AWS Outposts and Turbot

Turbot provides Governance Controls for over 100 AWS services spanning 1000s of out-of-the-box policies to discover and remediate misconfigurations based on security, compliance, operational and costs controls. Turbot supports a variety of AWS Compute and Networking services to ensure appropriate use, configurations and deployments are in place to continuously adhere to company control objectives.

AWS Outposts brings native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. Users can use the same AWS APIs, tools, and infrastructure across on premises and the AWS cloud to deliver a truly consistent hybrid experience. Turbot customers take advantage of AWS Outposts for workloads that require local access to on-premises systems due to low latency requirements.

Turbot's AWS Outposts integration extends our existing CMDB, Policy and Identity Engine to support AWS Outposts natively along with supported AWS Outposts resources such as Amazon EC2 Instances, EC2 Volumes, EC2 Network Interfaces, EMR Clusters, AWS ECS, AWS EKS, RDS DB Instances (and subnet groups and read replicas), Outpost Sites, Outposts Local Gateways, Local Gateway Route Tables, Local Gateway Virtual Interface, Local Gateway Virtual Interface Group, and VPC Subnets.

AWS Outposts Governance Controls

Turbot provides a common security and compliance control definition which our customers can easily extend to AWS Outposts and its supported resources, such as:

  • Turbot can assist with preventing / allowing Outposts to be in used in one or many accounts AWS accounts
    • Turbot's prevention controls can manage boundary policies on AWS IAM Users and AWS IAM Roles
  • Turbot can assist with role based access controls (RBAC) IAM Role management of AWS IAM Users or AWS IAM Roles
    • Turbot defines consistent RBAC roles that can be granted in time limitation per user, role, group in one of many AWS accounts
  • Turbot discovers all AWS Outposts Resource Inventory and Audit Trail in real-time:
    • AWS Outposts, Sites, Local Gateways, Local Gateway Route Tables, Local Gateway Virtual Interface, Local Gateway Virtual Interface Groups are discovered, typed, categorized in the Turbot Cloud CMDB
    • Full audit trail on any creation, updates or deletes to these resources in real-time. Showcasing actor information, drift history through a time-series of change history
    • Visualize, Search, Filter on resources and activity history through Turbot's Console or Turbot's GraphQL API backend.
  • Turbot can alert or remediate unapproved AWS Outposts supported services like EC2, EKS, RDS, etc.
    • Which services are approved for being hosted in AWS Outposts
    • Which resources are approved for AWS Outposts based on which account they reside in, their naming convention, tagging, or other resource configurations
    • Which resources are required to be in Outposts (e.g. if any EC2 instance does reside in X AWS Outposts; alert, stop, or terminate the EC2 instance in real-time).
  • Turbot enforces tagging on supported resources:
    • If a resource is created in AWS Outposts, automatically tag with applicable key:value pair (e.g. Outposts: { { OutpostArn } } . This allows quick context for reporting and filtering downstream into other Turbot Policies
  • Turbot manages usage limits on how many supported resources are allowed to run within AWS Outposts to ensure your capacity is managed appropriately
    • E.g. Alarm on usage limits when approaching capacity limitations on AWS Outposts per instance type allowed (e.g. 20 EC2 instances running at 85% of the instance capacity is left; alert Cloud Team)

We continue to iterate on our growing governance controls based on our customer's voice of customer feedback. We are excited to hear from you on how Turbot can support your AWS Outposts environments and configurations. Connect with us to learn more about Turbot Governance Controls for AWS Outposts.