As [Launch Week 7](https://turbot.com/launch-week/07) draws to a close, we wanted to take a moment to highlight some of the exciting updates and announcements that slipped under the radar this week across our Turbot products and open-source projects. ## Guardrails: New AWS, Azure and Kubernetes controls We continue to listen to customer feedback to add new cloud resource types and controls for security, compliance, and operational guardrails. Since last Launch Week we added new capabilities in our AWS, Azure, and Kubernetes mods: - **AWS**: - Configure the maximum aggregation interval in the `AWS > VPC > VPC > Flow Logging` control for Cloud Watch and/or S3. - Check or enforce SQS queues for SSE encryption in the `AWS > SQS > Queue > Encryption at Rest` control. - New budget state added: `On Target`. For example, you can set the `AWS > Account > Budget > Enabled` policy to `Check: Budget > State is On Target`. - Check or enforce deletion for any RDS DB Clusters that lack encryption at rest in the `AWS > RDS > DB Cluster > Approved > Encryption at Rest` control. - **Azure**: - New resource type added to support `Azure SQL Managed Instances` in the CMDB, along with Active, Approved and Tagging controls. - Refreshed the list of supported Azure regions to the latest available. - Additional filtering capabilities added to the `Azure > Turbot > Event Poller` options to exclude events from the control. - **Kubernetes**: - Added additional ServiceNow Import Set sync controls for Cron Jobs, Daemon Sets, Ingress, Jobs, Persistent Volumes, Replication Controllers, and Stateful Sets. - Check if Kubernetes clusters are approved for use in the `Kubernetes > Cluster > Approved` control. ## Steampipe: New tables and columns supported [Steampipe](https://steampipe.io) has expanded its capabilities with 15 new tables and columns across major cloud providers to query more of your cloud data with SQL: **[AWS Steampipe plugin](https://hub.steampipe.io/plugins/turbot/aws)** added six new tables including `aws_keyspaces_table`, `aws_costoptimizationhub_recommendation`, and `aws_config_delivery_channel`. The `aws_kms_key` table includes `multi-region` columns, and there are new qualification options to the `aws_accessanalyzer_finding` table. **[Azure Steampipe plugin](https://hub.steampipe.io/plugins/turbot/azure)** added a new `azure_compute_virtual_machine_size` table, and a new column `firewall_rules` added to the `azure_postgresql_flexible_server` table. **[GCP Steampipe plugin](https://hub.steampipe.io/plugins/turbot/gcp)** added a new `gcp_compute_instance_group_manager` table, and additional columns for `labels` and `tags` to the `gcp_compute_global_forwarding_rule` table, along with many new columns for the `gcp_sql_database_instance` table. **[Alibaba Cloud Steampipe plugin](https://hub.steampipe.io/plugins/turbot/alicloud)** added a new `alicloud_alidns_domain` table to query their domain record metadata. ## Powerpipe: Install mods from GitLab projects Extending Powerpipe's support for [local mod](https://powerpipe.io/docs/reference/cli/mod#powerpipe-mod-install) and remote mod installations from GitHub, Powerpipe now supports mod installs from GitLab projects. Set your [POWERPIPE_GIT_TOKEN](https://powerpipe.io/docs/reference/env-vars/powerpipe_git_token) and run `powerpipe mod install gitlab.com/path/to/some/project` to install. ## Pipes: New security benchmarks and controls supported [Powerpipe](https://powerpipe.io) has added 3 new security benchmarks and additional controls to our AWS & Azure compliance mods. These new benchmarks are available in the [Powerpipe Hub](https://hub.powerpipe.io) and [Turbot Pipes](https://turbot.com/pipes) to assess your security posture and share status with your team. The latest benchmarks include: - [Azure CIS v3.0.0](https://hub.powerpipe.io/mods/turbot/steampipe-mod-azure-compliance/benchmarks/benchmark.cis_v300) - [AWS CIS v4.0.0](https://hub.powerpipe.io/mods/turbot/steampipe-mod-aws-compliance/benchmarks/benchmark.cis_v400) - [AWS New York State Department of Financial Services (NYDFS) Cybersecurity Regulation](https://hub.powerpipe.io/mods/turbot/steampipe-mod-aws-compliance/benchmarks/benchmark.nydfs_23)

AWS New York State Department of Financial Services (NYDFS) Cybersecurity Regulation Powerpipe benchmark

## Pipes: 100+ new Azure 'detect and correct' pipelines [Flowpipe](https://flowpipe.io) has added 100+ new 'detect and correct' pipelines to identify Azure resources that are non-compliant with common security and compliance checks. These pipelines can also remediate non-compliant findings automatically or with approval steps. You can run them individually through the [Azure Compliance Mod](https://hub.flowpipe.io/mods/turbot/azure_compliance) or compiled as a [Azure CIS v3.0.0](https://hub.flowpipe.io/mods/turbot/azure_cis/pipelines/azure_cis.pipeline.cis_v300) baseline. These new pipelines are available in the [Flowpipe Hub](https://hub.flowpipe.io) and [Turbot Pipes](https://turbot.com/pipes) to ensure your security posture and share status with your team. ## Pipes: Enterprise tenant snapshot visibility Enhance control over your workspace data sharing with new snapshot visibility options in Pipes Enterprise. Set permissions to restrict snapshot sharing across your workspaces to only those with authenticated access, or optionally allow link sharing visible to anyone with a link.

Pipes Tenant Snapshot Visibility configuration

## Pipes: Last activity tracking You can now track the `last activity` timestamp of when a user last performed some activity in a Pipes Tenant, Organization or Workspace. This helps Pipes administrators identify when users are no longer active to determine whether they should reach out to the user to re-engage or remove them from Pipes.

## Hacktoberfest 2024 [Hacktoberfest 2024](https://turbot.com/blog/2024/09/hacktoberfest-2024) was a big success, with worldwide community contributions across our open-source projects, including Steampipe, Powerpipe, and Flowpipe, along with our samples and docs repos for Turbot Pipes and Guardrails. We've seen a variety of improvements, ranging from bug fixes to feature enhancements across our repositories. It's inspiring to see the passion and creativity from our contributors. Whether it's fixing a bug, adding new features, or creating insightful content, every effort helps make our open-source community stronger. Contributors who participated in this year's event earned some exclusive [Turbot swag](https://turbot.com/blog/2024/09/hacktoberfest-2024#any-special-swag-from-turbot)!

Thanks @turbothq for the swag 😬 happy to contribute 🖖 pic.twitter.com/lArjA4y3ME
— Andoni A. (@andoni013) January 15, 2025

We accept contributions year-round and will continue to send out swag as a small token of appreciation. We look forward to seeing what you build next! ## Flip over to A-sides for the Wrap Up Thank you for joining us for another exciting Launch Week! Check out the week's daily announcements summary in our [Launch Week 7 Wrap Up](https://turbot.com/blog/2025/01/launch-week-7-wrap) post. Stay connected with us in our [Slack community](https://turbot.com/community/join) for our next Launch Week in a few months!

Launch Week 7 B-sides