The Amazon Web Services (AWS) Well-Architected Tool enables customers to review the state of their workloads and compare them to the latest AWS architecture best practices. Turbot's cloud governance platform now has a successful API integration with the AWS Well-Architected Tool, enabling customers to expand their existing Turbot AWS governance controls. Turbot provides Governance Controls for over 115 AWS services spanning 1000s of out-of-the-box policies to discover and remediate misconfigurations based on security, compliance, operational and costs controls. Turbot's new AWS Well-Architected Tool API integration builds upon Turbot's cloud governance platform coverage to help customers and organizations provide a comprehensive view of a customer's security posture on their AWS cloud infrastructure.

AWS launched APIs for the AWS Well-Architected Tool to support the seamless custom integrations of AWS Partner Network (APN) solutions into the AWS Well-Architected Tool. With these APIs, customers can use APN Partner solutions to help manage their workloads without having to switch between multiple tools or transfer information manually. Turbot streamlines the customer's AWS Well-Architected Framework workload assessment covering over 90% of the assessment questions out-of-the-box.

The AWS Well-Architected Framework of operational excellence, security, reliability, performance efficiency, and cost optimization maps to Turbot's over 7000 governance control policies for Operations, Cost, Security and Compliance. Turbot customers take advantage of Turbot's features to satisfy the best practice guidance automatically; e.g. the 'AWS Well-Architected Framework Security Question 8: How do you protect your data at rest?', in the AWS Well-Architected Framework Tool the customer would qualitatively respond to how encryption at rest is managed. When Turbot's governance platform is implemented, Turbot will automatically detect when encryption is misconfigured triggering Turbot to raise an alert and correct the misconfiguration in real-time. Since Turbot is programmatically managing thousands of governance controls such as encryption at rest, Turbot customers are already in adherence to the AWS Well-Architected best practice guidance.

Turbot AWS Well Architecture Tool Workloads Governance Controls

Turbot also extends its existing governance controls for real-time discovery of cloud resource changes, point-and-click governance policies and time based identity management. Turbot provides a common security and compliance control definition which our customers can easily extend to AWS Well Architecture Tool Workloads such as:

Discovery / Cloud CMDB

Turbot discovers all AWS Well Architecture Tool Workloads resource inventory and audit trail:

  • Workloads are discovered, typed, categorized in the Turbot Cloud CMDB
  • Full audit trail on any creation, updates or deletes to these resources in real-time. Showcasing actor information, drift history through a time-series of change history
  • Visualize, Search, Filter on resources and activity history through Turbot's Console or Turbot's GraphQL API backend.

Governance Controls

  • Turbot can alert or remediate unapproved Workloads configurations
    • Enforce Naming conventions, Regions used, or tags associated with (when Workloads supports tags).
    • Ensure specific Workload Lens, Pillars, Environments, etc are utilized
    • Take action when Risk Counts reach an unapproved range for x duration
  • Turbot can alert or remediate inactive Workloads
    • Enforce assessment completion based on age
    • Enforce assessment completion based on last modified
  • Turbot manages usage limits on how many supported resources are allowed to run to ensure your resource capacity is managed appropriately
    • Alarm on usage limits when x number of Workloads are in X status per month

Identity Management

  • Turbot can assist with preventing / allowing AWS Well Architecture Assessment Tool Workloads to be in used in one or many accounts AWS accounts
    • Turbot's prevention controls can manage boundary policies on AWS IAM Users and AWS IAM Roles
  • Turbot can assist with role based access controls (RBAC) IAM Role management of AWS IAM Users or AWS IAM Roles
    • Turbot defines consistent RBAC roles that can be granted in time limitation per user, role, group in one of many AWS accounts.

We continue to iterate on our growing governance controls based on our VoC (voice of the customer) feedback. We are excited to hear from you on how Turbot can support your AWS environments and configurations. Connect with us to learn more about Turbot Governance Controls for AWS Well Architecture Tool Workloads.