Launch Week 7 B-sides

As Launch Week 7 draws to a close, we wanted to take a moment to highlight some of the exciting updates and announcements that slipped under the radar this week across our Turbot products and open-source projects.

Guardrails: New AWS, Azure and Kubernetes controls

We continue to listen to customer feedback to add new cloud resource types and controls for security, compliance, and operational guardrails. Since last Launch Week we added new capabilities in our AWS, Azure, and Kubernetes mods:

• AWS:
  • Configure the maximum aggregation interval in the AWS > VPC > VPC > Flow Logging control for Cloud Watch and/or S3.
  • Check or enforce SQS queues for SSE encryption in the AWS > SQS > Queue > Encryption at Rest control.
  • New budget state added: On Target. For example, you can set the AWS > Account > Budget > Enabled policy to Check: Budget > State is On Target.
  • Check or enforce deletion for any RDS DB Clusters that lack encryption at rest in the AWS > RDS > DB Cluster > Approved > Encryption at Rest control.
• Azure:
  • New resource type added to support Azure SQL Managed Instances in the CMDB, along with Active, Approved and Tagging controls.
  • Refreshed the list of supported Azure regions to the latest available.
  • Additional filtering capabilities added to the Azure > Turbot > Event Poller options to exclude events from the control.
• Kubernetes:
  • Added additional ServiceNow Import Set sync controls for Cron Jobs, Daemon Sets, Ingress, Jobs, Persistent Volumes, Replication Controllers, and Stateful Sets.
  • Check if Kubernetes clusters are approved for use in the Kubernetes > Cluster > Approved control.

Steampipe: New tables and columns supported

Steampipe has expanded its capabilities with 15 new tables and columns across major cloud providers to query more of your cloud data with SQL:

AWS Steampipe plugin added six new tables including aws_keyspaces_table, aws_costoptimizationhub_recommendation, and aws_config_delivery_channel. The aws_kms_key table includes multi-region columns, and there are new qualification options to the aws_accessanalyzer_finding table.

Azure Steampipe plugin added a new azure_compute_virtual_machine_size table, and a new column firewall_rules added to the azure_postgresql_flexible_server table.

GCP Steampipe plugin added a new gcp_compute_instance_group_manager table, and additional columns for labels and tags to the gcp_compute_global_forwarding_rule table, along with many new columns for the gcp_sql_database_instance table.

Alibaba Cloud Steampipe plugin added a new alicloud_alidns_domain table to query their domain record metadata.

Powerpipe: Install mods from GitLab projects

Extending Powerpipe's support for local mod and remote mod installations from GitHub, Powerpipe now supports mod installs from GitLab projects. Set your POWERPIPE_GIT_TOKEN and run powerpipe mod install gitlab.com/path/to/some/project to install.

Pipes: New security benchmarks and controls supported

Powerpipe has added 3 new security benchmarks and additional controls to our AWS & Azure compliance mods. These new benchmarks are available in the Powerpipe Hub and Turbot Pipes to assess your security posture and share status with your team. The latest benchmarks include:

• Azure CIS v3.0.0
• AWS CIS v4.0.0
• AWS New York State Department of Financial Services (NYDFS) Cybersecurity Regulation

Pipes: 100+ new Azure 'detect and correct' pipelines

Flowpipe has added 100+ new 'detect and correct' pipelines to identify Azure resources that are non-compliant with common security and compliance checks. These pipelines can also remediate non-compliant findings automatically or with approval steps. You can run them individually through the Azure Compliance Mod or compiled as a Azure CIS v3.0.0 baseline. These new pipelines are available in the Flowpipe Hub and Turbot Pipes to ensure your security posture and share status with your team.

Pipes: Enterprise tenant snapshot visibility

Enhance control over your workspace data sharing with new snapshot visibility options in Pipes Enterprise. Set permissions to restrict snapshot sharing across your workspaces to only those with authenticated access, or optionally allow link sharing visible to anyone with a link.

Pipes: Last activity tracking

You can now track the last activity timestamp of when a user last performed some activity in a Pipes Tenant, Organization or Workspace. This helps Pipes administrators identify when users are no longer active to determine whether they should reach out to the user to re-engage or remove them from Pipes.

Hacktoberfest 2024

Hacktoberfest 2024 was a big success, with worldwide community contributions across our open-source projects, including Steampipe, Powerpipe, and Flowpipe, along with our samples and docs repos for Turbot Pipes and Guardrails.

We've seen a variety of improvements, ranging from bug fixes to feature enhancements across our repositories. It's inspiring to see the passion and creativity from our contributors. Whether it's fixing a bug, adding new features, or creating insightful content, every effort helps make our open-source community stronger.

Contributors who participated in this year's event earned some exclusive Turbot swag!

We accept contributions year-round and will continue to send out swag as a small token of appreciation. We look forward to seeing what you build next!

Flip over to A-sides for the Wrap Up

Thank you for joining us for another exciting Launch Week! Check out the week's daily announcements summary in our Launch Week 7 Wrap Up post. Stay connected with us in our Slack community for our next Launch Week in a few months!