Turbot Guardrails provides Governance Controls for over 100 AWS services spanning 1000s of out-of-the-box policies to discover and remediate misconfigurations based on security, compliance, operational and costs controls. Turbot Guardrails supports a variety of AWS Compute and Networking services to ensure appropriate use, configurations and deployments are in place to continuously adhere to company control objectives.
AWS Outposts brings native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. Users can use the same AWS APIs, tools, and infrastructure across on premises and the AWS cloud to deliver a truly consistent hybrid experience. Turbot Guardrails customers take advantage of AWS Outposts for workloads that require local access to on-premises systems due to low latency requirements.
Turbot Guardrails AWS Outposts integration extends our existing CMDB, Policy and Identity Engine to support AWS Outposts natively along with supported AWS Outposts resources such as Amazon EC2 Instances, EC2 Volumes, EC2 Network Interfaces, EMR Clusters, AWS ECS, AWS EKS, RDS DB Instances (and subnet groups and read replicas), Outpost Sites, Outposts Local Gateways, Local Gateway Route Tables, Local Gateway Virtual Interface, Local Gateway Virtual Interface Group, and VPC Subnets.
AWS Outposts Governance Controls
Turbot Guardrails provides a common security and compliance control definition which our customers can easily extend to AWS Outposts and its supported resources, such as:
- Turbot Guardrails can assist with preventing / allowing Outposts to be in used in one or many accounts AWS accounts
- Turbot Guardrails prevention controls can manage boundary policies on AWS IAM Users and AWS IAM Roles
- Turbot Guardrails can assist with role based access controls (RBAC) IAM Role management of AWS IAM Users or AWS IAM Roles
- Turbot Guardrails defines consistent RBAC roles that can be granted in time limitation per user, role, group in one of many AWS accounts
- Turbot Guardrails discovers all AWS Outposts Resource Inventory and Audit Trail in real-time:
- AWS Outposts, Sites, Local Gateways, Local Gateway Route Tables, Local Gateway Virtual Interface, Local Gateway Virtual Interface Groups are discovered, typed, categorized in the Turbot Guardrails CMDB
- Full audit trail on any creation, updates or deletes to these resources in real-time. Showcasing actor information, drift history through a time-series of change history
- Visualize, Search, Filter on resources and activity history through Turbot Guardrails Console or Turbot Guardrails GraphQL API backend.
- Turbot Guardrails can alert or remediate unapproved AWS Outposts supported services like EC2, EKS, RDS, etc.
- Which services are approved for being hosted in AWS Outposts
- Which resources are approved for AWS Outposts based on which account they reside in, their naming convention, tagging, or other resource configurations
- Which resources are required to be in Outposts (e.g. if any EC2 instance does reside in X AWS Outposts; alert, stop, or terminate the EC2 instance in real-time).
- Turbot Guardrails enforces tagging on supported resources:
- If a resource is created in AWS Outposts, automatically tag with applicable key:value pair e.g.
Outposts: { { OutpostArn } }. This allows quick context for reporting and filtering downstream into other Turbot Guardrails Policies
- If a resource is created in AWS Outposts, automatically tag with applicable key:value pair e.g.
- Turbot Guardrails manages usage limits on how many supported resources are allowed to run within AWS Outposts to ensure your capacity is managed appropriately
- E.g. Alarm on usage limits when approaching capacity limitations on AWS Outposts per instance type allowed (e.g. 20 EC2 instances running at 85% of the instance capacity is left; alert Cloud Team)
We continue to iterate on our growing governance controls based on our customer's voice of customer feedback. We are excited to hear from you on how Turbot Guardrails can support your AWS Outposts environments and configurations. Connect with us to learn more about Turbot Guardrails Governance Controls for AWS Outposts.