Policy Configuration Management

Policy Configuration Management

What is it?

Policy Configuration Management allows you to customize policy parameters across CoreStack products — including FinOps, SecOps (Assessments and Standards), and CloudOps — to better fit your cloud governance needs.

You can now define specific values for policy parameters at the tenant level or for individual cloud accounts. This helps ensure policies behave as intended for different environments or use cases.

Where to Access It

You can manage policy parameters from:

Governance > Guardrails > Policies

Look for the gear icon next to each policy — this opens the parameter configuration panel.

How to Configure

  1. Navigate to Governance > Guardrails > Policies.

  2. Click the gear icon next to a policy.

  3. Choose Add New to create a new parameter configuration.

  4. You can also edit or delete existing configurations.



You can define parameters at:

  • Tenant level

  • Cloud account level

How Parameter Priority Works

During policy execution, CoreStack uses parameter values in the following order:

  1. Cloud account-specific configuration (highest priority)

  2. Tenant-level configuration

  3. Default values (if no custom values are set)

This means if a cloud account has its own configuration, it will override the tenant-level or default settings.

Filter Options for Better Visibility

To make it easier to manage policies, two helpful filters are now available on the Policies page:

  • “Parameterized” – shows policies that support custom configurations.

  • “Configured” – shows policies where custom parameter values have already been set.


    • Related Articles

    • FAQ on SecOps configuration

      Why my cloud account doesn't have governance configuration section? Governance configuration section will be available only for "Assessment + Governance" type accounts Why my cloud account's alert configuration is in pending state for long? Alert ...

    • How to Enable Azure Credential Expiry Notifications

      To help ensure that you are notified before your Azure credentials expire, CoreStack provides an option to configure email notifications at the tenant level. Prerequisites Before proceeding, ensure the required Microsoft Graph API permissions are ...

    • AWS External ID change

      AWS External ID Change An External ID in AWS is a unique identifier used in cross-account access scenarios to ensure that a request from one account to another is intended. Here's an elaboration on the process and considerations for managing AWS ...

    • AWS EC2 Cost Report not showing data.

      Scenario: When accessing the AWS EC2 Cost report, users may encounter situations where the report appears empty, despite the presence of EC2 instances in the Cloud. In some cases, users may encounter issues with AWS EC2 cost reports, specifically ...

    • Required Permissions for GCP SQL and BigQuery Resource Tagging Governance

      Required Permissions for GCP SQL and BigQuery Resource Tagging Governance SQL Resources: To enable tagging for SQL resources in Google Cloud Platform (GCP), such as Cloud SQL instances, the following permissions and configurations are required: Cloud ...