How To

AWS Well-Architected Tool workloads + Turbot Guardrails governance controls

Turbot Guardrails new AWS Well-Architected Tool API integration builds upon Turbot Guardrails cloud governance platform coverage to help customers and organizations provide a comprehensive view of a customer's security posture on their AWS cloud infrastructure.

Turbot Team
5 min. read - Dec 16, 2020
Turbot Guardrails new AWS Well-Architected Tool API integration builds upon Turbot Guardrails cloud governance platform coverage to help customers and organizations provide a comprehensive view of a customer's security posture on their AWS cloud infrastructure.

The Amazon Web Services (AWS) Well-Architected Tool enables customers to review the state of their workloads and compare them to the latest AWS architecture best practices. Turbot Guardrails cloud governance platform now has a successful API integration with the AWS Well-Architected Tool, enabling customers to expand their existing Turbot Guardrails AWS governance controls. Turbot Guardrails provides Governance Controls for over 115 AWS services spanning 1000s of out-of-the-box policies to discover and remediate misconfigurations based on security, compliance, operational and costs controls. Turbot Guardrails new AWS Well-Architected Tool API integration builds upon Turbot Guardrails cloud governance platform coverage to help customers and organizations provide a comprehensive view of a customer's security posture on their AWS cloud infrastructure.

AWS launched APIs for the AWS Well-Architected Tool to support the seamless custom integrations of AWS Partner Network (APN) solutions into the AWS Well-Architected Tool. With these APIs, customers can use APN Partner solutions to help manage their workloads without having to switch between multiple tools or transfer information manually.

The AWS Well-Architected Framework of operational excellence, security, reliability, performance efficiency, and cost optimization maps to Turbot Guardrails over 7000 governance control policies for Operations, Cost, Security and Compliance. Turbot Guardrails customers take advantage of Turbot Guardrails features to satisfy the best practice guidance automatically; e.g. the 'AWS Well-Architected Framework Security Question 8: How do you protect your data at rest', in the AWS Well-Architected Framework Tool the customer would qualitatively respond to how encryption at rest is managed. When Turbot Guardrails governance platform is implemented, Turbot Guardrails will automatically detect when encryption is misconfigured triggering Turbot Guardrails to raise an alert and correct the misconfiguration in real-time. Since Turbot Guardrails is programmatically managing thousands of governance controls such as encryption at rest, Turbot Guardrails customers are already in adherence to the AWS Well-Architected best practice guidance.

Turbot Guardrails AWS Well Architecture Tool Workloads Governance Controls

Turbot Guardrails also extends its existing governance controls for real-time discovery of cloud resource changes, point-and-click governance policies and time based identity management. Turbot Guardrails provides a common security and compliance control definition which our customers can easily extend to AWS Well Architecture Tool Workloads such as:

Discovery / Cloud CMDB

Turbot Guardrails discovers all AWS Well Architecture Tool Workloads resource inventory and audit trail:

  • Workloads are discovered, typed, categorized in the Turbot Guardrails Cloud CMDB
  • Full audit trail on any creation, updates or deletes to these resources in real-time. Showcasing actor information, drift history through a time-series of change history
  • Visualize, Search, Filter on resources and activity history through Turbot Guardrails Console or Turbot Guardrails GraphQL API backend.

Governance Controls

  • Turbot Guardrails can alert or remediate unapproved Workloads configurations
    • Enforce Naming conventions, Regions used, or tags associated with (when Workloads supports tags).
    • Ensure specific Workload Lens, Pillars, Environments, etc are utilized
    • Take action when Risk Counts reach an unapproved range for x duration
  • Turbot Guardrails can alert or remediate inactive Workloads
    • Enforce assessment completion based on age
    • Enforce assessment completion based on last modified
  • Turbot Guardrails manages usage limits on how many supported resources are allowed to run to ensure your resource capacity is managed appropriately
    • Alarm on usage limits when x number of Workloads are in X status per month

Identity Management

  • Turbot Guardrails an assist with preventing / allowing AWS Well Architecture Assessment Tool Workloads to be in used in one or many accounts AWS accounts
    • Turbot Guardrails prevention controls can manage boundary policies on AWS IAM Users and AWS IAM Roles
  • Turbot Guardrails can assist with role based access controls (RBAC) IAM Role management of AWS IAM Users or AWS IAM Roles
    • Turbot Guardrails defines consistent RBAC roles that can be granted in time limitation per user, role, group in one of many AWS accounts.

We continue to iterate on our growing governance controls based on our VoC (voice of the customer) feedback. We are excited to hear from you on how Turbot Guardrails can support your AWS environments and configurations.If you need any assistance, let us know in our Slack community #guardrails channel. If you are new to Turbot, connect with us to learn more!