Assessment Tuning
Last updated
Last updated
Assessment results can be tuned to be more tailored to an organization's environment. There are several options for tuning and customizing your account's settings for more accurate results.
When adding an AWS account, you can specify the account type (Production, Development, Sandbox, etc.). The account type determines the priority of assessment rules, and rules that can be critical in a production environment can be low or informational in a sandbox environment.
You can update the AWS account type after it has been added under the AWS Settings > Accounts page, by selecting the edit icon next for the AWS account:
Then specify the Account Type using the dropdown menu:
Each assessment rule has a priority that can be adjusted. The priority setting shows a different weight for different account types, and a default setting in case an account type is not specified:
Rule settings can be accessed under Assessments > Assessment Details, then selecting a category, and then by selecting the rule you would like to adjust
There are certain scenarios where a resource or an entire AWS account needs to be excluded from a specific rule's evaluation. This can be done using the Exceptions feature under an assessment rule:
You can also access this feature under the Recommendations tab:
Once the exceptions modal is open, you can select resources to be added to the exception list of that rule, or alternatively, you can select to exclude the entire AWS account. Optionally, you can provide a description for the exception being created: