You can specify a remediation template for a rule when you create or edit the rule. A remediation template is a workflow in Logic Composer. If the configuration of a resource is non-compliant, the template can be automatically or manually triggered to modify the configuration.
Before Logic Composer can modify the configuration of your resources based on the remediation template. You must grant the required permissions to Logic Composer. For more information, see What is Logic Composer?.
- Configure remediation settings
If you set Correction Method to Automatic Execution or Manual Execution, you must select a remediation template, authorize Logic Composer to assume RAM roles, and then specify the parameters. You can then click Submit to complete the remediation settings. You can also click Disable Remediation to retain the remediation settings but not execute the template. This way, if you want to execute the template in the future, you can execute the template by selecting Automatic Execution or Manual Execution.
- Skip remediation settings
If you set Correction Method to Disable Remediation , you can skip the remediation settings.
- Automatic Execution: If the resources to which the rule is applied are evaluated as Non-compliant, the configurations of the resources are automatically remediated.
- Manual Execution: If the resources to which the rule is applied are evaluated as Non-compliant, the configurations of the resources are not automatically remediated. You can manually trigger the rule to remediate the resource configurations on the Remediation Details page of the rule.
- You can select a remediation template for only the required-tags rule.
- You can select only the official templates.
- You can select only one template for a rule. Default templates are applicable only to the managed rules.
- Logic Composer can use the template for the required-tags rule to correct the configurations of only five resource types. These resource types are ECS instances, VPC instances, SLB instances, RDS instances, and ECS disks.
|Configure automatic remediation||When you create a rule, you can associate the rule with a remediation template and select Automatic Execution for the template. If the configuration of a resource is non-compliant, the template automatically runs to correct the configuration.|
|Configure manual remediation||When you create a rule, you can associate the rule with a remediation template and select Manual Execution for the template. If the configuration of a resource is non-compliant, you can manually run the template to correct the configuration.|
|Delete remediation settings||If you need to delete the remediation settings and revoke permissions, you can delete the remediation details.|