Changelog
Subscribe to all changelog posts via RSS or follow #changelog on our Slack community to stay updated on everything we ship.
Bug fixes
- The
GCP > Project > CMDB
control would go into an error state if Access Approval API was disabled in GCP. This is now fixed.
Whats new
Added support for connection key columns: (#768)
A
connection key column
defines a column whose value maps 1-1 to a Steampipe connection and so can be used to filter connections when executing an aggregator query. These columns are treated as (optional) KeyColumns. This means they are taken into account in the query planning.Added support for verbose timing information. (#4244)
Added support for pushing down sort order. (#447)
Updated limit pushdown logic to push down the limit if all sort clauses are pushed down. (#458)
Added support for
WHERE column=val1 OR column=val2 OR column=val3...
Migrated from plugin registry from GCP to GHCR. (#4232)
Bug fixes
Bug fixes
- Ensured
QueryData
passed to connection key column value callback is populated withConnectionManager
. (#797)
What's new?
- Implemented SNS topic to handle critical alarms notifications.
- Added Product, Vendor Tags to the IAM Role resources created by the TEF stack.
- Introduced a new SSM parameter to manage the reserved concurrency settings for the osquery worker lambda function.
- Updated Log Bucket Lifecycle Policies:
- Increased Retention Period: Extended the retention period of the lifecycle policy for logs in the log bucket with the
/processes
prefix from 1 day to 2 days. - New Policy Addition: Implemented a new lifecycle policy for managing log retention in the log bucket for logs with the
/osquery
prefix.
- Increased Retention Period: Extended the retention period of the lifecycle policy for logs in the log bucket with the
What's new?
- Implemented critical alarms for RDS DB CPU utilization, DB Max Connections and Redis ElastiCache Memory utilization.
- Added Product, Vendor Tags to the IAM Role resources created by the TED stack.
Bug fixes
- The
Azure > Compute > Virtual Machine Scale Set > Tags
control would sometimes fail to update tags correctly for Scale Sets launched via Azure marketplace. This is fixed and the control will now update tags correctly, as expected.
What's new?
- Revoke ingress rules that are unapproved for use in Network ACLs. To get started, set the
AWS > VPC > Network ACL > Ingress Rules > Approved > *
policies.
Bug fixes
- Minor fixes and improvements.
What's new?
- You can now delete existing Mount Targets which are unapproved for use in the account. To get started, set the
AWS > EFS > Mount Target > Approved
policy toEnforce: Delete unapproved
.
What's new?
- Create and manage
aws_cloudwatch_metric_alarm
resources via Guardrails stacks.
Control Types
- AWS > CloudWatch > Alarm > Configured
Policy Types
- AWS > CloudWatch > Alarm > Configured
- AWS > CloudWatch > Alarm > Configured > Claim Precedence
- AWS > CloudWatch > Alarm > Configured > Source
Bug fixes
- Added support for
aws_securityhub_account
Terraform resource.
What's new?
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
Control Types
- AWS > CIS v3.0
- AWS > CIS v3.0 > 1 - Identity and Access Management
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
- AWS > CIS v3.0 > 2 - Storage
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
- AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
- AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
- AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
- AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
- AWS > CIS v3.0 > 3 - Logging
- AWS > CIS v3.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
- AWS > CIS v3.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
- AWS > CIS v3.0 > 3 - Logging > 3.03 - Ensure AWS Config is enabled in all regions
- AWS > CIS v3.0 > 3 - Logging > 3.04 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
- AWS > CIS v3.0 > 3 - Logging > 3.05 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- AWS > CIS v3.0 > 3 - Logging > 3.06 - Ensure rotation for customer created symmetric CMKs is enabled
- AWS > CIS v3.0 > 3 - Logging > 3.07 - Ensure VPC flow logging is enabled in all VPCs
- AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket
- AWS > CIS v3.0 > 3 - Logging > 3.09 - Ensure that Object-level logging for read events is enabled for S3 bucket
- AWS > CIS v3.0 > 4 - Monitoring
- AWS > CIS v3.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
- AWS > CIS v3.0 > 5 - Networking
- AWS > CIS v3.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v3.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v3.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
- AWS > CIS v3.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
- AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
- AWS > CIS v3.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
Policy Types
- AWS > CIS v3.0
- AWS > CIS v3.0 > 1 - Identity and Access Management
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
- AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
- AWS > CIS v3.0 > 1 - Identity and Access Management > Maximum Attestation Duration
- AWS > CIS v3.0 > 2 - Storage
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
- AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
- AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
- AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
- AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
- AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
- AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
- AWS > CIS v3.0 > 2 - Storage > Maximum Attestation Duration
- AWS > CIS v3.0 > 3 - Logging
- AWS > CIS v3.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
- AWS > CIS v3.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
- AWS > CIS v3.0 > 3 - Logging > 3.03 - Ensure AWS Config is enabled in all regions
- AWS > CIS v3.0 > 3 - Logging > 3.04 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
- AWS > CIS v3.0 > 3 - Logging > 3.05 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- AWS > CIS v3.0 > 3 - Logging > 3.06 - Ensure rotation for customer created symmetric CMKs is enabled
- AWS > CIS v3.0 > 3 - Logging > 3.07 - Ensure VPC flow logging is enabled in all VPCs
- AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket
- AWS > CIS v3.0 > 3 - Logging > 3.09 - Ensure that Object-level logging for read events is enabled for S3 bucket
- AWS > CIS v3.0 > 3 - Logging > Maximum Attestation Duration
- AWS > CIS v3.0 > 4 - Monitoring
- AWS > CIS v3.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
- AWS > CIS v3.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
- AWS > CIS v3.0 > 4 - Monitoring > Maximum Attestation Duration
- AWS > CIS v3.0 > 5 - Networking
- AWS > CIS v3.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v3.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v3.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
- AWS > CIS v3.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
- AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
- AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
- AWS > CIS v3.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
- AWS > CIS v3.0 > 5 - Networking > Maximum Attestation Duration
- AWS > CIS v3.0 > Maximum Attestation Duration
Bug fixes
- Server
- Minor internal improvements.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
Resource Types:
- GCP > DNS > Policy
Control Types:
- GCP > DNS > Policy > Active
- GCP > DNS > Policy > Approved
- GCP > DNS > Policy > CMDB
- GCP > DNS > Policy > Discovery
- GCP > DNS > Policy > Usage
Policy Types:
- GCP > DNS > Policy > Active
- GCP > DNS > Policy > Active > Age
- GCP > DNS > Policy > Active > Last Modified
- GCP > DNS > Policy > Approved
- GCP > DNS > Policy > Approved > Custom
- GCP > DNS > Policy > Approved > Usage
- GCP > DNS > Policy > CMDB
- GCP > DNS > Policy > Usage
- GCP > DNS > Policy > Usage > Limit
Action Types:
- GCP > DNS > Policy > Delete
- GCP > DNS > Policy > Router
What's new?
Control Types
- GCP > CIS v2.0
- GCP > CIS v2.0 > 1 - Identity and Access Management
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
- GCP > CIS v2.0 > 2 - Logging and Monitoring
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
- GCP > CIS v2.0 > 3 - Networking
- GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
- GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
- GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
- GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
- GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
- GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
- GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
- GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
- GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
- GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
- GCP > CIS v2.0 > 4 - Virtual Machines
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
- GCP > CIS v2.0 > 5 - Storage
- GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
- GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
- GCP > CIS v2.0 > 7 - BigQuery
- GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
- GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
- GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
Policy Types
- GCP > CIS v2.0
- GCP > CIS v2.0 > 1 - Identity and Access Management
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used > Attestation
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts > Attestation
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts > Attestation
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization > Attestation
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager > Attestation
- GCP > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
- GCP > CIS v2.0 > 2 - Logging and Monitoring
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled' > Attestation
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
- GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
- GCP > CIS v2.0 > 2 - Logging and Monitoring > Maximum Attestation Duration
- GCP > CIS v2.0 > 3 - Networking
- GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
- GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
- GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
- GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
- GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
- GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
- GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
- GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
- GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
- GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
- GCP > CIS v2.0 > 4 - Virtual Machines
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections > Attestation
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects > Attestation
- GCP > CIS v2.0 > 4 - Virtual Machines > Maximum Attestation Duration
- GCP > CIS v2.0 > 5 - Storage
- GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
- GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges > Attestation
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
- GCP > CIS v2.0 > 6 - Cloud SQL Database Services > Maximum Attestation Duration
- GCP > CIS v2.0 > 7 - BigQuery
- GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
- GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
- GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
- GCP > CIS v2.0 > Maximum Attestation Duration
Bug fixes
- Minor fixes and improvements.
What's new?
- Access approval setting details for projects is now be available in Project CMDB.
Bug fixes
- Server
- Minor internal improvements.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
- New tables added
Enhancements
- The
subscription_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Azure subscriptions. (#740) - Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed the plugin's Postgres FDW Extension crash issue.
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.0 that adds support for connection key columns. (#745)
Bug fixes
- Action Type for
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
control did not render correctly on mod inspect. This is now fixed.
What's new?
- New tables added
Enhancements
- Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed intermittent FDW crashes when certain postgres errors resulted in a signal 16 being raised. (#455)
- Fixed the broken Postgres 14, Postgres 15 and SQLite x86_64 binaries for Darwin operating systems.
Whats new
- It is now possible to set a timeout for benchmark and dashboard execution. These can be set:
- In the workspace using properties:
dashboard_timeout
andbenchmark_timeout
- Using the
--dashboard-timeout
flag for thedashboard run
andserver
commands - Using the
--benchmark-timeout
flag for thebenchmark run
commands. - Using the environment variables
POWERPIPE_DASHBOARD_TIMEOUT
andPOWERPIPE_BENCHMARK_TIMEOUT
respectively. (#336)
- In the workspace using properties:
- Support installing private mods using a GitHub app token. (#381).
- Improve the layout of filter and grouping components for control tags and dimensions. (#263)
- Remove the
dashboard input list
anddashboard input show
commands. - Add thousands separator to numeric values in dashboard tables. (#315)
- Only show benchmark cards for statuses that are contained in the current filter and add status to filter on card click. (#322)
Bug fixes
All new Pipes workspaces will be running Powerpipe v0.2.0 and existing workspaces will be upgraded by Monday 29th April 2024.
For more information on this Powerpipe release, see the release notes.
Bug fixes
- Server
- Minor internal improvements.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
Bug fixes
- The
Azure > Storage > Storage Account > Data Protection
control would go into an error state when container delete retention policy data was not available in CMDB. This issue is fixed and the control will now work as expected.
What's new?
- You can now removed unapproved Firewall IP Ranges on PostgreSQL servers and flexi servers. To get started, set the
Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > *
andAzure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > *
policies respectively. - You can now stop unapproved flexi servers. To get started, set the
Azure > PostgreSQL > Flexible Server > Approved
policy toEnforce: Stop unapproved
orEnforce: Stop unapproved if new
.
Control Types
- Azure > PostgreSQL > Flexible Server > Firewall
- Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
- Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
- Azure > PostgreSQL > Server > Firewall
- Azure > PostgreSQL > Server > Firewall > IP Ranges
- Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved
Policy Types
- Azure > PostgreSQL > Flexible Server > Firewall
- Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
- Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
- Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Compiled Rules
- Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > IP Addresses
- Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Rules
- Azure > PostgreSQL > Server > Firewall
- Azure > PostgreSQL > Server > Firewall > IP Ranges
- Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved
- Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
- Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > IP Addresses
- Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Rules
Action Types
- Azure > PostgreSQL > Flexible Server > Stop
- Azure > PostgreSQL > Server > Update Firewall IP Ranges
Bug fixes
- Fixed control category names for v7.2.10, v7.7.10 and v7.14.1.
What's new?
Control Types
- Azure > CIS v2.0
- Azure > CIS v2.0 > 01 - Identity and Access Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 Ensure That 'Number of methods required to reset' is set to '2'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure
User consent for applications
is set toDo not allow user consent
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
- Azure > CIS v2.0 > 02 - Microsoft Defender
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
- Azure > CIS v2.0 > 03 - Storage Accounts
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that
Enable Infrastructure Encryption
for Each Storage Account in Azure Storage is Set toenabled
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
- Azure > CIS v2.0 > 04 - Database Services
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
- Azure > CIS v2.0 > 05 - Logging and Monitoring
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
- Azure > CIS v2.0 > 06 - Networking
- Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
- Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
- Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
- Azure > CIS v2.0 > 07 - Virtual Machines
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
- Azure > CIS v2.0 > 08 - Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
- Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
- Azure > CIS v2.0 > 09 - Application Services
- Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
- Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
- Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
- Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
- Azure > CIS v2.0 > 10 - Miscellaneous
- Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources
Policy Types
- Azure > CIS v2.0
- Azure > CIS v2.0 > 01 - Identity and Access Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure
User consent for applications
is set toDo not allow user consent
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure
User consent for applications
is set toDo not allow user consent
> Attestation - Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One' > Attestation
- Azure > CIS v2.0 > 01 - Identity and Access Management > Maximum Attestation Duration
- Azure > CIS v2.0 > 02 - Microsoft Defender
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' > Attestation
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' > Attestation
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' > Attestation
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On' > Attestation
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
- Azure > CIS v2.0 > 02 - Microsoft Defender > Maximum Attestation Duration
- Azure > CIS v2.0 > 03 - Storage Accounts
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that
Enable Infrastructure Encryption
for Each Storage Account in Azure Storage is Set toenabled
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account > Attestation
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated > Attestation
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour > Attestation
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
- Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
- Azure > CIS v2.0 > 03 - Storage Accounts > Maximum Attestation Duration
- Azure > CIS v2.0 > 04 - Database Services
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
- Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
- Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
- Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
- Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible > Attestation
- Azure > CIS v2.0 > 04 - Database Services > Maximum Attestation Duration
- Azure > CIS v2.0 > 05 - Logging and Monitoring
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it > Attestation
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
- Azure > CIS v2.0 > 05 - Logging and Monitoring > Maximum Attestation Duration
- Azure > CIS v2.0 > 06 - Networking
- Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
- Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
- Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
- Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
- Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis > Attestation
- Azure > CIS v2.0 > 06 - Networking > Maximum Attestation Duration
- Azure > CIS v2.0 > 07 - Virtual Machines
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed > Attestation
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed > Attestation
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
- Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted > Attestation
- Azure > CIS v2.0 > 07 - Virtual Machines > Maximum Attestation Duration
- Azure > CIS v2.0 > 08 - Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
- Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
- Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services > Attestation
- Azure > CIS v2.0 > 08 - Key Vault > Maximum Attestation Duration
- Azure > CIS v2.0 > 09 - Application Services
- Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
- Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
- Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App > Attestation
- Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App > Attestation
- Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App > Attestation
- Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
- Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
- Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets > Attestation
- Azure > CIS v2.0 > 09 - Application Services > Maximum Attestation Duration
- Azure > CIS v2.0 > 10 - Miscellaneous
- Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources
- Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources > Attestation
- Azure > CIS v2.0 > 10 - Miscellaneous > Maximum Attestation Duration
- Azure > CIS v2.0 > Maximum Attestation Duration
What's new?
- Server
- Implemented monitoring for
worker_factory
in the CloudWatch Dashboard widgets "Events Queue Activity" and "Events Queue Backlog". - Established a CloudWatch Alarm for the
_worker_factory
queue. - Product, Vendor Tags to the IAM Role resources created by the TE stack.
- Adjusted the threshold for the CloudWatch Alarm monitoring the
_worker
queue.
- Implemented monitoring for
Bug fixes
Server
- Now, users with only Turbot/User access will no longer see grants or active grants belonging to other users. This ensures that you only view grants that are relevant to your permissions.
- Control will move to error if it fails to determine the state at precheck.
- System resilience has been enhanced through extended TTL settings and refined management of suspended processes, aiming to improve stability and reduce backlog issues.
- Refined management of various processes to improve stability and reduce backlog issues.
UI
- Converted the
template_input
property of the policy setting in the Terraform plan to YAML format, improving clarity and manageability.
- Converted the
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
- Moved the
Turbot > Process Monitor
control to operate within the priority queue, ensuring more timely and efficient processing of critical tasks. - Updated the
Turbot > Workspace > Background Tasks
control to modify the next_tick_timestamp for any policy values that previously had incorrect defaults.
Bug fixes
- Minor fixes and improvements.
What's new?
- You can now configure rotation reminders for access keys and soft delete for blobs and containers in storage accounts. To get started, set the
Azure > Storage > Storage Account > Access Keys > Rotation Reminder > *
andAzure > Storage > Storage Account > Data Protection > Soft Delete > *
policies respectively.
Control Types
- Azure > Storage > Storage Account > Access Keys
- Azure > Storage > Storage Account > Access Keys > Rotation Reminder
- Azure > Storage > Storage Account > Data Protection
- Azure > Storage > Storage Account > Data Protection > Soft Delete
Policy Types
- Azure > Storage > Storage Account > Access Keys
- Azure > Storage > Storage Account > Access Keys > Rotation Reminder
- Azure > Storage > Storage Account > Access Keys > Rotation Reminder > Days
- Azure > Storage > Storage Account > Data Protection
- Azure > Storage > Storage Account > Data Protection > Soft Delete
- Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs
- Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs > Retention Days
- Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers
- Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers > Retention Days
Action Types
- Azure > Storage > Storage Account > Set Data Protection Soft Delete
- Azure > Storage > Storage Account > Update Rotation Reminder
What's new?
- You can now removed unapproved Firewall IP Ranges on SQL servers. To get started, set the
Azure > SQL > Server > Firewall > IP Ranges > Approved > *
policies.
Control Types
- Azure > SQL > Server > Firewall
- Azure > SQL > Server > Firewall > IP Ranges
- Azure > SQL > Server > Firewall > IP Ranges > Approved
Policy Types
- Azure > SQL > Server > Firewall
- Azure > SQL > Server > Firewall > IP Ranges
- Azure > SQL > Server > Firewall > IP Ranges > Approved
- Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
- Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses
- Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules
Action Types
- Azure > SQL > Server > Update Firewall IP Ranges
Enhancements
- Updated the
workspace_dashboard
dashboard to include information on the accounts, resources, and active controls across different workspaces. (#31) - Updated the
workspace_account_report
dashboard to display resources, policy settings, alerts, and active controls across workspaces instead of the TE version. (#31)
Enhancements
- Optimized several queries to minimize API usage, achieving faster performance. (#786)
Bug fixes
- The
rotationPeriod
andnextRotationTime
attributes for Crypto Keys did not update correctly in CMDB when the rotation policy for such keys was removed. This is now fixed.
What's new?
- You can now configure Encryption in Transit for Flexi Servers. To get started, set the
Azure > MySQL > Flexible Server > Encryption in Transit > *
policies. - We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
Control Types
- Azure > MySQL > Flexible Server > Encryption in Transit
Policy Types
- Azure > MySQL > Flexible Server > Encryption in Transit
Action Types
- Azure > MySQL > Flexible Server > Update Encryption in Transit
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
Policy Types
- Azure > App Service > App Service Plan > Approved > Custom
- Azure > App Service > Function App > Approved > Custom
- Azure > App Service > Web App > Approved > Custom
Bug fixes
- The
AWS > VPC > Flow Log > Configured
control would sometimes go into an error state for flow logs created via the AWS console, even though they were correctly claimed by a Guardrails stack. This is now fixed.
What's new?
- New tables added
Enhancements
- The
account_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple AWS accounts. (#2133)
Bug fixes
- Fixed the
getDirectoryServiceSnapshotLimit
andgetDirectoryServiceEventTopics
hydrate calls in theaws_directory_service_directory
table to correctly returnnil
for the unsupportedADConnector
services instead of an error. (#2170)
What's new?
- New tables added: (Thanks @jplanckeel for the new plugin!)
What's new?
- You can now configure log checkpoints for Flexi Servers. To get started, set the
Azure > PostgreSQL > Flexible Server > Audit Logging > *
policies. - We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Control Types
- Azure > PostgreSQL > Flexible Server > Audit Logging
Policy Types
- Azure > PostgreSQL > Flexible Server > Audit Logging
- Azure > PostgreSQL > Flexible Server > Audit Logging > Log Checkpoints
Action Types
- Azure > PostgreSQL > Flexible Server > Update Audit Logging
What's new?
- You can now configure expiration for Key Vault Keys and Secrets. To get started, set the
Azure > Key Vault > Key > Expiration > *
andAzure > Key Vault > Secret > Expiration > *
policies respectively.
Control Types
- Azure > Key Vault > Key > Expiration
- Azure > Key Vault > Secret > Expiration
Policy Types
- Azure > Key Vault > Key > Expiration
- Azure > Key Vault > Key > Expiration > Days [Default]
- Azure > Key Vault > Secret > Expiration
- Azure > Key Vault > Secret > Expiration > Days [Default]
Action Types
- Azure > Key Vault > Key > Set Expiration
- Azure > Key Vault > Secret > Set Expiration
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- Added CIS v3.0.0 benchmark (
powerpipe benchmark run gcp_compliance.benchmark.cis_v300
). (#158)
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Bug fixes
- The
Azure > Storage > Storage Account > Queue > Logging
control would go into a skipped state for storage accounts, irrespective of any policy setting for Logging. This issue is fixed and the control will now work as expected.
v0.40.0 [2024-04-12]
What's new?
- New tables added
- Added support for plugin authentication using
Github App
. Please refer Github plugin configuration for more information. (#414)
Bug fixes
What's new?
- New tables added
Enhancements
- Added
snapshot_block_public_access_state
column toaws_ec2_regional_settings
table. (#2077)
Bug fixes
- Fixed the
getDirectoryServiceSnapshotLimit
andgetDirectoryServiceEventTopics
hydrate calls in theaws_directory_service_directory
table to correctly returnnil
for unsupportedSharedMicrosoftAD
services instead of an error. (#2156)
What's new?
- New tables added: (Thanks @ramirezj for the new plugin!)
What's new?
- You can now delete existing Public IP Addresses which are unapproved for use in the Subscription. To get started, set the
Azure > Network > Public IP Address > Approved
policy toEnforce: Delete unapproved
.
What's new?
- You can now configure Encryption in Transit for Flexi Servers. To get started, set the
Azure > PostgresSql > Flexible Server > Encryption in Transit > *
policies.
Control Types
- Azure > PostgreSQL > Flexible Server > Encryption in Transit
Policy Types
- Azure > PostgreSQL > Flexible Server > Encryption in Transit
Action Types
- Azure > PostgreSQL > Flexible Server > Update Encryption in Transit
Bug fixes
- Updated the
foundational_security_lambda_2
control to check for the latest Lambda runtimes as per the AWS FSBP document. (#778) (Thanks @sbldevnet for the contribution!) - Fixed the title of
secretsmanager_secret_unused_90_day
control. (#783)
What's new?
- You can now delete existing Entra ID users which are unapproved to be used in the Tenant. To get started, set the
Azure > Active Directory > User > Approved
policy toEnforce: Delete unapproved
.
Policy Types
- Azure > Active Directory > User > Approved > Custom
What's new?
- You can now configure TLS version for Flexi Servers. To get started, set the
Azure > MySQL > Flexible Server > Minimum TLS Version > *
policies.
Enhancements
- Added the following controls to the
All Controls
benchmark: (#253)cosmosdb_account_uses_aad_and_rbac
iam_user_not_allowed_to_create_tenants
securitycenter_image_scan_enabled
Bug fixes
- Updated the
postgres_db_server_allow_access_to_azure_services_disabled
query to check if theendIpAddress
column is set to0.0.0.0
instead of255.255.255.255
as per the CIS documentation. (#253)
What's new?
- Added: Support for Postgres versions 11.21 and 11.22.
What's new?
- Account CMDB data will now also include alternate security contact details.
What's new?
Control Types
- AWS > CIS v2.0
- AWS > CIS v2.0 > 1 - Identity and Access Management
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
- AWS > CIS v2.0 > 2 - Storage
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
- AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
- AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
- AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
- AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
- AWS > CIS v2.0 > 3 - Logging
- AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
- AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
- AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
- AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
- AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
- AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
- AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
- AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
- AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
- AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
- AWS > CIS v2.0 > 4 - Monitoring
- AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
- AWS > CIS v2.0 > 5 - Networking
- AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
- AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
- AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
- AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
Policy Types
- AWS > CIS v2.0
- AWS > CIS v2.0 > 1 - Identity and Access Management
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
- AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
- AWS > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
- AWS > CIS v2.0 > 2 - Storage
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
- AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
- AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
- AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
- AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
- AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
- AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
- AWS > CIS v2.0 > 2 - Storage > Maximum Attestation Duration
- AWS > CIS v2.0 > 3 - Logging
- AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
- AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
- AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
- AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
- AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
- AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
- AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
- AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
- AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
- AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
- AWS > CIS v2.0 > 3 - Logging > Maximum Attestation Duration
- AWS > CIS v2.0 > 4 - Monitoring
- AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
- AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
- AWS > CIS v2.0 > 4 - Monitoring > Maximum Attestation Duration
- AWS > CIS v2.0 > 5 - Networking
- AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
- AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
- AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
- AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
- AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
- AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
- AWS > CIS v2.0 > 5 - Networking > Maximum Attestation Duration
- AWS > CIS v2.0 > Maximum Attestation Duration
What's new?
- New tables added
Enhancements
- Added support for nested dashboards. (#4208)
Bug fixes
- Fixed the issue where local plugins were not being loaded. (#4196)
- Re-added support for 'implicit' local plugins (i.e. the plugin binary exists but there is no entry in the
versions.json
). (#4223) - Fixed the issue where the daily update check message showed a
<nil>
when there was no message to show. (#4206)
Bug fixes
- SQL Instances were sometimes not updated/cleaned up correctly via real-time events in Guardrails. This is now fixed.
What's new?
- You can now manage IMDS defaults for EC2 per region. To get started, set the
AWS > EC2 > Account Attributes > Instance Metadata Service Defaults > *
policies.
Bug fixes
- The
AWS > EC2 > Instance > Approved
control would sometimes fail to stop instances that were discovered in Guardrails via real-time events if theAWS > EC2 > Instance > Approved
policy was set toEnforce: Stop unapproved if new
. This is now fixed.
What's new?
- Storage Account CMDB data will now also include details about the account's blob service properties.
What's new?
- You can now configure
connection_throttling
parameter for PostgreSQL servers. To get started, set theAzure > PostgreSQL > Server > Audit Logging > Connection Throttling
policy.
What's new?
- TLS version and audit log details will now be available in CMDB for Flexi Servers.
What's new?
- Users can now disable unapproved Keys in AWS. To get started, set the
AWS > KMS > Key > Approved
policy toEnforce: Disable unapproved
.
What's new?
- New tables added
Enhancements
- Added support for
quota_project
config arg to provide users the ability to set theProject ID
used for billing and quota. (#556)
Bug fixes
- Fixed the
retry_policy_maximum_backoff
andretry_policy_minimum_backoff
columns ofgcp_pubsub_subscription
table to correctly return data. (#552) (Thanks to @mvanholsteijn for the contribution!)
What's new?
- New tables added
- aws_backup_job (#2145) (Thanks @rogerioacp for the contribution!)
- aws_elastic_beanstalk_application_version (#2150)
- aws_rds_db_engine_version (#2098)
- aws_s3_object_version (#2070)
- aws_servicequotas_service (#2070)
Bug fixes
- Fixed the
aws_vpc_eip
table to return anAccess Denied
error instead of anInvalid Memory Address or Nil Pointer Dereference
error when aService Control Policy
is applied to an account for a specific region. (#2136) - Fixed the
aws_s3_bucket
terraform script to prevent theAccessControlListNotSupported: The bucket does not allow ACLs
error during thePutBucketAcl
terraform call. (#2080) (Thanks @pdecat for the contribution!) - Fixed an issue where querying regional tables while using AWS profiles with
cross-account
role credentials results in the correct error being reported instead of zero rows. (#2137) - Fixed pagination in the
aws_ebs_snapshot
table to make fewer API calls when thelimit
parameter is passed to the query. (#2088)
What's new?
- New control added:
rds_mysql_postresql_db_no_unsupported_version
(#174)
Bug fixes
- In v5.15.1, we introduced the policy value
Enforce: Enabled but ignore permission errors
for theAWS > SNS > Subscription > CMDB
policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy toEnforce: Enabled but ignore permission errors
inadvertently introduced a bug, resulting in the removal of real-time events for Subscription from the SNS EventBridge rule created by the Event Handlers. This issue has now been fixed.
Bug fixes
- In v5.13.0, we introduced the policy value
Enforce: Enabled but ignore permission errors
for theAWS > KMS > Key > CMDB
policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy toEnforce: Enabled but ignore permission errors
inadvertently introduced a bug, resulting in the removal of the EventBridge Rule for KMS by the Event Handlers. This issue has now been fixed.
Bug fixes
loop
block now works incontainer
,function
,message
andinput
steps.- Use HCL expressions in
max_concurrency
step argument. (#800). throw
,retry
anderror
block now works forinput
step.
Breaking changes
- The
Foundational Security Best Practices v1.0.0
benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)- The
foundational_security_elbv2
sub-benchmark have been removed. - The following controls are no longer included in the benchmarks:
foundational_security_cloudfront_2
foundational_security_ec2_22
foundational_security_s3_4
- The
Enhancements
- The
Foundational Security Best Practices v1.0.0
benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)- The following sub-benchmarks have been added to the
foundational_security
benchmark:foundational_security_appsync
foundational_security_backup
foundational_security_eventbridge
foundational_security_fsx
foundational_security_msk
foundational_security_pca
foundational_security_route53
foundational_security_sfn
- The following controls have been added to the benchmarks:
foundational_security_acm_2
foundational_security_appsync_2
foundational_security_backup_1
foundational_security_cloudfront_13
foundational_security_dms_6
foundational_security_dms_7
foundational_security_dms_8
foundational_security_dms_9
foundational_security_docdb_3
foundational_security_docdb_4
foundational_security_docdb_5
foundational_security_dms_9
foundational_security_dynamodb_6
foundational_security_ec2_51
foundational_security_ecs_9
foundational_security_eks_8
foundational_security_elasticbeanstalk_3
foundational_security_emr_2
foundational_security_eventbridge_3
foundational_security_fsx_1
foundational_security_msk_1
foundational_security_networkfirewall_2
foundational_security_networkfirewall_9
foundational_security_opensearch_10
foundational_security_pca_1
foundational_security_rds_34
foundational_security_rds_35
foundational_security_route53_2
foundational_security_s3_19
foundational_security_sfn_1
foundational_security_waf_12
- The following sub-benchmarks have been added to the
What's new?
- New tables added
Enhancements
v0.13.2 of the Terraform Provider for Pipes is now available.
Bug fixes
pipes_workspace_datatank_table
: SetPartPer
setting for datatank table to benil
if nothing is passed in configuration while updating a datatank table. (#23)
Enhancements:
resources/pipes_workspace
: Add support for passingdesired_state
,db_volume_size_bytes
attribute when creating or updating a workspace. Add missing attributestate_reason
.resources/pipes_workspace_pipeline
: Add support for passingdesired_state
attribute when creating or updating a pipeline. Add attributesstate
andstate_reason
.resources/pipes_workspace_datatank
: Add support for passingdesired_state
attribute when creating a datatank.resources/pipes_workspace_datatank_table
: Add support for passingdesired_state
attribute when creating a datatank_table.
Bug fixes
- Fixed the
project_license_table
,project_other_license_count
andproject_weak_copyleft_license_count
queries to use the latest version of EUP (European Union Public License 1.2). (#13)
Bug fixes
- Fixed the
repository_license_table
,repository_other_license_count
andrepository_weak_copyleft_license_count
queries to use the latest version of EUP (European Union Public License 1.2). (#25)
Bug fixes
- Fixed the CIS controls from
cis_v200_2_4
tocis_v200_2_11
to correctly evaluate results when using the aggregator connection of the GCP plugin. (#154)
Bug fixes
- Input step respects the
max_concurrency
argument. (#798). - Erroneous error message detecting a missing credential where there isn't one.
- HCL
try()
function should be evaluated at runtime rather than parse time. - Integration and input step URLs should use the provided custom host & port. (#792).
- Shows filename and line number for invalid step references.
Bug fixes
- Server
- Minor internal improvements.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
Control Types:
- AWS > ECR > Repository > Policy
- AWS > ECR > Repository > Policy > Required
Policy Types:
- AWS > ECR > Repository > Policy
- AWS > ECR > Repository > Policy > Required
- AWS > ECR > Repository > Policy > Required > Items
Action Types:
- AWS > ECR > Repository > Update Repository policy
Bug fixes
- When exporting or displaying a
benchmark run
result as a snapshot, ensure the top level panel has a valid summary. (#274) - Update
mod list
output to includeresource_name
andmod
fields.
Bug fixes
- Server
- Account import will be smoother and more consistent than before.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
Bug fixes
- Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed.
What's new?
- Added CIS v2.1.0 benchmark (
powerpipe benchmark run azure_compliance.benchmark.cis_v210
). (#250)
Whats new
- Optimize workspace load time for large workspaces with multiple dependent mods. (#365)
All new Pipes workspaces will be running Steampipe v0.22.1 and existing workspaces will be upgraded by Monday 18th March 2024.
For more information on this Steampipe release, see the release notes.
All new Pipes workspaces will be running Powerpipe v0.1.2 and existing workspaces will be upgraded by Monday 18th March 2024.
For more information on this Powerpipe release, see the release notes.
Bug fixes
- The
AWS > VPC > VPC > Stack
control failed to claim security group rules correctly if theprotocol
for such rules was set toAll
orTCP
in the stack's source policy. This issue has been fixed, and the control will now claim such rules correctly.
Bug fixes
- We have updated various policy definitions set during account imports to allow for a smoother account import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.
What's new?
- New tables added
- aws_acmpca_certificate_authority (#2125)
- aws_dms_endpoint (#1992)
- aws_dms_replication_task (#2110)
- aws_docdb_cluster_snapshot (#2123)
- aws_transfer_user (#2089) (Thanks @jramosf for the contribution!)
Enhancements
- Added
auto_minor_version_upgrade
column toaws_rds_db_cluster
table. (#2109) - Added
open_zfs_configuration
column toaws_fsx_file_system
table. (#2113) - Added
logging_configuration
column toaws_networkfirewall_firewall
table. (#2115) - Added
lf_tags
column toaws_glue_catalog_table
table. (#2128)
Bug fixes
- Fixed the query in the
aws_s3_bucket
table doc to correctly filter out buckets without theapplication
tag. (#2093) - Fixed the
aws_cloudtrail_lookup_event
input param to pass correctlyend_time
as an optional qual. (#2102) - Fixed the
arn
column of theaws_elastic_beanstalk_environment
table to correctly return data instead ofnull
. (#2105) - Fixed the
template_body_json
column of theaws_cloudformation_stack
table to correctly return data by adding a new transform functionformatJsonBody
, replacing theUnmarshalYAML
transform function. (#1959) - Fixed the
next_execution_time
column ofaws_ssm_maintenance_window
table to be ofString
datatype instead ofTIMESTAMP
. (#2116) - Renamed the
client_log_options
column toconnection_log_options
inaws_ec2_client_vpn_endpoint
table to correctly return data instead ofnull
. (#2122)
Whats new
- Improved startup performance with high plugin count - parallelize plugin startup. (#4183)
- Added database SSL password support for encrypted private key in order to handle your own certificates. (#4149)
Bug fixes
- Fixed issue where plugin list cannot re-create top-level versions.json file if the file has been corrupted or empty. (#4191)
Notice
- Scripts must use the permanent installation script at https://steampipe.io/install/steampipe.sh.
- The script above is automatically updated when the script moves location.
install.sh
has been moved from the top level folder to thescripts
folder.- Scripts directly referencing the raw GitHub location must be updated.
Notice
Steampipe will no longer officially publish or support a Dockerfile or container images.
Steampipe can be run in a containerized setup. We run it ourselves that way as part of Turbot Pipes. But, we've decided to cease publishing an supporting a container definition because:
- The CLI is optimized for developer use on the command line.
- Everyone has specific goals and requirements for their containers.
- Container setup requires various mounts and access to configuration files.
- It's hard to support containers across many different environments.
We welcome users to create and share your own open-source container definitions for Steampipe!
Bug fixes
- UI
- Fixed the AWS login dropdown button to accurately display both existing and new grants.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
Bug fixes
- Unsupported US Gov cloud regions were inadvertently included in the
AWS > SageMaker > Code Repository > Regions
policy, which led to theAWS > SageMaker > Code Repository > Discovery
control being in an error state for those regions. We've now removed the unsupported US Gov cloud regions from the Regions policy.
What's new?
- Policy Types:
- AWS > SageMaker > Notebook Instance > Approved > Custom
Bug fixes
- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed.
Bug fixes
- Multiselect Inputs with preselected Options now correctly pre-populate in Slack.
- Change detection in
throw
andoutput
block in pipeline steps works correctly with ternary operators and will not trigger mod reload for white space changes.
Bug fixes
- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed. - In the previous version, we fixed an issue with the
AWS > VPC > VPC > Stack
control that prevented it from recognizing security group rules with the port range set to 0 correctly. However, the control still failed to claim existing security group rules available in Guardrails CMDB, due to an inadvertent bug introduced in v5.9.2. This issue has now been fixed, and the control will correctly claim existing security group rules.
Bug fixes
- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed.
Bug fixes
- Previously, Guardrails unnecessarily listened to and processed real-time
lists
events for various storage resources. We've now improved our events filter to ignore theselists
events, thereby reducing unnecessary processing.
Bug fixes
- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed.
Bug fixes
- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed.
Bug fixes
- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed. - The
AWS > EC2 > Snapshot > Active
andAWS > EC2 > Snapshot > Approved
controls will now not attempt to delete a snapshot if it has one or more AMIs attached to it. - In the previous version, although we fixed a bug to prevent upserting volumes and snapshots with incorrect AKAs, there was still a provision for instances to be upserted with incorrect AKAs. We have now addressed this issue as well, ensuring instances are upserted more correctly and consistently than before.
- The deprecated
ec2-reports:*
permissions are now removed from the mod.
v0.13.1 of the Terraform Provider for Pipes is now available.
Bug fixes
- Ensure tags are passed during creation of resource
pipes_workspace_pipeline
and are only updated when a valid value is present in the Terraform configuration.
All new Pipes workspaces will be running Steampipe v0.22.0 and existing workspaces will be upgraded by Monday 11th March 2024.
For more information on this Steampipe release, see the release post or release notes.
Dashboards in Turbot Pipes are now powered by Powerpipe, allowing you to filter, group and share custom views of your cloud benchmarks.
All new Pipes workspaces will be running Powerpipe v0.1.0 and existing workspaces will be upgraded by Monday 11th March 2024.
For more information on the launch of Powerpipe, see the launch post or release notes.
Bug fixes
- Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
- In the previous version, we believed we had resolved an issue with Internet Gateways not being upserted into the CMDB while processing real-time
CreateDefaultVpc
events. However, we overlooked an edge case in the fix. We have now addressed this issue, ensuring that Internet Gateways will be reliably discovered and upserted into the Guardrails CMDB. We recommend updating theaws-vpc-core
mod to version 5.17.1 or higher to enable Guardrails to correctly process real-time CreateDefaultVpc events for Internet Gateways. - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to
Enforce: Disabled
. This is now fixed.
We're thrilled to announce the release of 52 new Powerpipe mods, featuring pre-built dashboards and benchmarks for cloud inventory & insights, security & compliance, cost management and shift-left scanning. These include the 43 Steampipe mods to visualize AWS, Azure, GCP, GitHub, Terraform and more using Steampipe as the database. And 9 new, ready-to-use Powerpipe mods providing easy to learn examples to visualize data in Postgres, SQLite, DuckDB, and MySQL!
A full list of mods can be found in the Powerpipe Hub.
For more information on how you can get started incorporating these mods into your own custom dashboards and benchmarks, please see Introducing Powerpipe - Composable Mods.
Introducing Powerpipe - Dashboards for DevOps.
Benchmarks - 5,000+ open-source controls from CIS, NIST, PCI, HIPAA, FedRamp and more. Run instantly on your machine or as part of your deployment pipeline.
Relationship Diagrams - The only dashboarding tool designed from the ground up to visualize DevOps data. Explore your cloud,understand relationships and drill down to the details.
Dashboards & Reports - High level dashboards provide a quick management view. Reports highlight misconfigurations and attention areas. Filter, pivot and snapshot results.
Code, not clicks - Our dashboards are code. Version controlled, composable, shareable, easy to edit - designed for the way you work. Join our open-source community!
Learn more at:
- Website - https://powerpipe.io
- Docs - https://powerpipe.io/docs
- Hub - https://hub.powerpipe.io
- Introduction - https://powerpipe.io/blog/introducing-powerpipe
Bug fixes
- The
AWS > VPC > VPC > Stack
control would sometimes go into an error state after creating security group rules with port range set to 0. This occurred because the control failed to recognize the existing rule in Guardrails CMDB and attempted to create a new rule instead. This issue has been fixed, and the stack control will now work correctly as expected. - The
AWS > VPC > Security Group > CMDB
control would sometimes go into an error state for security groups shared from other AWS accounts. We will now exclude shared security groups and only upsert security groups that belong to the owner account.
What's new?
You can now also manage the IAM Permissions model for Guardrails Users via the
AWS > Turbot > IAM > Managed
control. TheAWS > Turbot > IAM > Managed
control is faster and more efficient than the existingAWS > Turbot > IAM
control because it utilizes Native AWS APIs rather than Terraform to manage IAM resources. Please note that this feature will work as intended only on TE v5.42.19 or higher andturbot-iam
mod v5.11.0 or higher.Control Types
- AWS > Turbot > IAM > Group
- AWS > Turbot > IAM > Group > Managed
- AWS > Turbot > IAM > Managed
- AWS > Turbot > IAM > Policy
- AWS > Turbot > IAM > Policy > Managed
- AWS > Turbot > IAM > Role
- AWS > Turbot > IAM > Role > Managed
- AWS > Turbot > IAM > User
- AWS > Turbot > IAM > User > Managed
Policy Types
- AWS > Turbot > IAM > Managed
Policy Types Renamed
- AWS > IAM > Turbot to AWS > Turbot > IAM
Action Types
- AWS > Account > Provision Managed Resources
- AWS > IAM > Group > Detach and delete
- AWS > IAM > Group > IAM Group Managed
- AWS > IAM > Policy > Detach and delete
- AWS > IAM > Role > IAM Role Managed
- AWS > IAM > User > IAM User Managed
Bug fixes
The AWS > IAM > Group > CMDB
, AWS > IAM > Role > CMDB
, and AWS > IAM > User > CMDB
controls previously failed to fetch all attachments for groups, roles, and users, respectively, due to the lack of pagination support. This issue has been fixed, and the controls will now correctly fetch all respective attachments.
Steampipe unbundled, introducing Powerpipe
Powerpipe is now the recommended way to run dashboards and benchmarks!
Mods still work as normal in Steampipe for now, but they are deprecated and will be removed in a future release:
Whats new
- Added
version
column tosteampipe_plugin
table. (#4141) - Direct all errors and warnings to standard error (stderr). (4162)
Bug fixes
- Fixed the issue where
search_path_prefix
set indatabase options
does not alter the search path. (#4160) - Fix issue where
asff
output was always missing the first row. (#4157)
Deprecations and migrations
- Steampipe mods and dashboards are now separately available in Powerpipe, a new open-source project. The steampipe mod, check and dashboard commands have been deprecated and will be removed in a future version. Migration guide.
- Deprecated
cloud-host
andcloud-token
CLI args, and replaced them withpipes-host
andpipes-token
respectively. (#4137) - Deprecated
STEAMPIPE_CLOUD_HOST
andSTEAMPIPE_CLOUD_TOKEN
env vars, replaced withPIPES_HOST
andPIPES_TOKEN
respectively. (#4137) - Deprecated
cloud_host
andcloud_token
workspace args, replaced withpipes_host
andpipes_token
respectively. (#4137) - Removed support for deprecated
terminal options
. (#3751) - Removed support for deprecated
max_parallel
property ingeneral options
. (#4132) - Removed support for deprecated
connection options
. (#4131) - Removed deprecated
version
property from the modrequire
block. (#3750)
What's new?
- Workflow - message step for easy notifications. Documentation.
- Workflow - input step for buttons, text and other data. Documentation.
- Workflow - simple, reusable integration and notifier configuration for HTTP, Slack and Email. Documentation
- Import Steampipe connections as Flowpipe credentials. Documentation.
- Manage concurrency of pipelines and steps.
- New credential types:
alicloud
andmastodon
. - Shorter hash for HTTP triggers for simpler URLs.
- DuckDB support in query step & trigger.
- Step metadata, like
started_at
andfinished_at
added under aflowpipe
attribute. - Moved
flowpipe.db
into the mod-level.flowpipe
directory. connection_string
in query step and trigger renamed todatabase
.
Deprecation
- Email step. Please use the message step instead.
Bug fixes
log_level
workspace setting is now respected (#618).- Default
listen
flag should be network, not localhost (#694) - Trigger attributes are now validated (#225).
- Pipeline output attributes are now validated (#239).
- Pipeline param default value data type is now validated against the specified type (#262).
- Removed titles when merging multiple error messages (#263).
- Runtime resolution of pipeline reference and credentials are now working correctly. (#732).
- Scheduled triggers are now re-scheduled when mod files have changed.
- File watcher reliability improvements.
Bug fixes
- Updated
metadata
param type increate_ticket
pipeline to be consistent with similar param types.
Bug fixes
- Fixed
secret
param type increate_secret
pipeline.
Bug fixes
- Fixed broken links to credential import docs in various sample READMEs.
What's new?
- Added the following new sample mods: (#108)
add_s3_bucket_cost_center_tags
aws_iam_access_key_events_notifier_with_multiple_pipelines
aws_iam_access_key_events_notifier_with_single_pipeline
deactivate_expired_aws_iam_access_keys_using_queries
deactivate_expired_aws_iam_access_keys_with_approval
notify_new_aws_iam_access_keys
Enhancements
- Updated all AWS, Azure, PagerDuty, Slack, Zendesk library mod dependency versions in several sample mods. (#108)
Bug fixes
Server
- Updated the tier for the SSM parameter
/tenant/${workspaceFullId}
toAdvanced
. - Delete operations for resources is now faster and more efficient than before.
- Auto mod update control for mods will now look only for recommended versions instead of available and recommended.
- Fixed policy value resolution to default to the value of
resolvedSchema
if not available in the schema.
- Updated the tier for the SSM parameter
UI
- Fixed a table typo in the Steampipe query used in the resources developer tab.
- Display the AWS login button when setting permissions via the
AWS > Turbot > IAM > Managed
control.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
Bug fixes
- The default value for
Turbot > IAM > Permissions > Compiled > Levels > Turbot
policy will now be evaluated correctly and consistently.
Bug fixes
- SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB. This issue has now been fixed.
What's new?
The
AWS > S3 > Bucket
CMDB data will now also include information about Bucket Intelligent Tiering Configuration.A few policy values in the
AWS > S3 > Bucket > Encyprion at Rest
policy have now been deprecated and will be removed in the next major mod version (v6.0.0) because they are no longer supported by AWS.| Deprecated Values
|- | Check: None
| Check: None or higher
| Enforce: None
| Enforce: None or higher
Bug fixes
- Removed duplicate
ticket_id
param fromupdate_ticket_comment
pipeline.
Bug fixes
- Fixed invalid type for
license
param increate_user
pipeline. (#6)
Bug fixes
- Fixed mismatched types for
generate_ssh_keys
param in various Compute VM test pipelines.
Bug fixes
- Previously, Guardrails did not upsert Internet Gateways into the CMDB while processing real-time
CreateDefaultVpc
events. This issue has been fixed, and Internet Gateways will now be more reliably upserted into the Guardrails CMDB. We recommend updating theaws-vpc-core
mod to v5.17.1 or higher to allow Guardrails to process theCreateDefaultVpc
event for Internet Gateways correctly.
Bug fixes
- Previously, Guardrails did not upsert DHCP Options into the CMDB while processing real-time
CreateDefaultVpc
events. This issue has been fixed, and DHCP Options will now be more reliably upserted into the Guardrails CMDB.
Bug fixes
- Previously, Guardrails unnecessarily listened to and processed real-time
lists
events for various Dataproc resources. We've now improved our events filter to ignore theselists
events, thereby reducing unnecessary processing.
Bug fixes
- The
GCP > Turbot > Event Handlers > Pub/Sub
stack control previously attempted to create a topic and its IAM member incorrectly when theGCP > Turbot > Event Handlers > Logging > Unique Writer Identity
policy was set toEnforce: Unique Identity
, but the project number for the project was not available. This is fixed and the control will transition to an Invalid state until Guardrails can correctly fetch the project number.
Bug fixes
- Fixed the type mismatch of the input parameter in the
get_channel_history
pipeline. (#20)
What's new?
Control Types:
- GCP > Pub/Sub > Topic > Labels
Policy Types:
- GCP > Pub/Sub > Topic > Labels
- GCP > Pub/Sub > Topic > Labels > Template
Action Types
- GCP > Pub/Sub > Topic > Set Labels
Bug fixes
- In a previous version (v5.6.2), we introduced a change in the
AWS > S3 > Bucket > Encryption in Transit
andAWS > S3 > Bucket > Encryption at Rest
control to wait for a few minutes before applying the respective policies to new buckets created via Cloudformation Stacks. We've now extended this feature to all buckets regardless of how they were created, to ensure that IaC changes can be correctly applied to buckets without interference from immediate policy enforcements.
What's new?
- New dashboards added:
- OpenSearch Domain Detail (#75) (Thanks @Errahulaws for the contribution!)
What's new?
- Added support for Advanced Tier for SSM Parameters.
- Increased the visibility timeout from 60 seconds to 7200 seconds and decreased the message retention period to 7 days for runnable DLQ.
What's new?
- Added: Support for Postgres versions 14.9, 14.10, 15.4 and 15.5.
- Added: Support for Redis 7.1.
- Added: m6gd.medium to instance type parameter for RDS.
- Added: Support for Advanced Tier for SSM Parameters.
- Removed: t4.micro and t4.small from instance type parameter for RDS.
Note
To use the latest RDS certificate in commercial cloud, please upgrade TE to 5.42.3 or higher and update the RDS CA Certificate for Commercial Cloud
parameter.
Bug fixes
Server
- Added: Support for AWS Custom Group Levels.
- Updated: The DLQ lambda timeout has been updated to 2 minutes instead of 1 minute.
- Updated: The Events DLQ visibility timeout has been increased from 15 minutes to 4 hours.
- Updated: The Events DLQ MessageRetentionPeriod has been decreased from 14 days to 7 days.
UI
- Added: Action button to run immediate policy value.
Requirements
- TEF: 1.57.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
- Added support for group permission levels.
What's new?
Control Types:
- GCP > Firebase > Android App > ServiceNow
- GCP > Firebase > Android App > ServiceNow > Configuration Item
- GCP > Firebase > Android App > ServiceNow > Table
- GCP > Firebase > Firebase Project > ServiceNow
- GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
- GCP > Firebase > Firebase Project > ServiceNow > Table
- GCP > Firebase > Web App > ServiceNow
- GCP > Firebase > Web App > ServiceNow > Configuration Item
- GCP > Firebase > Web App > ServiceNow > Table
- GCP > Firebase > iOS App > ServiceNow
- GCP > Firebase > iOS App > ServiceNow > Configuration Item
- GCP > Firebase > iOS App > ServiceNow > Table
Policy Types:
- GCP > Firebase > Android App > ServiceNow
- GCP > Firebase > Android App > ServiceNow > Configuration Item
- GCP > Firebase > Android App > ServiceNow > Configuration Item > Record
- GCP > Firebase > Android App > ServiceNow > Configuration Item > Table Definition
- GCP > Firebase > Android App > ServiceNow > Table
- GCP > Firebase > Android App > ServiceNow > Table > Definition
- GCP > Firebase > Firebase Project > ServiceNow
- GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
- GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Record
- GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Table Definition
- GCP > Firebase > Firebase Project > ServiceNow > Table
- GCP > Firebase > Firebase Project > ServiceNow > Table > Definition
- GCP > Firebase > Web App > ServiceNow
- GCP > Firebase > Web App > ServiceNow > Configuration Item
- GCP > Firebase > Web App > ServiceNow > Configuration Item > Record
- GCP > Firebase > Web App > ServiceNow > Configuration Item > Table Definition
- GCP > Firebase > Web App > ServiceNow > Table
- GCP > Firebase > Web App > ServiceNow > Table > Definition
- GCP > Firebase > iOS App > ServiceNow
- GCP > Firebase > iOS App > ServiceNow > Configuration Item
- GCP > Firebase > iOS App > ServiceNow > Configuration Item > Record
- GCP > Firebase > iOS App > ServiceNow > Configuration Item > Table Definition
- GCP > Firebase > iOS App > ServiceNow > Table
- GCP > Firebase > iOS App > ServiceNow > Table > Definition
What's new?
- The
AWS > Secrets Manager > Secret > CMDB
control would go into an error state if Guardrails did not have permissions to describe a secret. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set theAWS > Secrets Manager > Secret > CMDB
policy toEnforce: Enabled but ignore permission errors
.
What's new?
You can now attach custom IAM Groups to Guardrails users if the
AWS > Turbot > Permissions
policy is set toEnforce: User Mode
. To get started, set theAWS > Turbot > Permissions > Custom Group Levels [Account]
policy and then attach the custom group to a user via the Grant Permission button on the Permissions page. Please note that this feature will work as intended only on TE v5.42.18 or higher andturbot-iam
mod v5.11.0 or higher.Policy Types:
- AWS > Turbot > Permissions > Custom Group Levels [Account]
Policy Types renamed:
- AWS > Turbot > Permissions > Custom Levels [Account] to AWS > Turbot > Permissions > Custom Role Levels [Account]
- AWS > Turbot > Permissions > Custom Levels [Folder] to AWS > Turbot > Permissions > Custom Role Levels [Folder]
What's new?
- New tables added
Bug fixes
- Fixed the
InvalidParameterCombination
error when querying theaws_rds_db_instance
table. (#2085) - Fixed
aws_rds_db_instance_metric_write_iops_daily
table to correctly displayWriteIOPS
instead ofReadIOPS
. (#2079)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.9.0 that fixes critical caching issues. (#2067)
Bug fixes
- Fixed the hierarchy in the benchmark list by properly integrating
Cloud Functions
benchmark intoall_controls
benchmark. (#146)
What's new?
- Removed support for Memoized functions to be directly assigned as column hydrate functions. Instead, require a wrapper hydrate function. (#756) (#738)
Bug fixes
- If cache is disabled for the server, but enabled for the client, the query execution code tries to stream to the cache even though there is no active set operation. (#740)
What's new?
Control Types:
- GCP > Network > Address > ServiceNow
- GCP > Network > Address > ServiceNow > Configuration Item
- GCP > Network > Address > ServiceNow > Table
- GCP > Network > Backend Bucket > ServiceNow
- GCP > Network > Backend Bucket > ServiceNow > Configuration Item
- GCP > Network > Backend Bucket > ServiceNow > Table
- GCP > Network > Backend Service > ServiceNow
- GCP > Network > Backend Service > ServiceNow > Configuration Item
- GCP > Network > Backend Service > ServiceNow > Table
- GCP > Network > Firewall > ServiceNow
- GCP > Network > Firewall > ServiceNow > Configuration Item
- GCP > Network > Firewall > ServiceNow > Table
- GCP > Network > Forwarding Rule > ServiceNow
- GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
- GCP > Network > Forwarding Rule > ServiceNow > Table
- GCP > Network > Global Address > ServiceNow
- GCP > Network > Global Address > ServiceNow > Configuration Item
- GCP > Network > Global Address > ServiceNow > Table
- GCP > Network > Global Forwarding Rule > ServiceNow
- GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
- GCP > Network > Global Forwarding Rule > ServiceNow > Table
- GCP > Network > Interconnect > ServiceNow
- GCP > Network > Interconnect > ServiceNow > Configuration Item
- GCP > Network > Interconnect > ServiceNow > Table
- GCP > Network > Packet Mirroring > ServiceNow
- GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
- GCP > Network > Packet Mirroring > ServiceNow > Table
- GCP > Network > Region Backend Service > ServiceNow
- GCP > Network > Region Backend Service > ServiceNow > Configuration Item
- GCP > Network > Region Backend Service > ServiceNow > Table
- GCP > Network > Region SSL Certificate > ServiceNow
- GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
- GCP > Network > Region SSL Certificate > ServiceNow > Table
- GCP > Network > Region Target HTTPS Proxy > ServiceNow
- GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
- GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
- GCP > Network > Region URL Map > ServiceNow
- GCP > Network > Region URL Map > ServiceNow > Configuration Item
- GCP > Network > Region URL Map > ServiceNow > Table
- GCP > Network > Route > ServiceNow
- GCP > Network > Route > ServiceNow > Configuration Item
- GCP > Network > Route > ServiceNow > Table
- GCP > Network > Router > ServiceNow
- GCP > Network > Router > ServiceNow > Configuration Item
- GCP > Network > Router > ServiceNow > Table
- GCP > Network > SSL Certificate > ServiceNow
- GCP > Network > SSL Certificate > ServiceNow > Configuration Item
- GCP > Network > SSL Certificate > ServiceNow > Table
- GCP > Network > SSL Policy > ServiceNow
- GCP > Network > SSL Policy > ServiceNow > Configuration Item
- GCP > Network > SSL Policy > ServiceNow > Table
- GCP > Network > Target HTTPS Proxy > ServiceNow
- GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
- GCP > Network > Target HTTPS Proxy > ServiceNow > Table
- GCP > Network > Target Pool > ServiceNow
- GCP > Network > Target Pool > ServiceNow > Configuration Item
- GCP > Network > Target Pool > ServiceNow > Table
- GCP > Network > Target SSL Proxy > ServiceNow
- GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
- GCP > Network > Target SSL Proxy > ServiceNow > Table
- GCP > Network > Target TCP Proxy > ServiceNow
- GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
- GCP > Network > Target TCP Proxy > ServiceNow > Table
- GCP > Network > Target VPN Gateway > ServiceNow
- GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
- GCP > Network > Target VPN Gateway > ServiceNow > Table
- GCP > Network > URL Map > ServiceNow
- GCP > Network > URL Map > ServiceNow > Configuration Item
- GCP > Network > URL Map > ServiceNow > Table
- GCP > Network > VPN Tunnel > ServiceNow
- GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
- GCP > Network > VPN Tunnel > ServiceNow > Table
Policy Types:
- GCP > Network > Address > ServiceNow
- GCP > Network > Address > ServiceNow > Configuration Item
- GCP > Network > Address > ServiceNow > Configuration Item > Record
- GCP > Network > Address > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Address > ServiceNow > Table
- GCP > Network > Address > ServiceNow > Table > Definition
- GCP > Network > Backend Bucket > ServiceNow
- GCP > Network > Backend Bucket > ServiceNow > Configuration Item
- GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Record
- GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Backend Bucket > ServiceNow > Table
- GCP > Network > Backend Bucket > ServiceNow > Table > Definition
- GCP > Network > Backend Service > ServiceNow
- GCP > Network > Backend Service > ServiceNow > Configuration Item
- GCP > Network > Backend Service > ServiceNow > Configuration Item > Record
- GCP > Network > Backend Service > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Backend Service > ServiceNow > Table
- GCP > Network > Backend Service > ServiceNow > Table > Definition
- GCP > Network > Firewall > ServiceNow
- GCP > Network > Firewall > ServiceNow > Configuration Item
- GCP > Network > Firewall > ServiceNow > Configuration Item > Record
- GCP > Network > Firewall > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Firewall > ServiceNow > Table
- GCP > Network > Firewall > ServiceNow > Table > Definition
- GCP > Network > Forwarding Rule > ServiceNow
- GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
- GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Record
- GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Forwarding Rule > ServiceNow > Table
- GCP > Network > Forwarding Rule > ServiceNow > Table > Definition
- GCP > Network > Global Address > ServiceNow
- GCP > Network > Global Address > ServiceNow > Configuration Item
- GCP > Network > Global Address > ServiceNow > Configuration Item > Record
- GCP > Network > Global Address > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Global Address > ServiceNow > Table
- GCP > Network > Global Address > ServiceNow > Table > Definition
- GCP > Network > Global Forwarding Rule > ServiceNow
- GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
- GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Record
- GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Global Forwarding Rule > ServiceNow > Table
- GCP > Network > Global Forwarding Rule > ServiceNow > Table > Definition
- GCP > Network > Interconnect > ServiceNow
- GCP > Network > Interconnect > ServiceNow > Configuration Item
- GCP > Network > Interconnect > ServiceNow > Configuration Item > Record
- GCP > Network > Interconnect > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Interconnect > ServiceNow > Table
- GCP > Network > Interconnect > ServiceNow > Table > Definition
- GCP > Network > Packet Mirroring > ServiceNow
- GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
- GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Record
- GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Packet Mirroring > ServiceNow > Table
- GCP > Network > Packet Mirroring > ServiceNow > Table > Definition
- GCP > Network > Region Backend Service > ServiceNow
- GCP > Network > Region Backend Service > ServiceNow > Configuration Item
- GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Record
- GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Region Backend Service > ServiceNow > Table
- GCP > Network > Region Backend Service > ServiceNow > Table > Definition
- GCP > Network > Region SSL Certificate > ServiceNow
- GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
- GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Record
- GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Region SSL Certificate > ServiceNow > Table
- GCP > Network > Region SSL Certificate > ServiceNow > Table > Definition
- GCP > Network > Region Target HTTPS Proxy > ServiceNow
- GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
- GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Record
- GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
- GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table > Definition
- GCP > Network > Region URL Map > ServiceNow
- GCP > Network > Region URL Map > ServiceNow > Configuration Item
- GCP > Network > Region URL Map > ServiceNow > Configuration Item > Record
- GCP > Network > Region URL Map > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Region URL Map > ServiceNow > Table
- GCP > Network > Region URL Map > ServiceNow > Table > Definition
- GCP > Network > Route > ServiceNow
- GCP > Network > Route > ServiceNow > Configuration Item
- GCP > Network > Route > ServiceNow > Configuration Item > Record
- GCP > Network > Route > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Route > ServiceNow > Table
- GCP > Network > Route > ServiceNow > Table > Definition
- GCP > Network > Router > ServiceNow
- GCP > Network > Router > ServiceNow > Configuration Item
- GCP > Network > Router > ServiceNow > Configuration Item > Record
- GCP > Network > Router > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Router > ServiceNow > Table
- GCP > Network > Router > ServiceNow > Table > Definition
- GCP > Network > SSL Certificate > ServiceNow
- GCP > Network > SSL Certificate > ServiceNow > Configuration Item
- GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Record
- GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Table Definition
- GCP > Network > SSL Certificate > ServiceNow > Table
- GCP > Network > SSL Certificate > ServiceNow > Table > Definition
- GCP > Network > SSL Policy > ServiceNow
- GCP > Network > SSL Policy > ServiceNow > Configuration Item
- GCP > Network > SSL Policy > ServiceNow > Configuration Item > Record
- GCP > Network > SSL Policy > ServiceNow > Configuration Item > Table Definition
- GCP > Network > SSL Policy > ServiceNow > Table
- GCP > Network > SSL Policy > ServiceNow > Table > Definition
- GCP > Network > Target HTTPS Proxy > ServiceNow
- GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
- GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Record
- GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Target HTTPS Proxy > ServiceNow > Table
- GCP > Network > Target HTTPS Proxy > ServiceNow > Table > Definition
- GCP > Network > Target Pool > ServiceNow
- GCP > Network > Target Pool > ServiceNow > Configuration Item
- GCP > Network > Target Pool > ServiceNow > Configuration Item > Record
- GCP > Network > Target Pool > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Target Pool > ServiceNow > Table
- GCP > Network > Target Pool > ServiceNow > Table > Definition
- GCP > Network > Target SSL Proxy > ServiceNow
- GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
- GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Record
- GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Target SSL Proxy > ServiceNow > Table
- GCP > Network > Target SSL Proxy > ServiceNow > Table > Definition
- GCP > Network > Target TCP Proxy > ServiceNow
- GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
- GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Record
- GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Target TCP Proxy > ServiceNow > Table
- GCP > Network > Target TCP Proxy > ServiceNow > Table > Definition
- GCP > Network > Target VPN Gateway > ServiceNow
- GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
- GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Record
- GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Target VPN Gateway > ServiceNow > Table
- GCP > Network > Target VPN Gateway > ServiceNow > Table > Definition
- GCP > Network > URL Map > ServiceNow
- GCP > Network > URL Map > ServiceNow > Configuration Item
- GCP > Network > URL Map > ServiceNow > Configuration Item > Record
- GCP > Network > URL Map > ServiceNow > Configuration Item > Table Definition
- GCP > Network > URL Map > ServiceNow > Table
- GCP > Network > URL Map > ServiceNow > Table > Definition
- GCP > Network > VPN Tunnel > ServiceNow
- GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
- GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Record
- GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Table Definition
- GCP > Network > VPN Tunnel > ServiceNow > Table
- GCP > Network > VPN Tunnel > ServiceNow > Table > Definition
Bug fixes
- Fixed growing memory usage following file watching events when running dashboard server. (#4150)
Bug fixes
- The
AWS > VPC > VPC > Stack
control would sometimes fail to claim existing Flow Logs in Guardrails CMDB. This is now fixed.
What's new?
Control Types:
- GCP > IAM > Project Role > ServiceNow
- GCP > IAM > Project Role > ServiceNow > Configuration Item
- GCP > IAM > Project Role > ServiceNow > Table
- GCP > IAM > Project User > ServiceNow
- GCP > IAM > Project User > ServiceNow > Configuration Item
- GCP > IAM > Project User > ServiceNow > Table
- GCP > IAM > Service Account > ServiceNow
- GCP > IAM > Service Account > ServiceNow > Configuration Item
- GCP > IAM > Service Account > ServiceNow > Table
- GCP > IAM > Service Account Key > ServiceNow
- GCP > IAM > Service Account Key > ServiceNow > Configuration Item
- GCP > IAM > Service Account Key > ServiceNow > Table
- GCP > Project > Policy > ServiceNow
- GCP > Project > Policy > ServiceNow > Configuration Item
- GCP > Project > Policy > ServiceNow > Table
Policy Types:
- GCP > IAM > Project Role > ServiceNow
- GCP > IAM > Project Role > ServiceNow > Configuration Item
- GCP > IAM > Project Role > ServiceNow > Configuration Item > Record
- GCP > IAM > Project Role > ServiceNow > Configuration Item > Table Definition
- GCP > IAM > Project Role > ServiceNow > Table
- GCP > IAM > Project Role > ServiceNow > Table > Definition
- GCP > IAM > Project User > ServiceNow
- GCP > IAM > Project User > ServiceNow > Configuration Item
- GCP > IAM > Project User > ServiceNow > Configuration Item > Record
- GCP > IAM > Project User > ServiceNow > Configuration Item > Table Definition
- GCP > IAM > Project User > ServiceNow > Table
- GCP > IAM > Project User > ServiceNow > Table > Definition
- GCP > IAM > Service Account > ServiceNow
- GCP > IAM > Service Account > ServiceNow > Configuration Item
- GCP > IAM > Service Account > ServiceNow > Configuration Item > Record
- GCP > IAM > Service Account > ServiceNow > Configuration Item > Table Definition
- GCP > IAM > Service Account > ServiceNow > Table
- GCP > IAM > Service Account > ServiceNow > Table > Definition
- GCP > IAM > Service Account Key > ServiceNow
- GCP > IAM > Service Account Key > ServiceNow > Configuration Item
- GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Record
- GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Table Definition
- GCP > IAM > Service Account Key > ServiceNow > Table
- GCP > IAM > Service Account Key > ServiceNow > Table > Definition
- GCP > Project > Policy > ServiceNow
- GCP > Project > Policy > ServiceNow > Configuration Item
- GCP > Project > Policy > ServiceNow > Configuration Item > Record
- GCP > Project > Policy > ServiceNow > Configuration Item > Table Definition
- GCP > Project > Policy > ServiceNow > Table
- GCP > Project > Policy > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Functions > Function > ServiceNow
- GCP > Functions > Function > ServiceNow > Configuration Item
- GCP > Functions > Function > ServiceNow > Table
Policy Types:
- GCP > Functions > Function > ServiceNow
- GCP > Functions > Function > ServiceNow > Configuration Item
- GCP > Functions > Function > ServiceNow > Configuration Item > Record
- GCP > Functions > Function > ServiceNow > Configuration Item > Table Definition
- GCP > Functions > Function > ServiceNow > Table
- GCP > Functions > Function > ServiceNow > Table > Definition
Bug fixes
- The
AWS > SNS > Subscription > CMDB
control would go into an error state if Guardrails did not have permissions to describe a subscription. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set theAWS > SNS > Subscription > CMDB
policy toEnforce: Enabled but ignore permission errors
.
Dependencies
- AWS plugin
v0.131.0
or higher is now required. (#747)
Enhancements
- Added 11 new controls to the
All Controls
benchmark across the following services: (#747)API Gateway
DMS
EMR
MQ
VPC
Bug fixes
- Fixed the
foundational_security_ssm_2
control to correctly evaluate results when patches are not applicable for SSM managed EC2 instances. (#761)
What's new?
Control Types:
- GCP > Project > ServiceNow
- GCP > Project > ServiceNow > Configuration Item
- GCP > Project > ServiceNow > Table
Policy Types:
- GCP > Project > ServiceNow
- GCP > Project > ServiceNow > Configuration Item
- GCP > Project > ServiceNow > Configuration Item > Record
- GCP > Project > ServiceNow > Configuration Item > Table Definition
- GCP > Project > ServiceNow > Table
- GCP > Project > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Memorystore > Instance > ServiceNow
- GCP > Memorystore > Instance > ServiceNow > Configuration Item
- GCP > Memorystore > Instance > ServiceNow > Table
Policy Types:
- GCP > Memorystore > Instance > ServiceNow
- GCP > Memorystore > Instance > ServiceNow > Configuration Item
- GCP > Memorystore > Instance > ServiceNow > Configuration Item > Record
- GCP > Memorystore > Instance > ServiceNow > Configuration Item > Table Definition
- GCP > Memorystore > Instance > ServiceNow > Table
- GCP > Memorystore > Instance > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Storage > Object > ServiceNow
- GCP > Storage > Object > ServiceNow > Configuration Item
- GCP > Storage > Object > ServiceNow > Table
Policy Types:
- GCP > Storage > Object > ServiceNow
- GCP > Storage > Object > ServiceNow > Configuration Item
- GCP > Storage > Object > ServiceNow > Configuration Item > Record
- GCP > Storage > Object > ServiceNow > Configuration Item > Table Definition
- GCP > Storage > Object > ServiceNow > Table
- GCP > Storage > Object > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Secret Manager > Secret > ServiceNow
- GCP > Secret Manager > Secret > ServiceNow > Configuration Item
- GCP > Secret Manager > Secret > ServiceNow > Table
Policy Types:
- GCP > Secret Manager > Secret > ServiceNow
- GCP > Secret Manager > Secret > ServiceNow > Configuration Item
- GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Record
- GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Table Definition
- GCP > Secret Manager > Secret > ServiceNow > Table
- GCP > Secret Manager > Secret > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Scheduler > Job > ServiceNow
- GCP > Scheduler > Job > ServiceNow > Configuration Item
- GCP > Scheduler > Job > ServiceNow > Table
Policy Types:
- GCP > Scheduler > Job > ServiceNow
- GCP > Scheduler > Job > ServiceNow > Configuration Item
- GCP > Scheduler > Job > ServiceNow > Configuration Item > Record
- GCP > Scheduler > Job > ServiceNow > Configuration Item > Table Definition
- GCP > Scheduler > Job > ServiceNow > Table
- GCP > Scheduler > Job > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Dataproc > Cluster > ServiceNow
- GCP > Dataproc > Cluster > ServiceNow > Configuration Item
- GCP > Dataproc > Cluster > ServiceNow > Table
- GCP > Dataproc > Job > ServiceNow
- GCP > Dataproc > Job > ServiceNow > Configuration Item
- GCP > Dataproc > Job > ServiceNow > Table
- GCP > Dataproc > Workflow Template > ServiceNow
- GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
- GCP > Dataproc > Workflow Template > ServiceNow > Table
Policy Types:
- GCP > Dataproc > Cluster > ServiceNow
- GCP > Dataproc > Cluster > ServiceNow > Configuration Item
- GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Record
- GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Table Definition
- GCP > Dataproc > Cluster > ServiceNow > Table
- GCP > Dataproc > Cluster > ServiceNow > Table > Definition
- GCP > Dataproc > Job > ServiceNow
- GCP > Dataproc > Job > ServiceNow > Configuration Item
- GCP > Dataproc > Job > ServiceNow > Configuration Item > Record
- GCP > Dataproc > Job > ServiceNow > Configuration Item > Table Definition
- GCP > Dataproc > Job > ServiceNow > Table
- GCP > Dataproc > Job > ServiceNow > Table > Definition
- GCP > Dataproc > Workflow Template > ServiceNow
- GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
- GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Record
- GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Table Definition
- GCP > Dataproc > Workflow Template > ServiceNow > Table
- GCP > Dataproc > Workflow Template > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Composer > Environment > ServiceNow
- GCP > Composer > Environment > ServiceNow > Configuration Item
- GCP > Composer > Environment > ServiceNow > Table
Policy Types:
- GCP > Composer > Environment > ServiceNow
- GCP > Composer > Environment > ServiceNow > Configuration Item
- GCP > Composer > Environment > ServiceNow > Configuration Item > Record
- GCP > Composer > Environment > ServiceNow > Configuration Item > Table Definition
- GCP > Composer > Environment > ServiceNow > Table
- GCP > Composer > Environment > ServiceNow > Table > Definition
The timeout for scheduled snapshot pipelines has been extended from 10 minutes to 1 hour, giving complex benchmarks and dashboards longer to successfully complete.
What's new?
Control Types:
- GCP > Monitoring > Alert Policy > ServiceNow
- GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
- GCP > Monitoring > Alert Policy > ServiceNow > Table
- GCP > Monitoring > Group > ServiceNow
- GCP > Monitoring > Group > ServiceNow > Configuration Item
- GCP > Monitoring > Group > ServiceNow > Table
- GCP > Monitoring > Notification Channel > ServiceNow
- GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
- GCP > Monitoring > Notification Channel > ServiceNow > Table
Policy Types:
- GCP > Monitoring > Alert Policy > ServiceNow
- GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
- GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Record
- GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Table Definition
- GCP > Monitoring > Alert Policy > ServiceNow > Table
- GCP > Monitoring > Alert Policy > ServiceNow > Table > Definition
- GCP > Monitoring > Group > ServiceNow
- GCP > Monitoring > Group > ServiceNow > Configuration Item
- GCP > Monitoring > Group > ServiceNow > Configuration Item > Record
- GCP > Monitoring > Group > ServiceNow > Configuration Item > Table Definition
- GCP > Monitoring > Group > ServiceNow > Table
- GCP > Monitoring > Group > ServiceNow > Table > Definition
- GCP > Monitoring > Notification Channel > ServiceNow
- GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
- GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Record
- GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Table Definition
- GCP > Monitoring > Notification Channel > ServiceNow > Table
- GCP > Monitoring > Notification Channel > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > DNS > Managed Zone > ServiceNow
- GCP > DNS > Managed Zone > ServiceNow > Configuration Item
- GCP > DNS > Managed Zone > ServiceNow > Table
Policy Types:
- GCP > DNS > Managed Zone > ServiceNow
- GCP > DNS > Managed Zone > ServiceNow > Configuration Item
- GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Record
- GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Table Definition
- GCP > DNS > Managed Zone > ServiceNow > Table
- GCP > DNS > Managed Zone > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Datapipeline > Pipeline > ServiceNow
- GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
- GCP > Datapipeline > Pipeline > ServiceNow > Table
Policy Types:
- GCP > Datapipeline > Pipeline > ServiceNow
- GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
- GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Record
- GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Table Definition
- GCP > Datapipeline > Pipeline > ServiceNow > Table
- GCP > Datapipeline > Pipeline > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Dataflow > Job > ServiceNow
- GCP > Dataflow > Job > ServiceNow > Configuration Item
- GCP > Dataflow > Job > ServiceNow > Table
Policy Types:
- GCP > Dataflow > Job > ServiceNow
- GCP > Dataflow > Job > ServiceNow > Configuration Item
- GCP > Dataflow > Job > ServiceNow > Configuration Item > Record
- GCP > Dataflow > Job > ServiceNow > Configuration Item > Table Definition
- GCP > Dataflow > Job > ServiceNow > Table
- GCP > Dataflow > Job > ServiceNow > Table > Definition
Bug fixes
- The
GCP > Compute Engine > Instance Template > CMDB
control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.
Bug fixes
- Due to an inadvertently introduced issue with an internal build for
Azure > Subscription
, importing subscriptions encountered schema validation problems. This issue has been resolved, and you can now successfully import subscriptions as before.
Bug fixes
- In the previous version, while we improved on the way we discovered missing Snapshots and Volumes while processing their update events, we inadvertently introduced a bug where some resources were upserted with incorrect AKAs. Such resources with malformed AKAs should now be cleaned up automatically from the environment, and Guardrails will now discover resources more correctly and consistently than before.
- In a previous version (v5.31.4), we implemented a feature to Discover Instances while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.
Bug fixes
- Fixed the typo in the
scaleway_billing_consumption
table docs to useconsumption
instead ofconsumtion
. (#80)
What's new?
- New tables added
- scaleway_account_project (#53) (Thanks @jplanckeel for the contribution!)
- scaleway_billing_consumption (#70) (Thanks @jplanckeel for the contribution!)
Enhancements
- Improved the plugin error message when invalid credentials are set in the
wiz.spc
file. (#23)
Bug fixes
- Fixed the
service_tickets
column inwiz_issue
table by removing theaction
subfield from theServiceTickets
field in the GraphQL response since it was no longer available. (#24 #25) (Thanks @sycophantic for the contribution!)
Bug fixes
- Removed duplicate control
rds_db_cluster_encrypted_with_kms_cmk
. (#105)
Bug fixes
- Removed duplicate node
service_account
. (#56)
What's new?
- New tables added
Bug fixes
What's new?
- Added support for
ap-northeast-3
in theAWS > Account > Regions
policy.
What's new?
- Added support for
af-south-1
,ap-northeast-3
,ap-south-2
,ap-southeast-3
,ap-southeast-4
,ca-west-1
,eu-central-2
,eu-south-1
,eu-south-2
,il-central-1
andme-central-1
regions in theAWS > Logs > Regions
policy.
What's new?
You can now configure Block Public Access for Snapshots. To get started, set the
AWS > EC2 > Account Attributes > Block Public Access for Snapshots
policy.You can now also disable Block Public Access for AMIs. To get started, set the
AWS > EC2 > Account Attributes > Block Public Access for AMIs
policy.AWS/EC2/Admin
,AWS/EC2/Metadata
andAWS/EC2/Operator
now includes permissions for Verified Access Endpoints, Verified Access Groups and Verified Access Trust Providers.Control Types:
- AWS > EC2 > Account Attributes > Block Public Access for Snapshots
Policy Types:
- AWS > EC2 > Account Attributes > Block Public Access for Snapshots
Action Types:
- AWS > EC2 > Account Attributes > Update Block Public Access for Snapshots
Bug fixes
- In a previous version (v5.31.4), we implemented a feature to Discover Snapshots and Volumes while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.
What's new?
- New table added
- tfe_project (#42) (Thanks @edebrye for the contribution!)
Bug fixes
- Fixed the plugin initialization error by returning only the static tables when invalid config parameters were set for dynamic tables. #39
What's new?
- Added
create_branch
,delete_branch
andget_branch
pipelines. (#10)
v0.86 [2024-02-08]
What's new?
- Added CIS v3.0.0 benchmark (
steampipe check benchmark.cis_v300
). (#755)
What's new?
- Updated: MaxPalyloadSize parameter description.
- Updated: Turbot Policy Parameter to add back
Deny: *
for HTTP in SNS Policy.
What's new?
- Added: Postgres versions 13.12 and 13.13.
- Updated: CloudWatch Alarms will now use TEF SNS topic.
Bug fixes
- Server
- Added the
Deny:*
policy for HTTP traffic back to the turbot-policy-parameter custom lambda code. - Event DLQ should not set the control or policy value to error if there has been a new process started for the control or policy value.
- Run next should drop the events in case of recursive loop.
- Add additional retryable throttling codes for actions.
- Added the
Requirements
- TEF: 1.55.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
Bug fixes
- Fixed
HomeDirectoryModfileCheck
returning false positive, causing errors when executing steampipe out of the home directory. (#4118)
v1.10.1 of the Terraform Provider for Guardrails is now available.
Bug fixes
resource/turbot_file
: terraform apply failed to updatecontent
of an existing File in Guardrails. This is now fixed.
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- GCP > Logging > Exclusion > Approved > Custom
- GCP > Logging > Metric > Approved > Custom
- GCP > Logging > Sink > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Policy Types:
- GCP > Kubernetes Engine > Region Cluster > Approved > Custom
- GCP > Kubernetes Engine > Region Node Pool > Approved > Custom
- GCP > Kubernetes Engine > Zone Cluster > Approved > Custom
- GCP > Kubernetes Engine > Zone Node Pool > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- GCP > Dataflow > Job > Approved > Custom
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
Bug fixes
The
AWS > EC2 > Key Pair > Discovery
control would sometimes go into an error state if a Key Pair alias included escape characters. This is now fixed.Control Types renamed:
AWS > EC2 > Volume > Configuration
toAWS > EC2 > Volume > Performance Configuration
Policy Types renamed:
AWS > EC2 > Volume > Configuration
toAWS > EC2 > Volume > Performance Configuration
AWS > EC2 > Volume > Configuration > IOPS Capacity
toAWS > EC2 > Volume > Performance Configuration > IOPS Capacity
AWS > EC2 > Volume > Configuration > Throughput
toAWS > EC2 > Volume > Performance Configuration > Throughput
AWS > EC2 > Volume > Configuration > Type
toAWS > EC2 > Volume > Performance Configuration > Type
Action Types renamed:
AWS > EC2 > Volume > Update Configuration
toAWS > EC2 > Volume > Update Performance Configuration
Enhancements
- Updated all the tables to fetch the column data using hydrate functions to optimize the API calls and increase query speed when querying specific columns. (#30)
Bug fixes
- The
Turbot > Policy Setting Expiration
control will now run every 12 hours to manage policy setting expirations more consistently than before.
Bug fixes
- Fix the commands in
add_labels_to_compute_disk
andadd_labels_to_compute_instance
pipelines. (#7)
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- New tables added
What's new?
- Added
OAuth
config support to provide users the ability to setOAuth secret client ID
andOAuth secret value
of a service principal. For more information, please see Databricks plugin configuration. (#6) (Thanks @rinzool for the contribution!) - Added
Config
object to directly pass credentials to the client. (#10)
What's new?
- New tables added
Enhancements
- Added the
authorization_rules
column toazure_servicebus_namespace
table. (#719)
Enhancements
- Optimized
aws_cloudwatch_log_stream
table's query performance by addingdescending
,log_group_name
,log_stream_name_prefix
andorder_by
new optional key qual columns. (#1951) - Optimized
aws_ssm_inventory
table's query performance by adding new optional key qual columns such asfilter_key
,filter_value
,network_attribute_key
,network_attribute_value
, etc. (#1980)
Bug fixes
- Fixed
aws_cloudwatch_log_group
table key column to be globally unique by filtering the results by region. (#1976) - Removed duplicate memoizing of getCommonColumns function from
aws_s3_multi_region_access_point
andaws_ec2_launch_template
tables.(#2065) - Fixed error for column
type_name
in tableaws_ssm_inventory_entry
. (#1980) - Added the missing rate-limiter tags for
aws_s3_bucket
table'sGetBucketLocation
hydrate function to optimize query performance. (#2066)
Bug fixes
- The Org policy details in the Project CMDB data will now be properly and consistently sorted.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Policy Types:
- GCP > Scheduler > Job > Approved > Custom
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- New tables added
Dependencies
- Azure plugin
v0.53.0
or higher is now required. (#242)
Enhancements
- Added 41 new controls to the
All Controls
benchmark across the following services: (#234 #233)Active Directory
App Service
Batch
Compute
Container Instance
Key Vault
Kubernetes Service
Network
Recovery Service
Service Bus
Storage
Bug fixes
- Fixed the description of
CIS_v150_2_1_9
control. (#238) (Thanks @sfunkernw for the contribution!)
v0.13.0 of the Terraform Provider for Pipes is now available.
What's new?
- Data Source
pipes_tenant
. - Resource
pipes_tenant_member
.
Enhancements
- Resource
pipes_organization_member
now supports adding users directly to an organization in a custom tenant, rather than by invitation.
What's new?
Control Types:
- GCP > Cloud Run > Service > ServiceNow
- GCP > Cloud Run > Service > ServiceNow > Configuration Item
- GCP > Cloud Run > Service > ServiceNow > Table
Policy Types:
- GCP > Cloud Run > Service > ServiceNow
- GCP > Cloud Run > Service > ServiceNow > Configuration Item
- GCP > Cloud Run > Service > ServiceNow > Configuration Item > Record
- GCP > Cloud Run > Service > ServiceNow > Configuration Item > Table Definition
- GCP > Cloud Run > Service > ServiceNow > Table
- GCP > Cloud Run > Service > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Spanner > Database > ServiceNow
- GCP > Spanner > Database > ServiceNow > Configuration Item
- GCP > Spanner > Database > ServiceNow > Table
- GCP > Spanner > Instance > ServiceNow
- GCP > Spanner > Instance > ServiceNow > Configuration Item
- GCP > Spanner > Instance > ServiceNow > Table
Policy Types:
- GCP > Spanner > Database > ServiceNow
- GCP > Spanner > Database > ServiceNow > Configuration Item
- GCP > Spanner > Database > ServiceNow > Configuration Item > Record
- GCP > Spanner > Database > ServiceNow > Configuration Item > Table Definition
- GCP > Spanner > Database > ServiceNow > Table
- GCP > Spanner > Database > ServiceNow > Table > Definition
- GCP > Spanner > Instance > ServiceNow
- GCP > Spanner > Instance > ServiceNow > Configuration Item
- GCP > Spanner > Instance > ServiceNow > Configuration Item > Record
- GCP > Spanner > Instance > ServiceNow > Configuration Item > Table Definition
- GCP > Spanner > Instance > ServiceNow > Table
- GCP > Spanner > Instance > ServiceNow > Table > Definition
What's new?
Control Types:
- AWS > EC2 > Volume > Configuration
Policy Types:
- AWS > EC2 > Volume > Configuration
- AWS > EC2 > Volume > Configuration > IOPS Capacity
- AWS > EC2 > Volume > Configuration > Throughput
- AWS > EC2 > Volume > Configuration > Type
Action Types:
- AWS > EC2 > Volume > Update Configuration
Breaking changes
- Removed the
iam_root_user_virtual_mfa
control since it is not recommended as good practice. (#743) - Replaced
iam_account_password_policy_strong
withiam_account_password_policy_strong_min_reuse_24
in theGDPR
,FFIEC
andCISA Cyber Essentials
benchmarks to align more accurately with the requirements specified in the AWS Config rules. (#739)
Bug fixes
- Updated the dashboard image to correctly list all the 25 benchmarks. (#748)
What's new?
- New tables added
What's new?
- Query trigger type to watch & event on database changes. Documentation.
- HTTP trigger can now handle both GET and POST methods. Documentation.
- Query steps & triggers now support Postgres, MySQL, SQLite, and Postgres.
- Define container step using a
source
argument for inline image definitions. - Add a
timeout
to pipeline steps. - Enable or disable triggers using the
enabled
attribute. - Improved and expanded output for
flowpipe server
. - Improved and standardized output for CLI
list
andshow
commands. - Expanded intervals available in schedule and query triggers (e.g.
5m
,10m
, etc). - New credential types: BitBucket, Datadog, Freshdesk, JumpCloud, ServiceNow, Turbot Guardrails.
- Automatic check & notify for new CLI versions.
Bug fixes
- Implemented a more descriptive error message for server startup failures.
- Fixed Step Arguments unable to be referenced in the Pipeline definition.
- Added missing
execution_mode
argument to HTTP Trigger (#533). - Fixed
args
arguments unable to be updated in the Pipeline Step loop block (#559). - Fixed an issue in the bootstrap process for identifying the config path.
Bug fixes
- Fixed schema clone function failing if table has an LTREE column. (#4079)
- Maintained the order of execution when running multiple queries in batch mode. (#3728)
- Fixed issue where using any meta-command would load connection state even if not required. (#3614)
- Fixed issue where plugin version file back-filling would write
versions.json
to the CWD if the plugin folder is not found. (#4073) - Simplified and fixed available port check. (#4030)
What's new?
- New tables added
What's new?
- Added the
kubernetes_cluster_no_cluster_level_node_pool
control to theKubernetes
benchmark. (#53)
What's new?
- New tables added
Enhancements
What's new?
- New tables added
Enhancements
- Added column
iam_policy
togcp_cloud_run_service
table. (#531) - Optimized the
gcp_logging_log_entry
table result or result timing by applying a timestamp filter. (#508) - Added the
json_payload
,proto_payload
,metadata
,resource
,operation
, andtags
columns togcp_logging_log_entry
table. (#508)
Bug fixes
- Fixed the
addons_config
,network_config
andnetwork_policy
column ofgcp_kubernetes_cluster
table to correctly return data instead of null. (#530) - Fixed the
end_time
column of thegcp_sql_backup
table to returnnull
instead of an error when end time is unavailable for a SQL backup. (#534) - Fixed the
enqueued_time
,start_time
andwindow_start_time
columns of thegcp_sql_backup
table to returnnull
instead of an error when timestamp is unavailable for a SQL backup. (#536)
Enhancements
- Added the
audit_policy
column toazure_sql_database
andazure_sql_server
tables. (#711) - Added the
webhooks
column toazure_container_registry
table. (#710) - Added the
disable_local_auth
andstatus
columns toazure_servicebus_namespace
table. (#715)
Bug fixes
- Fixed the
azure_key_vault_secret
table to correctly return data when keyvault name is in camel-case. (#638)
Bug fixes
- Fixed the
low_iops_ebs_volumes
control to now suggest convertingio1
andio2
volumes toGP3
volumes, when the baseIOPS
is less than16000
instead of3000
. (#167)
What's new?
- Server
- You can now update API size limit via the MAX_PAYLOAD_SIZE parameter.
Requirements
- TEF: 1.55.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
What's new?
Resource Types:
- AWS > Kinesis > Kinesis Video Stream
Control Types:
- AWS > Kinesis > Kinesis Video Stream > Active
- AWS > Kinesis > Kinesis Video Stream > Approved
- AWS > Kinesis > Kinesis Video Stream > CMDB
- AWS > Kinesis > Kinesis Video Stream > Discovery
- AWS > Kinesis > Kinesis Video Stream > Tags
Policy Types:
- AWS > Kinesis > Kinesis Video Stream > Active
- AWS > Kinesis > Kinesis Video Stream > Active > Age
- AWS > Kinesis > Kinesis Video Stream > Active > Budget
- AWS > Kinesis > Kinesis Video Stream > Active > Last Modified
- AWS > Kinesis > Kinesis Video Stream > Approved
- AWS > Kinesis > Kinesis Video Stream > Approved > Budget
- AWS > Kinesis > Kinesis Video Stream > Approved > Custom
- AWS > Kinesis > Kinesis Video Stream > Approved > Regions
- AWS > Kinesis > Kinesis Video Stream > Approved > Usage
- AWS > Kinesis > Kinesis Video Stream > CMDB
- AWS > Kinesis > Kinesis Video Stream > Regions
- AWS > Kinesis > Kinesis Video Stream > Tags
- AWS > Kinesis > Kinesis Video Stream > Tags > Template
Action Types:
- AWS > Kinesis > Kinesis Video Stream > Delete
- AWS > Kinesis > Kinesis Video Stream > Delete from AWS
- AWS > Kinesis > Kinesis Video Stream > Router
- AWS > Kinesis > Kinesis Video Stream > Set Tags
- AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control
- AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control [90 days]
- AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control
- AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control [90 days]
- AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control
- AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control [90 days]
- AWS > Kinesis > Kinesis Video Stream > Update Tags
What's new?
- New tables added
Enhancements
- Added
deletion_protection_enabled
column toaws_dynamodb_table
table. (#2049)
Bug fixes
What's new?
Control Types:
- GCP > Logging > Exclusion > ServiceNow
- GCP > Logging > Exclusion > ServiceNow > Configuration Item
- GCP > Logging > Exclusion > ServiceNow > Table
- GCP > Logging > Metric > ServiceNow
- GCP > Logging > Metric > ServiceNow > Configuration Item
- GCP > Logging > Metric > ServiceNow > Table
- GCP > Logging > Sink > ServiceNow
- GCP > Logging > Sink > ServiceNow > Configuration Item
- GCP > Logging > Sink > ServiceNow > Table
Policy Types:
- GCP > Logging > Exclusion > ServiceNow
- GCP > Logging > Exclusion > ServiceNow > Configuration Item
- GCP > Logging > Exclusion > ServiceNow > Configuration Item > Record
- GCP > Logging > Exclusion > ServiceNow > Configuration Item > Table Definition
- GCP > Logging > Exclusion > ServiceNow > Table
- GCP > Logging > Exclusion > ServiceNow > Table > Definition
- GCP > Logging > Metric > ServiceNow
- GCP > Logging > Metric > ServiceNow > Configuration Item
- GCP > Logging > Metric > ServiceNow > Configuration Item > Record
- GCP > Logging > Metric > ServiceNow > Configuration Item > Table Definition
- GCP > Logging > Metric > ServiceNow > Table
- GCP > Logging > Metric > ServiceNow > Table > Definition
- GCP > Logging > Sink > ServiceNow
- GCP > Logging > Sink > ServiceNow > Configuration Item
- GCP > Logging > Sink > ServiceNow > Configuration Item > Record
- GCP > Logging > Sink > ServiceNow > Configuration Item > Table Definition
- GCP > Logging > Sink > ServiceNow > Table
- GCP > Logging > Sink > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > Compute Engine > HTTP Health Check > ServiceNow
- GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
- GCP > Compute Engine > HTTPS Health Check > ServiceNow
- GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
- GCP > Compute Engine > Health Check > ServiceNow
- GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > Health Check > ServiceNow > Table
- GCP > Compute Engine > Instance Template > ServiceNow
- GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
- GCP > Compute Engine > Instance Template > ServiceNow > Table
- GCP > Compute Engine > Node Group > ServiceNow
- GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
- GCP > Compute Engine > Node Group > ServiceNow > Table
- GCP > Compute Engine > Node Template > ServiceNow
- GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
- GCP > Compute Engine > Node Template > ServiceNow > Table
- GCP > Compute Engine > Project > ServiceNow
- GCP > Compute Engine > Project > ServiceNow > Configuration Item
- GCP > Compute Engine > Project > ServiceNow > Table
- GCP > Compute Engine > Region Disk > ServiceNow
- GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
- GCP > Compute Engine > Region Disk > ServiceNow > Table
- GCP > Compute Engine > Region Health Check > ServiceNow
- GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > Region Health Check > ServiceNow > Table
Policy Types:
- GCP > Compute Engine > HTTP Health Check > ServiceNow
- GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
- GCP > Compute Engine > HTTP Health Check > ServiceNow > Table > Definition
- GCP > Compute Engine > HTTPS Health Check > ServiceNow
- GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
- GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table > Definition
- GCP > Compute Engine > Health Check > ServiceNow
- GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Health Check > ServiceNow > Table
- GCP > Compute Engine > Health Check > ServiceNow > Table > Definition
- GCP > Compute Engine > Instance Template > ServiceNow
- GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
- GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Instance Template > ServiceNow > Table
- GCP > Compute Engine > Instance Template > ServiceNow > Table > Definition
- GCP > Compute Engine > Node Group > ServiceNow
- GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
- GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Node Group > ServiceNow > Table
- GCP > Compute Engine > Node Group > ServiceNow > Table > Definition
- GCP > Compute Engine > Node Template > ServiceNow
- GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
- GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Node Template > ServiceNow > Table
- GCP > Compute Engine > Node Template > ServiceNow > Table > Definition
- GCP > Compute Engine > Project > ServiceNow
- GCP > Compute Engine > Project > ServiceNow > Configuration Item
- GCP > Compute Engine > Project > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Project > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Project > ServiceNow > Table
- GCP > Compute Engine > Project > ServiceNow > Table > Definition
- GCP > Compute Engine > Region Disk > ServiceNow
- GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
- GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Region Disk > ServiceNow > Table
- GCP > Compute Engine > Region Disk > ServiceNow > Table > Definition
- GCP > Compute Engine > Region Health Check > ServiceNow
- GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
- GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Region Health Check > ServiceNow > Table
- GCP > Compute Engine > Region Health Check > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > SQL > Backup > ServiceNow
- GCP > SQL > Backup > ServiceNow > Configuration Item
- GCP > SQL > Backup > ServiceNow > Table
- GCP > SQL > Database > ServiceNow
- GCP > SQL > Database > ServiceNow > Configuration Item
- GCP > SQL > Database > ServiceNow > Table
Policy Types:
- GCP > SQL > Backup > ServiceNow
- GCP > SQL > Backup > ServiceNow > Configuration Item
- GCP > SQL > Backup > ServiceNow > Configuration Item > Record
- GCP > SQL > Backup > ServiceNow > Configuration Item > Table Definition
- GCP > SQL > Backup > ServiceNow > Table
- GCP > SQL > Backup > ServiceNow > Table > Definition
- GCP > SQL > Database > ServiceNow
- GCP > SQL > Database > ServiceNow > Configuration Item
- GCP > SQL > Database > ServiceNow > Configuration Item > Record
- GCP > SQL > Database > ServiceNow > Configuration Item > Table Definition
- GCP > SQL > Database > ServiceNow > Table
- GCP > SQL > Database > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > KMS > Crypto Key > ServiceNow
- GCP > KMS > Crypto Key > ServiceNow > Configuration Item
- GCP > KMS > Crypto Key > ServiceNow > Table
- GCP > KMS > Key Ring > ServiceNow
- GCP > KMS > Key Ring > ServiceNow > Configuration Item
- GCP > KMS > Key Ring > ServiceNow > Table
Policy Types:
- GCP > KMS > Crypto Key > ServiceNow
- GCP > KMS > Crypto Key > ServiceNow > Configuration Item
- GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Record
- GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Table Definition
- GCP > KMS > Crypto Key > ServiceNow > Table
- GCP > KMS > Crypto Key > ServiceNow > Table > Definition
- GCP > KMS > Key Ring > ServiceNow
- GCP > KMS > Key Ring > ServiceNow > Configuration Item
- GCP > KMS > Key Ring > ServiceNow > Configuration Item > Record
- GCP > KMS > Key Ring > ServiceNow > Configuration Item > Table Definition
- GCP > KMS > Key Ring > ServiceNow > Table
- GCP > KMS > Key Ring > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > BigQuery > Dataset > ServiceNow
- GCP > BigQuery > Dataset > ServiceNow > Configuration Item
- GCP > BigQuery > Dataset > ServiceNow > Table
- GCP > BigQuery > Table > ServiceNow
- GCP > BigQuery > Table > ServiceNow > Configuration Item
- GCP > BigQuery > Table > ServiceNow > Table
Policy Types:
- GCP > BigQuery > Dataset > ServiceNow
- GCP > BigQuery > Dataset > ServiceNow > Configuration Item
- GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Record
- GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Table Definition
- GCP > BigQuery > Dataset > ServiceNow > Table
- GCP > BigQuery > Dataset > ServiceNow > Table > Definition
- GCP > BigQuery > Table > ServiceNow
- GCP > BigQuery > Table > ServiceNow > Configuration Item
- GCP > BigQuery > Table > ServiceNow > Configuration Item > Record
- GCP > BigQuery > Table > ServiceNow > Configuration Item > Table Definition
- GCP > BigQuery > Table > ServiceNow > Table
- GCP > BigQuery > Table > ServiceNow > Table > Definition
Bug fixes
- Server
- Updated: Enhanced IAM policy for tighter access around custom Lambda.
- Fixed: Turbot > Workspace > Health Control should not break if there is no input.
Requirements
- TEF: 1.55.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
Control Types:
- GCP > Bigtable > Cluster > ServiceNow
- GCP > Bigtable > Cluster > ServiceNow > Configuration Item
- GCP > Bigtable > Cluster > ServiceNow > Table
- GCP > Bigtable > Instance > ServiceNow
- GCP > Bigtable > Instance > ServiceNow > Configuration Item
- GCP > Bigtable > Instance > ServiceNow > Table
- GCP > Bigtable > Table > ServiceNow
- GCP > Bigtable > Table > ServiceNow > Configuration Item
- GCP > Bigtable > Table > ServiceNow > Table
Policy Types:
- GCP > Bigtable > Cluster > ServiceNow
- GCP > Bigtable > Cluster > ServiceNow > Configuration Item
- GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Record
- GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Table Definition
- GCP > Bigtable > Cluster > ServiceNow > Table
- GCP > Bigtable > Cluster > ServiceNow > Table > Definition
- GCP > Bigtable > Instance > ServiceNow
- GCP > Bigtable > Instance > ServiceNow > Configuration Item
- GCP > Bigtable > Instance > ServiceNow > Configuration Item > Record
- GCP > Bigtable > Instance > ServiceNow > Configuration Item > Table Definition
- GCP > Bigtable > Instance > ServiceNow > Table
- GCP > Bigtable > Instance > ServiceNow > Table > Definition
- GCP > Bigtable > Table > ServiceNow
- GCP > Bigtable > Table > ServiceNow > Configuration Item
- GCP > Bigtable > Table > ServiceNow > Configuration Item > Record
- GCP > Bigtable > Table > ServiceNow > Configuration Item > Table Definition
- GCP > Bigtable > Table > ServiceNow > Table
- GCP > Bigtable > Table > ServiceNow > Table > Definition
What's new?
Control Types:
- GCP > App Engine > Application > ServiceNow
- GCP > App Engine > Application > ServiceNow > Configuration Item
- GCP > App Engine > Application > ServiceNow > Table
- GCP > App Engine > Firewall Rule > ServiceNow
- GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
- GCP > App Engine > Firewall Rule > ServiceNow > Table
- GCP > App Engine > Instance > ServiceNow
- GCP > App Engine > Instance > ServiceNow > Configuration Item
- GCP > App Engine > Instance > ServiceNow > Table
- GCP > App Engine > Service > ServiceNow
- GCP > App Engine > Service > ServiceNow > Configuration Item
- GCP > App Engine > Service > ServiceNow > Table
- GCP > App Engine > Version > ServiceNow
- GCP > App Engine > Version > ServiceNow > Configuration Item
- GCP > App Engine > Version > ServiceNow > Table
Policy Types:
- GCP > App Engine > Application > ServiceNow
- GCP > App Engine > Application > ServiceNow > Configuration Item
- GCP > App Engine > Application > ServiceNow > Configuration Item > Record
- GCP > App Engine > Application > ServiceNow > Configuration Item > Table Definition
- GCP > App Engine > Application > ServiceNow > Table
- GCP > App Engine > Application > ServiceNow > Table > Definition
- GCP > App Engine > Firewall Rule > ServiceNow
- GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
- GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Record
- GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Table Definition
- GCP > App Engine > Firewall Rule > ServiceNow > Table
- GCP > App Engine > Firewall Rule > ServiceNow > Table > Definition
- GCP > App Engine > Instance > ServiceNow
- GCP > App Engine > Instance > ServiceNow > Configuration Item
- GCP > App Engine > Instance > ServiceNow > Configuration Item > Record
- GCP > App Engine > Instance > ServiceNow > Configuration Item > Table Definition
- GCP > App Engine > Instance > ServiceNow > Table
- GCP > App Engine > Instance > ServiceNow > Table > Definition
- GCP > App Engine > Service > ServiceNow
- GCP > App Engine > Service > ServiceNow > Configuration Item
- GCP > App Engine > Service > ServiceNow > Configuration Item > Record
- GCP > App Engine > Service > ServiceNow > Configuration Item > Table Definition
- GCP > App Engine > Service > ServiceNow > Table
- GCP > App Engine > Service > ServiceNow > Table > Definition
- GCP > App Engine > Version > ServiceNow
- GCP > App Engine > Version > ServiceNow > Configuration Item
- GCP > App Engine > Version > ServiceNow > Configuration Item > Record
- GCP > App Engine > Version > ServiceNow > Configuration Item > Table Definition
- GCP > App Engine > Version > ServiceNow > Table
- GCP > App Engine > Version > ServiceNow > Table > Definition
Bug fixes
- The
GCP > Turbot > Event Poller
control now includes a precheck condition to avoid running GraphQL input queries when theGCP > Turbot > Event Poller
policy is set toDisabled
. You won’t notice any difference and the control should run lighter and quicker than before.
Bug fixes
- The
Azure > Turbot > Event Poller
andAzure > Turbot > Management Group Event Poller
controls now include a precheck condition to avoid running GraphQL input queries when theAzure > Turbot > Event Poller
andAzure > Turbot > Management Group Event Poller
policies are set toDisabled
respectively. You won’t notice any difference and the controls should run lighter and quicker than before.
Bug fixes
- The
Azure > Turbot > Directory Event Poller
control now includes a precheck condition to avoid running GraphQL input queries when theAzure > Turbot > Directory Event Poller
policy is set toDisabled
. You won’t notice any difference and the control should run lighter and quicker than before.
Bug fixes
- The
AWS > Turbot > Event Poller
control now includes a precheck condition to avoid running GraphQL input queries when theAWS > Turbot > Event Poller
policy is set toDisabled
. You won’t notice any difference and the control should run lighter and quicker than before.
What's new?
Resource Types:
- AWS > OpenSearch
Policy Types:
- AWS > OpenSearch > API Enabled
- AWS > OpenSearch > Approved Regions [Default]
- AWS > OpenSearch > Enabled
- AWS > OpenSearch > Permissions
- AWS > OpenSearch > Permissions > Levels
- AWS > OpenSearch > Permissions > Levels > Modifiers
- AWS > OpenSearch > Permissions > Lockdown
- AWS > OpenSearch > Permissions > Lockdown > API Boundary
- AWS > OpenSearch > Regions
- AWS > OpenSearch > Tags Template [Default]
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-opensearch
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-opensearch
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-opensearch
What's new?
- Added the input variables to the following services to allow different thresholds to be passed in:
Droplet
Database
Block Storage
Kubernetes
To get started, please see [Digitalocean Thrifty Configuration] (https://hub.steampipe.io/mods/turbot/digitalocean_thrifty#configuration). For a list of variables and their default values, please see steampipe.spvars. (#36)
What's new?
- New tables added
Note : Table aws_sns_topic_subscription
will be changing behaviours in a future release to return results from ListSubscriptionsByTopic
instead of ListSubscriptions
.
What's new?
Control Types:
- Azure > Resource Group > ServiceNow
- Azure > Resource Group > ServiceNow > Configuration Item
- Azure > Resource Group > ServiceNow > Table
- Azure > Subscription > ServiceNow
- Azure > Subscription > ServiceNow > Configuration Item
- Azure > Subscription > ServiceNow > Table
- Azure > Tenant > ServiceNow
- Azure > Tenant > ServiceNow > Configuration Item
- Azure > Tenant > ServiceNow > Table
Policy Types:
- Azure > Resource Group > ServiceNow
- Azure > Resource Group > ServiceNow > Configuration Item
- Azure > Resource Group > ServiceNow > Configuration Item > Record
- Azure > Resource Group > ServiceNow > Configuration Item > Table Definition
- Azure > Resource Group > ServiceNow > Table
- Azure > Resource Group > ServiceNow > Table > Definition
- Azure > Subscription > ServiceNow
- Azure > Subscription > ServiceNow > Configuration Item
- Azure > Subscription > ServiceNow > Configuration Item > Record
- Azure > Subscription > ServiceNow > Configuration Item > Table Definition
- Azure > Subscription > ServiceNow > Table
- Azure > Subscription > ServiceNow > Table > Definition
- Azure > Tenant > ServiceNow
- Azure > Tenant > ServiceNow > Configuration Item
- Azure > Tenant > ServiceNow > Configuration Item > Record
- Azure > Tenant > ServiceNow > Configuration Item > Table Definition
- Azure > Tenant > ServiceNow > Table
- Azure > Tenant > ServiceNow > Table > Definition
Bug fixes
- Updated the tags to use
risk
instead ofseverity
to eliminate duplicate column names in output files. (#41)
What's new?
Control Types:
- Azure > Network > Private Endpoints > ServiceNow
- Azure > Network > Private Endpoints > ServiceNow > Configuration Item
- Azure > Network > Private Endpoints > ServiceNow > Table
Policy Types:
- Azure > Network > Private Endpoints > ServiceNow
- Azure > Network > Private Endpoints > ServiceNow > Configuration Item
- Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Record
- Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Private Endpoints > ServiceNow > Table
- Azure > Network > Private Endpoints > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Automation > Automation Account > ServiceNow
- Azure > Automation > Automation Account > ServiceNow > Configuration Item
- Azure > Automation > Automation Account > ServiceNow > Table
- Azure > Automation > Runbook > ServiceNow
- Azure > Automation > Runbook > ServiceNow > Configuration Item
- Azure > Automation > Runbook > ServiceNow > Table
Policy Types:
- Azure > Automation > Automation Account > ServiceNow
- Azure > Automation > Automation Account > ServiceNow > Configuration Item
- Azure > Automation > Automation Account > ServiceNow > Configuration Item > Record
- Azure > Automation > Automation Account > ServiceNow > Configuration Item > Table Definition
- Azure > Automation > Automation Account > ServiceNow > Table
- Azure > Automation > Automation Account > ServiceNow > Table > Definition
- Azure > Automation > Runbook > ServiceNow
- Azure > Automation > Runbook > ServiceNow > Configuration Item
- Azure > Automation > Runbook > ServiceNow > Configuration Item > Record
- Azure > Automation > Runbook > ServiceNow > Configuration Item > Table Definition
- Azure > Automation > Runbook > ServiceNow > Table
- Azure > Automation > Runbook > ServiceNow > Table > Definition
What's new?
- Added support for
aws_network_interface_sg_attachment
Terraform resource forAWS > EC2 > Network Interface
.
Bug fixes
- The
AWS > EC2 > Instance > CMDB
control would sometimes trigger multiple times ifEnclaveOptions
was not set as part of theAWS > EC2 > Instance > CMDB > Attributes
policy. This would result in unnecessary Lambda runs for the control. TheEnclaveOptions
attribute is now available in the CMDB data by default and theEnclaveOptions
policy value inAWS > EC2 > Instance > CMDB > Attributes
policy has now been deprecated, and will be removed in the next major version.
Bug fixes
- Updated the credential section of README to use
api_key
instead oftoken
. (#7)
What's new?
- Updated: Launch Template to prevent association of Network Interface with public IPs.
What's new?
Control Types:
- Azure > Storage > Container > ServiceNow
- Azure > Storage > Container > ServiceNow > Configuration Item
- Azure > Storage > Container > ServiceNow > Table
- Azure > Storage > FileShare > ServiceNow
- Azure > Storage > FileShare > ServiceNow > Configuration Item
- Azure > Storage > FileShare > ServiceNow > Table
- Azure > Storage > Queue > ServiceNow
- Azure > Storage > Queue > ServiceNow > Configuration Item
- Azure > Storage > Queue > ServiceNow > Table
Policy Types:
- Azure > Storage > Container > ServiceNow
- Azure > Storage > Container > ServiceNow > Configuration Item
- Azure > Storage > Container > ServiceNow > Configuration Item > Record
- Azure > Storage > Container > ServiceNow > Configuration Item > Table Definition
- Azure > Storage > Container > ServiceNow > Table
- Azure > Storage > Container > ServiceNow > Table > Definition
- Azure > Storage > FileShare > ServiceNow
- Azure > Storage > FileShare > ServiceNow > Configuration Item
- Azure > Storage > FileShare > ServiceNow > Configuration Item > Record
- Azure > Storage > FileShare > ServiceNow > Configuration Item > Table Definition
- Azure > Storage > FileShare > ServiceNow > Table
- Azure > Storage > FileShare > ServiceNow > Table > Definition
- Azure > Storage > Queue > ServiceNow
- Azure > Storage > Queue > ServiceNow > Configuration Item
- Azure > Storage > Queue > ServiceNow > Configuration Item > Record
- Azure > Storage > Queue > ServiceNow > Configuration Item > Table Definition
- Azure > Storage > Queue > ServiceNow > Table
- Azure > Storage > Queue > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Recovery Service > Backup > ServiceNow
- Azure > Recovery Service > Backup > ServiceNow > Configuration Item
- Azure > Recovery Service > Backup > ServiceNow > Table
- Azure > Recovery Service > Vault > ServiceNow
- Azure > Recovery Service > Vault > ServiceNow > Configuration Item
- Azure > Recovery Service > Vault > ServiceNow > Table
Policy Types:
- Azure > Recovery Service > Backup > ServiceNow
- Azure > Recovery Service > Backup > ServiceNow > Configuration Item
- Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Record
- Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Table Definition
- Azure > Recovery Service > Backup > ServiceNow > Table
- Azure > Recovery Service > Backup > ServiceNow > Table > Definition
- Azure > Recovery Service > Vault > ServiceNow
- Azure > Recovery Service > Vault > ServiceNow > Configuration Item
- Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Record
- Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Table Definition
- Azure > Recovery Service > Vault > ServiceNow > Table
- Azure > Recovery Service > Vault > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Monitor > Action Group > ServiceNow
- Azure > Monitor > Action Group > ServiceNow > Configuration Item
- Azure > Monitor > Action Group > ServiceNow > Table
- Azure > Monitor > Alerts > ServiceNow
- Azure > Monitor > Alerts > ServiceNow > Configuration Item
- Azure > Monitor > Alerts > ServiceNow > Table
- Azure > Monitor > Log Profile > ServiceNow
- Azure > Monitor > Log Profile > ServiceNow > Configuration Item
- Azure > Monitor > Log Profile > ServiceNow > Table
Policy Types:
- Azure > Monitor > Action Group > ServiceNow
- Azure > Monitor > Action Group > ServiceNow > Configuration Item
- Azure > Monitor > Action Group > ServiceNow > Configuration Item > Record
- Azure > Monitor > Action Group > ServiceNow > Configuration Item > Table Definition
- Azure > Monitor > Action Group > ServiceNow > Table
- Azure > Monitor > Action Group > ServiceNow > Table > Definition
- Azure > Monitor > Alerts > ServiceNow
- Azure > Monitor > Alerts > ServiceNow > Configuration Item
- Azure > Monitor > Alerts > ServiceNow > Configuration Item > Record
- Azure > Monitor > Alerts > ServiceNow > Configuration Item > Table Definition
- Azure > Monitor > Alerts > ServiceNow > Table
- Azure > Monitor > Alerts > ServiceNow > Table > Definition
- Azure > Monitor > Log Profile > ServiceNow
- Azure > Monitor > Log Profile > ServiceNow > Configuration Item
- Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Record
- Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Table Definition
- Azure > Monitor > Log Profile > ServiceNow > Table
- Azure > Monitor > Log Profile > ServiceNow > Table > Definition
What's new?
- Added the following controls across the benchmarks: (#51)
container_instance_container_group_secure_environment_variable
container_registry_zone_redundant_enabled
What's new?
- New tables added
Enhancements
- Added
storage_throughput
column toaws_rds_db_instance
table. (#2010) (Thanks @toddwh50 for the contribution!) - Added
layers
column toaws_lambda_function
table. (#2008) (Thanks @icaliskanoglu for the contribution!) - Added
tags
column toaws_backup_recovery_point
andaws_backup_vault
tables. (#2033)
Bug fixes
Bug fixes
- Removed inaccurate SQL Query string validation to check for arguments. (#516)
What's new?
Control Types:
- GCP > Kubernetes Engine > Region Cluster > ServiceNow
- GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
Policy Types:
- GCP > Kubernetes Engine > Region Cluster > ServiceNow
- GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Record
- GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Table Definition
- GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
- GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table > Definition
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Record
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Table Definition
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
- GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table > Definition
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Record
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Table Definition
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
- GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table > Definition
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Record
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Table Definition
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
- GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > IAM > Role Assignment > ServiceNow
- Azure > IAM > Role Assignment > ServiceNow > Configuration Item
- Azure > IAM > Role Assignment > ServiceNow > Table
- Azure > IAM > Role Definition > ServiceNow
- Azure > IAM > Role Definition > ServiceNow > Configuration Item
- Azure > IAM > Role Definition > ServiceNow > Table
Policy Types:
- Azure > IAM > Role Assignment > ServiceNow
- Azure > IAM > Role Assignment > ServiceNow > Configuration Item
- Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Record
- Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Table Definition
- Azure > IAM > Role Assignment > ServiceNow > Table
- Azure > IAM > Role Assignment > ServiceNow > Table > Definition
- Azure > IAM > Role Definition > ServiceNow
- Azure > IAM > Role Definition > ServiceNow > Configuration Item
- Azure > IAM > Role Definition > ServiceNow > Configuration Item > Record
- Azure > IAM > Role Definition > ServiceNow > Configuration Item > Table Definition
- Azure > IAM > Role Definition > ServiceNow > Table
- Azure > IAM > Role Definition > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Data Factory > Dataset > ServiceNow
- Azure > Data Factory > Dataset > ServiceNow > Configuration Item
- Azure > Data Factory > Dataset > ServiceNow > Table
- Azure > Data Factory > Factory > ServiceNow
- Azure > Data Factory > Factory > ServiceNow > Configuration Item
- Azure > Data Factory > Factory > ServiceNow > Table
- Azure > Data Factory > Pipeline > ServiceNow
- Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
- Azure > Data Factory > Pipeline > ServiceNow > Table
Policy Types:
- Azure > Data Factory > Dataset > ServiceNow
- Azure > Data Factory > Dataset > ServiceNow > Configuration Item
- Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Record
- Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Table Definition
- Azure > Data Factory > Dataset > ServiceNow > Table
- Azure > Data Factory > Dataset > ServiceNow > Table > Definition
- Azure > Data Factory > Factory > ServiceNow
- Azure > Data Factory > Factory > ServiceNow > Configuration Item
- Azure > Data Factory > Factory > ServiceNow > Configuration Item > Record
- Azure > Data Factory > Factory > ServiceNow > Configuration Item > Table Definition
- Azure > Data Factory > Factory > ServiceNow > Table
- Azure > Data Factory > Factory > ServiceNow > Table > Definition
- Azure > Data Factory > Pipeline > ServiceNow
- Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
- Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Record
- Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Table Definition
- Azure > Data Factory > Pipeline > ServiceNow > Table
- Azure > Data Factory > Pipeline > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Databricks > Workspace > ServiceNow
- Azure > Databricks > Workspace > ServiceNow > Configuration Item
- Azure > Databricks > Workspace > ServiceNow > Table
Policy Types:
- Azure > Databricks > Workspace > ServiceNow
- Azure > Databricks > Workspace > ServiceNow > Configuration Item
- Azure > Databricks > Workspace > ServiceNow > Configuration Item > Record
- Azure > Databricks > Workspace > ServiceNow > Configuration Item > Table Definition
- Azure > Databricks > Workspace > ServiceNow > Table
- Azure > Databricks > Workspace > ServiceNow > Table > Definition
Bug fixes
- Server
- Minor internal improvements.
Requirements
- TEF: 1.51.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
Enhancements
- Updated the controls to reference their query using
query =
rather thansql =
. (#25)
Bug fixes
- Fixed the broken
network_subnet_to_network_virtual_network
edge of the relationship graph in thesql_server_detail
dashboard page to correctly reference thenetwork_subnets_for_sql_server
query. (#118)
Bug fixes
- Fixed the
kubernetes_cluster_upgraded_with_non_vulnerable_version
query to correctly check if a Kubernetes cluster is using an outdated software version. (#235)
Bug fixes
- Server
- The scheduled actions would sometimes fail to work for the firehose-aws-sns mod due an inadvertent bug introduced in TE v5.42.10. This is now fixed.
Requirements
- TEF: 1.51.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
Control Types:
- Azure > Active Directory > Application > ServiceNow
- Azure > Active Directory > Application > ServiceNow > Configuration Item
- Azure > Active Directory > Application > ServiceNow > Table
- Azure > Active Directory > Client Secret > ServiceNow
- Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
- Azure > Active Directory > Client Secret > ServiceNow > Table
- Azure > Active Directory > Custom Domain > ServiceNow
- Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
- Azure > Active Directory > Custom Domain > ServiceNow > Table
- Azure > Active Directory > Directory > ServiceNow
- Azure > Active Directory > Directory > ServiceNow > Configuration Item
- Azure > Active Directory > Directory > ServiceNow > Table
- Azure > Active Directory > Group > ServiceNow
- Azure > Active Directory > Group > ServiceNow > Configuration Item
- Azure > Active Directory > Group > ServiceNow > Table
- Azure > Active Directory > Service Principal > ServiceNow
- Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
- Azure > Active Directory > Service Principal > ServiceNow > Table
- Azure > Active Directory > User > ServiceNow
- Azure > Active Directory > User > ServiceNow > Configuration Item
- Azure > Active Directory > User > ServiceNow > Table
Policy Types:
- Azure > Active Directory > Application > ServiceNow
- Azure > Active Directory > Application > ServiceNow > Configuration Item
- Azure > Active Directory > Application > ServiceNow > Configuration Item > Record
- Azure > Active Directory > Application > ServiceNow > Configuration Item > Table Definition
- Azure > Active Directory > Application > ServiceNow > Table
- Azure > Active Directory > Application > ServiceNow > Table > Definition
- Azure > Active Directory > Client Secret > ServiceNow
- Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
- Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Record
- Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Table Definition
- Azure > Active Directory > Client Secret > ServiceNow > Table
- Azure > Active Directory > Client Secret > ServiceNow > Table > Definition
- Azure > Active Directory > Custom Domain > ServiceNow
- Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
- Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Record
- Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Table Definition
- Azure > Active Directory > Custom Domain > ServiceNow > Table
- Azure > Active Directory > Custom Domain > ServiceNow > Table > Definition
- Azure > Active Directory > Directory > ServiceNow
- Azure > Active Directory > Directory > ServiceNow > Configuration Item
- Azure > Active Directory > Directory > ServiceNow > Configuration Item > Record
- Azure > Active Directory > Directory > ServiceNow > Configuration Item > Table Definition
- Azure > Active Directory > Directory > ServiceNow > Table
- Azure > Active Directory > Directory > ServiceNow > Table > Definition
- Azure > Active Directory > Group > ServiceNow
- Azure > Active Directory > Group > ServiceNow > Configuration Item
- Azure > Active Directory > Group > ServiceNow > Configuration Item > Record
- Azure > Active Directory > Group > ServiceNow > Configuration Item > Table Definition
- Azure > Active Directory > Group > ServiceNow > Table
- Azure > Active Directory > Group > ServiceNow > Table > Definition
- Azure > Active Directory > Service Principal > ServiceNow
- Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
- Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Record
- Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Table Definition
- Azure > Active Directory > Service Principal > ServiceNow > Table
- Azure > Active Directory > Service Principal > ServiceNow > Table > Definition
- Azure > Active Directory > User > ServiceNow
- Azure > Active Directory > User > ServiceNow > Configuration Item
- Azure > Active Directory > User > ServiceNow > Configuration Item > Record
- Azure > Active Directory > User > ServiceNow > Configuration Item > Table Definition
- Azure > Active Directory > User > ServiceNow > Table
- Azure > Active Directory > User > ServiceNow > Table > Definition
Bug fixes
- Fixed the plugin to return only static tables instead of an error when the
objects
config argument is not set or the plugin credentials are not set correctly. (#26)
What's new?
- New tables added
- reddit_my_saved_post (Thanks @mkell43 for the contribution!)
- reddit_my_saved_comment (Thanks @mkell43 for the contribution!)
What's new?
Control Types:
- GCP > Pub/Sub > Snapshot > ServiceNow
- GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
- GCP > Pub/Sub > Snapshot > ServiceNow > Table
- GCP > Pub/Sub > Subscription > ServiceNow
- GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
- GCP > Pub/Sub > Subscription > ServiceNow > Table
- GCP > Pub/Sub > Topic > ServiceNow
- GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
- GCP > Pub/Sub > Topic > ServiceNow > Table
Policy Types:
- GCP > Pub/Sub > Snapshot > ServiceNow
- GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
- GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Record
- GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Table Definition
- GCP > Pub/Sub > Snapshot > ServiceNow > Table
- GCP > Pub/Sub > Snapshot > ServiceNow > Table > Definition
- GCP > Pub/Sub > Subscription > ServiceNow
- GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
- GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Record
- GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Table Definition
- GCP > Pub/Sub > Subscription > ServiceNow > Table
- GCP > Pub/Sub > Subscription > ServiceNow > Table > Definition
- GCP > Pub/Sub > Topic > ServiceNow
- GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
- GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Record
- GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Table Definition
- GCP > Pub/Sub > Topic > ServiceNow > Table
- GCP > Pub/Sub > Topic > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Synapse Analytics > SQL Pool > ServiceNow
- Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
- Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
- Azure > Synapse Analytics > Workspace > ServiceNow
- Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
- Azure > Synapse Analytics > Workspace > ServiceNow > Table
Policy Types:
- Azure > Synapse Analytics > SQL Pool > ServiceNow
- Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
- Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Record
- Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Table Definition
- Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
- Azure > Synapse Analytics > SQL Pool > ServiceNow > Table > Definition
- Azure > Synapse Analytics > Workspace > ServiceNow
- Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
- Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Record
- Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Table Definition
- Azure > Synapse Analytics > Workspace > ServiceNow > Table
- Azure > Synapse Analytics > Workspace > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Search Management > Search Service > ServiceNow
- Azure > Search Management > Search Service > ServiceNow > Configuration Item
- Azure > Search Management > Search Service > ServiceNow > Table
Policy Types:
- Azure > Search Management > Search Service > ServiceNow
- Azure > Search Management > Search Service > ServiceNow > Configuration Item
- Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
- Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
- Azure > Search Management > Search Service > ServiceNow > Table
- Azure > Search Management > Search Service > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Service Bus > Namespace > ServiceNow
- Azure > Service Bus > Namespace > ServiceNow > Configuration Item
- Azure > Service Bus > Namespace > ServiceNow > Table
- Azure > Service Bus > Queue > ServiceNow
- Azure > Service Bus > Queue > ServiceNow > Configuration Item
- Azure > Service Bus > Queue > ServiceNow > Table
- Azure > Service Bus > Topic > ServiceNow
- Azure > Service Bus > Topic > ServiceNow > Configuration Item
- Azure > Service Bus > Topic > ServiceNow > Table
Policy Types:
- Azure > Service Bus > Namespace > ServiceNow
- Azure > Service Bus > Namespace > ServiceNow > Configuration Item
- Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Record
- Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Table Definition
- Azure > Service Bus > Namespace > ServiceNow > Table
- Azure > Service Bus > Namespace > ServiceNow > Table > Definition
- Azure > Service Bus > Queue > ServiceNow
- Azure > Service Bus > Queue > ServiceNow > Configuration Item
- Azure > Service Bus > Queue > ServiceNow > Configuration Item > Record
- Azure > Service Bus > Queue > ServiceNow > Configuration Item > Table Definition
- Azure > Service Bus > Queue > ServiceNow > Table
- Azure > Service Bus > Queue > ServiceNow > Table > Definition
- Azure > Service Bus > Topic > ServiceNow
- Azure > Service Bus > Topic > ServiceNow > Configuration Item
- Azure > Service Bus > Topic > ServiceNow > Configuration Item > Record
- Azure > Service Bus > Topic > ServiceNow > Configuration Item > Table Definition
- Azure > Service Bus > Topic > ServiceNow > Table
- Azure > Service Bus > Topic > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Load Balancer > Load Balance > ServiceNow
- Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
- Azure > Load Balancer > Load Balance > ServiceNow > Table
Policy Types:
- Azure > Load Balancer > Load Balance > ServiceNow
- Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
- Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Record
- Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Table Definition
- Azure > Load Balancer > Load Balance > ServiceNow > Table
- Azure > Load Balancer > Load Balance > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > DNS > Record Set > ServiceNow
- Azure > DNS > Record Set > ServiceNow > Configuration Item
- Azure > DNS > Record Set > ServiceNow > Table
- Azure > DNS > Zone > ServiceNow
- Azure > DNS > Zone > ServiceNow > Configuration Item
- Azure > DNS > Zone > ServiceNow > Table
Policy Types:
- Azure > DNS > Record Set > ServiceNow
- Azure > DNS > Record Set > ServiceNow > Configuration Item
- Azure > DNS > Record Set > ServiceNow > Configuration Item > Record
- Azure > DNS > Record Set > ServiceNow > Configuration Item > Table Definition
- Azure > DNS > Record Set > ServiceNow > Table
- Azure > DNS > Record Set > ServiceNow > Table > Definition
- Azure > DNS > Zone > ServiceNow
- Azure > DNS > Zone > ServiceNow > Configuration Item
- Azure > DNS > Zone > ServiceNow > Configuration Item > Record
- Azure > DNS > Zone > ServiceNow > Configuration Item > Table Definition
- Azure > DNS > Zone > ServiceNow > Table
- Azure > DNS > Zone > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Cosmos DB > Database Account > ServiceNow
- Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
- Azure > Cosmos DB > Database Account > ServiceNow > Table
- Azure > Cosmos DB > MongoDB Collection > ServiceNow
- Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
- Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
- Azure > Cosmos DB > MongoDB Database > ServiceNow
- Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
- Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
- Azure > Cosmos DB > SQL Container > ServiceNow
- Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
- Azure > Cosmos DB > SQL Container > ServiceNow > Table
- Azure > Cosmos DB > SQL Database > ServiceNow
- Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
- Azure > Cosmos DB > SQL Database > ServiceNow > Table
Policy Types:
- Azure > Cosmos DB > Database Account > ServiceNow
- Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
- Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Record
- Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Table Definition
- Azure > Cosmos DB > Database Account > ServiceNow > Table
- Azure > Cosmos DB > Database Account > ServiceNow > Table > Definition
- Azure > Cosmos DB > MongoDB Collection > ServiceNow
- Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
- Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Record
- Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Table Definition
- Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
- Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table > Definition
- Azure > Cosmos DB > MongoDB Database > ServiceNow
- Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
- Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Record
- Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Table Definition
- Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
- Azure > Cosmos DB > MongoDB Database > ServiceNow > Table > Definition
- Azure > Cosmos DB > SQL Container > ServiceNow
- Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
- Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Record
- Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Table Definition
- Azure > Cosmos DB > SQL Container > ServiceNow > Table
- Azure > Cosmos DB > SQL Container > ServiceNow > Table > Definition
- Azure > Cosmos DB > SQL Database > ServiceNow
- Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
- Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Record
- Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Table Definition
- Azure > Cosmos DB > SQL Database > ServiceNow > Table
- Azure > Cosmos DB > SQL Database > ServiceNow > Table > Definition
Whats new
- Allow using pprof on FDW when STEAMPIPE_FDW_PPROF environment variable is set. (#368)
Bug fixes
v0.12.1 of the Terraform Provider for Pipes is now available.
Bug fixes
- Omitting the
PartPer
setting for apipes_workspace_datatank_table
resource would have previously resulted in an error, meaning you had to passconnection
as the value. This field is now optional, allowing single part tables to be defined.
What's new?
- Server
- Updated: Enhanced IAM policy for tighter access around Mod Lambda SNS topic.
Requirements
- TEF: 1.51.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
Control Types:
- Azure > Search Management > Search Service > ServiceNow
- Azure > Search Management > Search Service > ServiceNow > Configuration Item
- Azure > Search Management > Search Service > ServiceNow > Table
Policy Types:
- Azure > Search Management > Search Service > ServiceNow
- Azure > Search Management > Search Service > ServiceNow > Configuration Item
- Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
- Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
- Azure > Search Management > Search Service > ServiceNow > Table
- Azure > Search Management > Search Service > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Network Watcher > Flow Log > ServiceNow
- Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
- Azure > Network Watcher > Flow Log > ServiceNow > Table
- Azure > Network Watcher > Network Watcher > ServiceNow
- Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
- Azure > Network Watcher > Network Watcher > ServiceNow > Table
Policy Types:
- Azure > Network Watcher > Flow Log > ServiceNow
- Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
- Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Record
- Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Table Definition
- Azure > Network Watcher > Flow Log > ServiceNow > Table
- Azure > Network Watcher > Flow Log > ServiceNow > Table > Definition
- Azure > Network Watcher > Network Watcher > ServiceNow
- Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
- Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Record
- Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Table Definition
- Azure > Network Watcher > Network Watcher > ServiceNow > Table
- Azure > Network Watcher > Network Watcher > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Front Door > Front Door > ServiceNow
- Azure > Front Door > Front Door > ServiceNow > Configuration Item
- Azure > Front Door > Front Door > ServiceNow > Table
Policy Types:
- Azure > Front Door > Front Door > ServiceNow
- Azure > Front Door > Front Door > ServiceNow > Configuration Item
- Azure > Front Door > Front Door > ServiceNow > Configuration Item > Record
- Azure > Front Door > Front Door > ServiceNow > Configuration Item > Table Definition
- Azure > Front Door > Front Door > ServiceNow > Table
- Azure > Front Door > Front Door > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Application Insights > Application Insight > ServiceNow
- Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
- Azure > Application Insights > Application Insight > ServiceNow > Table
Policy Types:
- Azure > Application Insights > Application Insight > ServiceNow
- Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
- Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Record
- Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Table Definition
- Azure > Application Insights > Application Insight > ServiceNow > Table
- Azure > Application Insights > Application Insight > ServiceNow > Table > Definition
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Enhancements
- Added 61 new controls to the
All Controls
benchmark across the following services: (#140)- CloudFunctions
- Compute
- KMS
- Kubernetes
- Project
- SQL
- Storage
Enhancements
- Added 50 new controls to the
All Controls
benchmark across the following services: (#736)- ACM
- CloudFront
- CloudTrail
- Config
- DocumentDB
- EC2
- ECS
- EKS
- ElastiCache
- ELB
- EMR
- Kinesis
- RDS
- Redshift
- S3
- SNS
- SQS
- SSM
- VPC
What's new?
Control Types:
- Azure > Security Center > Security Center > ServiceNow
- Azure > Security Center > Security Center > ServiceNow > Configuration Item
- Azure > Security Center > Security Center > ServiceNow > Table
Policy Types:
- Azure > Security Center > Security Center > ServiceNow
- Azure > Security Center > Security Center > ServiceNow > Configuration Item
- Azure > Security Center > Security Center > ServiceNow > Configuration Item > Record
- Azure > Security Center > Security Center > ServiceNow > Configuration Item > Table Definition
- Azure > Security Center > Security Center > ServiceNow > Table
- Azure > Security Center > Security Center > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Firewall > Firewall > ServiceNow
- Azure > Firewall > Firewall > ServiceNow > Configuration Item
- Azure > Firewall > Firewall > ServiceNow > Table
Policy Types:
- Azure > Firewall > Firewall > ServiceNow
- Azure > Firewall > Firewall > ServiceNow > Configuration Item
- Azure > Firewall > Firewall > ServiceNow > Configuration Item > Record
- Azure > Firewall > Firewall > ServiceNow > Configuration Item > Table Definition
- Azure > Firewall > Firewall > ServiceNow > Table
- Azure > Firewall > Firewall > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Application Gateway Service > Application Gateway > ServiceNow
- Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
- Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
Policy Types:
- Azure > Application Gateway Service > Application Gateway > ServiceNow
- Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
- Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Record
- Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Table Definition
- Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
- Azure > Application Gateway Service > Application Gateway > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > API Management > API Management Service > ServiceNow
- Azure > API Management > API Management Service > ServiceNow > Configuration Item
- Azure > API Management > API Management Service > ServiceNow > Table
Policy Types:
- Azure > API Management > API Management Service > ServiceNow
- Azure > API Management > API Management Service > ServiceNow > Configuration Item
- Azure > API Management > API Management Service > ServiceNow > Configuration Item > Record
- Azure > API Management > API Management Service > ServiceNow > Configuration Item > Table Definition
- Azure > API Management > API Management Service > ServiceNow > Table
- Azure > API Management > API Management Service > ServiceNow > Table > Definition
What's new?
- New tables added: (Thanks @ajmaradiaga for the new plugin!)
What's new?
Server
- Updated: The directory API to support
Require Signed Assertion Response
.
- Updated: The directory API to support
UI:
- Added: Introduced UI options for
Require Signed Assertion Response
for enhanced security in SAML authentication.
- Added: Introduced UI options for
Requirements
- TEF: 1.51.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
Enhanced Security and Compatibility Guide for SAML Authentication
Description:
The recent update to @node-saml/passport-saml
mandates the signing of the assertion response. To ensure backward compatibility, we have introduced a new configuration option in the UI:
- Require Signed Assertion Response
By default, this option is set to Disabled
to maintain compatibility with existing setups.
Recommendations: We recommend enabling this option as it adds an additional layer of security. However, please be aware that enabling this setting might impact the SAML login functionality.
What's new?
Control Types:
- Azure > Relay > Namespace > ServiceNow
- Azure > Relay > Namespace > ServiceNow > Configuration Item
- Azure > Relay > Namespace > ServiceNow > Table
Policy Types:
- Azure > Relay > Namespace > ServiceNow
- Azure > Relay > Namespace > ServiceNow > Configuration Item
- Azure > Relay > Namespace > ServiceNow > Configuration Item > Record
- Azure > Relay > Namespace > ServiceNow > Configuration Item > Table Definition
- Azure > Relay > Namespace > ServiceNow > Table
- Azure > Relay > Namespace > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
Policy Types:
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Record
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Table Definition
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
- Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > App Service > App Service Plan > ServiceNow
- Azure > App Service > App Service Plan > ServiceNow > Configuration Item
- Azure > App Service > App Service Plan > ServiceNow > Table
- Azure > App Service > Function App > ServiceNow
- Azure > App Service > Function App > ServiceNow > Configuration Item
- Azure > App Service > Function App > ServiceNow > Table
- Azure > App Service > Web App > ServiceNow
- Azure > App Service > Web App > ServiceNow > Configuration Item
- Azure > App Service > Web App > ServiceNow > Table
Policy Types:
- Azure > App Service > App Service Plan > ServiceNow
- Azure > App Service > App Service Plan > ServiceNow > Configuration Item
- Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Record
- Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Table Definition
- Azure > App Service > App Service Plan > ServiceNow > Table
- Azure > App Service > App Service Plan > ServiceNow > Table > Definition
- Azure > App Service > Function App > ServiceNow
- Azure > App Service > Function App > ServiceNow > Configuration Item
- Azure > App Service > Function App > ServiceNow > Configuration Item > Record
- Azure > App Service > Function App > ServiceNow > Configuration Item > Table Definition
- Azure > App Service > Function App > ServiceNow > Table
- Azure > App Service > Function App > ServiceNow > Table > Definition
- Azure > App Service > Web App > ServiceNow
- Azure > App Service > Web App > ServiceNow > Configuration Item
- Azure > App Service > Web App > ServiceNow > Configuration Item > Record
- Azure > App Service > Web App > ServiceNow > Configuration Item > Table Definition
- Azure > App Service > Web App > ServiceNow > Table
- Azure > App Service > Web App > ServiceNow > Table > Definition
Enhancements
- Updated the plugin to use a shared, optimized HTTP client that enhances DNS management and reduces connection floods for more stable and efficient queries. (#2036)
What's new?
Control Types:
- Azure > SignalR Service > SignalR > ServiceNow
- Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
- Azure > SignalR Service > SignalR > ServiceNow > Table
Policy Types:
- Azure > SignalR Service > SignalR > ServiceNow
- Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
- Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Record
- Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Table Definition
- Azure > SignalR Service > SignalR > ServiceNow > Table
- Azure > SignalR Service > SignalR > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > AKS > Managed Cluster > ServiceNow
- Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
- Azure > AKS > Managed Cluster > ServiceNow > Table
Policy Types:
- Azure > AKS > Managed Cluster > ServiceNow
- Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
- Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Record
- Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Table Definition
- Azure > AKS > Managed Cluster > ServiceNow > Table
- Azure > AKS > Managed Cluster > ServiceNow > Table > Definition
Enhancements
- Updated the plugin's
.goreleaser
file to build the netgo package only for Darwin systems. (#2029)
What's new?
Control Types:
- Azure > SQL > Database > ServiceNow
- Azure > SQL > Database > ServiceNow > Configuration Item
- Azure > SQL > Database > ServiceNow > Table
- Azure > SQL > Elastic Pool > ServiceNow
- Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
- Azure > SQL > Elastic Pool > ServiceNow > Table
Policy Types:
- Azure > SQL > Database > ServiceNow
- Azure > SQL > Database > ServiceNow > Configuration Item
- Azure > SQL > Database > ServiceNow > Configuration Item > Record
- Azure > SQL > Database > ServiceNow > Configuration Item > Table Definition
- Azure > SQL > Database > ServiceNow > Table
- Azure > SQL > Database > ServiceNow > Table > Definition
- Azure > SQL > Elastic Pool > ServiceNow
- Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
- Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Record
- Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Table Definition
- Azure > SQL > Elastic Pool > ServiceNow > Table
- Azure > SQL > Elastic Pool > ServiceNow > Table > Definition
What's new?
- Control Types:
- Azure > Network > Application Security Group > ServiceNow
- Azure > Network > Application Security Group > ServiceNow > Configuration Item
- Azure > Network > Application Security Group > ServiceNow > Table
- Azure > Network > Express Route Circuits > ServiceNow
- Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
- Azure > Network > Express Route Circuits > ServiceNow > Table
- Azure > Network > Network Interface > ServiceNow
- Azure > Network > Network Interface > ServiceNow > Configuration Item
- Azure > Network > Network Interface > ServiceNow > Table
- Azure > Network > Private DNS Zones > ServiceNow
- Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
- Azure > Network > Private DNS Zones > ServiceNow > Table
- Azure > Network > Public IP Address > ServiceNow
- Azure > Network > Public IP Address > ServiceNow > Configuration Item
- Azure > Network > Public IP Address > ServiceNow > Table
- Azure > Network > Route Table > ServiceNow
- Azure > Network > Route Table > ServiceNow > Configuration Item
- Azure > Network > Route Table > ServiceNow > Table
- Azure > Network > Virtual Network Gateway > ServiceNow
- Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
- Azure > Network > Virtual Network Gateway > ServiceNow > Table
- Policy Types:
- Azure > Network > Application Security Group > ServiceNow
- Azure > Network > Application Security Group > ServiceNow > Configuration Item
- Azure > Network > Application Security Group > ServiceNow > Configuration Item > Record
- Azure > Network > Application Security Group > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Application Security Group > ServiceNow > Table
- Azure > Network > Application Security Group > ServiceNow > Table > Definition
- Azure > Network > Express Route Circuits > ServiceNow
- Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
- Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Record
- Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Express Route Circuits > ServiceNow > Table
- Azure > Network > Express Route Circuits > ServiceNow > Table > Definition
- Azure > Network > Network Interface > ServiceNow
- Azure > Network > Network Interface > ServiceNow > Configuration Item
- Azure > Network > Network Interface > ServiceNow > Configuration Item > Record
- Azure > Network > Network Interface > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Network Interface > ServiceNow > Table
- Azure > Network > Network Interface > ServiceNow > Table > Definition
- Azure > Network > Private DNS Zones > ServiceNow
- Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
- Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Record
- Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Private DNS Zones > ServiceNow > Table
- Azure > Network > Private DNS Zones > ServiceNow > Table > Definition
- Azure > Network > Public IP Address > ServiceNow
- Azure > Network > Public IP Address > ServiceNow > Configuration Item
- Azure > Network > Public IP Address > ServiceNow > Configuration Item > Record
- Azure > Network > Public IP Address > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Public IP Address > ServiceNow > Table
- Azure > Network > Public IP Address > ServiceNow > Table > Definition
- Azure > Network > Route Table > ServiceNow
- Azure > Network > Route Table > ServiceNow > Configuration Item
- Azure > Network > Route Table > ServiceNow > Configuration Item > Record
- Azure > Network > Route Table > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Route Table > ServiceNow > Table
- Azure > Network > Route Table > ServiceNow > Table > Definition
- Azure > Network > Virtual Network Gateway > ServiceNow
- Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
- Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Record
- Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Virtual Network Gateway > ServiceNow > Table
- Azure > Network > Virtual Network Gateway > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > Key Vault > Key > ServiceNow
- Azure > Key Vault > Key > ServiceNow > Configuration Item
- Azure > Key Vault > Key > ServiceNow > Table
- Azure > Key Vault > Secret > ServiceNow
- Azure > Key Vault > Secret > ServiceNow > Configuration Item
- Azure > Key Vault > Secret > ServiceNow > Table
- Azure > Key Vault > Vault > ServiceNow
- Azure > Key Vault > Vault > ServiceNow > Configuration Item
- Azure > Key Vault > Vault > ServiceNow > Table
Policy Types:
- Azure > Key Vault > Key > ServiceNow
- Azure > Key Vault > Key > ServiceNow > Configuration Item
- Azure > Key Vault > Key > ServiceNow > Configuration Item > Record
- Azure > Key Vault > Key > ServiceNow > Configuration Item > Table Definition
- Azure > Key Vault > Key > ServiceNow > Table
- Azure > Key Vault > Key > ServiceNow > Table > Definition
- Azure > Key Vault > Secret > ServiceNow
- Azure > Key Vault > Secret > ServiceNow > Configuration Item
- Azure > Key Vault > Secret > ServiceNow > Configuration Item > Record
- Azure > Key Vault > Secret > ServiceNow > Configuration Item > Table Definition
- Azure > Key Vault > Secret > ServiceNow > Table
- Azure > Key Vault > Secret > ServiceNow > Table > Definition
- Azure > Key Vault > Vault > ServiceNow
- Azure > Key Vault > Vault > ServiceNow > Configuration Item
- Azure > Key Vault > Vault > ServiceNow > Configuration Item > Record
- Azure > Key Vault > Vault > ServiceNow > Configuration Item > Table Definition
- Azure > Key Vault > Vault > ServiceNow > Table
- Azure > Key Vault > Vault > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > PostgreSQL > Flexible Server > ServiceNow
- Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
- Azure > PostgreSQL > Flexible Server > ServiceNow > Table
Policy Types:
- Azure > PostgreSQL > Flexible Server > ServiceNow
- Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
- Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Record
- Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
- Azure > PostgreSQL > Flexible Server > ServiceNow > Table
- Azure > PostgreSQL > Flexible Server > ServiceNow > Table > Definition
What's new?
Control Types:
- Azure > MySQL > Flexible Server > ServiceNow
- Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
- Azure > MySQL > Flexible Server > ServiceNow > Table
Policy Types:
- Azure > MySQL > Flexible Server > ServiceNow
- Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
- Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Record
- Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
- Azure > MySQL > Flexible Server > ServiceNow > Table
- Azure > MySQL > Flexible Server > ServiceNow > Table > Definition
What's new?
Control Types:
- AWS > KMS > Key > ServiceNow
- AWS > KMS > Key > ServiceNow > Configuration Item
- AWS > KMS > Key > ServiceNow > Table
Policy Types:
- AWS > KMS > Key > ServiceNow
- AWS > KMS > Key > ServiceNow > Configuration Item
- AWS > KMS > Key > ServiceNow > Configuration Item > Record
- AWS > KMS > Key > ServiceNow > Configuration Item > Table Definition
- AWS > KMS > Key > ServiceNow > Table
- AWS > KMS > Key > ServiceNow > Table > Definition
What's new?
Control Types:
- AWS > CloudWatch > Alarm > ServiceNow
- AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
- AWS > CloudWatch > Alarm > ServiceNow > Table
Policy Types:
- AWS > CloudWatch > Alarm > ServiceNow
- AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
- AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Record
- AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Table Definition
- AWS > CloudWatch > Alarm > ServiceNow > Table
- AWS > CloudWatch > Alarm > ServiceNow > Table > Definition
What's new?
Control Types:
- AWS > CloudTrail > Trail > ServiceNow
- AWS > CloudTrail > Trail > ServiceNow > Configuration Item
- AWS > CloudTrail > Trail > ServiceNow > Table
Policy Types:
- AWS > CloudTrail > Trail > ServiceNow
- AWS > CloudTrail > Trail > ServiceNow > Configuration Item
- AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Record
- AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Table Definition
- AWS > CloudTrail > Trail > ServiceNow > Table
- AWS > CloudTrail > Trail > ServiceNow > Table > Definition
Bug fixes
- The
AWS > RDS > DB Instance > Discovery
control would sometimes upsert DocumentDB Instances as RDS Instances in Guardrails CMDB. This is fixed and the control will now filter out DocumentDB Instances while upserting resources in CMDB.
Turbot Pipes Enterprise plan is now available.
The Enterprise tier expands on the Team tier’s features with enhanced collaboration, enterprise-grade security, and improved scalability, making it ideal for larger organizations:
- Organization-wide cloud intelligence & security: Enables tailored data management across business units and teams for sharing insights.
- SAML Authentication: Provides secure and seamless SSO user experience using your identity provider.
- Multi-Organization RBAC: Allows granular access permissions across organizations and workspaces to protect sensitive data.
- Trusted Login Domains: Significantly reduces unauthorized access by restricting logins to trusted domains.
- Consolidated Usage and Billing: Simplifies resource and financial tracking with tenant-level visibility plus per organization/workspace details.
Get started in a 14-day free trial then switch to flexible, usage based pricing.
For more information, see the launch post.
Turbot Pipes now officially supports billing for your organization Enterprise plan via the AWS Marketplace.
For more information, see the Pipes billing docs.
Our trademark policy & terms now clarify that while others are allowed to make their own distribution of Turbot open-source software, they cannot use any of the Turbot trademarks, cloud services, etc.
We now require a signed Contributor License Agreement for all contributions to our AGPL 3.0 and CC BY-NC-ND licensed repositories.
Learn more in our open source FAQ.
114 plugins have been updated to include the following changes:
What's new?
- Query tables directly in Postgres as a native Foreign Data Wrapper.
- Query tables directly in SQLite as a SQLite extension.
- Run as an Export CLI to extract data to files.
- SQLite examples added to table documentation.
- Expanded table documentation, especially to describe example queries.
- Docs license updated to match Steampipe CC BY-NC-ND license.
Dependencies
- Recompiled with steampipe-plugin-sdk v5.8.0 that includes plugin server encapsulation for in-process and GRPC usage, adding Steampipe Plugin SDK version to
_ctx
column, and fixing connection and potential divide-by-zero bugs.
35 new, ready-to-use Flowpipe sample mods are now available! These mods serve as practical examples, showcasing the patterns and applications of various library mods. Every mod comes with specific instructions for installation and use, enabling fast and easy setup.
A full list of sample mods can be found in the Flowpipe Hub and the source code is available at turbot/flowpipe-samples.
Introducing Flowpipe, a cloud scripting engine. Automation and workflow to connect your clouds to the people, systems and data that matter. Pipelines for DevOps written in HCL.
Initial support for:
- Pipeline execution
- Steps: container, email, function, http, pipeline, query, sleep, transform
- Triggers: schedule, http
- Credential management
- Mod composition
Learn more at:
- Website - https://flowpipe.io
- Docs - https://flowpipe.io/docs
- Hub - https://hub.flowpipe.io
- Introduction - https://flowpipe.io/blog/introducing-flowpipe
We're thrilled to announce the release of 28 new Flowpipe library mods, featuring versatile pipelines for common tasks. These include starting AWS EC2 instances, creating GitHub issues, sending Slack messages, generating Zendesk tickets, and much more!
A full list of library mods can be found in the Flowpipe Hub.
For more information on how you can get started incorporating these library mods into your own mods and pipelines, please see Introducing Flowpipe - Composable Mods.
What's new?
- Added support for latest lambda runtimes in the AWS > Lambda > Function > Allowed Runtime > Values policy.
What's new?
Control Types:
- AWS > IAM > Root > Approved
Policy Types:
- AWS > IAM > Root > Approved
- AWS > IAM > Root > Approved > Custom
- AWS > IAM > Root > Approved > Usage
Action Types:
- AWS > IAM > Root > Skip alarm for Approved control
- AWS > IAM > Root > Skip alarm for Approved control [90 days]
Bug fixes
- The
AWS > IAM > Account Password Policy > CMDB
control would incorrectly go into an Alarm state when Guardrails was denied access to fetch the Account Password Policy data. This is fixed and the control will now move to an Error state instead for such cases. - Guardrails stack controls would sometimes fail to update IAM resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.
Bug fixes
- README.md file is now available for users to check details about resource types that the mod covers.
What's new?
AWS/CloudFront/Admin
andAWS/CloudFront/Metadata
will now also include permissions for CloudFront KeyValueStore.
Bug fixes
- Server
- Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk.
Requirements
- TEF: 1.51.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
What's new?
Policy Types:
- ServiceNow > Turbot > Watches > GCP
Control Types:
- ServiceNow > Turbot > Watches > GCP
Action Types:
- ServiceNow > Turbot > Watches > GCP Archive And Delete Record
What's new?
Policy Types:
- GCP > Storage > Bucket > ServiceNow
- GCP > Storage > Bucket > ServiceNow > Configuration Item
- GCP > Storage > Bucket > ServiceNow > Configuration Item > Record
- GCP > Storage > Bucket > ServiceNow > Configuration Item > Table Definition
- GCP > Storage > Bucket > ServiceNow > Table
- GCP > Storage > Bucket > ServiceNow > Table > Definition
Control Types:
- GCP > Storage > Bucket > ServiceNow
- GCP > Storage > Bucket > ServiceNow > Configuration Item
- GCP > Storage > Bucket > ServiceNow > Table
What's new?
Policy Types:
- GCP > SQL > Instance > ServiceNow
- GCP > SQL > Instance > ServiceNow > Configuration Item
- GCP > SQL > Instance > ServiceNow > Configuration Item > Record
- GCP > SQL > Instance > ServiceNow > Configuration Item > Table Definition
- GCP > SQL > Instance > ServiceNow > Table
- GCP > SQL > Instance > ServiceNow > Table > Definition
Control Types:
- GCP > SQL > Instance > ServiceNow
- GCP > SQL > Instance > ServiceNow > Configuration Item
- GCP > SQL > Instance > ServiceNow > Table
What's new?
Policy Types:
- GCP > Network > Network > ServiceNow
- GCP > Network > Network > ServiceNow > Configuration Item
- GCP > Network > Network > ServiceNow > Configuration Item > Record
- GCP > Network > Network > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Network > ServiceNow > Table
- GCP > Network > Network > ServiceNow > Table > Definition
- GCP > Network > Subnetwork > ServiceNow
- GCP > Network > Subnetwork > ServiceNow > Configuration Item
- GCP > Network > Subnetwork > ServiceNow > Configuration Item > Record
- GCP > Network > Subnetwork > ServiceNow > Configuration Item > Table Definition
- GCP > Network > Subnetwork > ServiceNow > Table
- GCP > Network > Subnetwork > ServiceNow > Table > Definition
Control Types:
- GCP > Network > Network > ServiceNow
- GCP > Network > Network > ServiceNow > Configuration Item
- GCP > Network > Network > ServiceNow > Table
- GCP > Network > Subnetwork > ServiceNow
- GCP > Network > Subnetwork > ServiceNow > Configuration Item
- GCP > Network > Subnetwork > ServiceNow > Table
What's new?
Policy Types:
- GCP > Compute Engine > Disk > ServiceNow
- GCP > Compute Engine > Disk > ServiceNow > Configuration Item
- GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Disk > ServiceNow > Table
- GCP > Compute Engine > Disk > ServiceNow > Table > Definition
- GCP > Compute Engine > Image > ServiceNow
- GCP > Compute Engine > Image > ServiceNow > Configuration Item
- GCP > Compute Engine > Image > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Image > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Image > ServiceNow > Table
- GCP > Compute Engine > Image > ServiceNow > Table > Definition
- GCP > Compute Engine > Instance > ServiceNow
- GCP > Compute Engine > Instance > ServiceNow > Configuration Item
- GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Instance > ServiceNow > Table
- GCP > Compute Engine > Instance > ServiceNow > Table > Definition
- GCP > Compute Engine > Snapshot > ServiceNow
- GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
- GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Record
- GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Table Definition
- GCP > Compute Engine > Snapshot > ServiceNow > Table
- GCP > Compute Engine > Snapshot > ServiceNow > Table > Definition
Control Types:
- GCP > Compute Engine > Disk > ServiceNow
- GCP > Compute Engine > Disk > ServiceNow > Configuration Item
- GCP > Compute Engine > Disk > ServiceNow > Table
- GCP > Compute Engine > Image > ServiceNow
- GCP > Compute Engine > Image > ServiceNow > Configuration Item
- GCP > Compute Engine > Image > ServiceNow > Table
- GCP > Compute Engine > Instance > ServiceNow
- GCP > Compute Engine > Instance > ServiceNow > Configuration Item
- GCP > Compute Engine > Instance > ServiceNow > Table
- GCP > Compute Engine > Snapshot > ServiceNow
- GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
- GCP > Compute Engine > Snapshot > ServiceNow > Table
What's new?
Policy Types:
- ServiceNow > Turbot > Watches > Azure
Control Types:
- ServiceNow > Turbot > Watches > Azure
Action Types:
- ServiceNow > Turbot > Watches > Azure Archive And Delete Record
What's new?
Policy Types:
- Azure > Storage > Storage Account > ServiceNow
- Azure > Storage > Storage Account > ServiceNow > Configuration Item
- Azure > Storage > Storage Account > ServiceNow > Configuration Item > Record
- Azure > Storage > Storage Account > ServiceNow > Configuration Item > Table Definition
- Azure > Storage > Storage Account > ServiceNow > Table
- Azure > Storage > Storage Account > ServiceNow > Table > Definition
Control Types:
- Azure > Storage > Storage Account > ServiceNow
- Azure > Storage > Storage Account > ServiceNow > Configuration Item
- Azure > Storage > Storage Account > ServiceNow > Table
What's new?
Policy Types:
- Azure > SQL > Server > ServiceNow
- Azure > SQL > Server > ServiceNow > Configuration Item
- Azure > SQL > Server > ServiceNow > Configuration Item > Record
- Azure > SQL > Server > ServiceNow > Configuration Item > Table Definition
- Azure > SQL > Server > ServiceNow > Table
- Azure > SQL > Server > ServiceNow > Table > Definition
Control Types:
- Azure > SQL > Server > ServiceNow
- Azure > SQL > Server > ServiceNow > Configuration Item
- Azure > SQL > Server > ServiceNow > Table
What's new?
Policy Types:
- Azure > PostgreSQL > Server > ServiceNow
- Azure > PostgreSQL > Server > ServiceNow > Configuration Item
- Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Record
- Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Table Definition
- Azure > PostgreSQL > Server > ServiceNow > Table
- Azure > PostgreSQL > Server > ServiceNow > Table > Definition
Control Types:
- Azure > PostgreSQL > Server > ServiceNow
- Azure > PostgreSQL > Server > ServiceNow > Configuration Item
- Azure > PostgreSQL > Server > ServiceNow > Table
What's new?
Policy Types:
- Azure > Network > Network Security Group > ServiceNow
- Azure > Network > Network Security Group > ServiceNow > Configuration Item
- Azure > Network > Network Security Group > ServiceNow > Configuration Item > Record
- Azure > Network > Network Security Group > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Network Security Group > ServiceNow > Table
- Azure > Network > Network Security Group > ServiceNow > Table > Definition
- Azure > Network > Subnet > ServiceNow
- Azure > Network > Subnet > ServiceNow > Configuration Item
- Azure > Network > Subnet > ServiceNow > Configuration Item > Record
- Azure > Network > Subnet > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Subnet > ServiceNow > Table
- Azure > Network > Subnet > ServiceNow > Table > Definition
- Azure > Network > Virtual Network > ServiceNow
- Azure > Network > Virtual Network > ServiceNow > Configuration Item
- Azure > Network > Virtual Network > ServiceNow > Configuration Item > Record
- Azure > Network > Virtual Network > ServiceNow > Configuration Item > Table Definition
- Azure > Network > Virtual Network > ServiceNow > Table
- Azure > Network > Virtual Network > ServiceNow > Table > Definition
Control Types:
- Azure > Network > Network Security Group > ServiceNow
- Azure > Network > Network Security Group > ServiceNow > Configuration Item
- Azure > Network > Network Security Group > ServiceNow > Table
- Azure > Network > Subnet > ServiceNow
- Azure > Network > Subnet > ServiceNow > Configuration Item
- Azure > Network > Subnet > ServiceNow > Table
- Azure > Network > Virtual Network > ServiceNow
- Azure > Network > Virtual Network > ServiceNow > Configuration Item
- Azure > Network > Virtual Network > ServiceNow > Table
What's new?
Policy Types:
- Azure > MySQL > Server > ServiceNow
- Azure > MySQL > Server > ServiceNow > Configuration Item
- Azure > MySQL > Server > ServiceNow > Configuration Item > Record
- Azure > MySQL > Server > ServiceNow > Configuration Item > Table Definition
- Azure > MySQL > Server > ServiceNow > Table
- Azure > MySQL > Server > ServiceNow > Table > Definition
Control Types:
- Azure > MySQL > Server > ServiceNow
- Azure > MySQL > Server > ServiceNow > Configuration Item
- Azure > MySQL > Server > ServiceNow > Table
What's new?
Policy Types:
- Azure > Compute > Availability Set > ServiceNow
- Azure > Compute > Availability Set > ServiceNow > Configuration Item
- Azure > Compute > Availability Set > ServiceNow > Configuration Item > Record
- Azure > Compute > Availability Set > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Availability Set > ServiceNow > Table
- Azure > Compute > Availability Set > ServiceNow > Table > Definition
- Azure > Compute > Disk > ServiceNow
- Azure > Compute > Disk > ServiceNow > Configuration Item
- Azure > Compute > Disk > ServiceNow > Configuration Item > Record
- Azure > Compute > Disk > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Disk > ServiceNow > Table
- Azure > Compute > Disk > ServiceNow > Table > Definition
- Azure > Compute > Disk Encryption Set > ServiceNow
- Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
- Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Record
- Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Disk Encryption Set > ServiceNow > Table
- Azure > Compute > Disk Encryption Set > ServiceNow > Table > Definition
- Azure > Compute > Image > ServiceNow
- Azure > Compute > Image > ServiceNow > Configuration Item
- Azure > Compute > Image > ServiceNow > Configuration Item > Record
- Azure > Compute > Image > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Image > ServiceNow > Table
- Azure > Compute > Image > ServiceNow > Table > Definition
- Azure > Compute > Snapshot > ServiceNow
- Azure > Compute > Snapshot > ServiceNow > Configuration Item
- Azure > Compute > Snapshot > ServiceNow > Configuration Item > Record
- Azure > Compute > Snapshot > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Snapshot > ServiceNow > Table
- Azure > Compute > Snapshot > ServiceNow > Table > Definition
- Azure > Compute > Ssh Public Key > ServiceNow
- Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
- Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Record
- Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Ssh Public Key > ServiceNow > Table
- Azure > Compute > Ssh Public Key > ServiceNow > Table > Definition
- Azure > Compute > Virtual Machine > ServiceNow
- Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
- Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Record
- Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Virtual Machine > ServiceNow > Table
- Azure > Compute > Virtual Machine > ServiceNow > Table > Definition
- Azure > Compute > Virtual Machine Scale Set > ServiceNow
- Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
- Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Record
- Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Table Definition
- Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table
- Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table > Definition
Control Types:
- Azure > Compute > Availability Set > ServiceNow
- Azure > Compute > Availability Set > ServiceNow > Configuration Item
- Azure > Compute > Availability Set > ServiceNow > Table
- Azure > Compute > Disk > ServiceNow
- Azure > Compute > Disk > ServiceNow > Configuration Item
- Azure > Compute > Disk > ServiceNow > Table
- Azure > Compute > Disk Encryption Set > ServiceNow
- Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
- Azure > Compute > Disk Encryption Set > ServiceNow > Table
- Azure > Compute > Image > ServiceNow
- Azure > Compute > Image > ServiceNow > Configuration Item
- Azure > Compute > Image > ServiceNow > Table
- Azure > Compute > Snapshot > ServiceNow
- Azure > Compute > Snapshot > ServiceNow > Configuration Item
- Azure > Compute > Snapshot > ServiceNow > Table
- Azure > Compute > Ssh Public Key > ServiceNow
- Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
- Azure > Compute > Ssh Public Key > ServiceNow > Table
- Azure > Compute > Virtual Machine > ServiceNow
- Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
- Azure > Compute > Virtual Machine > ServiceNow > Table
- Azure > Compute > Virtual Machine Scale Set > ServiceNow
- Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
- Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table
Bug fixes
- The
ServiceNow > Turbot > Watches > AWS
control would fail to delete/archive records in ServiceNow. This is now fixed.
Bug fixes
- Server
- Updated TE stack to enable propagation of custom tags to ECS tasks.
- Updated @turbot/aws-sdk to 5.13.0, @turbot/fn to 5.21.0 and aws-sdk to 2.922.
Requirements
- TEF: 1.51.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3
Bug fixes
- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the
cmdb_ci*
Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow. - The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.
Bug fixes
- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the
cmdb_ci*
Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow. - The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.
Bug fixes
- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the
cmdb_ci*
Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow. - The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.
Bug fixes
- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the
cmdb_ci*
Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow. - The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.
Bug fixes
- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the
cmdb_ci*
Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow. - The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.
Bug fixes
- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the
cmdb_ci*
Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow. - The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.
Bug fixes
- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the
cmdb_ci*
Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow. - The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.
Bug fixes
- Fixed the plugin to correctly return results when environment variables are only used for authentication. (#21)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#15)
Bug fixes
- The Discovery controls for Application, Cost Center and User would sometimes upsert resources with incorrect AKAs for a freshly imported ServiceNow Instance in Guardrails CMDB. This is fixed and the controls will now work as expected.
Bug fixes
- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.
Bug fixes
- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.
Bug fixes
- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.
Bug fixes
- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.
Bug fixes
- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.
Bug fixes
- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.
Bug fixes
- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.
Bug fixes
- The
AWS > Turbot > Event Poller
policy will now be automatically set toDisabled
if any of theAWS > Turbot > Event Handlers
orAWS > Turbot > Event Handlers [Global]
policies is set toEnforce: Configured
.
Bug fixes
- Fixed the invalid Go module path of the plugin. (#20)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#13)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#43)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#36)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#20)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#26)
What's new?
- New tables added
- github_repository_sbom (#353) (Thanks @lwakefield for the contribution!)
Enhancements
- Updated the following tables to include support for dynamic GraphQL queries:
github_my_star
(#369)github_stargazer
(#370)github_tag
(#371)github_rate_limit
(#368)github_community_profile
(#367)github_license
(#366)github_organization_member
(#364)github_team_member
(#364)github_user
(#364)github_my_team
(#363)github_team
(#363)github_commit
(#362)github_my_organization
(#361)github_organization
(#361)github_organization_external_identity
(#361)github_branch
(#360)github_branch_protection
(#360)github_repository_collaborator
(#365)github_repository_deployment
(#365)github_repository_environment
(#365)github_repository_vulnerability_alert
(#365)github_issue
(#359)github_issue_comment
(#359)github_pull_request
(#359)github_pull_request_comment
(#359)github_pull_request_review
(#359)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#27)
Bug fixes
- Server
- ServiceNow Instance Client Secret and Password were processed incorrectly while fetching credentials for the Instance.
Bug fixes
- Server
- Create mutation for ServiceNow instance failed if no instances were available in a Guardrails workspace.
What's new?
Resource Types:
- ServiceNow
- ServiceNow > Application
- ServiceNow > Cost Center
- ServiceNow > Instance
- ServiceNow > User
Policy Types:
- ServiceNow > Application > Business Rule
- ServiceNow > Application > Business Rule > Name
- ServiceNow > Application > CMDB
- ServiceNow > Config
- ServiceNow > Config > Application Scope
- ServiceNow > Config > Client ID
- ServiceNow > Config > Client Secret
- ServiceNow > Config > Instance URL
- ServiceNow > Config > Password
- ServiceNow > Config > System Properties
- ServiceNow > Config > System Properties > Template
- ServiceNow > Config > Username
- ServiceNow > Cost Center > Business Rule
- ServiceNow > Cost Center > Business Rule > Name
- ServiceNow > Cost Center > CMDB
- ServiceNow > Instance > CMDB
- ServiceNow > Login Names
- ServiceNow > Turbot
- ServiceNow > Turbot > Watches
- ServiceNow > User > Business Rule
- ServiceNow > User > Business Rule > Name
- ServiceNow > User > CMDB
Control Types:
- ServiceNow > Application > Business Rule
- ServiceNow > Application > CMDB
- ServiceNow > Application > Discovery
- ServiceNow > Config
- ServiceNow > Config > System Properties
- ServiceNow > Cost Center > Business Rule
- ServiceNow > Cost Center > CMDB
- ServiceNow > Cost Center > Discovery
- ServiceNow > Instance > CMDB
- ServiceNow > Turbot
- ServiceNow > Turbot > Watches
- ServiceNow > User > Business Rule
- ServiceNow > User > CMDB
- ServiceNow > User > Discovery
Action Types:
- ServiceNow > Instance > Event Handler
- ServiceNow > Turbot
- ServiceNow > Turbot > Watches
What's new?
Policy Types:
- AWS > VPC > Network ACL > ServiceNow
- AWS > VPC > Network ACL > ServiceNow > Configuration Item
- AWS > VPC > Network ACL > ServiceNow > Configuration Item > Record
- AWS > VPC > Network ACL > ServiceNow > Configuration Item > Table Definition
- AWS > VPC > Network ACL > ServiceNow > Table
- AWS > VPC > Network ACL > ServiceNow > Table > Definition
- AWS > VPC > Security Group > ServiceNow
- AWS > VPC > Security Group > ServiceNow > Configuration Item
- AWS > VPC > Security Group > ServiceNow > Configuration Item > Record
- AWS > VPC > Security Group > ServiceNow > Configuration Item > Table Definition
- AWS > VPC > Security Group > ServiceNow > Table
- AWS > VPC > Security Group > ServiceNow > Table > Definition
Control Types:
- AWS > VPC > Network ACL > ServiceNow
- AWS > VPC > Network ACL > ServiceNow > Configuration Item
- AWS > VPC > Network ACL > ServiceNow > Table
- AWS > VPC > Security Group > ServiceNow
- AWS > VPC > Security Group > ServiceNow > Configuration Item
- AWS > VPC > Security Group > ServiceNow > Table
What's new?
Policy Types:
- AWS > VPC > Elastic IP > ServiceNow
- AWS > VPC > Elastic IP > ServiceNow > Configuration Item
- AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Record
- AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Table Definition
- AWS > VPC > Elastic IP > ServiceNow > Table
- AWS > VPC > Elastic IP > ServiceNow > Table > Definition
Control Types:
- AWS > VPC > Elastic IP > ServiceNow
- AWS > VPC > Elastic IP > ServiceNow > Configuration Item
- AWS > VPC > Elastic IP > ServiceNow > Table
What's new?
Policy Types:
- AWS > VPC > Route Table > ServiceNow
- AWS > VPC > Route Table > ServiceNow > Configuration Item
- AWS > VPC > Route Table > ServiceNow > Configuration Item > Record
- AWS > VPC > Route Table > ServiceNow > Configuration Item > Table Definition
- AWS > VPC > Route Table > ServiceNow > Table
- AWS > VPC > Route Table > ServiceNow > Table > Definition
- AWS > VPC > Subnet > ServiceNow
- AWS > VPC > Subnet > ServiceNow > Configuration Item
- AWS > VPC > Subnet > ServiceNow > Configuration Item > Record
- AWS > VPC > Subnet > ServiceNow > Configuration Item > Table Definition
- AWS > VPC > Subnet > ServiceNow > Table
- AWS > VPC > Subnet > ServiceNow > Table > Definition
- AWS > VPC > VPC > ServiceNow
- AWS > VPC > VPC > ServiceNow > Configuration Item
- AWS > VPC > VPC > ServiceNow > Configuration Item > Record
- AWS > VPC > VPC > ServiceNow > Configuration Item > Table Definition
- AWS > VPC > VPC > ServiceNow > Table
- AWS > VPC > VPC > ServiceNow > Table > Definition
Control Types:
- AWS > VPC > Route Table > ServiceNow
- AWS > VPC > Route Table > ServiceNow > Configuration Item
- AWS > VPC > Route Table > ServiceNow > Table
- AWS > VPC > Subnet > ServiceNow
- AWS > VPC > Subnet > ServiceNow > Configuration Item
- AWS > VPC > Subnet > ServiceNow > Table
- AWS > VPC > VPC > ServiceNow
- AWS > VPC > VPC > ServiceNow > Configuration Item
- AWS > VPC > VPC > ServiceNow > Table
What's new?
Policy Types:
- ServiceNow > Turbot > Watches > AWS
Control Types:
- ServiceNow > Turbot > Watches > AWS
Action Types:
- ServiceNow > Turbot > Watches > AWS Archive And Delete Record
What's new?
Policy Types:
- AWS > S3 > Bucket > ServiceNow
- AWS > S3 > Bucket > ServiceNow > Configuration Item
- AWS > S3 > Bucket > ServiceNow > Configuration Item > Record
- AWS > S3 > Bucket > ServiceNow > Configuration Item > Table Definition
- AWS > S3 > Bucket > ServiceNow > Table
- AWS > S3 > Bucket > ServiceNow > Table > Definition
Control Types:
- AWS > S3 > Bucket > ServiceNow
- AWS > S3 > Bucket > ServiceNow > Configuration Item
- AWS > S3 > Bucket > ServiceNow > Table
What's new?
Policy Types:
- AWS > IAM > Group > ServiceNow
- AWS > IAM > Group > ServiceNow > Configuration Item
- AWS > IAM > Group > ServiceNow > Configuration Item > Record
- AWS > IAM > Group > ServiceNow > Configuration Item > Table Definition
- AWS > IAM > Group > ServiceNow > Table
- AWS > IAM > Group > ServiceNow > Table > Definition
- AWS > IAM > Role > ServiceNow
- AWS > IAM > Role > ServiceNow > Configuration Item
- AWS > IAM > Role > ServiceNow > Configuration Item > Record
- AWS > IAM > Role > ServiceNow > Configuration Item > Table Definition
- AWS > IAM > Role > ServiceNow > Table
- AWS > IAM > Role > ServiceNow > Table > Definition
- AWS > IAM > User > ServiceNow
- AWS > IAM > User > ServiceNow > Configuration Item
- AWS > IAM > User > ServiceNow > Configuration Item > Record
- AWS > IAM > User > ServiceNow > Configuration Item > Table Definition
- AWS > IAM > User > ServiceNow > Table
- AWS > IAM > User > ServiceNow > Table > Definition
Control Types:
- AWS > IAM > Group > ServiceNow
- AWS > IAM > Group > ServiceNow > Configuration Item
- AWS > IAM > Group > ServiceNow > Table
- AWS > IAM > Role > ServiceNow
- AWS > IAM > Role > ServiceNow > Configuration Item
- AWS > IAM > Role > ServiceNow > Table
- AWS > IAM > User > ServiceNow
- AWS > IAM > User > ServiceNow > Configuration Item
- AWS > IAM > User > ServiceNow > Table
What's new?
Policy Types:
- AWS > EC2 > Instance > ServiceNow
- AWS > EC2 > Instance > ServiceNow > Configuration Item
- AWS > EC2 > Instance > ServiceNow > Configuration Item > Record
- AWS > EC2 > Instance > ServiceNow > Configuration Item > Table Definition
- AWS > EC2 > Instance > ServiceNow > Table
- AWS > EC2 > Instance > ServiceNow > Table > Definition
- AWS > EC2 > Snapshot > ServiceNow
- AWS > EC2 > Snapshot > ServiceNow > Configuration Item
- AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Record
- AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Table Definition
- AWS > EC2 > Snapshot > ServiceNow > Table
- AWS > EC2 > Snapshot > ServiceNow > Table > Definition
- AWS > EC2 > Volume > ServiceNow
- AWS > EC2 > Volume > ServiceNow > Configuration Item
- AWS > EC2 > Volume > ServiceNow > Configuration Item > Record
- AWS > EC2 > Volume > ServiceNow > Configuration Item > Table Definition
- AWS > EC2 > Volume > ServiceNow > Table
- AWS > EC2 > Volume > ServiceNow > Table > Definition
Control Types:
- AWS > EC2 > Instance > ServiceNow
- AWS > EC2 > Instance > ServiceNow > Configuration Item
- AWS > EC2 > Instance > ServiceNow > Table
- AWS > EC2 > Snapshot > ServiceNow
- AWS > EC2 > Snapshot > ServiceNow > Configuration Item
- AWS > EC2 > Snapshot > ServiceNow > Table
- AWS > EC2 > Volume > ServiceNow
- AWS > EC2 > Volume > ServiceNow > Configuration Item
- AWS > EC2 > Volume > ServiceNow > Table
What's new?
- New tables added: (Thanks @gabrielsoltz for the new plugin!)
Turbot Pipes now officially supports billing for your organization team plan via AWS Marketplace.
For more information, see the Pipes billing docs.
What's new?
Server
- Added: Support for creating and deleting watches using @turbot/sdk.
- Updated: @turbot/fn, @turbot/aws-sdk, aws-sdk, @turbot/utils, @turbot/errors, @turbot/log, @turbot/responses packages.
- Added: Support for ServiceNow credentials.
UI:
- Added: Support to import ServiceNow Instance in Guardrails.
What's new?
- Control Category Types:
- CMDB > External
- Cloud > Integration
What's new?
- Added the following controls across the benchmarks: (#49)
bigquery_table_deletion_protection_enabled
bigtable_instance_deletion_protection_enabled
spanner_database_deletion_protection_enabled
spanner_database_drop_protection_enabled
What's new?
- Added the following controls across the benchmarks: (#47)
appservice_environment_zone_redundant_enabled
appservice_function_app_public_access_disabled
appservice_plan_zone_redundant
appservice_web_app_public_access_disabled
eventhub_namespace_uses_latest_tls_version
eventhub_namespace_zone_redundant
kubernetes_cluster_critical_pods_on_system_nodes
kubernetes_cluster_os_disk_ephemeral
redis_cache_standard_replication_enabled
sql_database_ledger_enabled
sql_database_zone_redundant_enabled
What's new?
- Added the following controls across the benchmarks: (#98)
docdb_cluster_backup_retention_period_7
lambda_permission_restricted_service_permission
neptune_cluster_backup_retention_period_7
neptune_cluster_copy_tags_to_snapshot_enabled
neptune_cluster_iam_authentication_enabled
Bug fixes
- Fixed the index doc by removing unsupported images. (#334)
Enhancements
- Added the following controls to the
All Controls
benchmark: (#733)api_gateway_rest_api_public_endpoint_with_authorizer
dlm_ebs_snapshot_lifecycle_policy_enabled
docdb_cluster_instance_encryption_at_rest_enabled
ebs_volume_snapshot_exists
elasticache_cluster_no_public_subnet
iam_role_no_administrator_access_policy_attached
iam_user_access_key_unused_45
iam_user_console_access_unused_45
neptune_db_cluster_no_public_subnet
Bug fixes
- Fixed missing closing tag in index doc. (#331)
What's new?
Resource Types:
- AWS > Kendra
Policy Types:
- AWS > Kendra > API Enabled
- AWS > Kendra > Approved Regions [Default]
- AWS > Kendra > Enabled
- AWS > Kendra > Permissions
- AWS > Kendra > Permissions > Levels
- AWS > Kendra > Permissions > Levels > Modifiers
- AWS > Kendra > Permissions > Lockdown
- AWS > Kendra > Permissions > Lockdown > API Boundary
- AWS > Kendra > Regions
- AWS > Kendra > Tags Template [Default]
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-kendra
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-kendra
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-kendra
Bug fixes
- Fixed
ad_guest_user_reviewed_monthly
,iam_deprecated_account_with_owner_roles
,iam_external_user_with_read_permission
,iam_external_user_with_write_permission
,iam_user_not_allowed_to_create_security_group
andiam_user_not_allowed_to_register_application
queries to remove duplicate benchmark results. (#228)
What's new?
- Category Types:
- Turbot > Resource > Category > Business Application
- Turbot > Resource > Category > Cloud > Api
- Turbot > Resource > Category > Cloud > Provider
- Turbot > Resource > Category > Cloud > Resource Group
- Turbot > Resource > Category > Container
- Turbot > Resource > Category > Cost Management
- Turbot > Resource > Category > End User Computing
- Turbot > Resource > Category > Migration
- Turbot > Resource > Category > Robotics
What's new?
- Added support to process enable and disable real-time events for Firebase Management APIs.
What's new?
You can now Enable/Disable Firebase Management API via Guardrails. To get started, set the
GCP > Firebase > API Enabled
policy.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Control Types:
- GCP > Firebase > API Enabled
Policy Types:
- GCP > Firebase > API Enabled
- GCP > Firebase > Android App > Approved > Custom
- GCP > Firebase > Web App > Approved > Custom
- GCP > Firebase > iOS App > Approved > Custom
Action Types:
- GCP > Firebase > Set API Enabled
What's new?
Added support for newer US, Europe, India and US Government regions in the
Azure > Synapse Analytics > Regions
policy.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Synapse Analytics > SQL Pool > Approved > Custom
- Azure > Synapse Analytics > SQL Pool > Regions
- Azure > Synapse Analytics > Workspace > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > API Management > API Management Service > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > AKS > Managed Cluster > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Network Watcher > Flow Log > Approved > Custom
- Azure > Network Watcher > Network Watcher > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Data Factory > Dataset > Approved > Custom
- Azure > Data Factory > Factory > Approved > Custom
- Azure > Data Factory > Pipeline > Approved > Custom
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Firewall > Firewall > Approved > Custom
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Front Door > Front Door > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Databricks > Workspace > Approved > Custom
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
- Policy Types:
- GCP > Compute Engine > Image > Policy > Trusted Access > All Authenticated
- GCP > Compute Engine > Image > Policy > Trusted Access > All Users
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > SignalR Service > SignalR > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Relay > Namespace > Approved > Custom
Bug fixes
- Fixed the plugin brand colour.
What's new?
- Policy Types:
- GCP > Functions > Function > Policy > Trusted Access > All Authenticated
- GCP > Functions > Function > Policy > Trusted Access > All Users
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Search Management > Search Service > Approved > Custom
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- Azure > Recovery Service > Vault > Approved > Custom
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > SWF > Domain > Approved > Custom
Action Types:
- AWS > SWF > Domain > Set Tags
- AWS > SWF > Domain > Skip alarm for Active control
- AWS > SWF > Domain > Skip alarm for Active control [90 days]
- AWS > SWF > Domain > Skip alarm for Approved control
- AWS > SWF > Domain > Skip alarm for Approved control [90 days]
- AWS > SWF > Domain > Skip alarm for Tags control
- AWS > SWF > Domain > Skip alarm for Tags control [90 days]
What's new?
- New tables added
Bug fixes
- Fixed the
retention_policy
column ofgcp_storage_bucket
table to correctly return data instead of null. (#502)
What's new?
- New tables added
- aws_lambda_event_source_mapping (#1874) (Thanks @nickman for the contribution!)
Enhancements
What's new?
- New tables added
Enhancements
- Added the
properties
column tojira_project
table. (#105)
Bug fixes
What's new?
- Added CIS v3.0.0 benchmark (
steampipe check benchmark.cis_v300
). (#57)
Breaking Changes
- Removed the following tables using the search API that no longer work due to API limitations. These tables will be added back if functionality can be restored.
linkedin_company_employee
linkedin_company_past_employee
linkedin_connection
linkedin_search_company
linkedin_search_profile
Bug fixes
- Fixed the
compute_firewall_allow_tcp_connections_proxied_by_iap
query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)
What's new?
- Encapsulate plugin server so it is possible to use it in-process as well as via GRPC. (#719)
- Add
steampipe
field to_ctx
column, containing sdk version. (#712)
Bug fixes
- Remove
plugin has no connections
error when deleting and then re-adding a connection. (#725) - Fix potential divide by zero bug when setting cache size
What's new?
- New tables added
- aws_fms_policy (#1851)
- aws_fms_app_list (#1851)
- aws_transfer_server (#1909) (Thanks @jramosf for the contribution!)
Enhancements
- Added the
features
column toaws_guardduty_detector
table. (#1958)
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Policy Types:
- AWS > QLDB > Ledger > Approved > Custom
Action Types:
- AWS > QLDB > Ledger > Delete from AWS
- AWS > QLDB > Ledger > Set Tags
- AWS > QLDB > Ledger > Skip alarm for Active control
- AWS > QLDB > Ledger > Skip alarm for Active control [90 days]
- AWS > QLDB > Ledger > Skip alarm for Approved control
- AWS > QLDB > Ledger > Skip alarm for Approved control [90 days]
- AWS > QLDB > Ledger > Skip alarm for Tags control
- AWS > QLDB > Ledger > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Neptune > DB Cluster > Approved > Custom
- AWS > Neptune > DB Instance > Approved > Custom
Action Types:
- AWS > Neptune > DB Cluster > Delete from AWS
- AWS > Neptune > DB Cluster > Set Tags
- AWS > Neptune > DB Cluster > Skip alarm for Active control
- AWS > Neptune > DB Cluster > Skip alarm for Active control [90 days]
- AWS > Neptune > DB Cluster > Skip alarm for Approved control
- AWS > Neptune > DB Cluster > Skip alarm for Approved control [90 days]
- AWS > Neptune > DB Cluster > Skip alarm for Tags control
- AWS > Neptune > DB Cluster > Skip alarm for Tags control [90 days]
- AWS > Neptune > DB Instance > Delete from AWS
- AWS > Neptune > DB Instance > Set Tags
- AWS > Neptune > DB Instance > Skip alarm for Active control
- AWS > Neptune > DB Instance > Skip alarm for Active control [90 days]
- AWS > Neptune > DB Instance > Skip alarm for Approved control
- AWS > Neptune > DB Instance > Skip alarm for Approved control [90 days]
- AWS > Neptune > DB Instance > Skip alarm for Tags control
- AWS > Neptune > DB Instance > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Inspector > Assessment Target > Approved > Custom
- AWS > Inspector > Assessment Template > Approved > Custom
Action Types:
- AWS > Inspector > Assessment Target > Delete from AWS
- AWS > Inspector > Assessment Target > Skip alarm for Active control
- AWS > Inspector > Assessment Target > Skip alarm for Active control [90 days]
- AWS > Inspector > Assessment Target > Skip alarm for Approved control
- AWS > Inspector > Assessment Target > Skip alarm for Approved control [90 days]
- AWS > Inspector > Assessment Template > Delete from AWS
- AWS > Inspector > Assessment Template > Set Tags
- AWS > Inspector > Assessment Template > Skip alarm for Active control
- AWS > Inspector > Assessment Template > Skip alarm for Active control [90 days]
- AWS > Inspector > Assessment Template > Skip alarm for Approved control
- AWS > Inspector > Assessment Template > Skip alarm for Approved control [90 days]
- AWS > Inspector > Assessment Template > Skip alarm for Tags control
- AWS > Inspector > Assessment Template > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > DAX > Cluster > Approved > Custom
Action Types:
- AWS > DAX > Cluster > Delete from AWS
- AWS > DAX > Cluster > Set Tags
- AWS > DAX > Cluster > Skip alarm for Active control
- AWS > DAX > Cluster > Skip alarm for Active control [90 days]
- AWS > DAX > Cluster > Skip alarm for Approved control
- AWS > DAX > Cluster > Skip alarm for Approved control [90 days]
- AWS > DAX > Cluster > Skip alarm for Tags control
- AWS > DAX > Cluster > Skip alarm for Tags control [90 days]
What's new?_
- Added the new
All Controls
benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)
What's new?
Server
- Updated: Updated the package
passport-saml
to@node-saml/passport-saml
: 4.0.4 - Updated: The directory API to support
Require Signed Authentication Response
andStrict Audience Validation
.
- Updated: Updated the package
UI:
- Added: Introduced UI options for
Require Signed Authentication Response
andStrict Audience Validation
for enhanced security in SAML authentication.
- Added: Introduced UI options for
Enhanced Security and Compatibility Guide for SAML Authentication
Description
The recent package change for @node-saml/passport-saml
has made it mandatory to sign the audience response and perform audience validation. To maintain backward compatibility, we have introduced two new options in the UI:
- Require Signed Authentication Response
- Strict Audience Validation
To make it backward compatible, both of these options are initially set to Disabled
by default.
Important Note: This change ensures that the audience response is signed and audience validation is enforced. These checks were not available in earlier versions of the package.
Recommendations
We recommend customers enable both of these properties as they add an additional layer of security. However, it's important to be aware that enabling these properties might potentially break SAML login functionality. Therefore, certain steps need to be taken before enabling them.
Here are specific recommendations for popular Identity Providers (IDPs):
Okta
- Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience Restriction."
OneLogin
- Require Signed Authentication Response: This feature should be disabled in OneLogin, as OneLogin does not support it.
- Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience".
Azure Entra ID (Previously Known as Azure AD)
- Require Signed Authentication Response: If enabled, make sure you choose the
Signing option
to be "SIGN SAML response and assertion". TheSigning option
is available on the Signing Certificate page of Entra ID
Please follow these recommendations carefully to make sure you're able to transition smoothly to the updated SAML package.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Policy Types:
- AWS > Lightsail > Instance > Approved > Custom
- AWS > Lightsail > Load Balancer > Approved > Custom
- AWS > Lightsail > Relational Database > Approved > Custom
Action Types:
- AWS > Lightsail > Instance > Delete from AWS
- AWS > Lightsail > Instance > Set Tags
- AWS > Lightsail > Instance > Skip alarm for Active control
- AWS > Lightsail > Instance > Skip alarm for Active control [90 days]
- AWS > Lightsail > Instance > Skip alarm for Approved control
- AWS > Lightsail > Instance > Skip alarm for Approved control [90 days]
- AWS > Lightsail > Instance > Skip alarm for Tags control
- AWS > Lightsail > Instance > Skip alarm for Tags control [90 days]
- AWS > Lightsail > Load Balancer > Delete from AWS
- AWS > Lightsail > Load Balancer > Set Tags
- AWS > Lightsail > Load Balancer > Skip alarm for Active control
- AWS > Lightsail > Load Balancer > Skip alarm for Active control [90 days]
- AWS > Lightsail > Load Balancer > Skip alarm for Approved control
- AWS > Lightsail > Load Balancer > Skip alarm for Approved control [90 days]
- AWS > Lightsail > Load Balancer > Skip alarm for Tags control
- AWS > Lightsail > Load Balancer > Skip alarm for Tags control [90 days]
- AWS > Lightsail > Relational Database > Delete from AWS
- AWS > Lightsail > Relational Database > Set Tags
- AWS > Lightsail > Relational Database > Skip alarm for Active control
- AWS > Lightsail > Relational Database > Skip alarm for Active control [90 days]
- AWS > Lightsail > Relational Database > Skip alarm for Approved control
- AWS > Lightsail > Relational Database > Skip alarm for Approved control [90 days]
- AWS > Lightsail > Relational Database > Skip alarm for Tags control
- AWS > Lightsail > Relational Database > Skip alarm for Tags control [90 days]
What's new?
Resource Types:
- AWS > Bedrock
Policy Types:
- AWS > Bedrock > API Enabled
- AWS > Bedrock > Approved Regions [Default]
- AWS > Bedrock > Enabled
- AWS > Bedrock > Permissions
- AWS > Bedrock > Permissions > Levels
- AWS > Bedrock > Permissions > Levels > Modifiers
- AWS > Bedrock > Permissions > Lockdown
- AWS > Bedrock > Permissions > Lockdown > API Boundary
- AWS > Bedrock > Regions
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-bedrock
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-bedrock
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-bedrock
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > App Mesh > Mesh > Approved > Custom
Action Types:
- AWS > App Mesh > Mesh > Delete from AWS
- AWS > App Mesh > Mesh > Set Tags
- AWS > App Mesh > Mesh > Skip alarm for Active control
- AWS > App Mesh > Mesh > Skip alarm for Active control [90 days]
- AWS > App Mesh > Mesh > Skip alarm for Approved control
- AWS > App Mesh > Mesh > Skip alarm for Approved control [90 days]
- AWS > App Mesh > Mesh > Skip alarm for Tags control
- AWS > App Mesh > Mesh > Skip alarm for Tags control [90 days]
- Updated the plugin dependency section of the following mods to use
min_version
instead ofversion
:- Alicloud Insights
- AWS Insights
- AWS Tags
- Azure Insights
- Digitalocean Insights
- Docker Compliance
- GCP Insights
- GCP Labels
- Github Compliance
- Github Insights
- Gitlab Insights
- Hackernews Insights
- IBM Insights
- Kubernetes Insights
- Microsoft 365 Compliance
- OCI Compliance
- OCI Insights
- OCI Thrifty
- Snowflake Compliance
- Tailscale Compliance
- Terraform AWS Compliance
- Terraform Azure Compliance
- Terraform GCP Compliance
- Terraform OCI Compliance
- Turbot Guardrails Insights
Breaking changes
- Updated the plugin dependency section of the mod to use min_version instead of version. (#82)
Bug fixes
- Updated the docs to include the correct links for the nsa_cisa_v1 benchmark. (#80) (Thanks @aniketh-varma for the contribution!)
- Fixed the following queries to cast the data to boolean format. (#79)
- cronjob_container_privilege_disabled
- cronjob_host_network_access_disabled
- cronjob_hostpid_hostipc_sharing_disabled
- cronjob_immutable_container_filesystem
- cronjob_non_root_container
- daemonset_container_privilege_disabled
- daemonset_host_network_access_disabled
- daemonset_hostpid_hostipc_sharing_disabled
- daemonset_immutable_container_filesystem
- daemonset_non_root_container
- deployment_container_privilege_disabled
- deployment_host_network_access_disabled
- deployment_hostpid_hostipc_sharing_disabled
- deployment_immutable_container_filesystem
- deployment_non_root_container
- job_container_privilege_disabled
- job_host_network_access_disabled
- job_hostpid_hostipc_sharing_disabled
- job_immutable_container_filesystem
- job_non_root_container
- pod_container_privilege_disabled
- pod_immutable_container_filesystem
- pod_non_root_container
- pod_service_account_token_enabled
- pod_template_container_privilege_disabled
- pod_template_immutable_container_filesystem
- replicaset_container_privilege_disabled
- replicaset_host_network_access_disabled
- replicaset_hostpid_hostipc_sharing_disabled
- replicaset_immutable_container_filesystem
- replicaset_non_root_container
- replication_controller_container_privilege_disabled
- replication_controller_host_network_access_disabled
- replication_controller_hostpid_hostipc_sharing_disabled
- replication_controller_immutable_container_filesystem
- replication_controller_non_root_container
- statefulset_container_privilege_disabled
- statefulset_host_network_access_disabled
- statefulset_hostpid_hostipc_sharing_disabled
- statefulset_immutable_container_filesystem
- statefulset_non_root_container
Breaking changes
- Updated the plugin dependency section of the mod to use
min_version
instead ofversion
. (#161) - Renamed the control
lambda_function_with_graviton2
tolambda_function_with_graviton
in order to maintain consistency. (#158) (Thanks @bluedoors for the contribution!)
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
Bug fixes
- The
AWS > ElastiCache > Snapshot > CMDB
control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > Glue > Crawler > Delete from AWS
- AWS > Glue > Crawler > Set Tags
- AWS > Glue > Crawler > Skip alarm for Active control
- AWS > Glue > Crawler > Skip alarm for Active control [90 days]
- AWS > Glue > Crawler > Skip alarm for Approved control
- AWS > Glue > Crawler > Skip alarm for Approved control [90 days]
- AWS > Glue > Crawler > Skip alarm for Tags control
- AWS > Glue > Crawler > Skip alarm for Tags control [90 days]
- AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control
- AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control [90 days]
- AWS > Glue > Database > Delete from AWS
- AWS > Glue > Database > Skip alarm for Active control
- AWS > Glue > Database > Skip alarm for Active control [90 days]
- AWS > Glue > Database > Skip alarm for Approved control
- AWS > Glue > Database > Skip alarm for Approved control [90 days]
- AWS > Glue > Development Endpoint [Deprecated] > Delete from AWS
- AWS > Glue > Development Endpoint [Deprecated] > Set Tags
- AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control
- AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control [90 days]
- AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control
- AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control [90 days]
- AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control
- AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control [90 days]
- AWS > Glue > Job > Delete from AWS
- AWS > Glue > Job > Set Tags
- AWS > Glue > Job > Skip alarm for Active control
- AWS > Glue > Job > Skip alarm for Active control [90 days]
- AWS > Glue > Job > Skip alarm for Approved control
- AWS > Glue > Job > Skip alarm for Approved control [90 days]
- AWS > Glue > Job > Skip alarm for Tags control
- AWS > Glue > Job > Skip alarm for Tags control [90 days]
- AWS > Glue > ML Transform > Delete from AWS
- AWS > Glue > ML Transform > Set Tags
- AWS > Glue > ML Transform > Skip alarm for Active control
- AWS > Glue > ML Transform > Skip alarm for Active control [90 days]
- AWS > Glue > ML Transform > Skip alarm for Approved control
- AWS > Glue > ML Transform > Skip alarm for Approved control [90 days]
- AWS > Glue > ML Transform > Skip alarm for Tags control
- AWS > Glue > ML Transform > Skip alarm for Tags control [90 days]
- AWS > Glue > Security Configuration > Delete from AWS
- AWS > Glue > Security Configuration > Skip alarm for Active control
- AWS > Glue > Security Configuration > Skip alarm for Active control [90 days]
- AWS > Glue > Security Configuration > Skip alarm for Approved control
- AWS > Glue > Security Configuration > Skip alarm for Approved control [90 days]
- AWS > Glue > Table > Delete from AWS
- AWS > Glue > Table > Skip alarm for Active control
- AWS > Glue > Table > Skip alarm for Active control [90 days]
- AWS > Glue > Table > Skip alarm for Approved control
- AWS > Glue > Table > Skip alarm for Approved control [90 days]
- AWS > Glue > Trigger > Delete from AWS
- AWS > Glue > Trigger > Set Tags
- AWS > Glue > Trigger > Skip alarm for Active control
- AWS > Glue > Trigger > Skip alarm for Active control [90 days]
- AWS > Glue > Trigger > Skip alarm for Approved control
- AWS > Glue > Trigger > Skip alarm for Approved control [90 days]
- AWS > Glue > Trigger > Skip alarm for Tags control
- AWS > Glue > Trigger > Skip alarm for Tags control [90 days]
- AWS > Glue > Workflow > Delete from AWS
- AWS > Glue > Workflow > Set Tags
- AWS > Glue > Workflow > Skip alarm for Active control
- AWS > Glue > Workflow > Skip alarm for Active control [90 days]
- AWS > Glue > Workflow > Skip alarm for Approved control
- AWS > Glue > Workflow > Skip alarm for Approved control [90 days]
- AWS > Glue > Workflow > Skip alarm for Tags control
- AWS > Glue > Workflow > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > CodeCommit > Repository > Approved > Custom
Action Types:
- AWS > CodeCommit > Repository > Delete from AWS
- AWS > CodeCommit > Repository > Set Tags
- AWS > CodeCommit > Repository > Skip alarm for Active control
- AWS > CodeCommit > Repository > Skip alarm for Active control [90 days]
- AWS > CodeCommit > Repository > Skip alarm for Approved control
- AWS > CodeCommit > Repository > Skip alarm for Approved control [90 days]
- AWS > CodeCommit > Repository > Skip alarm for Tags control
- AWS > CodeCommit > Repository > Skip alarm for Tags control [90 days]
Bug fixes
- Fixed the description of the
name
column inaws_organizations_account
table. (#1947) (Thanks @badideasforsale for the contribution!)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.3 which addresses the issue of expired credentials being intermittently retained in the connection cache. (#1956)
Bug fixes
- Fixed expired credentials sometimes being left in the connection cache. Update connection cache to use a backing store per connection, rather than a shared backing store. (#699)
v0.12.0 of the Terraform Provider for Pipes is now available.
What's new?
- Resource
pipes_workspace_datatank
. - Resource
pipes_workspace_datatank_table
.
Enhancements
- Resource
pipes_workspace
now supportsinstance_type
.
The Google Workspace plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The Google Sheets plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The Google Directory plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The crt.sh plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The query API timeout has been increased from 1 minute to 2 minutes, allowing for greater flexibility in how you query your data.
What's new?
- Users can now set a Unique Writer Identity for Logging Sink created via the
GCP > Turbot > Event Handlers
stack. To get started, set theGCP > Turbot > Event Handlers > Logging > Unique Writer Identity
policy.
Bug fixes
- Guardrails stack controls would sometimes fail to update Pub/Sub Topic resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.
Bug fixes
- Guardrails stack controls would sometimes fail to update Logging Sink resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Well-Architected Tool > Workload > Approved > Custom
Action Types:
- AWS > Well-Architected Tool > Workload > Delete from AWS
- AWS > Well-Architected Tool > Workload > Set Tags
- AWS > Well-Architected Tool > Workload > Skip alarm for Active control
- AWS > Well-Architected Tool > Workload > Skip alarm for Active control [90 days]
- AWS > Well-Architected Tool > Workload > Skip alarm for Approved control
- AWS > Well-Architected Tool > Workload > Skip alarm for Approved control [90 days]
- AWS > Well-Architected Tool > Workload > Skip alarm for Tags control
- AWS > Well-Architected Tool > Workload > Skip alarm for Tags control [90 days]
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Secrets Manager > Secret > Approved > Custom
Action Types:
- AWS > Secrets Manager > Secret > Delete from AWS
- AWS > Secrets Manager > Secret > Set Tags
- AWS > Secrets Manager > Secret > Skip alarm for Active control
- AWS > Secrets Manager > Secret > Skip alarm for Active control [90 days]
- AWS > Secrets Manager > Secret > Skip alarm for Approved control
- AWS > Secrets Manager > Secret > Skip alarm for Approved control [90 days]
- AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control
- AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control [90 days]
- AWS > Secrets Manager > Secret > Skip alarm for Tags control
- AWS > Secrets Manager > Secret > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Glacier > Vault > Approved > Custom
Action Types:
- AWS > Glacier > Vault > Delete from AWS
- AWS > Glacier > Vault > Set Tags
- AWS > Glacier > Vault > Skip alarm for Active control
- AWS > Glacier > Vault > Skip alarm for Active control [90 days]
- AWS > Glacier > Vault > Skip alarm for Approved control
- AWS > Glacier > Vault > Skip alarm for Approved control [90 days]
- AWS > Glacier > Vault > Skip alarm for Tags control
- AWS > Glacier > Vault > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Elastic Beanstalk > Application > Approved > Custom
Action Types:
- AWS > Elastic Beanstalk > Application > Delete from AWS
- AWS > Elastic Beanstalk > Application > Set Tags
- AWS > Elastic Beanstalk > Application > Skip alarm for Active control
- AWS > Elastic Beanstalk > Application > Skip alarm for Active control [90 days]
- AWS > Elastic Beanstalk > Application > Skip alarm for Approved control
- AWS > Elastic Beanstalk > Application > Skip alarm for Approved control [90 days]
- AWS > Elastic Beanstalk > Application > Skip alarm for Tags control
- AWS > Elastic Beanstalk > Application > Skip alarm for Tags control [90 days]
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include
createdBy
details in Turbot CMDB.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > WAF Regional > Rule > Approved > Custom
Action Types:
- AWS > WAF Regional > Rule > Delete from AWS
- AWS > WAF Regional > Rule > Skip alarm for Active control
- AWS > WAF Regional > Rule > Skip alarm for Active control [90 days]
- AWS > WAF Regional > Rule > Skip alarm for Approved control
- AWS > WAF Regional > Rule > Skip alarm for Approved control [90 days]
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Action Types:
- AWS > VPC > Egress Only Internet Gateway > Delete from AWS
- AWS > VPC > Egress Only Internet Gateway > Set Tags
- AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control
- AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control [90 days]
- AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control
- AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control [90 days]
- AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control
- AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control [90 days]
- AWS > VPC > Elastic IP > Delete from AWS
- AWS > VPC > Elastic IP > Set Tags
- AWS > VPC > Elastic IP > Skip alarm for Active control
- AWS > VPC > Elastic IP > Skip alarm for Active control [90 days]
- AWS > VPC > Elastic IP > Skip alarm for Approved control
- AWS > VPC > Elastic IP > Skip alarm for Approved control [90 days]
- AWS > VPC > Elastic IP > Skip alarm for Tags control
- AWS > VPC > Elastic IP > Skip alarm for Tags control [90 days]
- AWS > VPC > Endpoint > Delete from AWS
- AWS > VPC > Endpoint > Set Tags
- AWS > VPC > Endpoint > Skip alarm for Active control
- AWS > VPC > Endpoint > Skip alarm for Active control [90 days]
- AWS > VPC > Endpoint > Skip alarm for Approved control
- AWS > VPC > Endpoint > Skip alarm for Approved control [90 days]
- AWS > VPC > Endpoint > Skip alarm for Tags control
- AWS > VPC > Endpoint > Skip alarm for Tags control [90 days]
- AWS > VPC > Endpoint Service > Delete from AWS
- AWS > VPC > Endpoint Service > Set Tags
- AWS > VPC > Endpoint Service > Skip alarm for Active control
- AWS > VPC > Endpoint Service > Skip alarm for Active control [90 days]
- AWS > VPC > Endpoint Service > Skip alarm for Approved control
- AWS > VPC > Endpoint Service > Skip alarm for Approved control [90 days]
- AWS > VPC > Endpoint Service > Skip alarm for Tags control
- AWS > VPC > Endpoint Service > Skip alarm for Tags control [90 days]
- AWS > VPC > Internet Gateway > Delete from AWS
- AWS > VPC > Internet Gateway > Set Tags
- AWS > VPC > Internet Gateway > Skip alarm for Active control
- AWS > VPC > Internet Gateway > Skip alarm for Active control [90 days]
- AWS > VPC > Internet Gateway > Skip alarm for Approved control
- AWS > VPC > Internet Gateway > Skip alarm for Approved control [90 days]
- AWS > VPC > Internet Gateway > Skip alarm for Tags control
- AWS > VPC > Internet Gateway > Skip alarm for Tags control [90 days]
- AWS > VPC > NAT Gateway > Delete from AWS
- AWS > VPC > NAT Gateway > Set Tags
- AWS > VPC > NAT Gateway > Skip alarm for Active control
- AWS > VPC > NAT Gateway > Skip alarm for Active control [90 days]
- AWS > VPC > NAT Gateway > Skip alarm for Approved control
- AWS > VPC > NAT Gateway > Skip alarm for Approved control [90 days]
- AWS > VPC > NAT Gateway > Skip alarm for Tags control
- AWS > VPC > NAT Gateway > Skip alarm for Tags control [90 days]
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Action Types:
- AWS > VPC > DHCP Options > Delete from AWS
- AWS > VPC > DHCP Options > Set Tags
- AWS > VPC > DHCP Options > Skip alarm for Active control
- AWS > VPC > DHCP Options > Skip alarm for Active control [90 days]
- AWS > VPC > DHCP Options > Skip alarm for Tags control
- AWS > VPC > DHCP Options > Skip alarm for Tags control [90 days]
- AWS > VPC > Route Table > Delete from AWS
- AWS > VPC > Route Table > Set Tags
- AWS > VPC > Route Table > Skip alarm for Active control
- AWS > VPC > Route Table > Skip alarm for Active control [90 days]
- AWS > VPC > Route Table > Skip alarm for Tags control
- AWS > VPC > Route Table > Skip alarm for Tags control [90 days]
- AWS > VPC > Subnet > Delete from AWS
- AWS > VPC > Subnet > Set Tags
- AWS > VPC > Subnet > Skip alarm for Active control
- AWS > VPC > Subnet > Skip alarm for Active control [90 days]
- AWS > VPC > Subnet > Skip alarm for Tags control
- AWS > VPC > Subnet > Skip alarm for Tags control [90 days]
- AWS > VPC > VPC > Delete from AWS
- AWS > VPC > VPC > Set Tags
- AWS > VPC > VPC > Skip alarm for Active control
- AWS > VPC > VPC > Skip alarm for Active control [90 days]
- AWS > VPC > VPC > Skip alarm for Tags control
- AWS > VPC > VPC > Skip alarm for Tags control [90 days]
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Elasticsearch > Domain > Approved > Custom
Action Types:
- AWS > Elasticsearch > Domain > Delete from AWS
- AWS > Elasticsearch > Domain > Set Tags
- AWS > Elasticsearch > Domain > Skip alarm for Active control
- AWS > Elasticsearch > Domain > Skip alarm for Active control [90 days]
- AWS > Elasticsearch > Domain > Skip alarm for Approved control
- AWS > Elasticsearch > Domain > Skip alarm for Approved control [90 days]
- AWS > Elasticsearch > Domain > Skip alarm for Tags control
- AWS > Elasticsearch > Domain > Skip alarm for Tags control [90 days]
Bug fixes
- The
AWS > EC2 > Account Attributes > CMDB
control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.
What's new?
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Resource's metadata will now also include createdBy details in Turbot CMDB.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > ElastiCache > Cache Cluster > Delete from AWS
- AWS > ElastiCache > Cache Cluster > Set Tags
- AWS > ElastiCache > Cache Cluster > Skip alarm for Active control
- AWS > ElastiCache > Cache Cluster > Skip alarm for Active control [90 days]
- AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control
- AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control [90 days]
- AWS > ElastiCache > Cache Parameter Group > Delete from AWS
- AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control
- AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control [90 days]
- AWS > ElastiCache > Replication Group > Delete from AWS
- AWS > ElastiCache > Replication Group > Skip alarm for Active control
- AWS > ElastiCache > Replication Group > Skip alarm for Active control [90 days]
- AWS > ElastiCache > Snapshot > Delete from AWS
- AWS > ElastiCache > Snapshot > Set Tags
- AWS > ElastiCache > Snapshot > Skip alarm for Active control
- AWS > ElastiCache > Snapshot > Skip alarm for Active control [90 days]
- AWS > ElastiCache > Snapshot > Skip alarm for Tags control
- AWS > ElastiCache > Snapshot > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Data Pipeline > Pipeline > Approved > Custom
Action Types:
- AWS > Data Pipeline > Pipeline > Delete from AWS
- AWS > Data Pipeline > Pipeline > Set Tags
- AWS > Data Pipeline > Pipeline > Skip alarm for Active control
- AWS > Data Pipeline > Pipeline > Skip alarm for Active control [90 days]
- AWS > Data Pipeline > Pipeline > Skip alarm for Approved control
- AWS > Data Pipeline > Pipeline > Skip alarm for Approved control [90 days]
- AWS > Data Pipeline > Pipeline > Skip alarm for Tags control
- AWS > Data Pipeline > Pipeline > Skip alarm for Tags control [90 days]
Bug fixes
- Recovery Points deleted in AWS were not cleaned up automatically via real-time events in Guardrails. This is now fixed.
Enhancements
- Added the
contact_info
column tolinkedin_profile
table. (#5)
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Added support for
ap-northeast-3
andus-gov-east-1
regions in theAWS > SageMaker > Regions
policy.Policy Types:
- AWS > SageMaker > Code Repository > Approved > Custom
- AWS > SageMaker > Endpoint > Approved > Custom
- AWS > SageMaker > Endpoint Configuration > Approved > Custom
- AWS > SageMaker > Lifecycle Configuration > Approved > Custom
- AWS > SageMaker > Model > Approved > Custom
- AWS > SageMaker > Training Job > Approved > Custom
Action Types:
- AWS > SageMaker > Code Repository > Delete from AWS
- AWS > SageMaker > Code Repository > Skip alarm for Active control
- AWS > SageMaker > Code Repository > Skip alarm for Active control [90 days]
- AWS > SageMaker > Code Repository > Skip alarm for Approved control
- AWS > SageMaker > Code Repository > Skip alarm for Approved control [90 days]
- AWS > SageMaker > Domain > Delete from AWS
- AWS > SageMaker > Endpoint > Delete from AWS
- AWS > SageMaker > Endpoint > Set Tags
- AWS > SageMaker > Endpoint > Skip alarm for Active control
- AWS > SageMaker > Endpoint > Skip alarm for Active control [90 days]
- AWS > SageMaker > Endpoint > Skip alarm for Approved control
- AWS > SageMaker > Endpoint > Skip alarm for Approved control [90 days]
- AWS > SageMaker > Endpoint > Skip alarm for Tags control
- AWS > SageMaker > Endpoint > Skip alarm for Tags control [90 days]
- AWS > SageMaker > Endpoint Configuration > Delete from AWS
- AWS > SageMaker > Endpoint Configuration > Set Tags
- AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control
- AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control [90 days]
- AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control
- AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control [90 days]
- AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control
- AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control [90 days]
- AWS > SageMaker > Lifecycle Configuration > Delete from AWS
- AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control
- AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control [90 days]
- AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control
- AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control [90 days]
- AWS > SageMaker > Model > Delete from AWS
- AWS > SageMaker > Model > Set Tags
- AWS > SageMaker > Model > Skip alarm for Active control
- AWS > SageMaker > Model > Skip alarm for Active control [90 days]
- AWS > SageMaker > Model > Skip alarm for Approved control
- AWS > SageMaker > Model > Skip alarm for Approved control [90 days]
- AWS > SageMaker > Model > Skip alarm for Tags control
- AWS > SageMaker > Model > Skip alarm for Tags control [90 days]
- AWS > SageMaker > Notebook Instance > Delete from AWS
- AWS > SageMaker > Notebook Instance > Set Tags
- AWS > SageMaker > Notebook Instance > Skip alarm for Active control
- AWS > SageMaker > Notebook Instance > Skip alarm for Active control [90 days]
- AWS > SageMaker > Notebook Instance > Skip alarm for Approved control
- AWS > SageMaker > Notebook Instance > Skip alarm for Approved control [90 days]
- AWS > SageMaker > Notebook Instance > Skip alarm for Tags control
- AWS > SageMaker > Notebook Instance > Skip alarm for Tags control [90 days]
- AWS > SageMaker > Training Job > Set Tags
- AWS > SageMaker > Training Job > Skip alarm for Active control
- AWS > SageMaker > Training Job > Skip alarm for Active control [90 days]
- AWS > SageMaker > Training Job > Skip alarm for Approved control
- AWS > SageMaker > Training Job > Skip alarm for Approved control [90 days]
- AWS > SageMaker > Training Job > Skip alarm for Tags control
- AWS > SageMaker > Training Job > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Route 53 Resolver > Resolver Endpoint > Approved > Custom
- AWS > Route 53 Resolver > Resolver Rule > Approved > Custom
Action Types:
- AWS > Route 53 Resolver > Resolver Endpoint > Delete from AWS
- AWS > Route 53 Resolver > Resolver Endpoint > Set Tags
- AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control
- AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control [90 days]
- AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control
- AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control [90 days]
- AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control
- AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control [90 days]
- AWS > Route 53 Resolver > Resolver Rule > Delete from AWS
- AWS > Route 53 Resolver > Resolver Rule > Set Tags
- AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control
- AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control [90 days]
- AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control
- AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control [90 days]
- AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control
- AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control [90 days]
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Action Types:
- AWS > Events > Rule > Skip alarm for Approved control
- AWS > Events > Rule > Skip alarm for Approved control [90 days]
- AWS > Events > Target > Skip alarm for Active control
- AWS > Events > Target > Skip alarm for Active control [90 days]
- AWS > Events > Target > Skip alarm for Approved control
- AWS > Events > Target > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > WAF > IP Set > Delete from AWS
- AWS > WAF > IP Set > Skip alarm for Active control
- AWS > WAF > IP Set > Skip alarm for Active control [90 days]
- AWS > WAF > IP Set > Skip alarm for Approved control
- AWS > WAF > IP Set > Skip alarm for Approved control [90 days]
- AWS > WAF > IP Set v2 Global > Delete from AWS
- AWS > WAF > IP Set v2 Global > Set Tags
- AWS > WAF > IP Set v2 Global > Skip alarm for Active control
- AWS > WAF > IP Set v2 Global > Skip alarm for Active control [90 days]
- AWS > WAF > IP Set v2 Global > Skip alarm for Approved control
- AWS > WAF > IP Set v2 Global > Skip alarm for Approved control [90 days]
- AWS > WAF > IP Set v2 Global > Skip alarm for Tags control
- AWS > WAF > IP Set v2 Global > Skip alarm for Tags control [90 days]
- AWS > WAF > IP Set v2 Regional > Delete from AWS
- AWS > WAF > IP Set v2 Regional > Set Tags
- AWS > WAF > IP Set v2 Regional > Skip alarm for Active control
- AWS > WAF > IP Set v2 Regional > Skip alarm for Active control [90 days]
- AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control
- AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control [90 days]
- AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control
- AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control [90 days]
- AWS > WAF > Rate Based Rule > Delete from AWS
- AWS > WAF > Rate Based Rule > Skip alarm for Active control
- AWS > WAF > Rate Based Rule > Skip alarm for Active control [90 days]
- AWS > WAF > Rate Based Rule > Skip alarm for Approved control
- AWS > WAF > Rate Based Rule > Skip alarm for Approved control [90 days]
- AWS > WAF > Regex Pattern Set v2 Global > Delete from AWS
- AWS > WAF > Regex Pattern Set v2 Global > Set Tags
- AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control
- AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control [90 days]
- AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control
- AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control [90 days]
- AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control
- AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control [90 days]
- AWS > WAF > Regex Pattern Set v2 Regional > Delete from AWS
- AWS > WAF > Regex Pattern Set v2 Regional > Set Tags
- AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control
- AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control [90 days]
- AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control
- AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control [90 days]
- AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control
- AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control [90 days]
- AWS > WAF > Rule > Delete from AWS
- AWS > WAF > Rule > Skip alarm for Active control
- AWS > WAF > Rule > Skip alarm for Active control [90 days]
- AWS > WAF > Rule > Skip alarm for Approved control
- AWS > WAF > Rule > Skip alarm for Approved control [90 days]
- AWS > WAF > Rule Group v2 Global > Delete from AWS
- AWS > WAF > Rule Group v2 Global > Set Tags
- AWS > WAF > Rule Group v2 Global > Skip alarm for Active control
- AWS > WAF > Rule Group v2 Global > Skip alarm for Active control [90 days]
- AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control
- AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control [90 days]
- AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control
- AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control [90 days]
- AWS > WAF > Rule Group v2 Regional > Delete from AWS
- AWS > WAF > Rule Group v2 Regional > Set Tags
- AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control
- AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control [90 days]
- AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control
- AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control [90 days]
- AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control
- AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control [90 days]
- AWS > WAF > Web ACL > Delete from AWS
- AWS > WAF > Web ACL > Set Tags
- AWS > WAF > Web ACL > Skip alarm for Active control
- AWS > WAF > Web ACL > Skip alarm for Active control [90 days]
- AWS > WAF > Web ACL > Skip alarm for Approved control
- AWS > WAF > Web ACL > Skip alarm for Approved control [90 days]
- AWS > WAF > Web ACL > Skip alarm for Tags control
- AWS > WAF > Web ACL > Skip alarm for Tags control [90 days]
- AWS > WAF > Web ACL v2 Global > Delete from AWS
- AWS > WAF > Web ACL v2 Global > Set Tags
- AWS > WAF > Web ACL v2 Global > Skip alarm for Active control
- AWS > WAF > Web ACL v2 Global > Skip alarm for Active control [90 days]
- AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control
- AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control [90 days]
- AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control
- AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control [90 days]
- AWS > WAF > Web ACL v2 Regional > Delete from AWS
- AWS > WAF > Web ACL v2 Regional > Set Tags
- AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control
- AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control [90 days]
- AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control
- AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control [90 days]
- AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control
- AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Action Types:
- AWS > Backup > Backup Plan > Delete from AWS
- AWS > Backup > Backup Plan > Set Tags
- AWS > Backup > Backup Plan > Skip alarm for Active control
- AWS > Backup > Backup Plan > Skip alarm for Active control [90 days]
- AWS > Backup > Backup Plan > Skip alarm for Tags control
- AWS > Backup > Backup Plan > Skip alarm for Tags control [90 days]
- AWS > Backup > Backup Selection > Delete from AWS
- AWS > Backup > Backup Selection > Skip alarm for Active control
- AWS > Backup > Backup Selection > Skip alarm for Active control [90 days]
- AWS > Backup > Backup Vault > Delete from AWS
- AWS > Backup > Backup Vault > Set Tags
- AWS > Backup > Backup Vault > Skip alarm for Active control
- AWS > Backup > Backup Vault > Skip alarm for Active control [90 days]
- AWS > Backup > Backup Vault > Skip alarm for Tags control
- AWS > Backup > Backup Vault > Skip alarm for Tags control [90 days]
- AWS > Backup > Recovery Point > Delete from AWS
- AWS > Backup > Recovery Point > Set Tags
- AWS > Backup > Recovery Point > Skip alarm for Active control
- AWS > Backup > Recovery Point > Skip alarm for Active control [90 days]
- AWS > Backup > Recovery Point > Skip alarm for Tags control
- AWS > Backup > Recovery Point > Skip alarm for Tags control [90 days]
Bug fixes
- Fixed the required quals of
github_issue
andgithub_pull_request
tables to correctly return data instead of an error. (#355)
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.Added support for
ap-south-1
,af-south-1
,cn-north-1
andus-gov-east-1
regions in theAWS > WorkSpaces > Regions
policy.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > WorkSpaces > WorkSpace > Approved > Custom
Action Types:
- AWS > WorkSpaces > WorkSpace > Delete from AWS
- AWS > WorkSpaces > WorkSpace > Set Tags
- AWS > WorkSpaces > WorkSpace > Skip alarm for Active control
- AWS > WorkSpaces > WorkSpace > Skip alarm for Active control [90 days]
- AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control
- AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control [90 days]
- AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control
- AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control [90 days]
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.Added support for
cn-north-1
,cn-northwest-1
,us-gov-east-1
andus-gov-west-1
regions in theAWS > MQ > Regions
policy.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Amazon MQ > Broker > Approved > Custom
Action Types:
- AWS > Amazon MQ > Broker > Delete from AWS
- AWS > Amazon MQ > Broker > Set Tags
- AWS > Amazon MQ > Broker > Skip alarm for Active control
- AWS > Amazon MQ > Broker > Skip alarm for Active control [90 days]
- AWS > Amazon MQ > Broker > Skip alarm for Approved control
- AWS > Amazon MQ > Broker > Skip alarm for Approved control [90 days]
- AWS > Amazon MQ > Broker > Skip alarm for Tags control
- AWS > Amazon MQ > Broker > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > Logs > Log Group > Delete from AWS
- AWS > Logs > Log Group > Set Tags
- AWS > Logs > Log Group > Skip alarm for Active control
- AWS > Logs > Log Group > Skip alarm for Active control [90 days]
- AWS > Logs > Log Group > Skip alarm for Approved control
- AWS > Logs > Log Group > Skip alarm for Approved control [90 days]
- AWS > Logs > Log Group > Skip alarm for Encryption at Rest control
- AWS > Logs > Log Group > Skip alarm for Encryption at Rest control [90 days]
- AWS > Logs > Log Group > Skip alarm for Tags control
- AWS > Logs > Log Group > Skip alarm for Tags control [90 days]
- AWS > Logs > Log Stream > Delete from AWS
- AWS > Logs > Log Stream > Skip alarm for Active control
- AWS > Logs > Log Stream > Skip alarm for Active control [90 days]
- AWS > Logs > Log Stream > Skip alarm for Approved control
- AWS > Logs > Log Stream > Skip alarm for Approved control [90 days]
- AWS > Logs > Metric Filter > Delete from AWS
- AWS > Logs > Metric Filter > Skip alarm for Active control
- AWS > Logs > Metric Filter > Skip alarm for Active control [90 days]
- AWS > Logs > Metric Filter > Skip alarm for Approved control
- AWS > Logs > Metric Filter > Skip alarm for Approved control [90 days]
- AWS > Logs > Resource Policy > Delete from AWS
- AWS > Logs > Resource Policy > Skip alarm for Active control
- AWS > Logs > Resource Policy > Skip alarm for Active control [90 days]
- AWS > Logs > Resource Policy > Skip alarm for Approved control
- AWS > Logs > Resource Policy > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.Added support for
cn-north-1
,cn-northwest-1
,us-gov-east-1
andus-gov-west-1
regions in theAWS > FSx > Regions
policy.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > FSx > Backup > Approved > Custom
- AWS > FSx > File System > Approved > Custom
Action Types:
- AWS > FSx > Backup > Delete from AWS
- AWS > FSx > Backup > Set Tags
- AWS > FSx > Backup > Skip alarm for Active control
- AWS > FSx > Backup > Skip alarm for Active control [90 days]
- AWS > FSx > Backup > Skip alarm for Approved control
- AWS > FSx > Backup > Skip alarm for Approved control [90 days]
- AWS > FSx > Backup > Skip alarm for Tags control
- AWS > FSx > Backup > Skip alarm for Tags control [90 days]
- AWS > FSx > File System > Delete from AWS
- AWS > FSx > File System > Set Tags
- AWS > FSx > File System > Skip alarm for Active control
- AWS > FSx > File System > Skip alarm for Active control [90 days]
- AWS > FSx > File System > Skip alarm for Approved control
- AWS > FSx > File System > Skip alarm for Approved control [90 days]
- AWS > FSx > File System > Skip alarm for Tags control
- AWS > FSx > File System > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Action Types:
- AWS > CloudWatch > Alarm > Delete from AWS
- AWS > CloudWatch > Alarm > Set Tags
- AWS > CloudWatch > Alarm > Skip alarm for Active control
- AWS > CloudWatch > Alarm > Skip alarm for Active control [90 days]
- AWS > CloudWatch > Alarm > Skip alarm for Approved control
- AWS > CloudWatch > Alarm > Skip alarm for Approved control [90 days]
- AWS > CloudWatch > Alarm > Skip alarm for Tags control
- AWS > CloudWatch > Alarm > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.Added support for
ca-central-1
,eu-west-2
,sa-east-1
,us-east-2
andus-gov-east-1
regions in theAWS > AppStream > Regions
policy.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > AppStream > Fleet > Approved > Custom
- AWS > AppStream > Image > Approved > Custom
- AWS > AppStream > Image Builder > Approved > Custom
- AWS > AppStream > User > Approved > Custom
Action Types:
- AWS > AppStream > Fleet > Delete from AWS
- AWS > AppStream > Fleet > Set Tags
- AWS > AppStream > Fleet > Skip alarm for Active control
- AWS > AppStream > Fleet > Skip alarm for Active control [90 days]
- AWS > AppStream > Fleet > Skip alarm for Approved control
- AWS > AppStream > Fleet > Skip alarm for Approved control [90 days]
- AWS > AppStream > Fleet > Skip alarm for Tags control
- AWS > AppStream > Fleet > Skip alarm for Tags control [90 days]
- AWS > AppStream > Image > Delete from AWS
- AWS > AppStream > Image > Set Tags
- AWS > AppStream > Image > Skip alarm for Active control
- AWS > AppStream > Image > Skip alarm for Active control [90 days]
- AWS > AppStream > Image > Skip alarm for Approved control
- AWS > AppStream > Image > Skip alarm for Approved control [90 days]
- AWS > AppStream > Image > Skip alarm for Tags control
- AWS > AppStream > Image > Skip alarm for Tags control [90 days]
- AWS > AppStream > Image Builder > Delete from AWS
- AWS > AppStream > Image Builder > Set Tags
- AWS > AppStream > Image Builder > Skip alarm for Active control
- AWS > AppStream > Image Builder > Skip alarm for Active control [90 days]
- AWS > AppStream > Image Builder > Skip alarm for Approved control
- AWS > AppStream > Image Builder > Skip alarm for Approved control [90 days]
- AWS > AppStream > Image Builder > Skip alarm for Tags control
- AWS > AppStream > Image Builder > Skip alarm for Tags control [90 days]
- AWS > AppStream > User > Delete from AWS
- AWS > AppStream > User > Skip alarm for Active control
- AWS > AppStream > User > Skip alarm for Active control [90 days]
- AWS > AppStream > User > Skip alarm for Approved control
- AWS > AppStream > User > Skip alarm for Approved control [90 days]
What's new?
- Server:
- Updated: Downgrade passport-saml Node package to 1.3.5.
What's new
- Updated
github_issue
,github_my_issue
,github_pull_request
,github_search_issue
, andgithub_search_pull_request
tables to only include nested and user permission columns in GraphQL request when requested. This should result in faster queries and large scale queries completing more consistently. (#342)
Enhancements
- Added the following controls to the
All Controls
benchmark: (#722)athena_workgroup_enforce_configuration_enabled
iam_inline_policy_no_administrative_privileges
Bug fixes
Bug fixes
- The
AWS > EC2 > Volume > Discovery
control would go into an error state because of an unintended GraphQL query bug. This is fixed and the control will now work correctly as expected.
Enhancements
- Added additional dashboard and query docs and updated metadata descriptions in docs. (#323)
What's new?
- Updated: Hive manager code to include the new certificate.
What's new?
- Added: parameter for RDS certificate for commercial cloud.
What's new?
Server:
- Updated: RDS CA Certificate to use the latest bundled certificate.
- Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4
- Updated: Steampipe query in developer section now points to the correct table.
UI:
- Added: Option to view Changelogs in the Help dropdown menu.
Bug fixes
- Server:
- Fixed: Stack control failed to run when a large number of resources were being managed by a stack control.
All Pipes workspaces have now been upgraded to Steampipe v0.21.1.
For more information on this Steampipe release, see the release notes.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > GuardDuty > Detector > Delete from AWS
- AWS > GuardDuty > Detector > Set Tags
- AWS > GuardDuty > Detector > Skip alarm for Active control
- AWS > GuardDuty > Detector > Skip alarm for Active control [90 days]
- AWS > GuardDuty > Detector > Skip alarm for Approved control
- AWS > GuardDuty > Detector > Skip alarm for Approved control [90 days]
- AWS > GuardDuty > Detector > Skip alarm for Tags control
- AWS > GuardDuty > Detector > Skip alarm for Tags control [90 days]
- AWS > GuardDuty > IPSet > Delete from AWS
- AWS > GuardDuty > IPSet > Set Tags
- AWS > GuardDuty > IPSet > Skip alarm for Active control
- AWS > GuardDuty > IPSet > Skip alarm for Active control [90 days]
- AWS > GuardDuty > IPSet > Skip alarm for Approved control
- AWS > GuardDuty > IPSet > Skip alarm for Approved control [90 days]
- AWS > GuardDuty > IPSet > Skip alarm for Tags control
- AWS > GuardDuty > IPSet > Skip alarm for Tags control [90 days]
- AWS > GuardDuty > ThreatIntelSet > Delete from AWS
- AWS > GuardDuty > ThreatIntelSet > Set Tags
- AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control
- AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control [90 days]
- AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control
- AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control [90 days]
- AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control
- AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > EMR > Cluster > Delete from AWS
- AWS > EMR > Cluster > Set Tags
- AWS > EMR > Cluster > Skip alarm for Active control
- AWS > EMR > Cluster > Skip alarm for Active control [90 days]
- AWS > EMR > Cluster > Skip alarm for Approved control
- AWS > EMR > Cluster > Skip alarm for Approved control [90 days]
- AWS > EMR > Cluster > Skip alarm for Tags control
- AWS > EMR > Cluster > Skip alarm for Tags control [90 days]
- AWS > EMR > Security Configuration > Delete from AWS
- AWS > EMR > Security Configuration > Skip alarm for Active control
- AWS > EMR > Security Configuration > Skip alarm for Active control [90 days]
- AWS > EMR > Security Configuration > Skip alarm for Approved control
- AWS > EMR > Security Configuration > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > ECS > Cluster > Delete from AWS
- AWS > ECS > Cluster > Set Tags
- AWS > ECS > Cluster > Skip alarm for Active control
- AWS > ECS > Cluster > Skip alarm for Active control [90 days]
- AWS > ECS > Cluster > Skip alarm for Approved control
- AWS > ECS > Cluster > Skip alarm for Approved control [90 days]
- AWS > ECS > Cluster > Skip alarm for Tags control
- AWS > ECS > Cluster > Skip alarm for Tags control [90 days]
- AWS > ECS > Container Instance > Delete from AWS
- AWS > ECS > Container Instance > Skip alarm for Active control
- AWS > ECS > Container Instance > Skip alarm for Active control [90 days]
- AWS > ECS > Container Instance > Skip alarm for Approved control
- AWS > ECS > Container Instance > Skip alarm for Approved control [90 days]
- AWS > ECS > Service > Delete from AWS
- AWS > ECS > Service > Set Tags
- AWS > ECS > Service > Skip alarm for Active control
- AWS > ECS > Service > Skip alarm for Active control [90 days]
- AWS > ECS > Service > Skip alarm for Approved control
- AWS > ECS > Service > Skip alarm for Approved control [90 days]
- AWS > ECS > Service > Skip alarm for Tags control
- AWS > ECS > Service > Skip alarm for Tags control [90 days]
- AWS > ECS > Task Definition > Delete from AWS
- AWS > ECS > Task Definition > Set Tags
- AWS > ECS > Task Definition > Skip alarm for Active control
- AWS > ECS > Task Definition > Skip alarm for Active control [90 days]
- AWS > ECS > Task Definition > Skip alarm for Approved control
- AWS > ECS > Task Definition > Skip alarm for Approved control [90 days]
- AWS > ECS > Task Definition > Skip alarm for Tags control
- AWS > ECS > Task Definition > Skip alarm for Tags control [90 days]
What's new?
You can now configure Block Public Access for AMIs. To get started, set the
AWS > EC2 > Account Attributes > Block Public Access for AMIs
policy toEnforce: Enable Block Public Access for AMIs
.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Control Types:
- AWS > EC2 > Account Attributes > Block Public Access for AMIs
Policy Types:
- AWS > EC2 > Account Attributes > Block Public Access for AMIs
Action Types:
- AWS > EC2 > Account Attributes > Update Block Public Access for AMIs
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > DMS > Endpoint > Approved > Custom
- AWS > DMS > Replication Instance > Approved > Custom
Action Types:
- AWS > DMS > Endpoint > Delete from AWS
- AWS > DMS > Endpoint > Set Tags
- AWS > DMS > Endpoint > Skip alarm for Active control
- AWS > DMS > Endpoint > Skip alarm for Active control [90 days]
- AWS > DMS > Endpoint > Skip alarm for Approved control
- AWS > DMS > Endpoint > Skip alarm for Approved control [90 days]
- AWS > DMS > Endpoint > Skip alarm for Tags control
- AWS > DMS > Endpoint > Skip alarm for Tags control [90 days]
- AWS > DMS > Replication Instance > Delete from AWS
- AWS > DMS > Replication Instance > Set Tags
- AWS > DMS > Replication Instance > Skip alarm for Active control
- AWS > DMS > Replication Instance > Skip alarm for Active control [90 days]
- AWS > DMS > Replication Instance > Skip alarm for Approved control
- AWS > DMS > Replication Instance > Skip alarm for Approved control [90 days]
- AWS > DMS > Replication Instance > Skip alarm for Tags control
- AWS > DMS > Replication Instance > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > SES > Identity > Delete from AWS
- AWS > SES > Identity > Skip alarm for Active control
- AWS > SES > Identity > Skip alarm for Active control [90 days]
- AWS > SES > Identity > Skip alarm for Approved control
- AWS > SES > Identity > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Security Hub > Hub > Approved > Custom
Action Types:
- AWS > Security Hub > Hub > Delete from AWS
- AWS > Security Hub > Hub > Set Tags
- AWS > Security Hub > Hub > Skip alarm for Approved control
- AWS > Security Hub > Hub > Skip alarm for Approved control [90 days]
- AWS > Security Hub > Hub > Skip alarm for Tags control
- AWS > Security Hub > Hub > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > Kinesis > Consumer > Delete from AWS
- AWS > Kinesis > Consumer > Skip alarm for Active control
- AWS > Kinesis > Consumer > Skip alarm for Active control [90 days]
- AWS > Kinesis > Consumer > Skip alarm for Approved control
- AWS > Kinesis > Consumer > Skip alarm for Approved control [90 days]
- AWS > Kinesis > Stream > Delete from AWS
- AWS > Kinesis > Stream > Set Tags
- AWS > Kinesis > Stream > Skip alarm for Active control
- AWS > Kinesis > Stream > Skip alarm for Active control [90 days]
- AWS > Kinesis > Stream > Skip alarm for Approved control
- AWS > Kinesis > Stream > Skip alarm for Approved control [90 days]
- AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control
- AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control [90 days]
- AWS > Kinesis > Stream > Skip alarm for Tags control
- AWS > Kinesis > Stream > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > DynamoDB > Backup > Delete from AWS
- AWS > DynamoDB > Backup > Skip alarm for Active control
- AWS > DynamoDB > Backup > Skip alarm for Active control [90 days]
- AWS > DynamoDB > Backup > Skip alarm for Approved control
- AWS > DynamoDB > Backup > Skip alarm for Approved control [90 days]
- AWS > DynamoDB > Global Table > Delete from AWS
- AWS > DynamoDB > Global Table > Skip alarm for Active control
- AWS > DynamoDB > Global Table > Skip alarm for Active control [90 days]
- AWS > DynamoDB > Global Table > Skip alarm for Approved control
- AWS > DynamoDB > Global Table > Skip alarm for Approved control [90 days]
- AWS > DynamoDB > Table > Delete from AWS
- AWS > DynamoDB > Table > Set Tags
- AWS > DynamoDB > Table > Skip alarm for Active control
- AWS > DynamoDB > Table > Skip alarm for Active control [90 days]
- AWS > DynamoDB > Table > Skip alarm for Approved control
- AWS > DynamoDB > Table > Skip alarm for Approved control [90 days]
- AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control
- AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control [90 days]
- AWS > DynamoDB > Table > Skip alarm for Tags control
- AWS > DynamoDB > Table > Skip alarm for Tags control [90 days]
What's new?
- Added 11 new controls across the benchmarks for the following services: (#39)
- Application Gateway
- Automation
- Cognitive Search
- Compute
- Frontdoor
- Network
- PostgreSQL
The Turbot Pipes app for Zapier, announced today, opens the world of DevOps data to Zap developers.
For more information, see the launch post.
Turbot Pipes plans & pricing are now available.
Free for Developers! Free trial & usage-based for Teams. Start immediately & cancel anytime.
For more information, see the launch post.
Datatank is now available in Turbot Pipes workspaces. Blow past API speed limits with scheduled data sync.
For more information, see the launch post.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Step Functions > State Machine > Approved > Custom
Action Types:
- AWS > Step Functions > State Machine > Delete from AWS
- AWS > Step Functions > State Machine > Set Tags
- AWS > Step Functions > State Machine > Skip alarm for Active control
- AWS > Step Functions > State Machine > Skip alarm for Active control [90 days]
- AWS > Step Functions > State Machine > Skip alarm for Approved control
- AWS > Step Functions > State Machine > Skip alarm for Approved control [90 days]
- AWS > Step Functions > State Machine > Skip alarm for Tags control
- AWS > Step Functions > State Machine > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Shield > Protection > Approved > Custom
Action Types:
- AWS > Shield > Protection > Delete from AWS
- AWS > Shield > Protection > Skip alarm for Active control
- AWS > Shield > Protection > Skip alarm for Active control [90 days]
- AWS > Shield > Protection > Skip alarm for Approved control
- AWS > Shield > Protection > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Directory Service > Directory > Approved > Custom
Action Types:
- AWS > Directory Service > Directory > Delete from AWS
- AWS > Directory Service > Directory > Skip alarm for Active control
- AWS > Directory Service > Directory > Skip alarm for Active control [90 days]
- AWS > Directory Service > Directory > Skip alarm for Approved control
- AWS > Directory Service > Directory > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > CodeBuild > Build > Delete from AWS
- AWS > CodeBuild > Build > Skip alarm for Active control
- AWS > CodeBuild > Build > Skip alarm for Active control [90 days]
- AWS > CodeBuild > Build > Skip alarm for Approved control
- AWS > CodeBuild > Build > Skip alarm for Approved control [90 days]
- AWS > CodeBuild > Project > Delete from AWS
- AWS > CodeBuild > Project > Set Tags
- AWS > CodeBuild > Project > Skip alarm for Active control
- AWS > CodeBuild > Project > Skip alarm for Active control [90 days]
- AWS > CodeBuild > Project > Skip alarm for Approved control
- AWS > CodeBuild > Project > Skip alarm for Approved control [90 days]
- AWS > CodeBuild > Project > Skip alarm for Tags control
- AWS > CodeBuild > Project > Skip alarm for Tags control [90 days]
- AWS > CodeBuild > Source Credential > Delete from AWS
- AWS > CodeBuild > Source Credential > Skip alarm for Active control
- AWS > CodeBuild > Source Credential > Skip alarm for Active control [90 days]
- AWS > CodeBuild > Source Credential > Skip alarm for Approved control
- AWS > CodeBuild > Source Credential > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > CloudFormation > Stack > Approved > Custom
- AWS > CloudFormation > StackSet > Approved > Custom
Action Types:
- AWS > CloudFormation > Stack > Delete from AWS
- AWS > CloudFormation > Stack > Set Tags
- AWS > CloudFormation > Stack > Skip alarm for Active control
- AWS > CloudFormation > Stack > Skip alarm for Active control [90 days]
- AWS > CloudFormation > Stack > Skip alarm for Approved control
- AWS > CloudFormation > Stack > Skip alarm for Approved control [90 days]
- AWS > CloudFormation > Stack > Skip alarm for Tags control
- AWS > CloudFormation > Stack > Skip alarm for Tags control [90 days]
- AWS > CloudFormation > StackSet > Delete from AWS
- AWS > CloudFormation > StackSet > Set Tags
- AWS > CloudFormation > StackSet > Skip alarm for Active control
- AWS > CloudFormation > StackSet > Skip alarm for Active control [90 days]
- AWS > CloudFormation > StackSet > Skip alarm for Approved control
- AWS > CloudFormation > StackSet > Skip alarm for Approved control [90 days]
- AWS > CloudFormation > StackSet > Skip alarm for Tags control
- AWS > CloudFormation > StackSet > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Athena > NamedQuery > Approved > Custom
- AWS > Athena > Workgroup > Approved > Custom
Action Types:
- AWS > Athena > NamedQuery > Delete from AWS
- AWS > Athena > NamedQuery > Set Tags
- AWS > Athena > NamedQuery > Skip alarm for Active control
- AWS > Athena > NamedQuery > Skip alarm for Active control [90 days]
- AWS > Athena > NamedQuery > Skip alarm for Approved control
- AWS > Athena > NamedQuery > Skip alarm for Approved control [90 days]
- AWS > Athena > NamedQuery > Skip alarm for Tags control
- AWS > Athena > NamedQuery > Skip alarm for Tags control [90 days]
- AWS > Athena > Workgroup > Delete from AWS
- AWS > Athena > Workgroup > Set Tags
- AWS > Athena > Workgroup > Skip alarm for Active control
- AWS > Athena > Workgroup > Skip alarm for Active control [90 days]
- AWS > Athena > Workgroup > Skip alarm for Approved control
- AWS > Athena > Workgroup > Skip alarm for Approved control [90 days]
- AWS > Athena > Workgroup > Skip alarm for Tags control
- AWS > Athena > Workgroup > Skip alarm for Tags control [90 days]
The remaining 94 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs.
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > CloudSearch > Domain > Skip alarm for Active control
- AWS > CloudSearch > Domain > Skip alarm for Active control [90 days]
- AWS > CloudSearch > Domain > Skip alarm for Approved control
- AWS > CloudSearch > Domain > Skip alarm for Approved control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > CloudFront > CloudFront Origin Access Identity > Approved > Custom
- AWS > CloudFront > Distribution > Approved > Custom
- AWS > CloudFront > Streaming Distribution > Approved > Custom
Action Types:
- AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control
- AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control [90 days]
- AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control
- AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control [90 days]
- AWS > CloudFront > Distribution > Set Tags
- AWS > CloudFront > Distribution > Skip alarm for Active control
- AWS > CloudFront > Distribution > Skip alarm for Active control [90 days]
- AWS > CloudFront > Distribution > Skip alarm for Approved control
- AWS > CloudFront > Distribution > Skip alarm for Approved control [90 days]
- AWS > CloudFront > Distribution > Skip alarm for Tags control
- AWS > CloudFront > Distribution > Skip alarm for Tags control [90 days]
- AWS > CloudFront > Streaming Distribution > Set Tags
- AWS > CloudFront > Streaming Distribution > Skip alarm for Active control
- AWS > CloudFront > Streaming Distribution > Skip alarm for Active control [90 days]
- AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control
- AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control [90 days]
- AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control
- AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Action Types:
- AWS > API Gateway > API > Delete from AWS
- AWS > API Gateway > API > Set Tags
- AWS > API Gateway > API > Skip alarm for Active control
- AWS > API Gateway > API > Skip alarm for Active control [90 days]
- AWS > API Gateway > API > Skip alarm for Approved control
- AWS > API Gateway > API > Skip alarm for Approved control [90 days]
- AWS > API Gateway > API > Skip alarm for Tags control
- AWS > API Gateway > API > Skip alarm for Tags control [90 days]
- AWS > API Gateway > API Key > Delete from AWS
- AWS > API Gateway > API Key > Set Tags
- AWS > API Gateway > API Key > Skip alarm for Active control
- AWS > API Gateway > API Key > Skip alarm for Active control [90 days]
- AWS > API Gateway > API Key > Skip alarm for Approved control
- AWS > API Gateway > API Key > Skip alarm for Approved control [90 days]
- AWS > API Gateway > API Key > Skip alarm for Tags control
- AWS > API Gateway > API Key > Skip alarm for Tags control [90 days]
- AWS > API Gateway > API V2 > Delete from AWS
- AWS > API Gateway > API V2 > Set Tags
- AWS > API Gateway > API V2 > Skip alarm for Active control
- AWS > API Gateway > API V2 > Skip alarm for Active control [90 days]
- AWS > API Gateway > API V2 > Skip alarm for Approved control
- AWS > API Gateway > API V2 > Skip alarm for Approved control [90 days]
- AWS > API Gateway > API V2 > Skip alarm for Tags control
- AWS > API Gateway > API V2 > Skip alarm for Tags control [90 days]
- AWS > API Gateway > Authorizer > Delete from AWS
- AWS > API Gateway > Authorizer > Skip alarm for Active control
- AWS > API Gateway > Authorizer > Skip alarm for Active control [90 days]
- AWS > API Gateway > Authorizer > Skip alarm for Approved control
- AWS > API Gateway > Authorizer > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Authorizer V2 > Delete from AWS
- AWS > API Gateway > Authorizer V2 > Skip alarm for Active control
- AWS > API Gateway > Authorizer V2 > Skip alarm for Active control [90 days]
- AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control
- AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Domain Name V2 > Delete from AWS
- AWS > API Gateway > Domain Name V2 > Set Tags
- AWS > API Gateway > Domain Name V2 > Skip alarm for Active control
- AWS > API Gateway > Domain Name V2 > Skip alarm for Active control [90 days]
- AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control
- AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control
- AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control [90 days]
- AWS > API Gateway > Integration V2 > Delete from AWS
- AWS > API Gateway > Integration V2 > Skip alarm for Active control
- AWS > API Gateway > Integration V2 > Skip alarm for Active control [90 days]
- AWS > API Gateway > Integration V2 > Skip alarm for Approved control
- AWS > API Gateway > Integration V2 > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Resource > Delete from AWS
- AWS > API Gateway > Resource > Skip alarm for Active control
- AWS > API Gateway > Resource > Skip alarm for Active control [90 days]
- AWS > API Gateway > Resource > Skip alarm for Approved control
- AWS > API Gateway > Resource > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Stage > Delete from AWS
- AWS > API Gateway > Stage > Set Tags
- AWS > API Gateway > Stage > Skip alarm for Active control
- AWS > API Gateway > Stage > Skip alarm for Active control [90 days]
- AWS > API Gateway > Stage > Skip alarm for Approved control
- AWS > API Gateway > Stage > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Stage > Skip alarm for Tags control
- AWS > API Gateway > Stage > Skip alarm for Tags control [90 days]
- AWS > API Gateway > Stage v2 > Delete from AWS
- AWS > API Gateway > Stage v2 > Set Tags
- AWS > API Gateway > Stage v2 > Skip alarm for Active control
- AWS > API Gateway > Stage v2 > Skip alarm for Active control [90 days]
- AWS > API Gateway > Stage v2 > Skip alarm for Approved control
- AWS > API Gateway > Stage v2 > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Stage v2 > Skip alarm for Tags control
- AWS > API Gateway > Stage v2 > Skip alarm for Tags control [90 days]
- AWS > API Gateway > Usage Plan > Delete from AWS
- AWS > API Gateway > Usage Plan > Set Tags
- AWS > API Gateway > Usage Plan > Skip alarm for Active control
- AWS > API Gateway > Usage Plan > Skip alarm for Active control [90 days]
- AWS > API Gateway > Usage Plan > Skip alarm for Approved control
- AWS > API Gateway > Usage Plan > Skip alarm for Approved control [90 days]
- AWS > API Gateway > Usage Plan > Skip alarm for Tags control
- AWS > API Gateway > Usage Plan > Skip alarm for Tags control [90 days]
What's new?
AWS/Amplify/Admin
andAWS/Amplify/Metadata
now also include permissions for Deployment, WebHook and Artifacts.Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > Amplify > App > Approved > Custom
Action Types:
- AWS > Amplify > App > Delete from AWS
- AWS > Amplify > App > Set Tags
- AWS > Amplify > App > Skip alarm for Active control
- AWS > Amplify > App > Skip alarm for Active control [90 days]
- AWS > Amplify > App > Skip alarm for Approved control
- AWS > Amplify > App > Skip alarm for Approved control [90 days]
- AWS > Amplify > App > Skip alarm for Tags control
- AWS > Amplify > App > Skip alarm for Tags control [90 days]
What's new?
Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the
Actions
button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Policy Types:
- AWS > ACM > Certificate > Approved > Custom
Action Types:
- AWS > ACM > Certificate > Delete from AWS
- AWS > ACM > Certificate > Set Tags
- AWS > ACM > Certificate > Skip alarm for Active control
- AWS > ACM > Certificate > Skip alarm for Active control [90 days]
- AWS > ACM > Certificate > Skip alarm for Approved control
- AWS > ACM > Certificate > Skip alarm for Approved control [90 days]
- AWS > ACM > Certificate > Skip alarm for Tags control
- AWS > ACM > Certificate > Skip alarm for Tags control [90 days]
Bug fixes
- Fixed queries to correctly return data for
connection_name
andtags
dimensions instead of an error. (#73)
Enhancements
- Updated the following queries to use
url
as the resource column: (#35)default_branch_all_build_steps_as_code
default_branch_pipeline_locks_external_dependencies_for_build_process
default_branch_pipeline_must_have_jobs_with_sbom_generation
default_branch_pipelines_scan_for_vulnerabilities
default_branch_pipelines_scanners_set_to_prevent_sensitive_data
org_member_mfa_enabled
repo_inactive_members_review
repo_deletion_limited_to_trusted_users
repo_issue_deletion_limited_to_trusted_users
repo_webhook_package_registery_security_settings_enabled
What's new?
- New tables added
The following 21 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs:
- Alibaba Cloud
- AWS CloudFormation
- Azure
- Azure Active Directory
- CSV
- DigitalOcean
- Docker
- Docker Hub
- Exec
- GCP
- GitHub
- IBM Cloud
- Jira
- Microsoft 365
- Net
- Okta
- OpenShift
- Oracle Cloud Infrastructure
- Salesforce
- Turbot Pipes
- Zoom
All new Pipes workspaces will be running Steampipe v0.21.1 and existing workspaces will be upgraded by Monday 9th October 2023.
For more information on this Steampipe release, see the launch post or release notes.
Bug fixes
- Fixed the plugin to prevent crashes when
source_types
config argument containsmanifest
butmanifest_file_paths
is not defined. (#177)
What's new?
- Added 39 new controls for the
ClusterRoleBinding
,CronJob
,DaemonSet
,Ingress
,Job
,Pod
resource types to theall_controls
benchmark. (#68)
Bug fixes
- Fixed the
source_account_id
column ofaws_securityhub_finding
table to correctly return data instead ofnull
. (#1927) (Thanks @gabrielsoltz for the contribution!) - Fixed the
members
column ofaws_rds_db_cluster
table to correctly return data instead ofnull
. (#1926)
Bug fixes
- Added support for the missing
mod-location
flag to thesteampipe variable list
command. (#3942)
Bug fixes
- The
initialise
function is now being called for implicit hydrate configs (i.e. hydrate functions without explicit config), thereby preventing nil pointer reference errors when the hydrate function returns an error. (#683)
Whats new?
- Define rate and concurrency limits for plugin execution. (#3746)
- Define multiple instances of a plugin version using a
plugin
connection config block. (#3807) - The maximum memory used by plugins and the CLI can now be specified either in
plugin
instance definitions or the newplugin
options block. (#3807) - New introspection tables
steampipe_plugin
andsteampipe_plugin_limiter
containing all configured plugin instances and limiters. (#3746) - New introspection table
steampipe_server_settings
populated with server settings data during service startup. (#3462) - Running
plugin install
with no arguments installs all referenced plugins. (#3451) - New
--output
flag forplugin list
cmd allows selection betweenjson
andtable
output. (#3368) - Each plugin directory ncontains a
version.json
which can be used to recompose the global pluginversions.json
if it is missing or corrupt. (#3492) - Typing
.cache
in interactive prompt shows the current value of cache. (#2439) - Steampipe commands bypass plugin requirement check if installed plugin is locally built. (#3643)
- New
skip-config
flag disables writing of default plugin config during plugin installation. (#3531, #2206) - Logs are now written to file instead of console. (#2916)
- When plugin startup fails, report useful message in the CLI. (#3732)
- Users are warned to not have mod.sp files in home directory. (#2321)
- Updated messaging when service is started on an unavailable port. (#623)
- Log files are rotated if the process is active across date boundaries. (#125, #3825)
- Listen hosts may be selected when starting steampipe service. (#3505)
- Initialisation behaviour for the sample options has been changed: always copy a sample file (
default.spc.sample
), but only overwrite thedefault.spc
file with the sample content if the existing file has not been modified. (#3431) - Validation for the workspace profile
cache
settings. (#3646) - Support OCI registries requiring authentication. (#2819)
- Compiled with Go 1.21. (#3763)
Bug fixes
- Plugin manager shutdown stalling intermittently due to deadlocks. (#3818)
- Temporary tables dropped in interactive prompt when pool connections recycled. (#3781,#3543)
service start
was not listening onnetwork
by default. (#3593)- Multi line logs from plugins not rendered correctly in plugin logs. (#3678)
.inspect
panicking for long column descriptions. (#3709)- Interactive prompt crashing when there is a code panic. (#3713)
- Incorrect zsh completion instructions.
- Steampipe should not create export files for cancelled control runs. (#3578)
BuildFullResourceName
not validating non empty arguments. (#3601)- Spinner not showing when exporting check results. (#3577)
stdin
was consumed byquery
command even if there are arguments. (#1985)- When exporting multiple benchmarks, results now merged the results into a single export. (#2380)
- Raise warning when pseudo-resources are ignored because of named HCL resources. (#1328)
- Database reinstalled unnecessarily if any FDW files were missing. (#2040)
- Improved error message when steampipe fails to parse a mod definition file because mod block does not exist. (#1198)
- Only
install-dir
andworkspace
flags should be global flags. All other flags should only apply to specific command. (#3542) - Passing an empty list for list variables was not working. (#2094)
- Show deprecation warning for
version
field inrequire
block of mod definition. - Temporary directories were not always being cleaned up after plugin commands.
plugin list
returned nothing if no plugins were installed. (#3927)
Deprecations and migrations
- Table
steampipe_connection_state
renamed tosteampipe_connection
- Removed migration and backward compatibility of data files from v0.13.0. (#3517)
- Removed deprecated
workspace-chdir
flag. (#3925) - Migrated from
cloud.steampipe.io
topipes.turbot.com
. (#3724) - Removed support for plugins which do not support multiple connections (i.e. using SDK < v4.0.0).
- Deprecated
terminal options
.
All 115 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.1, which adds support for rate and concurrency limiters.
Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to:
- Smooth the request rate from Steampipe to reduce load on the remote API or service
- Limit the number of parallel requests to reduce contention for client and network resources
- Avoid hitting server limits and throttling
For more information on getting started, please see Concurrency and Rate Limiting.
What's new?
- Added: t4g, m7g, m6gd, r7g, r6gd, c6g and c6gd to instance type parameter for RDS.
- Added: new hive parameter group for Postgres 14 and 15.
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
Deprecated
- The
source_type
config argument has been deprecated and will be removed in the next major version. Please use thesource_types
config argument instead. If both config arguments are set,source_types
will take precedence. For backward compatibility, please see below for old and new value equivalents: (#167)source_type = 'all'
:source_types = ["deployed", "helm", "manifest"]
source_type = 'deployed'
:source_types = ["deployed"]
source_type = 'helm'
:source_types = ["helm"]
source_type = 'manifest'
:source_types = ["manifest"]
What's new?
- Added the
source_types
config argument, which allows specifying a combination of source types to load per connection. (#167)
What's new?
- Added 350+ new controls across all resource types to the
all_controls
benchmark. (#64)
Enhancements
- Added
path
to default set ofcommon_dimensions
, so now any file paths will appear by default in the additional dimensions in control results. (#63) - Added
iac
category to mod definition.
Dependencies
- Kubernetes plugin
v0.23.0
or higher is now required.
Breaking changes
- Removed the
output
column in theexec_command
table. This column has been replaced by thestdout_output
andstderr_output
columns. (#13)
What's new?
- Added
stdout_output
andstderr_output
columns to theexec_command
table. (#13) - Added
stream
column to theexec_command_line
table. (#13) - Added plugin limiter
exec_global
withMaxConcurrency
set to 15 in an effort to reduce abuse reports due to large number of concurrent remote connections. (#13)
Bug fixes
- Results from the
exec_command
table should now be consistent when using local and remote connections. (#13)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.0 which adds support for rate limiters. (#13)
- Recompiled plugin with Go 1.21. (#13)
What's new?
- Added CIS v1.6.0 benchmark (
steampipe check docker_compliance.benchmark.cis_v160
). (#4)
What's new?
SetConnectionCacheOptions
, a new GRPC endpoint to clear connection cache. (#678)
What's new?
Resource Types:
- AWS > Route 53 > Record
Control Types:
- AWS > Route 53 > Record > Active
- AWS > Route 53 > Record > Approved
- AWS > Route 53 > Record > CMDB
- AWS > Route 53 > Record > Discovery
Policy Types:
- AWS > Route 53 > Record > Active
- AWS > Route 53 > Record > Active > Age
- AWS > Route 53 > Record > Active > Budget
- AWS > Route 53 > Record > Active > Last Modified
- AWS > Route 53 > Record > Approved
- AWS > Route 53 > Record > Approved > Budget
- AWS > Route 53 > Record > Approved > Custom
- AWS > Route 53 > Record > Approved > Usage
- AWS > Route 53 > Record > CMDB
Action Types:
- AWS > Route 53 > Record > Delete
- AWS > Route 53 > Record > Delete from AWS
- AWS > Route 53 > Record > Router
- AWS > Route 53 > Record > Skip alarm for Active control
- AWS > Route 53 > Record > Skip alarm for Active control [90 days]
- AWS > Route 53 > Record > Skip alarm for Approved control
- AWS > Route 53 > Record > Skip alarm for Approved control [90 days]
Enhancements
- Added the
last_successful_login_time
column tooci_identity_user
table. (#547)
What's new?
- Define rate and concurrency limits for plugin execution. (#623)
- Diagnostics property added to
_ctx
column, containing information on hydrate calls and rate limiting (enabled by setting env varSTEAMPIPE_DIAGNOSTIC_LEVEL=all
) - Support for JSONB operators in
List
hydrate functions. (#594) Type
property added toConnectionConfig
protobuf definition to determine if a connection is an aggregator. (#590)- When plugin startup fails, write a specially formatted string to stdout so plugin manager can parse the output and display a useful message. (#619)
- Support for multi-line log entries. (#612)
- Added
Equals
function forQualValue
. (#646)
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Control Types:
- AWS > Organizations > Organization Root > Active
- AWS > Organizations > Organization Root > Approved
- AWS > Organizations > Organizational Account > Active
- AWS > Organizations > Organizational Account > Approved
Policy Types:
- AWS > Organizations > Organization Root > Active
- AWS > Organizations > Organization Root > Active > Age
- AWS > Organizations > Organization Root > Active > Last Modified
- AWS > Organizations > Organization Root > Approved
- AWS > Organizations > Organization Root > Approved > Custom
- AWS > Organizations > Organization Root > Approved > Usage
- AWS > Organizations > Organizational Account > Active
- AWS > Organizations > Organizational Account > Active > Age
- AWS > Organizations > Organizational Account > Active > Last Modified
- AWS > Organizations > Organizational Account > Approved
- AWS > Organizations > Organizational Account > Approved > Custom
- AWS > Organizations > Organizational Account > Approved > Usage
Action Types:
- AWS > Organizations > Organization Root > Skip alarm for Active control
- AWS > Organizations > Organization Root > Skip alarm for Active control [90 days]
- AWS > Organizations > Organization Root > Skip alarm for Approved control
- AWS > Organizations > Organization Root > Skip alarm for Approved control [90 days]
- AWS > Organizations > Organizational Account > Skip alarm for Active control
- AWS > Organizations > Organizational Account > Skip alarm for Active control [90 days]
- AWS > Organizations > Organizational Account > Skip alarm for Approved control
- AWS > Organizations > Organizational Account > Skip alarm for Approved control [90 days]
What's new?
AWS/MSK/Admin
,AWS/MSK/Metadata
andAWS/MSK/Operator
now also include permissions for Cluster V2, Scram Secrets and Kafka VPC Connections.We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
Policy Types:
- AWS > MSK > Cluster > Approved > Custom
- AWS > MSK > Cluster > Approved > Instance Types
Action Types:
- AWS > MSK > Cluster > Delete from AWS
- AWS > MSK > Cluster > Set Tags
- AWS > MSK > Cluster > Skip alarm for Active control
- AWS > MSK > Cluster > Skip alarm for Active control [90 days]
- AWS > MSK > Cluster > Skip alarm for Approved control
- AWS > MSK > Cluster > Skip alarm for Approved control [90 days]
- AWS > MSK > Cluster > Skip alarm for Tags control
- AWS > MSK > Cluster > Skip alarm for Tags control [90 days]
Bug fixes
- Guardrails would sometimes fail to upsert clusters correctly in CMDB. This is now fixed.
What's new?
Control Types:
- AWS > ElastiCache > Replication Group > Backup
Policy Types:
- AWS > ElastiCache > Replication Group > Backup
- AWS > ElastiCache > Replication Group > Backup > Retention Period
- AWS > ElastiCache > Replication Group > Backup > Window
Action Types:
- AWS > ElastiCache > Cache Cluster > Skip alarm for approved control
- AWS > ElastiCache > Cache Cluster > Skip alarm for approved control [90 days]
- AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control
- AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control [90 days]
- AWS > ElastiCache > Replication Group > Skip alarm for approved control
- AWS > ElastiCache > Replication Group > Skip alarm for approved control [90 days]
- AWS > ElastiCache > Replication Group > Update Backup
- AWS > ElastiCache > Snapshot > Skip alarm for approved control
- AWS > ElastiCache > Snapshot > Skip alarm for approved control [90 days]
What's new?
- New tables added
All Pipes workspaces have now been upgraded to Steampipe v0.20.12.
For more information on this Steampipe release, see the release notes.
Enhancements
- Added 112 new controls to the
All Controls
benchmark for the following services: (#59)CronJob
DaemonSet
Deployment
Job
Pod
ReplicaSet
ReplicationController
StatefulSet
All new Pipes workspaces will be running Steampipe v0.20.12 and existing workspaces will be upgraded by Monday 25th September 2023.
For more information on this Steampipe release, see the release notes.
The ServiceNow plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
What's new?
Added support for Global Event Handlers. This release contains new Guardrails policies and controls to support deployment of Global Event Handlers for AWS.
Control Types:
- AWS > Turbot > Event Handlers [Global]
Policy Types:
- AWS > Turbot > Event Handlers [Global]
- AWS > Turbot > Event Handlers [Global] > Events
- AWS > Turbot > Event Handlers [Global] > Events > Rules
- AWS > Turbot > Event Handlers [Global] > Events > Rules > Name Prefix
- AWS > Turbot > Event Handlers [Global] > Events > Rules > Tags
- AWS > Turbot > Event Handlers [Global] > Events > Target
- AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN
- AWS > Turbot > Event Handlers [Global] > Primary Region
- AWS > Turbot > Event Handlers [Global] > SNS
- AWS > Turbot > Event Handlers [Global] > SNS > Topic
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Customer Managed Key
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Name Prefix
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Tags
- AWS > Turbot > Event Handlers [Global] > Source
- AWS > Turbot > Event Handlers [Global] > Terraform Version
- AWS > Turbot > Service Roles > Event Handlers [Global]
- AWS > Turbot > Service Roles > Event Handlers [Global] > Name
What's new?
AWS/RDS/Admin
,AWS/RDS/Metadata
andAWS/RDS/Operator
now include permissions for Performance Insights.- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
What's new?
Added support for new multi-regions
NAM8
,NAM9
,NAM10
,NAM11
,NAM12
,NAM13
,NAM14
,NAM15
,NAM-EUR-ASIA1
,NAM-EUR-ASIA3
,IN
,EUR5
,EUR6
,EUROPE
andEMEA
in theGCP > Project > Regions
policy.Policy Types Removed:
- GCP > Project > Multi-Regions [Deprecated]
Bug fixes
- Fixed
github_search_repository
table queries failing when selecting thehas_downloads
,has_pages
,hooks
,network_count
,subscribers_count
, ortopics
columns. (#337)
All Pipes workspaces have now been upgraded to Steampipe v0.20.11.
For more information on this Steampipe release, see the release notes.
Bug fixes
- The
AWS > VPC > Security Group > CMDB
control would sometimes go into an error state if the TE version installed on the workspace was 5.42.1 or lower. This is fixed and the control will now work as expected.
What's new?
- Added: m7g instance types for Elasticache.
Bug fixes
- User group name for hive names with _ in it.
- Hive manager code to add access grant to public schema for postgres 15.
Requirements
- TEF: 1.52.0
What's new?
- Added support for new
europe-west10
region in theGCP > Project > Regions
policy. - Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
What's new?
- Added support for new
asia-northeast3
,asia-south2
,asia-southeast2
,australia-southeast2
,europe-central2
,europe-southwest1
,europe-west10
,europe-west12
,europe-west8
,europe-west9
,me-central1
,me-west1
,northamerica-northeast2
,southamerica-west1
,us-east5
,us-south1
,us-west3
andus-west4
regions in theGCP > Compute Engine > Regions
policy. - Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
Bug fixes
- The real-time Event Handlers would sometimes fail to upsert data disks attached to instances in Guardrails CMDB. This is now fixed.
Bug fixes
- Guardrails stack controls would fail to claim any existing Security Group if the Security Group was available in Guardrails CMDB and the stack's Source policy included the Terraform plan for the Security Group. This is fixed and stack control will now be able to claim existing Security Groups correctly. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.
- Guardrails stack controls would sometimes fail to update Security Groups and Security Group Rules if the Terraform plan in the stack's source policy included changes to attributes which force replaced the resource. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.
What's new?
- Policy Types:
- AWS > EC2 > Instance > Schedule Tag > Name
Bug fixes
- After starting/stopping an instance successfully, the
AWS > EC2 > Instance > Schedule
control would try and perform the same start/stop action again if the state of the instance was changed outside of the control within 1 hour of the successful start/stop run. This is fixed and the control will now not trigger a start/stop action again for a minimum of 1 hour of the previous successful run.
Bug fixes
- Fixed the
invalid memory address or nil pointer dereference
errors when querying Terraform configuration or plan or state files that includednull
valued arguments. (#56)
Bug fixes
- Fixed the plugin to return
nil
instead of anerror
when the file/path specified indockerfile_paths
ordocker_compose_file_paths
config arguments does not exist. (#38)
Bug fixes
- Added the missing
resource
column in the queries ofglue_data_catalog_encryption_settings_metadata_encryption_enabled
andglue_data_catalog_encryption_settings_password_encryption_enabled
controls. (#715)
What's new?
- Updated: Hive manager code to include access grant for public schema for postgres 15.
What's new?
- Server:
- Updated: Now supports creating multiple AKAs starting with arn, azure, and gcp via APIs.
- Updated: Add mod version check for workspace upgrade.
Bug fixes
- Server:
- Fixed: Ensure successful workspace creation on fresh PostgreSQL 15 installations.
- Fixed: The stack should claim the Security Group (SG) or Security Group Rule (SGR) if the resource already exists.
- Removed: vm2 node package.
What's new?
Resource Types:
- Azure > Network > Express Route Circuits
Control Types:
- Azure > Network > Express Route Circuits > Active
- Azure > Network > Express Route Circuits > Approved
- Azure > Network > Express Route Circuits > CMDB
- Azure > Network > Express Route Circuits > Discovery
- Azure > Network > Express Route Circuits > Tags
Policy Types:
- Azure > Network > Express Route Circuits > Active
- Azure > Network > Express Route Circuits > Active > Age
- Azure > Network > Express Route Circuits > Active > Last Modified
- Azure > Network > Express Route Circuits > Approved
- Azure > Network > Express Route Circuits > Approved > Custom
- Azure > Network > Express Route Circuits > Approved > Regions
- Azure > Network > Express Route Circuits > Approved > Usage
- Azure > Network > Express Route Circuits > CMDB
- Azure > Network > Express Route Circuits > Regions
- Azure > Network > Express Route Circuits > Tags
- Azure > Network > Express Route Circuits > Tags > Template
Action Types:
- Azure > Network > Express Route Circuits > Delete
- Azure > Network > Express Route Circuits > Router
- Azure > Network > Express Route Circuits > Set Tags
Enhancements
- Added the
resource_object
andobject
columns toguardrails_notification
andguardrails_resource
tables respectively. (#7)
Bug fixes
- Added the missing S3 go-getter examples in the
docs/index.md
file.
Bug fixes
- Fixed the data type of
capacity_reservation_specification
column ofaws_ec2_instance
table to be ofJSON
type instead ofSTRING
. (#1903)
Enhancements
- Added the
iam_workload_identity_restricted
control to theIAM
benchmark. (#38)
All new Pipes workspaces will be running Steampipe v0.20.11 and existing workspaces will be upgraded by Monday 18th September 2023.
For more information on this Steampipe release, see the release notes.
Deprecations
- Deprecated
domain
column innet_certificate
table, which has been replaced by theaddress
column. Please note that theaddress
column requires a port, e.g.,github.com:443
. This column will be removed in a future version. (#50)
What's new?
- Added
address
column to thenet_certificate
table to allow specifying a port with the domain name. (#50)
What's new?
Users can now delete Login Profiles for IAM Users.
Control Types:
- AWS > IAM > User > Login Profile
Policy Types:
- AWS > IAM > User > Login Profile
Action Types:
- AWS > IAM > User > Delete Login Profile
Bug fixes
- Updated the
bitbucket.spc
andindex.md
files to include details ofBITBUCKET_USERNAME
,BITBUCKET_PASSWORD
, andBITBUCKET_API_BASE_URL
environment variables. (#77)
What's new?
Resource Types:
- Azure > Network > Private DNS Zones
- Azure > Network > Private Endpoints
Control Types:
- Azure > Network > Private DNS Zones > Active
- Azure > Network > Private DNS Zones > Approved
- Azure > Network > Private DNS Zones > CMDB
- Azure > Network > Private DNS Zones > Discovery
- Azure > Network > Private DNS Zones > Tags
- Azure > Network > Private Endpoints > Active
- Azure > Network > Private Endpoints > Approved
- Azure > Network > Private Endpoints > CMDB
- Azure > Network > Private Endpoints > Discovery
- Azure > Network > Private Endpoints > Tags
Policy Types:
- Azure > Network > Private DNS Zones > Active
- Azure > Network > Private DNS Zones > Active > Age
- Azure > Network > Private DNS Zones > Active > Last Modified
- Azure > Network > Private DNS Zones > Approved
- Azure > Network > Private DNS Zones > Approved > Custom
- Azure > Network > Private DNS Zones > Approved > Usage
- Azure > Network > Private DNS Zones > CMDB
- Azure > Network > Private DNS Zones > Tags
- Azure > Network > Private DNS Zones > Tags > Template
- Azure > Network > Private Endpoints > Active
- Azure > Network > Private Endpoints > Active > Age
- Azure > Network > Private Endpoints > Active > Last Modified
- Azure > Network > Private Endpoints > Approved
- Azure > Network > Private Endpoints > Approved > Custom
- Azure > Network > Private Endpoints > Approved > Regions
- Azure > Network > Private Endpoints > Approved > Usage
- Azure > Network > Private Endpoints > CMDB
- Azure > Network > Private Endpoints > Regions
- Azure > Network > Private Endpoints > Tags
- Azure > Network > Private Endpoints > Tags > Template
Action Types:
- Azure > Network > Private DNS Zones > Delete
- Azure > Network > Private DNS Zones > Router
- Azure > Network > Private DNS Zones > Set Tags
- Azure > Network > Private Endpoints > Delete
- Azure > Network > Private Endpoints > Router
- Azure > Network > Private Endpoints > Set Tags
Bug fixes
- A few policy values would sometimes fail to evaluate correctly if the mod was installed on TE v5.42.1. We've fixed this issue and such policy values will now be evaluated correctly.
Bug fixes
- The
AWS > Turbot > Event Handlers
now support real-time events for AWS S3 Multi-Region Access Point.
What's new?
Resource Types:
- AWS > S3 > Multi-Region Access Point
Control Types:
- AWS > S3 > Multi-Region Access Point > Active
- AWS > S3 > Multi-Region Access Point > Approved
- AWS > S3 > Multi-Region Access Point > CMDB
- AWS > S3 > Multi-Region Access Point > Discovery
- AWS > S3 > Multi-Region Access Point > Usage
Policy Types:
- AWS > S3 > Multi-Region Access Point > Active
- AWS > S3 > Multi-Region Access Point > Active > Age
- AWS > S3 > Multi-Region Access Point > Active > Budget
- AWS > S3 > Multi-Region Access Point > Active > Last Modified
- AWS > S3 > Multi-Region Access Point > Approved
- AWS > S3 > Multi-Region Access Point > Approved > Budget
- AWS > S3 > Multi-Region Access Point > Approved > Custom
- AWS > S3 > Multi-Region Access Point > Approved > Usage
- AWS > S3 > Multi-Region Access Point > CMDB
- AWS > S3 > Multi-Region Access Point > Usage
- AWS > S3 > Multi-Region Access Point > Usage > Limit
- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-s3multiregionaccesspoint
Action Types:
- AWS > S3 > Multi-Region Access Point > Delete
- AWS > S3 > Multi-Region Access Point > Delete from AWS
- AWS > S3 > Multi-Region Access Point > Router
- AWS > S3 > Multi-Region Access Point > Skip alarm for Active control
- AWS > S3 > Multi-Region Access Point > Skip alarm for Active control [90 days]
- AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control
- AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control [90 days]
What's new?
AWS/S3/Admin
andAWS/S3/Metadata
now include permissions for Multi-Region Access Point Routes.
The Shopify plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The Sentry plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The LaunchDarkly plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
What's new?
- We've updated the runtime for lambda functions in the aws-efs mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
What's new?
We've updated the runtime for lambda functions in the aws-config mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Policy Types:
- AWS > Config > Configuration Recorder > Approved > Custom
- AWS > Config > Delivery Channel > Approved > Custom
- AWS > Config > Rule > Approved > Custom
Action Types
- AWS > Config > Configuration Recorder > Skip alarm for Active control
- AWS > Config > Configuration Recorder > Skip alarm for Active control [90 days]
- AWS > Config > Configuration Recorder > Skip alarm for Approved control
- AWS > Config > Configuration Recorder > Skip alarm for Approved control [90 days]
- AWS > Config > Delivery Channel > Skip alarm for Active control
- AWS > Config > Delivery Channel > Skip alarm for Active control [90 days]
- AWS > Config > Delivery Channel > Skip alarm for Approved control
- AWS > Config > Delivery Channel > Skip alarm for Approved control [90 days]
- AWS > Config > Rule > Skip alarm for Active control
- AWS > Config > Rule > Skip alarm for Active control [90 days]
- AWS > Config > Rule > Skip alarm for Approved control
- AWS > Config > Rule > Skip alarm for Approved control [90 days]
What's new?
- We've updated the runtime for lambda functions in the aws-cloudtrail mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
The WorkOS plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The UptimeRobot plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The New Relic plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The Turbot Guardrails plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The CohereAI plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
What's new?
Resource Types:
- AWS > Elastic Inference
Policy Types:
- AWS > Elastic Inference > API Enabled
- AWS > Elastic Inference > Approved Regions [Default]
- AWS > Elastic Inference > Enabled
- AWS > Elastic Inference > Permissions
- AWS > Elastic Inference > Permissions > Levels
- AWS > Elastic Inference > Permissions > Levels > Modifiers
- AWS > Elastic Inference > Permissions > Lockdown
- AWS > Elastic Inference > Permissions > Lockdown > API Boundary
- AWS > Elastic Inference > Regions
- AWS > Elastic Inference > Tags Template [Default]
- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-elasticinference
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-elasticinference
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-elasticinference
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-elasticinference
What's new?
- Server:
- Cloudwatch dashboard query for View AWS External Messages by AWS Account ID and Events to exclude restriction on AWS.
- Allow sending notifications for same state change.
- Replaced vm2 with eval for inline and trustedInline execution of policies, controls, and actions.
What's new?
GCP/OAuth/Admin
andGCP/OAuth/Metadata
now also includeoauthconfig:*
permissions. Click here for more details.
The Turbot Pipes plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The GoDaddy plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
The Docker Hub plugin is now available in all Pipes workspaces.
To get started, create a connection and add it to your workspace.
All Pipes workspaces have now been upgraded to Steampipe v0.20.10.
For more information on this Steampipe release, see the release notes.
All new Pipes workspaces will be running Steampipe v0.20.10 and existing workspaces will be upgraded by Monday 21st August 2023.
For more information on this Steampipe release, see the release notes.
What's new?
- Added: Parameter for restricting untrusted code upload to Turbot Guardrails.
- Removed: Alb Waf support.
What's new?
- Server:
- Added: worker, sqs queue, sns topic for factory.
- Updated: Allow upload of mod based on the value of TURBOT_CUSTOM_MOD_UPLOAD.
- Added: Environment variable for custom mod upload.
- Removed: Support for ALB WAF.
Bug fixes
- Server:
- Stack will not fail to delete and recreate resources.
Requirements
- TEF: 1.51.0
What's new?
- Added: Postgres version 11.19, 11.20, 12.14, 12.15, 13.10, 13.11, 14.8, 15.2 and 15.3.
What's new?
- UI
- Added: Inactive Users report.
Bug fixes
- Server:
- The actor information for attach and detach smart folder.
- Disable notification feature if Redis is not being used.
What's new?
- Added: Support for Factory worker.
- Updated: Descriptions and names to Turbot Guardrails Enterprise Foundation from Turbot Enterprise Foundation.
What's new?
- Updated: descriptions and names from Turbot Enterprise Database to Turbot Guardrails Enterprise Database.
What's new?
Server:
- Added: Added support for control/action update notifications.
- Added: Support for interface in control types.
- Added: Turbot Installation Type environment variable.
- Added: SES SendEmail permission to Worker Lambda Role.
- Added: Add notification index to improve performance of notifications.
- Updated: Improve policy value create/update with a more efficient database design.
- Updated: Description of TE stack from Turbot Enterprise to Turbot Guardrails Enterprise.
- Updated: @slack/web-api to 6.8.1. @wry/equality to 0.5.6. anymatch to 3.1.3. archiver to 5.3.1. body-parser to 1.20.2. chai to 4.3.7. chokidar to 3.5.3. classnames to 2.3.2. cli-progress to 3.12.0. copy-to-clipboard to 3.3.3. dataloader to 2.2.2. diff to 5.1.0. express to 4.18.2. generate-password to 1.7.0. graphql-2-json-schema to 0.10.0. http-status-codes to 2.2.0. lodash-match-pattern to 2.3.1. micromatch to 4.0.5. mockserver-client to 5.15.0. moment-timezone to 0.5.43. nconf to 0.12.0. nodemailer to 6.9.2. nunjucks to 3.2.4. passport to 0.6.0. pg to 8.10.0. performant-array-to-tree to 1.11.0. prismjs to 1.29.0. prompt to 1.3.0. prompts to 2.4.2. recursive-readdir to 2.2.3. redux to 4.2.1. resolve to 1.22.2. semver to 7.5.1. simple-git to 3.18.0. unzipper to 0.10.14. uri-js to 4.4.1. vm2 to 3.9.19 and other dev dependencies. Removed aws-appsync and aws-xray-sdk. ioredis to 5.3.1.
UI
- Updated: Updated new login logo and home page logo.
- Updated: Turbot directory should be created in guardrails.turbot.com.
- Updated: Turbot directory SSO login should be redirected to there respective guardrails domain.
Note
IAM change in this release:
- Updated worker lambda to include SES SendEmail permissions.
What's new?
- Rebrand to Turbot Guardrails CLI. We recommend using the new guardrails registries
guardrails.turbot.com
,guardrails.turbot-stg.com
orguardrails.turbot-dev.com
to publish a guardrails mod. To maintain compatibility, none of the existing commands have changed, your existing configuration and commands will continue to work as before.
v1.10.0 of the Terraform Provider for Guardrails is now available.
Documentation
Rebrand to Turbot Guardrails provider. Resource and data source names in this provider have not changed to maintain compatibility. Existing templates will continue to work as-is without need to change anything.
What's new?
- Fixed: Resource details are now correctly included when doing a csv download of the
Resources Deleted by Turbot
report.
Requires
Container Info
- Ubuntu:
22.04
,jammy-20230425
- Alpine:
3.17.3
What's new?
- Added: Tagging details now included in CSV download for GCP Compute Engine VM Instances, Azure Compute Virtual Machines, Azure Compute Disks and EBS Volumes report.
- Added: New filters for Turbot Files and Smart Folders in the resource browser.
- Updated: Editing a Turbot File via the UI no longer requires the resource AKA to be specified.
- Fixed: Resource deletion will no longer trigger an increase the count of active controls.
Requires
- TEF v1.49.0
Container Info
- Ubuntu:
22.04
,jammy-20230425
- Alpine:
3.17.3
What's new?
- Added: Quick actions are now available for users that only have permission at the account level.
- Fixed: The resource import page will now function correctly if the AWS mod is not installed.
- Fixed: Resource deletion will no longer trigger an increase the count of active controls.
Requires
- TEF v1.49.0
Container Info
- Ubuntu:
22.04
,jammy-20230425
- Alpine:
3.17.3
What's new?
- Added: Postgres version 14.6 and 14.7.
What's new?
- Added: Ability to specify AKA when creating Turbot File.
- Updated: Turbot explorer search will show results for Smart Folders and Turbot Files.
- Fixed: Terraform stack control should not end in error if the data size for command is too large.
- Fixed: Turbot actions will now be visible for users with grants at the cloud account level.
Enterprise
- Updated: Added debug statements for createGrant mutations.
Requires
- TEF v1.49.0
Container Info
- Ubuntu:
22.04
,jammy-20230425
- Alpine:
3.17.3
Enterprise
- Changed: Removed long debug statements from stack controls to improve performance of large stacks.
- Added: Additional logging information emmited while preparing stack container.
Requires
- TEF v1.49.0
Container Info
- Ubuntu:
22.04
,jammy-20230425
- Alpine:
3.17.3
What's new?
- Fixed: Smart retention controls are now a bit smarter.
Enterprise
- Updated: Resource policy of Events SQS queues now require encryption in transit.
- Updated: Resource policy of Events SNS topics now require encryption in transit.
Requires
- TEF v1.49.0
Container Info
- Ubuntu
22.04
,jammy-20230425
- Alpine:
3.18.0
What's new?
- Added: debug statement for Smart Retention control.
Requires
- TEF v1.49.0
Server
What's new?
- Added support for version
v5.10.0
of the Turbot IAM mod. - Fixed: Adding grants to group profile now works as expected.
Requires
- TEF v1.49.0
What's new?
- Added: New parameter that allows selection of the TLS policy for application load balancers.
What's new?
- Added: Parameter to manage KMS Key for RDS Performance Insights.
What's new?
- Updated: Accounts Summary Report now includes resource AKA(s) in the CSV output.
- Updated: The Turbot auth token cookie
SameSite
configuration tostrict
. - Updated: The policy setting page to now render HTML content as string.
Enterprise
- Added: Parameter for TLS Policy for ALB HTTPS Listener.
- Added: Rate limits to the login directories APIs.
Requires
- TEF v1.49.0
What's new?
- Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.
What's new?
- Added: AWS Lambda Functions report.
- Updated: Turbot will now use AWS Terraform provider version
3.75.0
whenTurbot > Stack Terraform Version [Default]
is set to0.15.*
Bug fixes
- Fixed: Timestamp display in the console now updates correctly for recently deleted mods.
- Fixed: When an
Action
fails due to cloud provider throttling, Turbot will now reschedule the control that triggered the action, those actions should now be more consistently applied under heavy loads.
Note AWS IAM permissions change in this release:
- Updated: Worker Lambda to include Elasticache permissions to support the
Turbot > Cache > Health Check
control. - Updated: Hive Manager no longer manages the authentication configuration for ElastiCache. This responsibility has shifted to Turbot Guardrails Enterprise Database.
What's new?
- Added: Parameter to modify Lambda trigger concurrency.
What's new?
- Control Types:
- Unused
Turbot > Type Installed > Background Tasks
is now removed
- Unused
Requirements
- TE: 5.35.4
What's new?
- Added: New parameter for attaching a custom security group to each ECS host.
- Added: New parameter for attaching a custom security group to the TE ALB. Requires TE >
v5.40.0
. - Added: Option added to enable IMDSv2 for ECS hosts.
- Added: New parameters to specify the size and type of EBS volumes attached to ECS Hosts.
- Added: New parameter to specify a port for outbound SMTP (if needed).
- Updated: The
db_pair
security group now includes Elasticache rules, when Elasticache is enabled.
Deprecation
- As a result of this change to the
db_pair
security group, the Elasticachecache_pair
security group is no longer required. It will be removed in a future release.
Bug fixes
- Fixed: Improved handling of HTTP "Too Many Requests" (429) errors.
Enterprise
- Updated: TE Management Lambdas, and ECS Containers will be deployed with the NodeJS 16.x runtime. This change is independent of Mod Lambda runtime versions.
- Added: If specified in TEF, a custom security group may be assigned to the TE ALB.
Requires
- TEF v1.47.0
What's new?
- Added: Parameter to modify Lambda trigger concurrency
Enterprise
- Added: Parameter for Lambda trigger concurrency.
Requires TEF: v1.46.0 TED: v1.9.1
What's new?
- Added: SSM parameter for events DLQ and worker retry reserved concurrency.
Bug fixes
- Fixed: Issue that could prevent indexes from being recreated after being dropped.
- Fixed: Issue with safeGet() function that could prevent reports from rendering in the UI.
- Fixed: Ansible task and service now created correctly created for Ansible
version
2.10.7
.
Enterprise
- Added: Support for trigger concurrency in worker and events lamda functions.
Requires TEF: v1.45.0 TED: v1.9.1
What's new?
- New: Turbot's autoscale group configuration has switched from
launch templates
tolaunch configurations
. - Added: Parameter to select Lambda function runtime version.
- Added: Encryption in transit policy for SNS topics and SQS queues.
- Updated: Changed EBS volume storage type to
gp3
.
What's new?
- Fixed: Activity page should display
alternatePersona
in the actor field if available.
Bug fixes
- Fixed: AWS EC2 Instance report now runs more reliably.
- Updated: Improved the performance of the Activity page.
Enterprise
- Added: Encryption in transit policy for SNS topics and SQS queues in the Turbot Master account.
- Updated: Removed the deleted control historical records from control_usage table.
- Updated:
vm2
package to 3.9.11 in the ECS containers.
What's new?
- Added: Support to import Azure China Cloud subscriptions.
- Added: Support for Azure China Cloud endpoints.
Bug fixes
- Updated: Increased reliability of policy value application when attaching a smartfolder.
Enterprise
- Updated: Removed Xray configuration from Postgres pool, as it was not being used.
- Updated: vm2 in main package.json updated to 3.9.11.
- Updated: Maintenance container base image to node:14-alpine3.17.
Requires TEF: v1.42.1 TED: v1.9.1
What's new?
- Added: Support for Postgres versions: 13.8, 14.1, 14.2, 14.3, 14.4, 14.5.
- Added: Support for Redis 7.0.
- Added: Support for RDS gp3 disk types.
Bug fixes
- Add role as a valid level to generate temporary credentials for roles.
Bug fixes
- Updated: Query for resource notifications to improve performance when using
the
Activity
sub-tab on the resource page. - Updated: Improved logic used to determine when to run maintenance control for stale policy values.
- Updated: Mod install controlls will now use the standard worker queue instead of worker_priority queue to allow other actions to take priority during mod installs.
Enterprise
- Updated: Updated Ubuntu vm2 package to version 3.9.11. to resolve CVE-2022-36067.
- Updated: Message retetion period of events priority queue changed to 96 hours.
Requires TEF: v1.42.1 TED: v1.9.1
What's new?
- Added: support for TLS 1.2 for API Gateway
Bug fixes
- Added: Btree aka index for akas_history and akas table. The Activity Tab should show improved performance.
Requires TEF: v1.42.1 TED: v1.9.1
Bug fixes
- Fixed: Downloading the csv for EC2 > Instance > Report should not fail.
Enterprise
- Added: ability to run async/callback in control's
inline
. - Added: Ability to move control to priority queue.
- Updated: mute noisy log if unable to get process log data from S3.
Requires TEF: v1.42.1 TED: v1.9.1
What's new?
- Added: Postgres version 13.7 to RDS engine parameter.
- Added: Tags to elasticache resources.
Bug fixes
- Updated: Local Profiles and Group Profiles filter now use free text search instead of akas matches.
- Updated: Installing a mod using the CLI now runs faster, reducing the likelyhood of a timeout.
- Fixed: Quick actions menu will no longer show actions from child resources.
Enterprise
- Added: Support for workspace URL in Turbot > Workspace > Workspace URL policy.
Requires TEF: v1.42.1 TED: v1.9.1
What's new?
- Added: SSM parameter for Process Log Fallback Bucket.
Bug fixes
- Fixed: Resolved issue where EC2 instance report would fail to run.
- Fixed: Permissions summary report now works for users without permissions at the root level.
Enterprise
- Added: allow an alternative process log bucket to be provided to read from an older bucket.
- Updated: Ansible container base image to Ubuntu 22.10 (Kinetic Kudu)
- Updated: Ansible version to 2.10.7
- Updated: Docker base images of API and Factory to ubuntu 22.
Requires TEF: v1.42.1 TED: v1.9.1
Bug fixes
- Fixed: Apollo UI behaves properly when setting backoff interval of an action.
- Fixed: Actor display information will now fallback to
unidentified
if persona and identity are not available. - Updated: UI will now use the actor information of the process (if supplied) for Policy Setting CRUD operations.
- Updated: Action runs now carry the identity of its launcher. This changes the
way notifications are presented. Previously notifications from an action
showed as
Unidentified
, now they will carry the identity of the launcher, most of the time this will be the Turbot identity unless the action is launched by a user from Turbot UI.
Enterprise
- Updated: Linux Environment control to support version 3 of SELinux Python bindings
Enterprise
- Updated: Improved Ansible container error handling
UI
- Added: Mutation resolver for quick action and steampipe query in the developer tab.
- Added: Add support to execute quick action via URL.
Enterprise
- Fixed: Control type should only trigger the control if there is a change in graphql/inline/function.
What's new?
- New Feature: Quick Actions
- Updated: graphiql to 1.4.5
Quick Actions Quick Actions is a new feature that allows Turbot users to initaite specific (one time) control enforcements on their cloud environment via the Turbot UI. Cloud operations teams can use Quick Actions to remediate cloud configuration issues (e.g. enable encryption on a resource) or snooze Turbot alarms for issues that we want to come back to later. More details in the documentation. Quick actions will be rolling out across all supported cloud services in the coming months (based on your feedback); this initial release covers resources in the following AWS mods:
- cloudtrail
- ec2
- kms
- lambda
- rds
- s3
- sns
- sqs
- vpc
Disabling the Quick Actions feature
Quick Actions use the permissions granted to the Turbot service user or cross-account role used to import your cloud service account into Turbot. Execution of quick actions will fail if the underlying role prevents those actions from occuring.
The Quick Actions feature is disabled by default, but can easily be enabled via the
Turbot > Quick Actions > Enabled
policy. If you would like to prevent lower level Turbot administrators from enabling Quick Actions for their cloud service accounts, then make sure you setTurbot > Quick Actions > Enabled
toDisabled
at the Turbot level using theRequired
option.The policy
Turbot > Quick Actions > Permission Levels
offers fine-grained control over which Turbot permission levels are required to execute specific quick actions. These permission limits can be set globally and specific exceptions can be managed down to the individual cloud service account level.
Enterprise
- Split package dependencies between Server and UI so they can use independent versions of GraphQL.
Bug fixes
- CLI failed to download latest mod versions automatically for mods with version < 5.0.0.
turbot completion
command was displayed twice on runningturbot help
.
Bug fixes
- CLI failed to install dependencies for a mod with more than 26 dependencies.
What's new?
- Added: new IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
- Added: parameter for Worker Priority and Events Tick Lambda Reserved Concurrency.
- Added: EC2 ECS host recycling using parameter.
Bug fixes
- Fixed: ECS Rolling update.
- Fixed: Condition of Foundation Key to prevent its creation if TEFKmsKey parameter value is specified.
There are IAM changes in this release:
- New IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
- New IAM roles for ECS Rolling Update.
What's new?
- Updated: GovCloud certificate to rds-ca-rsa4096-g1.
What's new?
- Added: Parameter to limit the URL where the API Gateway Lambda can forward to. This should be a regular expression of valid workspace URLs.
- Updated:
TEF KMS Key
parameter name changed toTEF KMS Key Arn
. - Updated: Enforce HTTPS access for S3 buckets created by TEF.
What's new?
- Updated: Enforce HTTPS access for S3 buckets created by TED.
- Added: Postgres versions 11.12, 11.13, 11.14, 11.15, 12.7, 12.8, 12.9, 12.10, 13.3, 13.4, 13.5 and 13.6.
What's new?
- Added: Parameter for Alb WAF option. (Default is disabled)
- Added: Parameter for Mods Cleanup.
What's new?
- Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.
1.30.0 [2022-03-01]
What's new?
- Updated: Elasticache now uses the
db_pair
security group from TEF 1.47.0. - Fixed: The Cloudformation Hive custom resource used to depend on Elasticache when it shouldn't have in environments without Elasticache deployed.
Deprecation
- As a result of this change to the
db_pair
security group, the Elasticachecache_pair
security group is no longer required. It will be removed in a future release.
Requirements
- TEF v1.47.0
What's new?
- Added: Parameters for Api and Events Container Scaling metrics, and threshold values for CPU Utilization.
- Added: Parameter to allow import of Foundation KMS Key.
- Updated: Set DeletionPolicy of FoundationKey to Retain.
What's new?
- Added: Parameters for ECS Factory Task hard limit and soft limit on memory.
Warning
- There are IAM changes in this release.
What's new?
- Updated: Condition for HiveManagerExecutionRole.
- Updated: TurbotParameters and TurbotSnsSqsPolicyParameterLambda to include variables for Proxy setting.
- Removed: MskManagerExecutionRole role from custom iam role template.
What's new?
- Added: Postgres version 13.5 to RDS engine parameter.
- Fixed: Replication group setting to enable Data Tiering for r6gd node type.
What's new?
- Added: Postgres version 12.11 and 12.12.
- Updated: PerformanceInsights description.
- Updated: Default storage type to
gp3
. More info on using gp3 - Updated: Hive custom resource depends on to include Elasticache cluster and parameter group and add ParameterDeploymentTrigger.
What's new?
- Added: r6gd node type option for Elasticache.
What's new?
- Updated: Backup Service Role to include kms Grant permissions for CopyDBSnapshot operation.
What's new?
- Updated: Backup Service Role to include kms permissions.
What's new?
- Added: VPC Endpoint for s3 to reduce NAT Gateway cost.
- Updated: API and Events container scaling by replacing hardcoded values with parameters.
- Updated: Outbound, Api and Database security groups so that they are created for Predefined VPC if custom security groups are not mentioned.
- Updated: default value of LogRetentionDays parameter changed to 180.
What's new?
- Added: Postgres version 13.3, 13.4 to RDS engine parameter.
- Fixed: Cloudwatch alarms to use correct db identifier when hive name has _ in it.
- Updated: Default database system backup to 7 days.
- Updated: AWS Backup Service role to allow copying of RDS snapshots.
- Updated: Cloudwatch alarms for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage for multi-node architectures.
- Updated: Dashboard to move read-replica stats to right axis and that of primary to the left.
- Updated: Dashboard to add Total IOPS metrics.
Warning
- There are IAM changes in this release for the
turbot_policy_parameter
.
Bug fixes
- TE Build ID was misconfigured causing TEF to build unsuccessfully, this has now been corrected and TEF builds as expected.
What's new?
- Minimum DB size is now 50GB, default size is 200GB.
Requirements
- TEF v1.31.2
Warning
- There are IAM changes in this release for the
turbot_policy_parameter
.
What's new?
- Turbot Security Group is added and includes rules for Ansible and LDAP. The security group is intended for additional rules to be added under feature flags. Note: the existing LDAP and Ansible security groups will remain for older TE versions.
- Dashboard for ECS Cluster metrics is now added.
- Autoscaling parameters were added for the Events Service.
- ElastiCache Security Groups and Subnet Groups are now added to the overrides template.
- TEF Workspace Manager now prevents users from changing the workspace name.
- OSGuardrail parameter location from Advanced - OS Guardrails to Advanced - Deployment Group.
turbot_parameters
andturbot_policy_parameter
lambda functions now include VPC config.turbot_policy_parameter
IAM Role now includes EC2 network interfaces policy.- Improved input validation to not allow blank values.
What's new?
- CloudWatch Alarms and Dashboards are added for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage.
- ElastiCache Instance Type can now be specified in the template.
- Read replica parameter default is now set to false.
Requirements
- TEF v1.31.2
What's new?
- DB parameter group support for 11.10, 11.11, 12.6 and 13.2.
- Postgres version 13.2 is now the default selection.
Requirements
- TEF v1.31.2
What's new?
- Shared_buffers parameter added for DB parameter group.
- Postgres version 13.1 is now the default selection.
- Postgres wal_keep_size default size is now 2048 (RDS Postgres default).
- Turbot database default size is now 250GB.
- Storage autoscale threshold default is now 1TB. For new TED installations only!
Requirements
- TEF v1.31.2
Bug fixes
- Invalid module reference fixed - this was causing
turbot template build
to fail.
Bug fixes
template build
was loading the lock-file from the base branch to determine the current template version. When using a work-in-progress (wip) branch, this could lead to identifying an incorrect current version, leading to rebasing errors. Fix by loading the lock file from the wip branch.
What's new?
- S3 bucket lifecycle rule added to the mods processing log bucket.
- Optional AWS Security Group added to be used for connecting to LDAP server.
- S3 inventory reports will no longer generate in the TEF Process Logs bucket.
- Updated process log bucket lifecycle configurations to remove /debug/ rules.
- Runtime has been updated to Node 14 for all Turbot Core deployed Lambda functions.
What's new?
- Postgres version 13.1. For new TED installations only!
- ElastiCache replication groups now support multi nodes.cluster mode.
Bug fixes
- Hive Log Bucket lifecycle configurations now delete all objects.
Requirements
- TEF v1.31.2
Bug fixes
- Dependency issue with the HiveKey.
Requirements
- TEF v1.31.2
What's new?
- OSGuardrails feature flag, adding security groups and SSM parameters as required.
- HealthCheckProxyLambda runtime updated from 2.7 to 3.8.
What's new?
- Postgres version 12.5. For new TED installations only!
- Parameter Group support for both 11.x and 12.x.
Bug fixes
- Cache cluster parameter passed to Hive Manager should also convert underscore to hyphen.
- Allow default encryption for ElastiCache for use in GovCloud (which does not support CMK).
Requirements
- TEF v1.31.2
Bug fixes
- Fixed CLI packaging error required for proper v1.28.0 installation.
Bug fixes
turbot template build
now cleans up branches after a rebase failure.
Warning
- IAM permissions updated in v1.31.0.
Bug fixes
- Fix and republish a corrupt portfolio build artifact.
Bug fixes
- AWS Backup Vault name format issue.
Requirements
- TEF v1.31.2
Warning
- IAM permissions updated in v1.31.0.
Bug fixes
- Hive Manager should convert underscore to hyphen when creating Redis group (from TE).
Warning
- IAM permissions updated in v1.31.0.
Bug fixes
- Hive Manager should convert underscore to hyphen when creating Redis user (from TE).
Bug fixes
- ElastiCache Redis cluster name should convert underscores to hyphens.
Requirements
- TEF v1.31.2
Warning
- IAM permissions updated.
What's new?
- ElastiCache Redis is now enabled by default.
- Parameters - Mod Lambda function limits.
- Parameters - Worker Lambda configuration, allowing reuse across TE versions.
- CloudWatch Alarms for SQS ApproximateAgeOfOldestMessage.
What's new?
- ElastiCache Redis is now enabled by default.
Bug fixes
- Postgres 11.9 is now available for the read replica as well.
- ElastiCache Redis cluster should be created with the hive name rather than just resource name prefix.
- AWS Backup Vault deletion policy is now set to retain.
Requirements
- TEF v1.31.2
What's new?
turbot template build --rebase
command now cleans up the work in progress branch if the template render fails.
Bug fixes
turbot template build --rebase
command was failing to re-apply manual changes.turbot template build --fleet-mode
would stop building all branches if a single one failed.
Bug fixes
- Fixed: Code of s3BucketArnLambda to fix s3 permission.
What's new?
- Hive Manager and Workspace Manager runtime updated to node 12.
Bug fixes
- Install Hive Manager in all regions, not just the Alpha region.
What's new?
- Added latest RDS DB instance types.
- Experimental ElastiCache: Configure use of Redis 6.x Access Control Lists.
- Experimental ElastiCache: Also install Hive Manager in the replica region, for Redis management.
Requirements
- TEF v1.30.0
Warning
- IAM permissions updated.
What's new?
- New
turbot_transient
KMS key specifically used for encryption of transient data (e.g. SNS, SQS). - Tightened IAM access policies to Turbot's own S3 buckets.
- Hive Manager is now permitted IAM access to manage ElastiCache.
- Added ListBucket permission to WorkspaceManager role so head object calls will return 404 instead of 403.
Bug fixes
- Event Proxy Lambda must be installed in the subnet where Load Balancers are installed (by TE).
What's new?
turbot compose
(used by all CLI commands that compose mods) now omits thereleaseNotes
field fromturbot.head.json
. It is still included inturbot.dist.json
.turbot template
has a new--unchanged-issue <issue_id>
argument. When a template build operation commits changes to git, if no files have actually changed then the commit message will use this issue instead of the normal--issue <issue_id>
field. The commit message will also specify "no changes".
What's new?
turbot publish
has a new--timeout <secs>
argument to customize the publish timeout. The default has been increased to 2 minutes.- Use
turbot template build --issue 1234 --close-issue
will set the commit message to close the issue.
Bug fixes
turbot test
should not fail with the the errorTypeError: tmod.parse is not a function
.
Warning
- IAM permissions updated.
What's new?
- Further refined our IAM permissions for S3 bucket access, with a focus on removing more wildcards. It was already good, but now it's better.
Bug fixes
- Made the ElastiCache network infrastructure optional through
Development Mode
. It was harmless, but not necessary unless ElastiCache is enabled in TED. - Moved policy parameter role into the IAM stacks, where it belongs.
Bug fixes
- Databases should never automatically upgrade their minor or major versions. Doing so takes the database out of sync with the CloudFormation stack, leading to upgrade rollbacks. We've deliberately removed these options and set the auto-update to false.
Requirements
- TEF v1.25.0
Bug fixes
turbot template build --patch --push-instance-root
command failed to push changes to the wip branch.
What's new?
- Changes to the Turbot audit trail log group in v1.14.0 forced a name change, which is difficult for customers with integrations. This version removes that requirement, so existing installs keep their original log group name.
Bug fixes
- Required TEF version dropped back down to TEF v1.25.0. v1.27.0 is only required if you are setting up the experimental ElastiCache features.
Requirements
- TEF v1.25.0
What's new?
- Reclaimed the
ECSDesiredInstanceCount
parameter, which now defaults to usingECSMinInstanceCount
instead. This frees up a precious parameter slot for other options. - Added the
DevelopmentMode
parameter for internal use, which groups options like using the latest container image (instead of cached). - For environments with ElastiCache enabled in TED, cache subnet group and security groups have been added.
What's new?
- The deletion policy for the DB Parameter Group is now set to Retain.
- New installations will now add the stack ID to the audit trail log group, making it easier to re-install TED multiple times in testing / setup.
- New
ExperimentalFeatures
flag, allowing gradual introduction of new capabilities. The first one is installation of ElastiCache preparing for future use in TE.
Requirements
- TEF v1.27.0
Bug fixes
turbot pack
andturbot publish
were failing to run pre-pack script when--dir
arg is used.
Bug fixes
turbot inspect
should give a clear error message for invalid templates.
Bug fixes
turbot inspect --format changelog
should properly escape CSV fields with commas.
Bug fixes
- Error handling in workspace pre-install checker.
Bug fixes
- Error handling in workspace pre-install checker.
Bug fixes
- ECS Agent should attempt to use the locally cached image, which dramatically reduces disk IO and download bandwidth.
- Upgrade via CloudFormation had a race condition in our custom resource Lambda functions that could be triggered when doing a large number of upgrades or rollbacks in parallel.
Bug fixes
- When a custom outbound access security group is specified in the TEF template do not create the {prefix}_outbound_internet_security_group or the {prefix}_{version}_outbound_internet_security_group.
What's new?
- Ability to restrict SNS topic and SQS queue access based on Organization Id.
- Added: support to restrict access to SNS topic and SQS queue based on the Organization Id.
Requirements
- TEF v1.25.0
What's new?
- Added: Encryption to SNS Topic for Dashboard.
- Updated: TED Stack - changed R/W IOPS metrics from line to stacked area, changed Transaction ID Wraparound Monitor threshold to 2 billion.
- Fixed: Description and Typo (Duraction to Duration, Actiond to Action).
Requirements
- TEF v1.22.1
What's new?
turbot install
- checks if a compatible version of each dependency is already installed. If so, it is does not install from the registry unless there is a newer version available.turbot template build --rebase
rebuilds templates while using rebase to better merge and preserve custom changes to the rendered files since the last build.
What's new?
- Show a progress bar during long running operations.
Warning
- IAM permissions updated.
Bug fixes
- The (optional) API Gateway to proxy external events to the internal Turbot load balancer was returning error codes (5xx) all queries even though it worked successfully. This could lead to retries of the message (which were not processed due to our duplicate detection). Errors in both the event handler and the health check have been cleared.
What's new?
- Improved error messages for failed queries like authentication, network connectivity, etc.
- Update credentials precedence to prioritise specific credentials (key, secretKey and workspace) over profile.
Bug fixes
turbot configure
fails when no command line credentials arguments are given but they set in environmentturbot workspace list
should ignoreTURBOT_PROFILE
env var and only filter profiles if one is given in command line.turbot download
should fall back to use the production registry if the user is not logged in.
Bug fixes
- Exceptions from the pre-pack script in
turbot pack
were not caught and reported correctly.
What's new?
- Improved error messages for
turbot pack
,turbot up
andturbot publish
for faster troubleshooting.
Bug fixes
turbot graphql
queries forcontrol
,policy-value
, etc were not properly handling the--resource-id
and--resource-aka
arguments.
Bug fixes
turbot configure
was failing for some Windows users when used in interactive mode.
What's new?
- Updated Workspace Manager permissions for SSM policy lookups and reading S3 data for access to the TE workspace manager Lambda results.
Bug fixes
turbot configure
was always failing validation when using interactive mode to enter credentials.
Bug fixes
turbot install [mod]
was not working. You can now install specific mods as expected.
What's new?
- Use
turbot install [mod[@version]]
to install a specific mod as a local dependency. - Credentials passed to
turbot workspace configure
are now validated before saving, so you can be confident they are good to go.
What's new?
- Use
turbot workspace list
to see a list of your currently configured workspaces. turbot workspace configure
added, with the same behavior asturbot configure
.
Bug fixes
turbot test
was failing for some GCP controls due to an update in the GCP auth library package. This has been fixed.
See v1.18.1
Bug fixes
- As part of preparing for connection pooling, the hive manager included steps to initialize multiple database roles. These are not yet in use so have been removed.
What's new?
- As part of preparing for connection pooling, the hive manager included steps to initialize multiple database roles. These are not yet in use so have been removed.
Requirements
- TEF v1.22.1
What's new?
- The default browser facing security group (used by the load balancer) is now open on port 80, so HTTP traffic can be automatically redirected to HTTPS at the load balancer level.
- Expanded EC2 instance type options, and changed the default to
t3.medium
. - Changed the default maximum limit for ECS hosts from 64 to a more sensible, but still generous, 8.
- Further restricted permissions to EC2 hosts, limiting the accessible resources as much as possible.
What's new?
- Introducing a new parameter model in TEF, allowing parameter "overrides" to be optionally set in SSM. Turbot creates default parameters, but will automatically detect any overrides you create during the stack run. This allows us to expand beyond the 60 parameter limit of CloudFormation.
- Each Turbot version installs minimal IAM policies and roles specific to its requirements. Some customers prefer more control over IAM management, so we now support BYO-IAM with parameters for all IAM entities required in the Turbot primary account.
- Added parameters to optionally set the
ALB Log Prefix
andALB Idle Timeout
. - TEF will now perform a rolling update of the EC2 hosts if required due to launch configuration changes, ensuring no downtime during upgrades.
- Allow preinstall check Lambda function to use VPC from non-VPC setting.
What's new?
- Parameter groups created in GovCloud do not support newer parameters, unless a new parameter group is created (Note: AWS Commerical accounts were not affected by this). This blocks some existing customers from upgrading their TED stack. Because parameter group changes require a reboot (downtime), and most customers do not require this change, we've made it an optional parameter in the stack to force the change as required.
- Default storage allocation for new installs is now 1TB (up from 100GB).
Requirements
- TEF v1.19.1
What's new?
- Added
169.254.170.2
to the defaultNO_PROXY
parameter. This is required for stack containers to execute in some proxy environments.
Bug fixes
turbot install
was attempting to install the latest version, which would fail if that version was not available or recommended. It will now install the latest recommended version, or if none are recommended, the latest available version.
Bug fixes
- Network Interface permissions added in v1.19.0 are low risk, but have been tightened further to only be granted in environments running Lambda inside the VPC.
Bug fixes
- v1.9.0 introduced a mix of names between
preinstall
andpreinstallation
which felt messy. This patch release brought to you by our clean up crew.
Requirements
- TEF v1.19.1
What's new?
- TED and TE are being enhanced to automatically check that their required versions of TEF and TED are installed. The Lambda function they use for that check (custom resource during the CloudFormation stack run) is deployed in TEF, and added in this release.
- Turbot Guardrails Enterprise uses a lot of Lambda functions to execute mod code. For organizations who prefer more visibility into network traffic, we're adding support to run these functions inside the VPC. This version of TEF expands the IAM permissions granted to Lambda functions with the minimum required to attach Network Interface cards.
What's new?
- TED now automatically checks the required TEF version is installed. If not, the TED stack will automatically rollback allowing you to upgrade TEF first.
Requirements
- TEF v1.19.1
What's new?
Flags
parameter now has validation rules and defaults toNONE
(CloudFormation does not like empty string defaults for SSM parameters).
What's new?
Flags
parameter will allow features to be enabled or disabled at the installation level giving us more flexibility to innovate and gradually deploy features.
Warning
- The default for
TrackFunctions
in v1.7.0 waspl
. Consider changing this tonone
(the new, more common, default in v1.8.0) if you don't require that tracking.
What's new?
- Process log data collected by Turbot is being moved into TED level management. This better aligns with our model of data separation and encryption. This version adds S3 buckets with encryption and lifecycle rules to start accepting that (and other future) data.
- If the master password is an empty string then Turbot will reset it automatically when required. The default was previously blank, requiring the parameter to be set (even if to empty string). This was difficult to understand and implement for those automating TED configuration. We now default to the empty string.
- Added new DB instance size option of
m5.8xlarge
.
Bug fixes
- Resource names related to metric collection, alarms and dashboards have been updated to use the ResourceName prefix. This aligns them with all other TED resources and makes it easier to track or target them with local rules.
What's new?
- Moved to ECS optimized Amazon Linux 2 as our host OS for containers. (Previously we used ECS optimized Amazon Linux 1.)
- Expanded proxy server support, particularly through the ECS bootstrap sequence.
We now support HTTP and HTTPS requests being routed to a
http://
proxy for all traffic - no need for endpoints or similar in any case. (We do not yet support custom certificates andhttps://
proxies.) - TEF now publishes an SSM parameter with the currently installed version, which will be used in the future to check version compatibility during TED and TE upgrades.
Bug fixes
- The build of v1.17.1 was not properly published, leading to confusion and mixed installs. This release is identical, but properly distributed.
Bug fixes
- Remove the explicit default value for
force-recommended
as this causes issues when using the yargsconflicts
parameter.
What's new?
- Mod authors often want to set their new version as
RECOMMENDED
in the registry, telling users it's the best choice. Useturbot publish --force-recommended
andturbot modify --force-recommended
to mark this version asRECOMMENDED
and set all currently recommended versions toAVAILABLE
.
Bug fixes
turbot test
was showing incorrect test data validation errors, due to a graphql schema change that had not been handled by the CLI.
What's new?
Allow Self-Signed Certificate
parameter, instructing Turbot to ignore certificate errors when connecting to external services - for example - enterprise environments with an outbound internet proxy.- S3 bucket inventory has been enabled, setting us up for future batch operations on collections of log files.
- Updated lifecycle rules to clean deleted versions of debug logs and match changes to the prefix of log files.
What's new?
- Added a "connectivity test" lambda function, making it easier to verify that
an environment has the necessary network setup. Run
${ResourceNamePrefix}_connectivity_checker
manually to test. - Improved descriptions for the Installation Domain and Turbot Certificate ARN parameters.
What's new?
turbot inspect
now enforces valid semantic versions in mod version numbers. We admire your creativity, but encourage you to express it elsewhere.
Bug fixes
- Fixed
turbot up --zip
, which broke during a dependency update.
What's new?
- Turbot License Key has been added as a (currently optional) parameter.
Bug fixes
turbot login
was failing if the~/.config
folder did not exist.turbot template build
was always expecting awip-*
instance branch to exist. It's now correctly limited to runs where--use-instance-root-branch
is passed.
What's new?
- Proxy support via the
HTTPS_PROXY
environment variable. Login, install mods and publish to our registry all via your favorite proxy. (Provided it's ahttp://
proxy, we don't supporthttps://
yet.)
What's new?
- Updates Hive Manager, which includes the ability to convert ownership of database schemas. This is part of a longer term effort to move database ownership to specific turbot roles, reducing our use of the master account.
What's new?
- Parameters to set
rds.force_admin_logging_level
andtrack_functions
, - Add CloudWatch alarms for DB connections, CPU utilization and free storage alerts.
- Added t2.medium and t2.large instance class options, useful in test or dev environments.
What's new?
- Manage published mods in the registry from the CLI, including their status and
description. For example
turbot registry modify --mod "@turbot/aws" --mod-version "5.0.0" --status RECOMMENDED --description "updated description"
. - Usually a newly published version should be the recommended one. So now you
can do that automatically during
turbot publish
using the--status RECOMMENDED
flag. turbot template build
now supports instance root branch names with a random suffix, following the naming convention:wip/<instance root name>/*
. We've found scheme much more effective at scale.- We now automatically include
RELEASE_NOTES.md
as well asCHANGELOG.md
when building a mod. Release notes are intended for users while a changelog is intended for developers or others obsessed over details. turbot test
validates input query, but only works for a single query (not for the more advanced array of queries syntax). Previously the test would always fail for an array of queries, so we're now skipping the test in these cases until it can be fully supported.
Bug fixes
turbot publish --dir <mod folder>
did not work if run outside the mod folder - the function zips were not correctly created.
What's new?_
- Registry login using
turbot login
(and similar) now requires both--username
and--password
or neither. They just can't live without each other.
Bug fixes
turbot template build --patch
command was failing without running the git command.
Bug fixes
- EC2 instances used for ECS should have AssociatePublicIpAddress set to false. This is a defence improvement since our EC2 instances are run in a private VPC so were not publically accessible anyway.
What's new?
- Cleanup IAM roles to use
_
consistently in names (instead of mixing_
and-
together).
What's new?
- Some organizations need to use a self-signed certificate for their ALB. This would
fail a certificate check when also using our API Gateway proxy. Use the
Self Signed Certificate In ALB
parameter to ignore these certificate errors.
Bug fixes
- The IAM role used for ECS EC2 instances is now named consistently with our other IAM roles.
Warning
- Existing TEF installations must install v1.9.0 before upgrading to v1.10.0. This sequence will automatically preserve and transition parameter settings for S3 bucket names as we move from fixed names to randomized names by default for new installations.
What's new?
- Log and process buckets now use a partly random name by default, making new installations smoother and easier to troubleshoot.
What's new?
- Optionally use a random name for log and process log buckets, making repeated install and uninstall easier.
- Log buckets will now be retained on deletion of the TEF stack.
Bug fixes
- The SNS topic name for CPU alarms was not consistent with our other resources. Now it is.
What's new?
- Setup an S3 bucket to store process logs, including lifecycle rules to cleanup debug logs.
What's new?
- Alarm levels defined in the dashboard for CPU utilization and free storage, making problem levels clearer.
- Dashboard charts are now zero based, as any statistician will tell you they should be.
- SNS topic publishing CPU alarms, making it easy to subscribe for alerts.
What's new?
- In
turbot compose
the+schema
directive can now map from openApi format schema to valid JSON schema.
Bug fixes
turbot template build
fleet operations were failing due to an error displaying the summary. This has been fixed.
What's new?
- Turbot Hive Manager lambda now has permission to create encrypted SSM parameters, required by TED v1.5.0.
Warning
- Requires TEF v1.7.0 or later.
What's new?
- Parameter to set the maintenance window.
- Parameter to set a Customer Managed Key for encryption.
- Parameter to set the turbot master password. If blank, the master password is automatically reset.
Bug fixes
- Auto scaling of storage for the read replicas outside the primary region.
What's new?
- Use
turbot test
to check GraphQL mutations (e.g.updatePolicySetting
) are called as expected from controls. turbot compose
no longer errors when a glob matches no source files.
Warning
Security access from the load balancer to ECS has changed from requiring port 8443 to requiring the full high port range of 32768-65535. This allows us to run ECS in bridge mode and efficiently reuse IP addresses across Turbot core containers.
The outbound security group now allows port 80 outbound by default. This makes cloud-init in the ECS optimized image run much faster than only providing port 443 outbound.
If you are upgrading from a previous TEF version, you will need to make the modifications listed below:
Add ports 32768-65535 to the
Load Balancer Security Group
OUTBOUND to theAPI Security Group
Add ports 32768-65535 to the
API Security Group
INBOUND from theLoad Balancer Security Group
Add port 80 to the
Outbound Internet Security Group
OUTBOUND to0.0.0.0/0
What's new?
- Use ECS on EC2 (instead of Fargate) to accelerate container startup time (particularly for stacks), increase cost efficiency at scale, and prepare for wider container use at the core level.
What's new?
- Workspace manager creation of turbot.com directories updated to use a server name (instead of a phase).
What's new?
- Use
turbot test
to check GraphQL mutations (e.g.updatePolicySetting
) are called as expected from controls. turbot compose
no longer errors when a glob matches no source files.
What's new?
- A new directive,
+schema
has been added forturbot compose
. This allows you to include a specific item from a schema file, including all definitions which are referenced. turbot template build
will now run even if there are changes on the local branch, if neither the--use-fleet-branch
or--use-instance-root-branch
arguments are set. This is useful when running building templates for the first time with local config updated but not committed.
What's new?
turbot inspect --format changelog
now includes the uri of each control, policy, resource and action item.
Bug fixes
turbot up
was broken in 1.7.0. This has been fixed.turbot pack
andturbot publish
had to be run out of the target mod directory. They can now be run out of any directory by passing the--dir
flag
What's new?
turbot aws credentials
now supports--aws-profile <aws_profile>
,--profile <turbot_profile>
and--access-key <turbot_access_key> --secret-key <turbot_secret_key>
combinations.
Bug fixes
turbot test
was doing type coercion of input data before validation. It now expects correct types to be passed, matching the behavior of the Turbot server.
Bug fixes
- Auto scaling of storage for the primary read replica.
What's new?
- Use
--no-color
to simplify the output of any command. Sometimes less is more. turbot template build --git --branch <branch-name>
allows you to specify the branch the build operations will be committed onto.turbot template build
no longer supports the--config
flag. Usetemplate.yml
files instead.
Bug fixes
turbot install
was not downloading files. Now it does.turbot template build
was creatingtemplate.yml
files for every template instance. This is noisy and defeats the value of template inheritence, so has been stopped.
Bug fixes
turbot template build --git
should checkout the original git branch at the end of the build. Broken in v1.5.0.
What's new?
turbot template build --git
now skips instances without a template-lock file, which cannot be resolved anyway.
Bug fixes
turbot up
andturbot publish
were stalling for large mods.
Bug fixes
turbot template build --git
should checkout the original git branch at the end of the build. Broken in v1.4.0.
What’s new?
- Clearer reporting of errors when running
turbot template build
. turbot template build --fleet-mode
now defaults toupdate
, which is almost always the right choice.- When running
turbot template build --git
it is no longer necessary to specify a base git branch, it sensibly assumes you want to use the current branch. - Use
turbot pack --zip-file awesome.zip
to output mods with any name you prefer.
Bug fixes
turbot template outdated
fixed to work with specific template definition directories.- Only save successful template operations to the branch when using
turbot template build --git
. Previously we were polluting that goodness with failures as well. - Limit
template-lock.yml
to data that is absolutely necessary, removing noise from change logs. - Disabled
turbot template update
. Please useturbot template build
instead, as you probably already were.
What's new?
turbot inspect --output-format
will now accept either a file path to the template or the template string directly.- Clearer output of the actions taken when running
turbot template build
. - Automatic code merging when doing updates with
turbot template build
will now merge successful changes onto a single branch and write failed patches to the filesystem for easier review.
What's new?
- Support customization of parameters for
max_connections
,deadlock_timeout
,idle_in_transaction_session_timeout
andstatement_timeout
.
What's new?
- Added a lifecycle rule to automatically delete temporary data from S3.
What's new?
- Reduced scope of permissions granted to custom mod Lambda functions. These add extra levels of protection and take effect as mods are installed or updated in Turbot v5.5.0 or later.
Bug fixes
turbot template build
has a special case "provider" field in the render context. Long term it will be removed. Short term, it should not break for vendor level mods like @turbot/aws or @turbot/linux.
What's new?
Instance Type for Replica DB
will now default toSame as Primary DB
, which is a lot easier than having to set and maintain it manually when most of the time they are the same anyway.- Choose a custom master username during install.
What's new?
- View and confirm
turbot template build
actions before they happen. (Add--yes
to keep the previous behavior.) - Easily review success and failure after running
turbot template build
across many instances.
Bug fixes
turbot download
will now give up gracefully on failed downloads, relieving it of an eternity of failed retries.
What's new?
- Option to configure AWS Backup with daily, weekly and/or monthly snapshots of the primary database.
- Add Postgres v11.9 to supported versions list.
- CloudWatch Alarms added for freeable memory, read replica CPU and queue depth.
- RDS disk burst balance metrics added to TED dashboard.
- Elasticache metrics added to TED dashboard.
- Improve text and limit for Transaction ID Wraparound in TED dashboard.
Requirements
- TEF v1.30.0
What's new?
- Publish the alpha region as an SSM parameter so it can be used as a default in other areas - like TED's default location for the primary DB.
Warning
- Requires TEF v1.2.0 or later.
- The parameter
Instance Type for Replica DB
is new and must be set during upgrade. (Note: Fixed in v1.3.0 to useSame as Primary DB
by default.)
What's new?
- The Turbot Audit Trail is stored in a CloudWatch Log group managed in TED. It will now be retained if the TED stack is deleted, avoiding loss of audit trail data in that rare scenario.
- Easily configure auto-scaling of the database storage up to a maximum value.
- Read replicas can now have a different instance class to the primary. Typically they have a lower load level, so we've added flexibility to optimize costs.
- Default to using the alpha region (as defined in TEF) for primary DB install.
Bug fixes
- Fix
turbot template build
crash added by v1.1.0.
What’s new?
- Use
turbot aws credentials --account 123456789012 --profile my-account
to generate and save temporary AWS credentials into your local AWS profile. Easily work across many AWS accounts using your single Turbot profile. - Filter
turbot template build
to target all instances of a specific template, which is great when you are in the process of converting code to use the template (some code in template management, some still custom).
Bug fixes
turbot test
was broken in v1.0.4 due to a missing dependency. Life is better with friends.
Bug fixes
- The Hive Manager and Workspace Manager lambda functions used during the workspace upgrade process were not properly connecting to the database using SSL during initial workspace creation (they were during upgrades). Our change to force SSL on the database in TED revealed this issue, which is now fixed.
Bug fixes
- Expanded the list of database instance classes available during install to include older generations (e.g. m3) which are required for AWS us-gov-west-1.
- Added the AWS RDS 2017 certificate as an option, since it's uniquely used and required in Gov Cloud installs.
What's new?
- TEF version is now published as an output parameter in CloudFormation. (We'd rather that Service Catalog showed this automatically, but there is an AWS quirk that breaks that feature when Service Catalog versions are published using CloudFormation.)
- Workspace upgrades may now take up to 15 minutes before timing out. This allows us to run larger data migration jobs during the upgrade process. (Don't worry, we design these to be background tasks that don't affect availability during the upgrade.)
- Custom security groups are published as SSM parameters allowing them to be leveraged by the Turbot Guardrails Enterprise CloudFormation stacks to override per-version default security groups.
Bug fixes
- GovCloud installations require conditions in IAM to match the correct
partition
arn:aws-us-gov:
.
Warning
- The AWS RDS certificate change requires a database reboot. This may cause a brief impact on availability. Please schedule this change for a suitable window.
What's new?
- SSL is now required by default for all connections to the database. We used SSL anyway, but now we enforce it at the DB level as an extra precaution.
- Upgrade database instances to the AWS RDS 2019 root certificate (their 2015 certificate is expiring soon).
Bug fixes
turbot template
should allow rendering of the filename as well as folder names, e.g.src/{{instance}}/resource/types/{{instance}}.yml
.
Bug fixes
test.options
are useful, but not required, soturbot test
should not crash if they are not set for a test.
Bug fixes
- Registry name validation should work for valid registries like turbot.com.
turbot test
has atest.awsProfile
field to set the AWS profile to use when running tests locally. This has been moved into the generic, customizabletest.options.awsProile
location since it's relevant to AWS mods specifically rather than a core feature of Turbot.
What's new?
- Initial version.
- CloudFormation design for deployment via Service Catalog.
- Foundation components: KMS keys, IAM roles, Log groups & buckets.
- Network configuration with up to 3 tiers (public, turbot, database) across 3 availability zones in 3 regions.
- Automated VPC peering setup across regions.
- Subnet Groups and Security Groups for database and cache services.
- Optional gateway proxy for external event handling with an internal installation.
- Optional BYO network parameters for complex or pre-existing environments.
Bug fixes
- The default registry is now turbot.com. Other development registries have been cleaned up to reduce noise.
- Cleaned up available commands and their descriptions.
What's new?
- Easily manage Turbot credentials and profiles.
- Run graphql commands in scripts.
- Install and inspect mods.
- Build, compose & test Turbot mods.
- Upload mods to Turbot for internal testing or use.
- Publish mods to the Turbot registry for public sharing.
- Use templates to accelerate the development of mods.
What's new?
- Initial version.
- CloudFormation design for deployment via Service Catalog.
- CloudFormation stack per hive (physical shard).
- Postgres design with primary, failover and regional read replicas.
- Encryption at rest for all data.
- Custom Resource for automatic database hive configuration.