To enforce a desired state in your environment, you create a vRealize Automation Cloud Guardrails desired state from a template, and observe the results.

A desired state in Cloud Guardrails can create or modify infrastructure and policies. A Cloud Guardrails desired state is a combination of:

  • A guardrails template.
  • Required input parameters.
  • Required credentials.

You run the Cloud Guardrails templates as desired states. For example, to bootstrap AWS, you select the AWS OU template, create and enforce the desired state, and view the enforcement results. You can enforce each Cloud Guardrails desired state on-demand.

When a desired state runs, the status indicates where the desired state is in the enforcement. To view the desired state status, click the Enforcements tab. The status can be:

  • Picked
  • InQueue
  • Queue
  • Created
  • Running
  • Completed
  • Failed

From the Enforcements tab, you can run the desired state again.

To create and enforce a Cloud Guardrails desired state, and observe the results, follow these steps. This example shows you how to create and enforce a Cloud Guardrails template to create an AWS OU.



  1. On the Guardrails tab, click the link to the template named AWS Organizational Unit.
    When you create a desired state, a dialog box appears where you enter the name and description, and select a cloud account and a cloud account region.
  2. Click Create Desired State.
    You can create the desired state from the AWS Organizational Unit template.
  3. In the Create a Desired State dialog box, provide the information.
    1. Enter a name and description for the desired state.
    2. Select a cloud account and a cloud account region, and click Create.
    When you create a desired state, it displays an area to enter the input parameters, and it displays the code in the template.
    The desired state for creating an AWS OU displays the input parameters required and the code for the desired state in the template that you selected. A message appears indicating that the desired state is created successfully.
  4. Enter the input parameters for the desired state.
    After you enter the input parameters, you can validate the desired state, save it, then run it.
  5. Click Validate, and click Save.
  6. Click Run Desired State.
  7. Click Enforcements and review the results of the desired state.
    When you run the desired state, the status indicates where the desired state is in the enforcement, and first appears with the status of Picked.
    If the Cloud Guardrails enforcement of a desired state passes, you can click the link to the desired state name and review the results. If the enforcement fails, click the link to the desired state and resolve the errors. For example, enter a different Parent Org ID or a different Organization Unit.


You created a Cloud Guardrails desired state that creates your AWS OU in your infrastructure.

What to do next

Continue using Cloud Guardrails and enforce desired states in your environment.