can customize your region goal.
{: important}
{: #govern-service_name}
As a security or compliance focal, you can use the {{site.data.keyword.compliance_short}} to define configuration rules for the instances of {{site.data.keyword.codeengineshort}} that you create.
Config rules{: term} are used to enforce the configuration standards that you want to implement across your accounts. To learn more about the data that you can use to create a rule for {{site.data.keyword.codeengineshort}}, review the following table.
| Resource kind | Property | Operator | Value | Description |
|---|---|---|---|---|
| project | location | Operators | Regions for {{site.data.keyword.codeengineshort}} | The location in which {{site.data.keyword.codeengineshort}} projects can be created. |
| {: caption="Table 1. Rule properties for {{site.data.keyword.codeengineshort}}" caption-side="bottom"} |
To learn more about config rules, check out What is a config rule.
The following example illustrates a rule that allows {{site.data.keyword.codeengineshort}} projects to be created only in the us-south and eu-de regions.
{: #govern-service_name-output}
{
"target": {
"service_name": "codeengine",
"resource_kind": "project",
"additional_target_attributes": []
},
"required_config": {
"description": "Code Engine Project",
"or": [
{
"property": "location",
"operator": "string_equals",
"value": "us-south"
},
{
"property": "location",
"operator": "string_equals",
"value": "eu-de"
}
]
}
}{: screen}