Enhanced Cloud Governance Via Policy API

Sowmya Sundararagavan
Sr. Product Line Manager
Published:
May 20, 2020
4 minute read

CloudHealth Policy 

Over the years, our customers have extensively benefited from the customizable policies which allow them to gain better insight and visibility around their infrastructure governance using the CloudHealth Platform. 

What are CloudHealth Policies? They’re sets of rules that allow customers to govern various aspects of their multi-cloud infrastructure, such as cost, availability, security, performance, and usage. A Policy has one or many Policy Blocks and a Policy Block contains relevant rules, filters, evaluation time details, resource type, and documentation.  

Policy (Read) API 

The CloudHealth Platform provides very rich reporting capabilities that allows customers to view and take action on their policy violations. As our customer base has advanced and more companies are maturing in their cloud journey, policy automation via API has become crucial for enhanced governance.  

Today, we’re happy to announce the new Policy (Read) API will allow customers to pull their policy result summary totals, as well as affected resources, through an API. ​ 

Enhanced governance 

The Policy API will allow customers to retrieve and consume the summary data into their own business intelligence and reporting tools, report on their progress, and have control with respect to implementing a richer and more robust governance policy. ​ 

This will enable customers to embed policy checks into their internal CI/CD pipelines, making governance a more proactive and continuous process. It will also make it easier for the appropriate users to view and take action on violators and violations. 

Policy retrieval endpoints 

Policy (Read) API consists of four retrieval endpoints, each providing capability to retrieve different data points. 

blog-image-policy-retrival-endpoints.png

  1. Retrieve Policies: Retrieve a list of all policies in your organization or in the specified partner customer’s default organization 
  2. Retrieve All Policy Blocks: Given a Policy ID, retrieve a list of all policy blocks for the policy 
  3. Retrieve All Policy Violations: Retrieve a list of all policy violations generated by a policy block 
  4. Retrieve Single Policy Violations: Retrieve a single policy violation and a list of all assets and resources affected by the violation 

Use cases 

Policy (Read) API has several use cases for customers and their Line of Businesses. A few are stated below:  

  • A security admin who might want to view the results of their security policy outside of the platform. They might have a reporting or visualization tool that they will feed this data into and then can see the progress in promoting best practices within business units 
  • A security user who might like to get the results of the security policy through the API so that they can then have the offending users notified programmatically 
  • A cloud operations manager who might be implementing a tagging policy across business units and needs to view the progress of their teams and would like to export policy result data into their tools and view the results trended over time 
  • A CloudHealth user who might want to get the results of the policies outside of CloudHealth for enhanced governance and visibility 

Take the next step 

If you’re already a CloudHealth customer and you’re interested in participating in the Policy API Private Beta reach out to ch-policyapi@groups.vmware.com. If you’re not a CloudHealth customer yet, but want to learn more, get in touch and see a demo of how CloudHealth can help you embed continuous optimization and governance into your cloud environment.