Enhancements

• Added allowedToCreateTenants field under default_user_role_permissions column of azuread_authorization_policy table. (#243) (Thanks @MarkusGnigler for the contribution!)

Bug fixes

• Update MinCorePluginVersion to v0.2.5.
• Fix issue where the core plugin was incorrectly throttling the downloads if no temp size limit was specified. (#204)

Whats new?

• Return safe bigint values as int instead of string
• Include MCP server version in status resource

Bug fixes

• Server
  • Fixed a permission issue affecting visibility of policy packs.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• You can now configure the AWS > IAM > MFA Virtual > Active control for virtual MFA devices based on their age. To get started, set the AWS > IAM > MFA Virtual > Active > Age policy. As part of this enhancement, a new value of 45 days has been applied to all relevant Active policies.

Policy Types

• AWS > IAM > MFA Virtual > Active > Age

Action Types

• AWS > IAM > MFA Virtual > Delete

What's new

• Add support for memory and temp storage limits for CLI and plugins. (#396, #397)
  • memory_max_mb controls CLI memory usage and conversion worker count and memory allocation.
  • plugin_memory_max_mb controls a per-plugin soft memory cap.
  • temp_dir_max_mb limits size of temp data written to disk during a conversion.
  • conversion worker count is now based on memory limit, if set.
  • JSONL to Parquet conversion is now executed in multiple passes, limiting the number of distinct partition keys per conversion.
• Detect and report when a plugin crashes. (#341)
• Update show source output to include source properties. (#388)

Bug fixes

• Fix issue where tailpipe was mentioning steampipe in one of the error messages. (#389)

Bug fixes

• Fixed the sagemaker_notebook_instance_encryption_at_rest_enabled query to correctly return SageMaker notebook instances with encryption at rest disabled. (#897)
• Fixed a syntax error in the iam_user_one_active_key query. (#895)
• Fixed the lambda_function_dead_letter_queue_configured query to properly check for Lambda functions with a DLQ (Dead Letter Queue) configured. (#893)
• Fixed the kms_cmk_policy_prohibit_public_access, sns_topic_policy_prohibit_public_access, and sns_topic_policy_prohibit_cross_account_access queries to correctly assess whether the associated IAM policies allow public access or cross-account access. (#858, #887)

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

Bug fixes

• Fixed error when adding an empty header value for the aws_cost_and_usage_report table while collecting rows. (#174)

Bug fixes

• Fix intermittent Reattachment process not found error when starting steampipe service. (#4507)

What's new?

• Server

  • Introduced support for initializing a new encryption key baseline for workspaces.
  • Users can now see all policy packs defined within the resource hierarchy where they have access, providing clearer insight into inherited policies.

• UI

  • The page title now dynamically includes the workspace name, helping users distinguish tabs when working across multiple environments.

Bug fixes

• Server
  • Refined the backup flow for tenant master keys, improving error handling, increasing stability.

Note

This is a checkpoint version. Guardrails must be updated to v5.51.x first before continuing. It can be any version in v5.51.x series.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• New tables added
  • pagerduty_schedule_user (#61)

Bug fixes

• Fixed the import path in main.go and the module path in go.mod to use the full GitHub URL.

What's new?

• New tables added
  • bluesky_search_recent
  • bluesky_post
  • bluesky_user
  • bluesky_user_follower
  • bluesky_user_following
  • bluesky_user_mention
  • bluesky_user_post

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

Bug fixes

• The Azure > Subscription > Event Poller control previously processed some real-time events multiple times, resulting in unnecessary Lambda churn. The event processing logic has been improved to ensure each event is handled only once, enhancing overall efficiency.
• The Azure > Subscription > CMDB control previously ran unnecessarily when Guardrails received real-time Microsoft.Resources/tags/write events for resources other than subscriptions or resource groups. These events will no longer be processed, preventing unnecessary CMDB control runs.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them. Resource Types

• AWS > API Gateway > Account

Control Types

• AWS > API Gateway > Account > CMDB
• AWS > API Gateway > Account > Discovery

Policy Types

• AWS > API Gateway > Account > CMDB
• AWS > API Gateway > Account > Regions

Action Types

• AWS > API Gateway > Account > Router

Bug fixes

• Fixed the ordering of sub-benchmark cis_v400_10 in the cis_v400 benchmark. (#305)
• Fixed an issue where sub-benchmark nist_csf_v2_id_ra_04 was missing from the nist_csf_v2 benchmark. (#305)

What's new?

• New tables added: (Thanks @smirl for the new plugin!)
  • cortex_descriptor
  • cortex_entity
  • cortex_scorecard_score
  • cortex_team

Dependencies

• Azure plugin v1.4.0 or higher is now required.

What's new?

• Added CIS v4.0.0 benchmark (powerpipe benchmark run azure_compliance.benchmark.cis_v400). (#300)
• Added NIST CSF v2.0 benchmark (powerpipe benchmark run azure_compliance.benchmark.nist_csf_v2). (#302)

Bug fixes

• Improved sensitive data masking in log outputs to include additional value types.

What's new?

• New tables added
  • gcp_compute_tpu (#748)
  • gcp_firestore_database (#732) (Thanks @pdecat for the contribution!)

Bug fixes

• Fixed the self_link column of gcp_artifact_registry_repository, gcp_cloud_run_job and gcp_cloud_run_service tables to reflect the correct resource links. (#731) (Thanks @pdecat for the contribution!)

What's new?

• New tables added
  • aws_rolesanywhere_profile (#2475) (Thanks @2XXE-SRA for the contribution!)
  • aws_rolesanywhere_trust_anchor (#2475) (Thanks @2XXE-SRA for the contribution!)

Enhancements

• Added custom_response_bodies, label_namespace, retrofitted_by_firewall_manager and token_domains columns to aws_wafv2_web_acl table. (#2482)
• Added tags_src column to the aws_transfer_server table. (#2484)

Bug fixes

• Server

  • Discovery controls now run more reliably, reducing interruptions caused by premature termination.
  • Addressed a race condition that could occasionally result in missed priority events during policy value processing.

• UI

  • Resolved an issue where resource type values were hard-coded in a hook, improving flexibility and maintainability.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Enhancements

• Added allow_cross_tenant_replication, default_to_oauth_authentication, sas_expiration_period, sas_expiration_action, is_local_user_enabled, routing_preference_routing_choice, routing_preference_publish_microsoft_endpoints, routing_preference_publish_internet_endpoints columns to the azure_storage_account table. (#891)
• Added allow_shared_key_access column to the azure_storage_account table. (#889)

Bug Fixes

• Fix issue where powerpipe was failing to run detections from dependant mods if steampipe service was not running. (#788)
• Fix issue where detection benchmarks were not showing date range selector in powerpipe server. (#789)
• Fix issue where powerpipe was failing to export detection benchmarks. (#796)

Bug fixes

• Resolved an issue where parent updates in resource_turbot_file were silently ignored. These updates are now processed correctly to ensure changes are properly applied.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.
• Web ACL resource type is now deprecated and will be removed in the next major version. Please refer Migrate workloads from AWS WAF Classic for more information.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Resource Types

Renamed

• AWS > WAF > Web ACL to AWS > WAF > Web ACL [Deprecated]

Control Types

Renamed

• AWS > WAF > Web ACL > Active to AWS > WAF > Web ACL [Deprecated] > Active
• AWS > WAF > Web ACL > Approved to AWS > WAF > Web ACL [Deprecated] > Approved
• AWS > WAF > Web ACL > CMDB to AWS > WAF > Web ACL [Deprecated] > CMDB
• AWS > WAF > Web ACL > Discovery to AWS > WAF > Web ACL [Deprecated] > Discovery
• AWS > WAF > Web ACL > Tags to AWS > WAF > Web ACL [Deprecated] > Tags
• AWS > WAF > Web ACL > Usage to AWS > WAF > Web ACL [Deprecated] > Usage

Policy Types

Renamed

• AWS > WAF > Web ACL > Active to AWS > WAF > Web ACL [Deprecated] > Active
• AWS > WAF > Web ACL > Active > Age to AWS > WAF > Web ACL [Deprecated] > Active > Age
• AWS > WAF > Web ACL > Active > Budget to AWS > WAF > Web ACL [Deprecated] > Active > Budget
• AWS > WAF > Web ACL > Active > Last Modified to AWS > WAF > Web ACL [Deprecated] > Active > Last Modified
• AWS > WAF > Web ACL > Approved to AWS > WAF > Web ACL [Deprecated] > Approved
• AWS > WAF > Web ACL > Approved > Budget to AWS > WAF > Web ACL [Deprecated] > Approved > Budget
• AWS > WAF > Web ACL > Approved > Custom to AWS > WAF > Web ACL [Deprecated] > Approved > Custom
• AWS > WAF > Web ACL > Approved > Usage to AWS > WAF > Web ACL [Deprecated] > Approved > Usage
• AWS > WAF > Web ACL > CMDB to AWS > WAF > Web ACL [Deprecated] > CMDB
• AWS > WAF > Web ACL > Tags to AWS > WAF > Web ACL [Deprecated] > Tags
• AWS > WAF > Web ACL > Tags > Template to AWS > WAF > Web ACL [Deprecated] > Tags > Template
• AWS > WAF > Web ACL > Usage to AWS > WAF > Web ACL [Deprecated] > Usage
• AWS > WAF > Web ACL > Usage > Limit to AWS > WAF > Web ACL [Deprecated] > Usage > Limit

Action Types

Renamed

• AWS > WAF > Web ACL > Delete to AWS > WAF > Web ACL [Deprecated] > Delete
• AWS > WAF > Web ACL > Delete from AWS to AWS > WAF > Web ACL [Deprecated] > Delete from AWS
• AWS > WAF > Web ACL > Router to AWS > WAF > Web ACL [Deprecated] > Router
• AWS > WAF > Web ACL > Set Tags to AWS > WAF > Web ACL [Deprecated] > Set Tags
• AWS > WAF > Web ACL > Skip alarm for Active control to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Active control
• AWS > WAF > Web ACL > Skip alarm for Active control [90 days] to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Active control [90 days]
• AWS > WAF > Web ACL > Skip alarm for Approved control to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Approved control
• AWS > WAF > Web ACL > Skip alarm for Approved control [90 days] to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Approved control [90 days]
• AWS > WAF > Web ACL > Skip alarm for Tags control to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Tags control
• AWS > WAF > Web ACL > Skip alarm for Tags control [90 days] to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Tags control [90 days]
• AWS > WAF > Web ACL > Update Tags to AWS > WAF > Web ACL [Deprecated] > Update Tags

Bug fixes

• The AWS > Secrets Manager > Secret > Stack [Native] control previously failed to import and manage resources outside the us-east-1 region. This issue has now been resolved.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.
• Pipeline resource type is now deprecated and will be removed in the next major version. Please refer Migrate workloads from AWS Data Pipeline for more information.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Resource Types

Renamed

• AWS > Data Pipeline > Pipeline to AWS > Data Pipeline > Pipeline [Deprecated]

Control Types

Renamed

• AWS > Data Pipeline > Pipeline > Active to AWS > Data Pipeline > Pipeline [Deprecated] > Active
• AWS > Data Pipeline > Pipeline > Approved to AWS > Data Pipeline > Pipeline [Deprecated] > Approved
• AWS > Data Pipeline > Pipeline > CMDB to AWS > Data Pipeline > Pipeline [Deprecated] > CMDB
• AWS > Data Pipeline > Pipeline > Discovery to AWS > Data Pipeline > Pipeline [Deprecated] > Discovery
• AWS > Data Pipeline > Pipeline > Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Tags

Policy Types

Renamed

• AWS > Data Pipeline > Pipeline > Active to AWS > Data Pipeline > Pipeline [Deprecated] > Active
• AWS > Data Pipeline > Pipeline > Active > Age to AWS > Data Pipeline > Pipeline [Deprecated] > Active > Age
• AWS > Data Pipeline > Pipeline > Active > Last Modified to AWS > Data Pipeline > Pipeline [Deprecated] > Active > Last Modified
• AWS > Data Pipeline > Pipeline > Approved to AWS > Data Pipeline > Pipeline [Deprecated] > Approved
• AWS > Data Pipeline > Pipeline > Approved > Custom to AWS > Data Pipeline > Pipeline [Deprecated] > Approved > Custom
• AWS > Data Pipeline > Pipeline > Approved > Regions to AWS > Data Pipeline > Pipeline [Deprecated] > Approved > Regions
• AWS > Data Pipeline > Pipeline > Approved > Usage to AWS > Data Pipeline > Pipeline [Deprecated] > Approved > Usage
• AWS > Data Pipeline > Pipeline > CMDB to AWS > Data Pipeline > Pipeline [Deprecated] > CMDB
• AWS > Data Pipeline > Pipeline > Regions to AWS > Data Pipeline > Pipeline [Deprecated] > Regions
• AWS > Data Pipeline > Pipeline > Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Tags
• AWS > Data Pipeline > Pipeline > Tags > Template to AWS > Data Pipeline > Pipeline [Deprecated] > Tags > Template

Action Types

Renamed

• AWS > Data Pipeline > Pipeline > Delete to AWS > Data Pipeline > Pipeline [Deprecated] > Delete
• AWS > Data Pipeline > Pipeline > Delete from AWS to AWS > Data Pipeline > Pipeline [Deprecated] > Delete from AWS
• AWS > Data Pipeline > Pipeline > Router to AWS > Data Pipeline > Pipeline [Deprecated] > Router
• AWS > Data Pipeline > Pipeline > Set Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Set Tags
• AWS > Data Pipeline > Pipeline > Skip alarm for Active control to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Active control
• AWS > Data Pipeline > Pipeline > Skip alarm for Active control [90 days] to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Active control [90 days]
• AWS > Data Pipeline > Pipeline > Skip alarm for Approved control to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Approved control
• AWS > Data Pipeline > Pipeline > Skip alarm for Approved control [90 days] to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Approved control [90 days]
• AWS > Data Pipeline > Pipeline > Skip alarm for Tags control to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Tags control
• AWS > Data Pipeline > Pipeline > Skip alarm for Tags control [90 days] to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Tags control [90 days]
• AWS > Data Pipeline > Pipeline > Update Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Update Tags

Dependencies

• AWS plugin v1.12.0 or higher is now required. (#882)

What's new?

• Added iam_user_access_key_age_365 and secretsmanager_secret_rotation_enabled controls to all_controls_iam and all_controls_secretsmanager benchmarks respectively. (#886)
• Refactored GuardDuty queries to skip regions where GuardDuty is not available. (#882)

Bug fixes

• Fixed eks_cluster_secrets_encrypted query to automatically return ok instead of an alarm for EKS clusters with version greater than 1.27 since they are automatically encrypted by AWS owned KMS keys. (#883)

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• Azure > Resource Group > Stack [Native]

Policy Types

• Azure > Resource Group > Stack [Native]
• Azure > Resource Group > Stack [Native] > Drift Detection
• Azure > Resource Group > Stack [Native] > Drift Detection > Interval
• Azure > Resource Group > Stack [Native] > Modifier
• Azure > Resource Group > Stack [Native] > Secret Variables
• Azure > Resource Group > Stack [Native] > Source
• Azure > Resource Group > Stack [Native] > Timeout
• Azure > Resource Group > Stack [Native] > Variables
• Azure > Resource Group > Stack [Native] > Version

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

Bug fixes

• EventBridge rules configured via Event Handlers have been improved to exclude real-time events containing errors from being sent to the Guardrails endpoint. This prevents Guardrails from processing unnecessary error events.
• The default value for the AWS > Region > Connection Region policy did not evaluate correctly for AWS GovCloud accounts. This issue has been resolved.

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > Secrets Manager > Secret > Stack [Native]

Policy Types

• AWS > Secrets Manager > Secret > Stack [Native]
• AWS > Secrets Manager > Secret > Stack [Native] > Drift Detection
• AWS > Secrets Manager > Secret > Stack [Native] > Drift Detection > Interval
• AWS > Secrets Manager > Secret > Stack [Native] > Modifier
• AWS > Secrets Manager > Secret > Stack [Native] > Secret Variables
• AWS > Secrets Manager > Secret > Stack [Native] > Source
• AWS > Secrets Manager > Secret > Stack [Native] > Timeout
• AWS > Secrets Manager > Secret > Stack [Native] > Variables
• AWS > Secrets Manager > Secret > Stack [Native] > Version

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Users can now select the default region when logging in to AWS accounts via Guardrails using Role mode. To get started, set the AWS > Account > Permissions > Default Region policy.

Policy Types

• AWS > Account > Permissions > Default Region

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new

• Initial version of Turbot Guardrails MCP server
• Query resources, controls and types
• Mock and test policy settings and policy packs

Bug fixes

• Fix issue where system-ingestible output format(csv) was humanised(comma separated) leading to a breaking change in query outputs. (#4525)

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Users can now manage endpoint access for clusters. To get started, set the AWS > EKS > Cluster > Endpoint Access > * policies.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Control Types

• AWS > EKS > Cluster > Endpoint Access

Policy Types

• AWS > EKS > Cluster > Endpoint Access
• AWS > EKS > Cluster > Endpoint Access > CIDR Ranges

Action Types

• AWS > EKS > Cluster > Set Endpoint Access

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Previously, modifying instance identifiers to use different casing while retaining the same name caused Guardrails to incorrectly update the DBInstanceIdentifier and the AKA for the resource. Guardrails will now be smarter to avoid updating these details in CMDB data in such scenarios.

Bug fixes

• The AWS > EC2 > AMI > Discovery control previously failed to fetch all resources, due to the lack of pagination support. This issue has been fixed, and the control will now correctly fetch all available AMIs.

Bug fixes

• Removed unnecessary attributes from the default value of the Kubernetes > Pod > osquery > Configuration > Columns policy, which previously caused churn by unnecessarily triggering the Kubernetes > Pod > CMDB control.

Bug fixes

• Server
  • Removed stray debug logs.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Server
  • Improved error handling for Runnable Monitor and Event Monitor to catch uncaught exceptions.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Control Types:
  • Adjusted the sequence of operations for Turbot > Workspace > Background Tasks to ensure a more reliable and consistent execution flow.

Requirements

• TE: 5.35.4

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Added CIS v5.0.0 benchmark (powerpipe benchmark run aws_compliance.benchmark.cis_v500). (#881)
• Added lambda_function_logging_config_enabled control to all_controls_lambda benchmark.

Bug fixes

• Fixed eks_cluster_secrets_encrypted query to automatically return ok instead of an alarm for EKS clusters with version greater than 1.27 since they are automatically encrypted by AWS owned KMS keys. (#883)

What's new

• Update MinCorePluginVersion to v0.2.2.
• Update tailpipe-plugin-sdk to v0.4.0.

Bug fixes

• Fix source file error for custom tables when using S3 or other external sources. (#188)

Bug fixes

• Fix issue where query batch mode outputs(json, csv, line) were not printing the rows received to stdout when any of the other rows returned an API error. (#4516)
• Fix issue where query batch mode table output always returned a 0 row count when timing was enabled. (#4520)

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

Bug fixes

• CIS controls previously entered an invalid or TBD state when the CMDB controls for associated resources were in a skipped or TBD state, even if the corresponding CIS policies were set to Skip. This issue has been resolved; such controls will now correctly transition to a skipped state.

Bug fixes

• The Azure > Storage > Storage Account > Tags control previously failed to update tags for storage accounts of type StandardV2_LRS. This issue has been resolved, and the control now correctly updates tags for this storage account type.
• The Azure > Storage > Queue > Discovery control previously entered an error state for storage accounts of kind FileStorage. This issue has been resolved, and the control will now be skipped for such storage accounts.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• You can now configure and manage rotation for secrets. To get started, set the AWS > Secrets Manager > Secret > Rotation > * policies.

Control Types

• AWS > Secrets Manager > Secret > Rotation

Policy Types

• AWS > Secrets Manager > Secret > Rotation
• AWS > Secrets Manager > Secret > Rotation > Schedule Expression

Action Types

• AWS > Secrets Manager > Secret > Set Rotation

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Enhancements

• Improved error reporting for aws_s3_bucket source. (#159)

Bug fixes

• Fixed a memory consumption issue with aws_cost_* tables during log collection. (#159)

Dependencies

• Bumped github.com/aws/aws-sdk-go-v2/credentials from 1.17.62 to 1.17.67. (#150)
• Bumped github.com/aws/aws-sdk-go-v2/feature/s3/manager. (#151)
• Bumped github.com/turbot/tailpipe-plugin-sdk from v0.2.0 to v0.4.0. (#159)
• Bumped golang.org/x/net from 0.36.0 to 0.38.0. (#154)

Bug fixes

• Server

  • Reduced the time taken to collect and process data in Account > Statistics, resulting in noticeably faster and a smoother experience.
  • Enhanced the reliability of Turbot > Mod > Runnable Monitor and Turbot > Mod Event Monitor by improving how they handle temporary lock conflicts, ensuring more consistent operation.
  • Fixed an issue where moving a resource between parents could create an incorrect path.
  • Policy packs can now only be attached to resources where it is feasible to attach.

• UI

  • Resolved a layout issue where long resource names could break the detail headers on the Control, Process, and Policy pages.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Guardrails previously upserted DB parameter groups into the CMDB with incorrect casing when they were created using uppercase letters in AWS. This occasionally caused the AWS > RDS > DB Parameter Group > CMDB control to enter an error state due to duplicate AKAs. We have improved the handling of create and copy real-time events for parameter groups to ensure they are now upserted correctly and more reliably.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Dependencies

• Upgraded containerd, golang.org/x/net, and vite packages to remediate moderate vulnerabilities.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• New tables added
  • github_package (#459)
  • github_package_version (#459)

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Bug fixes

• The AWS > VPC > Transit Gateway Attachment > CMDB control would sometimes go into an error state when ResourceOwnerId for the resource was not available in the CMDB data. This is fixed and the control will now work correctly, as expected.

Bug fixes

• Guardrails stack controls that created or claimed IAM roles would sometimes run unnecessarily due to a mismatch in the default value for force_detach_policies in the Terraform mapping for the resource type. We have now removed the conflicting default to prevent such unnecessary executions. You now need to explicitly define force_detach_policies to override the existing Terraform default value (if required by your use case).

Bug fixes

• Fix partition filter argument. (#375)

What's new?

• New benchmarks added:

  • MITRE ATT&CK v16.1 benchmark (powerpipe benchmark run aws_vpc_flow_log_detections.benchmark.mitre_attack_v161).
  • VPC Flow Log Detections benchmark (powerpipe benchmark run aws_vpc_flow_log_detections.benchmark.vpc_flow_log_detections).

• New dashboards added:

  • VPC Flow Log Activity Dashboard
  • VPC Flow Log Network Graph

What's new?

• Added Top 10 Keys table to Activity Dashboard.

Enhancements

• Added link for collecting S3 server access logs in Getting Started section in README and index documentation.

Bug fixes

• Added missing bucket information to Top 10 URIs tables in Activity Dashboard.
• Added folder = "S3" tag to detection queries.

Whats new?

• Initial version of Tailpipe MCP server
• Build and run Powerpipe mods using AI

Whats new?

• Initial version of Steampipe MCP server
• Query cloud infrastructure, SaaS, APIs and more using AI

Whats new?

• Initial version of Tailpipe MCP server
• Support for querying cloud and security logs using AI

What's new?

• You can now configure retention period for log groups. To get started, set the AWS > Logs > Log Group > Retention > * policies.

Control Types

• AWS > Logs > Log Group > Retention

Policy Types

• AWS > Logs > Log Group > Retention
• AWS > Logs > Log Group > Retention > Period

Action Types

• AWS > Logs > Log Group > Update Retention

Enhancements

• Updated file_layout arguments in documentation to wrap values in backticks instead of double quotes to align with Tailpipe CLI v0.2.0 changes. (#140)

Bug fixes

• The aws_vpc_flow_log table no longer skips collecting records with log status SKIPPED or NODATA.
• Updated aws_cost_and_usage_focus, aws_cost_and_usage_report and aws_cost_optimization_recommendation tables to store missing column values as null. (#139)
• Fixed typo for file_layout in aws_s3_bucket source doc.

Dependencies

• Bumped github.com/turbot/pipe-fittings/v2 from 2.3.0 to 2.3.1. (#143)
• Bumped github.com/turbot/tailpipe-plugin-sdk from v0.1.1 to v0.2.0. (#136)

What's new

• Add support for custom tables. ((#225))
• Add location to format list/show. (#283)
• Add plugin to source list/show. (#337)
• Improve display logic of conversion errors, since we log full error just display first line of error.

Bug fixes

• Plugin list command now correctly cases keys in JSON output.
• Fix display of UUID and Decimal in query results.
• Add comma separators to numeric output in query results. (#685)
• Fix multiple backtick escaping in config - if more than 2 properties are back-ticked, the third onwards were not being escaped.

What's new?

• New benchmarks added:
  • Access Log Detections benchmark (powerpipe benchmark run nginx_access_log_detections.benchmark.access_log_detections).
  • MITRE ATT&CK v16.1 benchmark (powerpipe benchmark run nginx_access_log_detections.benchmark.mitre_attack_v161).
  • OWASP Top 10 2021 benchmark (powerpipe benchmark run nginx_access_log_detections.benchmark.owasp_top_10_2021).
• New dashboards added:
  • Access Log Activity Dashboard

What's new?

• New benchmarks added:

  • MITRE ATT&CK v16.1 benchmark (powerpipe benchmark run aws_s3_server_access_log_detections.benchmark.mitre_attack_v161).
  • S3 Server Access Log Detections benchmark (powerpipe benchmark run aws_s3_server_access_log_detections.benchmark.s3_server_access_log_detections).

• New dashboards added:

  • S3 Server Access Log Activity Dashboard

What's new?

• New dashboards added:
  • Cost and Usage Report: Cost by Account
  • Cost and Usage Report: Cost by Region
  • Cost and Usage Report: Cost by Service
  • Cost and Usage Report: Cost by Tag
  • Cost and Usage Report: Overview Dashboard

What's new?

• New benchmarks added:

  • Access Log Detections benchmark (powerpipe benchmark run apache_access_log_detections.benchmark.access_log_detections).
  • MITRE ATT&CK v16.1 benchmark (powerpipe benchmark run apache_access_log_detections.benchmark.mitre_attack_v161).
  • OWASP Top 10 2021 benchmark (powerpipe benchmark run apache_access_log_detections.benchmark.owasp_top_10_2021).

• New dashboards added:

  • Access Log Activity Dashboard

What's new?

• UI
  • Added support for multiple input queries (with ability to use Nunjucks template functionality) in the calculated policy editor allowing teams to create complex calculated policies involving a pipeline of GraphQL queries.

Bug fixes

• Server

  • Turbot/ReadOnly permission is now sufficient to create, delete, and update favorites.
  • Resolved an issue that was blocking users from running quick actions due to incorrect permission checks.
  • Tightened permissions for smart folder attachments and detachments to prevent unauthorized access.
  • Account/ReadOnly users can now successfully manage favorites, including creation, deletion, and updates.

• UI

  • Policy settings can now be created by users with Account/Admin permission, as intended, instead of incorrectly requiring Account/Owner.
  • Quick action runs no longer fail for users with a single grant due to a UI permission check issue.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

v0.13.0 of the Pipes SDK Go is now available.

Breaking changes

• Get_1 method in UserWorkspaceSchemasService used to list tables for a schema renamed to ListTables to denote its exact purpose.
• Get_1 method in OrgWorkspaceSchemasService used to list tables for a schema renamed to ListTables to denote its exact purpose.

What's new?

• Add support for GetTable method to UserWorkspaceSchemasService to get a specific table for a schema.
• Add support for GetTable method to OrgWorkspaceSchemasService to get a specific table for a schema.

Enhancements

• Install and Update for both flowpipe and powerpipe mods now support archived mod upload via multipart/form-data request.
• Add SourceType to model WorkspaceMod to denote the source of the mod i.e. repository or archive.
• Add AggregatedBy to model WorkspaceSchema to store the list of aggregators that are using the schema.

Turbot Pipes' latest update enhances its built-in query editor with improved schema navigation, integrated documentation, pre-built query examples, and powerful search, making it faster and easier for teams to explore and query cloud data.

For more information on this release, see the blog post or refer to the documentation.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Users can now create and manage cloud resources using Terraform 1.x via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > CloudFront > Distribution > Stack [Native]

Policy Types

• AWS > CloudFront > Distribution > Stack [Native]
• AWS > CloudFront > Distribution > Stack [Native] > Drift Detection
• AWS > CloudFront > Distribution > Stack [Native] > Drift Detection > Interval
• AWS > CloudFront > Distribution > Stack [Native] > Modifier
• AWS > CloudFront > Distribution > Stack [Native] > Secret Variables
• AWS > CloudFront > Distribution > Stack [Native] > Source
• AWS > CloudFront > Distribution > Stack [Native] > Timeout
• AWS > CloudFront > Distribution > Stack [Native] > Variables
• AWS > CloudFront > Distribution > Stack [Native] > Version

Bug Fixes

• Fix the table data cells displaying a vertical scroll in some browsers. (#765)
• Fix issue where setting custom relative duration not shown in presets does not update the relative timestamp. (#769)

All Pipes workspaces are now running Steampipe v1.1.0.

For more information on this Steampipe release, see the release notes.

Bug fixes

• The GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-iam rendered the real-time events filter for Project User resource type incorrectly, which caused the GCP > Logging > Sink > Configured control for Logging sinks created via Event Handlers to go into an error state. This issue is now fixed.
• The GCP > IAM > Project User > CMDB control entered an error state due to incorrect internal references introduced in the previous version of the mod (v5.17.0). This issue has been fixed, and the control now works as expected.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• New tables added
  • aws_cloudwatch_log_delivery_destination (#2469)
  • aws_cloudwatch_log_delivery_source (#2469)
  • aws_cloudwatch_log_delivery (#2469)
  • aws_cloudwatch_log_destination (#2469)
  • aws_elasticache_update_action (#2431) (Thanks @fyqtian for the contribution!)
  • aws_quicksight_account_settings (#2467)
  • aws_quicksight_data_set (#2467)
  • aws_quicksight_data_source (#2467)
  • aws_quicksight_group (#2467)
  • aws_quicksight_namespace (#2467)
  • aws_quicksight_user (#2467)
  • aws_quicksight_vpc_connection (#2467)
  • aws_s3_multipart_upload (#2456)

Enhancements

• Added folder metadata to the documentation of all the AWS tables for improved organization on the Steampipe Hub. (#2465)
• Added inline_policy and inline_policy_std columns to aws_ssoadmin_permission_set table. (#2458) (Thanks @2XXE-SRA for the contribution!)
• Updated display name to AWS.

Dependencies

• Recompiled plugin with steampipe-plugin-sdk v5.11.5 (#2460)

What's new?

• Policy Types:
  • Turbot > Quick Actions > Permission Levels to allow account, azure and gcp as a permission type.
  • Added class: ACCOUNT to Turbot > Notifications > CC > Tag and Turbot > Notifications > CC > Tag > Name.

Bug fixes

• Control Types:
  • The Turbot > Workspace > Usage control will be skipped in GovCloud deployments.

Requirements

• TE: 5.35.4

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Bug fixes

• The GCP > Project > Labels control failed to apply labels to projects according to the GCP > Project > Labels > Template policy. This issue has been fixed.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Internal definitions for the AWS > Organization resource type have been updated. All functionality will continue to work smoothly as before.

Bug fixes

• We've updated internal definitions for Quick Actions on the AWS > S3 > Bucket > Public Access Block control type. All functionality will continue to work smoothly as before.

What's new?

• The AWS > EC2 > Target Group > Discovery control sometimes failed to upsert target groups under gateway load balancers that were not present in the CMDB. This occurred because Guardrails was unable to discover those gateway load balancers due to an outdated list of supported regions. The list has been refreshed for the AWS > EC2 > Gateway Load Balancer resource type, enabling Guardrails to discover and manage these resources across all supported AWS regions.

Whats new?

• Updated database version to PostgreSQL 14.17. (#4461)

Bug fixes

• Fixed issue where plugin start timeout was getting limited to 60s. (#4477)

Bug fixes

• Server

  • Improved how policy values are selected for the priority queue, resulting in faster and more efficient processing.

• UI

  • Pagination and title-based sorting are now supported in policy targets, making navigation smoother.
  • The Permissions modal is more stable and won’t crash if some data is missing.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• CMDB controls for custom tables and records occasionally failed to update data in the CMDB correctly. This issue has been resolved.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Bug fixes

• Server

  • Resolved an issue that was preventing users from logging in via SAML.

• UI

  • Action buttons now show up correctly on the process logs page, whether you’re viewing control or policy.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Added support to process real-time events for ServiceNow custom tables and their records.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

Resource Types

• ServiceNow > Custom
• ServiceNow > Custom > Record
• ServiceNow > Custom > Table

Control Types

• ServiceNow > Custom > Record > CMDB
• ServiceNow > Custom > Record > Discovery
• ServiceNow > Custom > Table > Business Rule
• ServiceNow > Custom > Table > CMDB
• ServiceNow > Custom > Table > Discovery

Policy Types

• ServiceNow > Custom > Record > CMDB
• ServiceNow > Custom > Record > CMDB > Query
• ServiceNow > Custom > Record > CMDB > Title
• ServiceNow > Custom > Table > Business Rule
• ServiceNow > Custom > Table > Business Rule > Name
• ServiceNow > Custom > Table > CMDB
• ServiceNow > Custom > Table > CMDB > Tables

Action Types

• ServiceNow > Custom > Record > Router

What's new?

• The AWS > Region > Discovery > Connection Region policy has been deprecated and will be removed in the next major version of the mod (v6.0.0). Two new policies, AWS > Account > Connection Region [Default] and AWS > Region > Connection Region, have been introduced. These policies streamline connection region management across all global resource types in various services. For the deprecated AWS > Region > Discovery > Connection Region policy, we recommend migrating existing settings to the AWS > Region > Connection Region policy if you intend to define a connection region for discovering Region resources. Alternatively, you may configure the AWS > Account > Connection Region [Default] policy, which serves as the default region for discovering all global resources across services in your account.

Policy Types

• AWS > Account > Connection Region [Default]
• AWS > Region > Connection Region

Renamed

• AWS > Region > Discovery > Connection Region to AWS > Region > Discovery > Connection Region [Deprecated]

What's new?

• You can now configure a connection region to allow Guardrails to fetch details for S3 accounts in CMDB. To get started, set the AWS > S3 > Connection Region policy. This policy defaults to the value of the AWS > Account > Connection Region [Default] policy, which can be used to define a default connection region for all global resources in an account.

Policy Types

• AWS > S3 > Connection Region

The schema list view in the Steampipe query editor now hides aggregated connections by default. This change helps highlight the key schemas whilst also improving readability of the list, especially in workspaces with a large number of aggregated connections.

You can still view the aggregated connections by clicking the Show Aggregated Connections option via the schema list settings button. This will expand the list to show all connections, including the aggregated ones.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug Fixes

• Table headers for numeric columns are now right-aligned like the row-level cell content. (#755)

Bug fixes

• Guardrails previously processed the organizations:MoveAccount real-time event incorrectly for individually imported management accounts, inadvertently deleting them from the CMDB. We have tightened the validation checks to prevent such deletions in these cases.

Bug fixes

• Discovery controls for various SageMaker resources previously attempted to fetch a maximum of 10 resources per API call, which occasionally led to throttling when a high number of resources existed in the account. This limit has now been increased to 100 (the maximum supported by the APIs) to enable the Discovery controls to retrieve all resources without errors and upsert them into the CMDB.

Breaking changes

• Removed the projects_total_count column from the github_organization and github_my_organization tables. This property was removed from the GitHub GraphQL API as of April 1, 2025, which caused queries using it to fail. We recommend using projects_v2_total_count column instead. Please check GitHub GraphQL API changelog for additional details. (#488)

Enhancements

• Added run_attempt column as an optional qual to the GetConfig of github_actions_repository_workflow_run table. (#464) (Thanks @tsibley for the contribution!!)
• Added run_attempt and previous_attempt_url columns to github_actions_repository_workflow_run table. (#463) (Thanks @tsibley for the contribution!!)
• Added workflow_id column as an optional qual to the ListConfig of github_actions_repository_workflow_run table. (#465) (Thanks @tsibley for the contribution!!)

Dependencies

• Recompiled plugin with Go version 1.23.1. (#486)
• Recompiled plugin with steampipe-plugin-sdk v5.11.5. (#486)

Bug fixes

• Table introspection in json now displays descriptions correctly. (#323):
• Fix resolution of the format before calling Collect when the format plugin is different from the table plugin.(#319):

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• We have improved event handling configuration to filter AWS Organization events that Guardrails listens for, based on the CMDB policies for resource types. If the CMDB policy for a resource type is not set to Enforce: Enabled, the EventBridge rule for Organizations will exclude events for that resource type.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Renamed nginx_access_log default format from default to combined.

Enhancements

• Fixed apache_access_log table docs with correct default log format information.

Bug Fixes

• Fix the supported export formats in powerpipe query run command. (#539)
• Ensure dashboard UI Table component fetches external link from registry when used rather than during module import. (#720)

Dependencies

• Upgrade containerd and golang.org/x/net packages to remediate moderate vulnerabilities.

What's new?

• Server
  • Introducing scoped Account/* permissions to help application teams manage their own accounts.
  • Notifications routing based on permissions.

Bug fixes

• Server

  • Controls no longer crashes when there's a parsing issue in rule-based notifications. Instead, it logs the error gracefully and continues running.
  • Fixed a problem where certain operations could trigger a "callback already called" error, improving overall reliability of caching.
  • The Type Installed control now spreads events over time to reduce the likelihood of API throttling during large-scale installations or updates.
  • Guardrails now skips storing resource tags larger than 1 KB to ensure only valid tags are saved and to avoid potential issues later.
  • The osquery worker now correctly uses the TURBOT_RDS_SSL_FILE environment variable to point to the right certificate file, fixing an issue where it previously referenced the wrong path.
  • To improve reliability and performance, Guardrails prioritizes events in the order Type Installed > Policies > Scheduled Actions > Controls.
  • Resolved an issue where authenticated users without the appropriate permissions were able to access process logs.

• UI

  • Switching between self and descendant modes no longer clears existing filter configurations — your selections will now persist as expected.

Account Permissions

Introduced a new category of permissions — Account/ — designed specifically for application teams who need limited visibility and control over resources within their own accounts. These are distinct from the Turbot/ permissions used by governance teams.

• Account levels:

  • Account/Owner
  • Account/Admin
  • Account/Operator
  • Account/ReadOnly

• These levels are now explained alongside Turbot/* levels, with clear usage guidance:

  • Turbot/* — for managing the Guardrails platform
  • Account/* — for managing resources and notifications within cloud accounts

Notification Routing to Guardrails Profiles

You can now route notifications to Guardrails user profiles dynamically based on resource permissions — a major upgrade from static email/webhook targeting. This allows for context-aware delivery to users like Account Owners or Admins.

• Supported formats:
  • Specific roles like Account/Owner, Turbot/Owner
  • Wildcards like Account/*
  • Special role Account/CC for tagging-based routing
  • Use case:
    • Automatically notify account teams responsible for a resource, based on their assigned permission

Access Controls Refined for Process Logs

Access to process logs is now restricted to users with appropriate permissions, specifically those with Turbot/Metadata or higher.

Previously, any authenticated user could retrieve process logs via the API. This behavior has been corrected to align with expected permission boundaries and prevent overexposure of operational data.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Cleaned up unnecessary help messages from AWS > VPC > Security Group Rule > CMDB control.

What's new?

• New tables added
  • nginx_access_log

What's new?

• New tables added
  • apache_access_log

What's new

• Add support for plugins with custom formats. A format block can be defined in config and plugins can provide formats types and presets . Format are supported by the new Nginx and Apache plugins. (#264).
• Add format list and format show commands. (#235)
• Update the plugin show command to add exported formats and correctly display partitions, etc. (#257)
• Improve the error reporting in the collection UI (#247).
• Update all SQL in code and messaging to be lower case.

Bug fixes

• The GCP > IAM > Service Account > CMDB control would sometimes enter a skipped state for newly imported projects if certain required attributes were missing from the IAM service's CMDB data. The control will now go into a TBD state instead and rerun after five minutes to allow the IAM service's CMDB data to populate correctly for newly imported projects.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Guardrails would sometimes ignore the GCP > BigQuery > Table > CMDB policy set to Enforce: Disabled and still upsert table resources via real-time events in CMDB. These resources were subsequently cleaned up by the CMDB control. This issue has been resolved, and the CMDB policy will now be correctly respected before upserting resources.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Fixed configuration examples for aws_cost_and_usage_focus, aws_cost_and_usage_report, and aws_cost_optimization_recommendation tables.

What's new?

• New tables added:
  • aws_cost_and_usage_focus (#115)
  • aws_cost_and_usage_report (#115)
  • aws_cost_optimization_recommendation (#115)
  • aws_guardduty_finding (#130)

Dependencies

• Bumped github.com/turbot/go-kit from 1.1.0 to 1.2.0. (#128)

Persistent workspaces now support high-performance SSD storage. This allows you to run your workloads on faster storage, which can be especially useful for queries that require high IOPS or low latency.

Any new persistent workspaces created will automatically use SSD storage. We'll gradually migrate existing persistent workspaces to SSD storage over the next few weeks. This change is included in the current pricing model and will not incur any additional cost.

What's new?

• Policy Types:
  • Turbot > Notifications > Email > CC
  • Turbot > Notifications > Email > CC > Tag
  • Turbot > Notifications > Email > CC > Tag > Name
  • Updated Turbot > Workspace > Retention > Activity Retention to 90 days
  • Updated default policy for Turbot > Notifications > Rule-Based Routing updated to use Account/* as the default recipient profile.
  • Relaxed the regex for MS teams webhook URL in Turbot > Notifications > Rule-Based Routing to allow broader URL formats.

Turbot > Workspace > Retention > Activity Retention

The default retention period for activity has been updated to 90 days (previously unlimited)

Storing too much historical activity data can slow down the system and increase storage costs. By setting a 90-day default, we ensure:

• Faster queries and improved UI performance
• A better balance between data retention and storage efficiency

Need more or less retention? You can adjust based on your needs:

For self-hosted environments, the 90-day default will apply when upgrading to @turbot/turbot version 5.51.0 or higher, unless a custom retention policy is set.

Requirements

• TE: 5.35.4

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.
• Added support for af-south-1, ap-east-1, ap-southeast-3, ap-southeast-5, ap-southeast-7, ca-west-1, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1 and me-south-1 regions in the AWS > Lambda > Regions policy.
• Corrected the region in the AWS > Lambda > Function Alias > Regions policy by updating us-west-3 to the correct region, us-west-2.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• New benchmarks added:

  • Audit Log Detections benchmark (powerpipe benchmark run github_audit_log_detections.benchmark.audit_log_detections).
  • MITRE ATT&CK v16.1 benchmark (powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161).

• New dashboards added:

  • Audit Log Activity Dashboard

Powerpipe and Flowpipe services in Pipes now support installing mods from an archive file.

For more information, check out the respective docs for Powerpipe or Flowpipe.

What's new?

• We've updated internal dependencies and now use newer Azure SDK versions to discover and manage Security Center resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing settings to refer to the updated attributes as mentioned below:

Added:

• policy.enforcementMode
• policy.nonComplianceMessages
• policy.systemData

Removed:

• policy.sku

Renamed:

• settings[*].properties.enabled to settings[*].enabled

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Added PCI DSS v4.0 benchmark (powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40). (#871)

Bug fixes

• Fixed the iam_user_one_active_key query to correctly evaluate IAM access keys across multiple AWS accounts. (#867) (Thanks @adrianstanislaus for the contribution!!)

Bug fixes

• Real-time delete events for topics would sometimes result in the deletion of subscriptions under a different topic in the CMDB. This issue has been fixed, and subscriptions are now cleaned up more reliably than before.

Bug fixes

• The AWS > MySQL > Server > CMDB policy will now be set to Skip by default because the resource type has been deprecated and will be removed in the next major version. Please check Single Server retirement for more information.

Resource Types

Renamed

• Azure > MySQL > Server to Azure > MySQL > Server [Deprecated]

Control Types

Renamed

• Azure > MySQL > Server > Active to Azure > MySQL > Server [Deprecated] > Active
• Azure > MySQL > Server > Approved to Azure > MySQL > Server [Deprecated] > Approved
• Azure > MySQL > Server > CMDB to Azure > MySQL > Server [Deprecated] > CMDB
• Azure > MySQL > Server > Discovery to Azure > MySQL > Server [Deprecated] > Discovery
• Azure > MySQL > Server > Encryption in Transit to Azure > MySQL > Server [Deprecated] > Encryption in Transit
• Azure > MySQL > Server > Tags to Azure > MySQL > Server [Deprecated] > Tags

Policy Types

Renamed

• Azure > MySQL > Server > Active to Azure > MySQL > Server [Deprecated] > Active
• Azure > MySQL > Server > Active > Age to Azure > MySQL > Server [Deprecated] > Active > Age
• Azure > MySQL > Server > Active > Last Modified to Azure > MySQL > Server [Deprecated] > Active > Last Modified
• Azure > MySQL > Server > Approved to Azure > MySQL > Server [Deprecated] > Approved
• Azure > MySQL > Server > Approved > Custom to Azure > MySQL > Server [Deprecated] > Approved > Custom
• Azure > MySQL > Server > Approved > Regions to Azure > MySQL > Server [Deprecated] > Approved > Regions
• Azure > MySQL > Server > Approved > Usage to Azure > MySQL > Server [Deprecated] > Approved > Usage
• Azure > MySQL > Server > CMDB to Azure > MySQL > Server [Deprecated] > CMDB
• Azure > MySQL > Server > Encryption in Transit to Azure > MySQL > Server [Deprecated] > Encryption in Transit
• Azure > MySQL > Server > Regions to Azure > MySQL > Server [Deprecated] > Regions
• Azure > MySQL > Server > Tags to Azure > MySQL > Server [Deprecated] > Tags
• Azure > MySQL > Server > Tags > Template to Azure > MySQL > Server [Deprecated] > Tags > Template

Action Types

Removed

• Azure > MySQL > Server > Delete
• Azure > MySQL > Server > Router
• Azure > MySQL > Server > Set Tags
• Azure > MySQL > Server > Update Encryption in Transit

What's new?

• New tables added:
  • aws_clb_access_log (#88)

Dependencies

• Bumped github.com/aws/aws-sdk-go-v2/config from 1.29.6 to 1.29.9. (#120)
• Bumped github.com/aws/aws-sdk-go-v2/feature/s3/manager. (#124)
• Bumped github.com/aws/aws-sdk-go-v2/service/s3 from 1.77.1 to 1.78.2. (#125)
• Bumped github.com/containerd/containerd from 1.7.18 to 1.7.27. (#126)
• Bumped golang.org/x/net from 0.33.0 to 0.36.0. (#122)
• Bumped golang.org/x/sync from 0.11.0 to 0.12.0. (#117)

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.