The Aqua CSPM Remediations feature is designed to require explicit approval for every action taken in your account. Simply connecting a cloud account to Aqua CSPM is not enough to enable Remediations. You must also define a policy that explicitly lists each plugin and remediation type that you wish to allow for your account.

Remediation policies are created from the "Policy Wizard" page:

A Remediation policy (A in the image below) has the following components:

  1. One or more "rules" (B) containing:
    1. A plugin (C) you wish to have remediated
    2. Optional input parameters that must be used to perform the remediation (D)
    3. Whether manual or automated remediations are allowed for that plugin (E)
  2. A target, such as an AWS account (F) or Aqua Cloud Group (G), to which the policy applies.

Once the policy is created, it can be edited from the Policy page.