Changelog

Subscribe to all changelog posts via RSS or follow #changelog on our Slack community to stay updated on everything we ship.

Turbot Guardrails Enterprise (TE) v5.42.26 - Minor internal improvements

May 03, 2024

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

gcp-dns v5.7.0 - Track and manage DNS Policies in Guardrails

May 03, 2024

What's new?

  • Resource Types:

    • GCP > DNS > Policy

  • Control Types:

    • GCP > DNS > Policy > Active
    • GCP > DNS > Policy > Approved
    • GCP > DNS > Policy > CMDB
    • GCP > DNS > Policy > Discovery
    • GCP > DNS > Policy > Usage

  • Policy Types:

    • GCP > DNS > Policy > Active
    • GCP > DNS > Policy > Active > Age
    • GCP > DNS > Policy > Active > Last Modified
    • GCP > DNS > Policy > Approved
    • GCP > DNS > Policy > Approved > Custom
    • GCP > DNS > Policy > Approved > Usage
    • GCP > DNS > Policy > CMDB
    • GCP > DNS > Policy > Usage
    • GCP > DNS > Policy > Usage > Limit

  • Action Types:

    • GCP > DNS > Policy > Delete
    • GCP > DNS > Policy > Router

gcp-cisv2-0 v5.0.0 is now available

May 03, 2024

What's new?

Control Types

  • GCP > CIS v2.0
  • GCP > CIS v2.0 > 1 - Identity and Access Management
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
  • GCP > CIS v2.0 > 2 - Logging and Monitoring
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
  • GCP > CIS v2.0 > 3 - Networking
  • GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
  • GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
  • GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
  • GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
  • GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
  • GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
  • GCP > CIS v2.0 > 4 - Virtual Machines
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
  • GCP > CIS v2.0 > 5 - Storage
  • GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
  • GCP > CIS v2.0 > 7 - BigQuery
  • GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
  • GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets

Policy Types

  • GCP > CIS v2.0
  • GCP > CIS v2.0 > 1 - Identity and Access Management
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • GCP > CIS v2.0 > 2 - Logging and Monitoring
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled' > Attestation
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > Maximum Attestation Duration
  • GCP > CIS v2.0 > 3 - Networking
  • GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
  • GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
  • GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
  • GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
  • GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
  • GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
  • GCP > CIS v2.0 > 4 - Virtual Machines
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections > Attestation
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects > Attestation
  • GCP > CIS v2.0 > 4 - Virtual Machines > Maximum Attestation Duration
  • GCP > CIS v2.0 > 5 - Storage
  • GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges > Attestation
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > Maximum Attestation Duration
  • GCP > CIS v2.0 > 7 - BigQuery
  • GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
  • GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
  • GCP > CIS v2.0 > Maximum Attestation Duration

aws-cisv2-0 v5.0.1 - Minor fixes and improvements

May 03, 2024

Bug fixes

  • Minor fixes and improvements.

gcp v5.24.0 - Access approval setting details for projects is now be available in Project CMDB

May 02, 2024

What's new?

  • Access approval setting details for projects is now be available in Project CMDB.

Turbot Guardrails Enterprise (TE) v5.42.25 - Minor internal improvements

Apr 30, 2024

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Azure plugin v0.56.0 - Added azure_backup_policy table and recompiled plugin with steampipe-plugin-sdk v5.10.0

Apr 30, 2024

What's new?

Enhancements

  • The subscription_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Azure subscriptions. (#740)
  • Added the version flag to the plugin's Export tool. (#65)

Bug fixes

  • Fixed the plugin's Postgres FDW Extension crash issue.

Dependencies

azure-postgresql v5.15.1 - Action Type for Firewall > IP Ranges > Approved control did not render correctly for Flexi Servers on mod inspect

Apr 29, 2024

Bug fixes

  • Action Type for Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved control did not render correctly on mod inspect. This is now fixed.

AWS plugin v0.137.0 - Added aws_iot_thing_group, aws_iot_thing_type and aws_kms_key_rotation tables

Apr 29, 2024

Powerpipe CLI v0.2.0 - Added timeout flags for benchmark and dashboard execution commands

Apr 26, 2024

Whats new

  • It is now possible to set a timeout for benchmark and dashboard execution. These can be set:
    • In the workspace using properties: dashboard_timeout and benchmark_timeout
    • Using the --dashboard-timeout flag for the dashboard run and server commands
    • Using the --benchmark-timeout flag for the benchmark run commands.
    • Using the environment variables POWERPIPE_DASHBOARD_TIMEOUT and POWERPIPE_BENCHMARK_TIMEOUT respectively. (#336)
  • Support installing private mods using a GitHub app token. (#381).
  • Improve the layout of filter and grouping components for control tags and dimensions. (#263)
  • Remove the dashboard input list and dashboard input show commands.
  • Add thousands separator to numeric values in dashboard tables. (#315)
  • Only show benchmark cards for statuses that are contained in the current filter and add status to filter on card click. (#322)

Bug fixes

  • When calling mod update, respect the argument (if any) and only update specified mods. (#331)
  • Fix mod update display of updates to transitive dependencies. (#288)

Powerpipe v0.2.0 deploying to workspaces

Apr 26, 2024

All new Pipes workspaces will be running Powerpipe v0.2.0 and existing workspaces will be upgraded by Monday 29th April 2024.

For more information on this Powerpipe release, see the release notes.

Turbot Guardrails Enterprise (TE) v5.42.24 - Minor internal improvements

Apr 26, 2024

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

azure-storage v5.17.1 - Storage Account Data Protection control would go into an error state when container delete retention policy data was not available in CMDB

Apr 26, 2024

Bug fixes

  • The Azure > Storage > Storage Account > Data Protection control would go into an error state when container delete retention policy data was not available in CMDB. This issue is fixed and the control will now work as expected.

azure-postgresql v5.15.0 - Remove unapproved firewall IP Ranges on PostgreSQL servers and flexi servers

Apr 26, 2024

What's new?

  • You can now removed unapproved Firewall IP Ranges on PostgreSQL servers and flexi servers. To get started, set the Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > * and Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > * policies respectively.
  • You can now stop unapproved flexi servers. To get started, set the Azure > PostgreSQL > Flexible Server > Approved policy to Enforce: Stop unapproved or Enforce: Stop unapproved if new.

Control Types

  • Azure > PostgreSQL > Flexible Server > Firewall
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Server > Firewall
  • Azure > PostgreSQL > Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved

Policy Types

  • Azure > PostgreSQL > Flexible Server > Firewall
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Rules
  • Azure > PostgreSQL > Server > Firewall
  • Azure > PostgreSQL > Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

  • Azure > PostgreSQL > Flexible Server > Stop
  • Azure > PostgreSQL > Server > Update Firewall IP Ranges

cis v5.0.1 - Fixed control category names for v7.2.10, v7.7.10 and v7.14.1

Apr 24, 2024

Bug fixes

  • Fixed control category names for v7.2.10, v7.7.10 and v7.14.1.

azure-cisv2-0 v5.0.0 is now available

Apr 24, 2024

What's new?

Control Types

  • Azure > CIS v2.0
  • Azure > CIS v2.0 > 01 - Identity and Access Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 Ensure That 'Number of methods required to reset' is set to '2'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
  • Azure > CIS v2.0 > 02 - Microsoft Defender
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
  • Azure > CIS v2.0 > 03 - Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
  • Azure > CIS v2.0 > 04 - Database Services
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
  • Azure > CIS v2.0 > 06 - Networking
  • Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
  • Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
  • Azure > CIS v2.0 > 07 - Virtual Machines
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
  • Azure > CIS v2.0 > 08 - Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
  • Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
  • Azure > CIS v2.0 > 09 - Application Services
  • Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
  • Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
  • Azure > CIS v2.0 > 10 - Miscellaneous
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources

Policy Types

  • Azure > CIS v2.0
  • Azure > CIS v2.0 > 01 - Identity and Access Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > Maximum Attestation Duration
  • Azure > CIS v2.0 > 02 - Microsoft Defender
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
  • Azure > CIS v2.0 > 02 - Microsoft Defender > Maximum Attestation Duration
  • Azure > CIS v2.0 > 03 - Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
  • Azure > CIS v2.0 > 03 - Storage Accounts > Maximum Attestation Duration
  • Azure > CIS v2.0 > 04 - Database Services
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible > Attestation
  • Azure > CIS v2.0 > 04 - Database Services > Maximum Attestation Duration
  • Azure > CIS v2.0 > 05 - Logging and Monitoring
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it > Attestation
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > Maximum Attestation Duration
  • Azure > CIS v2.0 > 06 - Networking
  • Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
  • Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis > Attestation
  • Azure > CIS v2.0 > 06 - Networking > Maximum Attestation Duration
  • Azure > CIS v2.0 > 07 - Virtual Machines
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > Maximum Attestation Duration
  • Azure > CIS v2.0 > 08 - Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
  • Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services > Attestation
  • Azure > CIS v2.0 > 08 - Key Vault > Maximum Attestation Duration
  • Azure > CIS v2.0 > 09 - Application Services
  • Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
  • Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > Maximum Attestation Duration
  • Azure > CIS v2.0 > 10 - Miscellaneous
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources > Attestation
  • Azure > CIS v2.0 > 10 - Miscellaneous > Maximum Attestation Duration
  • Azure > CIS v2.0 > Maximum Attestation Duration

Flowpipe CLI v0.4.4 - Query step args attribute, file watcher, duplicate step names and invalid notifier reference fixes

Apr 23, 2024

Bug fixes

  • Param can be used in query step's args attribute. (#830).
  • File watcher now correctly detect changes in the loop block. (#808).
  • Duplicate step names are now detected and reported as an error. (#820).
  • Better error message for invalid notifier reference. (#826).

Turbot Guardrails Enterprise (TE) v5.42.23 - Refined management of various processes to improve stability and reduce backlog issues

Apr 23, 2024

What's new?

  • Server
    • Implemented monitoring for worker_factory in the CloudWatch Dashboard widgets "Events Queue Activity" and "Events Queue Backlog".
    • Established a CloudWatch Alarm for the _worker_factory queue.
    • Product, Vendor Tags to the IAM Role resources created by the TE stack.
    • Adjusted the threshold for the CloudWatch Alarm monitoring the _worker queue.

Bug fixes

  • Server

    • Now, users with only Turbot/User access will no longer see grants or active grants belonging to other users. This ensures that you only view grants that are relevant to your permissions.
    • Control will move to error if it fails to determine the state at precheck.
    • System resilience has been enhanced through extended TTL settings and refined management of suspended processes, aiming to improve stability and reduce backlog issues.
    • Refined management of various processes to improve stability and reduce backlog issues.

  • UI

    • Converted the template_input property of the policy setting in the Terraform plan to YAML format, improving clarity and manageability.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

turbot v5.43.1 - Process Monitor control will now run in priority queue

Apr 23, 2024

What's new?

  • Moved the Turbot > Process Monitor control to operate within the priority queue, ensuring more timely and efficient processing of critical tasks.
  • Updated the Turbot > Workspace > Background Tasks control to modify the next_tick_timestamp for any policy values that previously had incorrect defaults.

azure-cosmosdb v5.5.1 - Minor fixes and improvements

Apr 23, 2024

Bug fixes

  • Minor fixes and improvements.

azure-storage v5.17.0 - Configure rotation reminders for access keys and soft delete for blobs and containers in storage accounts

Apr 22, 2024

What's new?

  • You can now configure rotation reminders for access keys and soft delete for blobs and containers in storage accounts. To get started, set the Azure > Storage > Storage Account > Access Keys > Rotation Reminder > * and Azure > Storage > Storage Account > Data Protection > Soft Delete > * policies respectively.

Control Types

  • Azure > Storage > Storage Account > Access Keys
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder
  • Azure > Storage > Storage Account > Data Protection
  • Azure > Storage > Storage Account > Data Protection > Soft Delete

Policy Types

  • Azure > Storage > Storage Account > Access Keys
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder > Days
  • Azure > Storage > Storage Account > Data Protection
  • Azure > Storage > Storage Account > Data Protection > Soft Delete
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs > Retention Days
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers > Retention Days

Action Types

  • Azure > Storage > Storage Account > Set Data Protection Soft Delete
  • Azure > Storage > Storage Account > Update Rotation Reminder

azure-sql v5.14.0 - Remove unapproved firewall IP Ranges on SQL servers

Apr 22, 2024

What's new?

  • You can now removed unapproved Firewall IP Ranges on SQL servers. To get started, set the Azure > SQL > Server > Firewall > IP Ranges > Approved > * policies.

Control Types

  • Azure > SQL > Server > Firewall
  • Azure > SQL > Server > Firewall > IP Ranges
  • Azure > SQL > Server > Firewall > IP Ranges > Approved

Policy Types

  • Azure > SQL > Server > Firewall
  • Azure > SQL > Server > Firewall > IP Ranges
  • Azure > SQL > Server > Firewall > IP Ranges > Approved
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

  • Azure > SQL > Server > Update Firewall IP Ranges

Guardrails Insights mod v0.4 - Updated the workspace_dashboard to include information on the accounts, resources, and active controls across different workspaces

Apr 19, 2024

Enhancements

  • Updated the workspace_dashboard dashboard to include information on the accounts, resources, and active controls across different workspaces. (#31)
  • Updated the workspace_account_report dashboard to display resources, policy settings, alerts, and active controls across workspaces instead of the TE version. (#31)

AWS Compliance mod v0.92 - Enhanced several queries to minimize API usage, achieving faster performance

Apr 19, 2024

Enhancements

  • Optimized several queries to minimize API usage, achieving faster performance. (#786)

gcp-kms v5.8.2 - Bug fixed - Rotation policy attributes for Crypto Keys did not update correctly in CMDB when the rotation policy was removed from such keys

Apr 19, 2024

Bug fixes

  • The rotationPeriod and nextRotationTime attributes for Crypto Keys did not update correctly in CMDB when the rotation policy for such keys was removed. This is now fixed.

azure-mysql v5.10.0 - Configure Encryption in Transit for Flexi Servers

Apr 19, 2024

What's new?

  • You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Encryption in Transit > * policies.
  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Control Types

  • Azure > MySQL > Flexible Server > Encryption in Transit

Policy Types

  • Azure > MySQL > Flexible Server > Encryption in Transit

Action Types

  • Azure > MySQL > Flexible Server > Update Encryption in Transit

azure-appservice v5.9.0 - Lambda runtimes now powered by Node 18

Apr 19, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Policy Types

  • Azure > App Service > App Service Plan > Approved > Custom
  • Azure > App Service > Function App > Approved > Custom
  • Azure > App Service > Web App > Approved > Custom

aws-vpc-security v5.9.8 - Bug fixed - Configured control for flow logs would sometimes go into an error state for flow logs claimed by a Guardrails stack

Apr 19, 2024

Bug fixes

  • The AWS > VPC > Flow Log > Configured control would sometimes go into an error state for flow logs created via the AWS console, even though they were correctly claimed by a Guardrails stack. This is now fixed.

AWS plugin v0.136.0 - Added aws_iot_fleet_metric table and recompiled plugin with steampipe-plugin-sdk v5.10.0 and aws-sdk-go v1.26.1

Apr 19, 2024

What's new?

Enhancements

  • The account_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple AWS accounts. (#2133)

Bug fixes

  • Fixed the getDirectoryServiceSnapshotLimit and getDirectoryServiceEventTopics hydrate calls in the aws_directory_service_directory table to correctly return nil for the unsupported ADConnector services instead of an error. (#2170)

Opsgenie plugin v0.0.2 - Initial plugin release

Apr 19, 2024

azure-postgresql v5.14.0 - Configure log checkpoints for Flexi Servers

Apr 17, 2024

What's new?

  • You can now configure log checkpoints for Flexi Servers. To get started, set the Azure > PostgreSQL > Flexible Server > Audit Logging > * policies.
  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Control Types

  • Azure > PostgreSQL > Flexible Server > Audit Logging

Policy Types

  • Azure > PostgreSQL > Flexible Server > Audit Logging
  • Azure > PostgreSQL > Flexible Server > Audit Logging > Log Checkpoints

Action Types

  • Azure > PostgreSQL > Flexible Server > Update Audit Logging

azure-keyvault v5.13.0 - Configure expiration for Key Vault Keys and Secrets

Apr 17, 2024

What's new?

  • You can now configure expiration for Key Vault Keys and Secrets. To get started, set the Azure > Key Vault > Key > Expiration > * and Azure > Key Vault > Secret > Expiration > * policies respectively.

Control Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Secret > Expiration

Policy Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Key > Expiration > Days [Default]
  • Azure > Key Vault > Secret > Expiration
  • Azure > Key Vault > Secret > Expiration > Days [Default]

Action Types

  • Azure > Key Vault > Key > Set Expiration
  • Azure > Key Vault > Secret > Set Expiration

aws-directconnect v5.4.0 - Lambda runtimes now powered by Node 18

Apr 17, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

GCP Compliance mod v0.30 - Added CIS v3.0.0 benchmark

Apr 16, 2024

What's new?

  • Added CIS v3.0.0 benchmark (powerpipe benchmark run gcp_compliance.benchmark.cis_v300). (#158)

aws-xray v5.4.0 - Lambda runtimes now powered by Node 18

Apr 16, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-storage v5.16.1 - Storage Account Queue Logging control would go into a skipped state for storage accounts, irrespective of any policy setting

Apr 12, 2024

Bug fixes

  • The Azure > Storage > Storage Account > Queue > Logging control would go into a skipped state for storage accounts, irrespective of any policy setting for Logging. This issue is fixed and the control will now work as expected.

Google Search Console plugin v0.0.1 - Initial plugin release

Apr 12, 2024

GitHub plugin v0.40.0 - Added github_organization_collaborator table and added support for plugin authentication using Github App

Apr 12, 2024

v0.40.0 [2024-04-12]

What's new?

Bug fixes

  • Fixed the github_workflow table to correctly return data for dynamic workflows instead of an error. (#412)
  • Fixed the plugin's Postgres FDW Extension crash issue.

AWS plugin v0.135.0 - Added aws_accessanalyzer_finding table and snapshot_block_public_access_state column to aws_ec2_regional_settings table

Apr 12, 2024

What's new?

Enhancements

  • Added snapshot_block_public_access_state column to aws_ec2_regional_settings table. (#2077)

Bug fixes

  • Fixed the getDirectoryServiceSnapshotLimit and getDirectoryServiceEventTopics hydrate calls in the aws_directory_service_directory table to correctly return nil for unsupported SharedMicrosoftAD services instead of an error. (#2156)

Kolide plugin v0.2.1 - Initial plugin release

Apr 12, 2024

azure-network v5.16.0 - Delete existing Public IP Addresses which are unapproved for use in the Subscription

Apr 11, 2024

What's new?

  • You can now delete existing Public IP Addresses which are unapproved for use in the Subscription. To get started, set the Azure > Network > Public IP Address > Approved policy to Enforce: Delete unapproved.

Steampipe Plugin SDK v5.10.0 - Added support for connection key columns and added `sp_ctx` and `sp_connection_name` columns to all tables

Apr 11, 2024

What's new?

  • Added support for connection key columns. (#768)
  • Added sp_ctx and sp_connection_name columns to all tables. (#769)

azure-postgresql v5.13.0 - Configure Encryption in Transit for Flexi Servers

Apr 10, 2024

What's new?

  • You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > PostgresSql > Flexible Server > Encryption in Transit > * policies.

Control Types

  • Azure > PostgreSQL > Flexible Server > Encryption in Transit

Policy Types

  • Azure > PostgreSQL > Flexible Server > Encryption in Transit

Action Types

  • Azure > PostgreSQL > Flexible Server > Update Encryption in Transit

AWS Compliance mod v0.91 - Updated foundational_security_lambda_2 control to check for the latest Lambda runtimes as per the AWS FSBP documentation

Apr 09, 2024

Bug fixes

  • Updated the foundational_security_lambda_2 control to check for the latest Lambda runtimes as per the AWS FSBP document. (#778) (Thanks @sbldevnet for the contribution!)
  • Fixed the title of secretsmanager_secret_unused_90_day control. (#783)

azure-activedirectory v5.5.0 - Delete existing Entra ID users which are unapproved to be used in the Tenant

Apr 09, 2024

What's new?

  • You can now delete existing Entra ID users which are unapproved to be used in the Tenant. To get started, set the Azure > Active Directory > User > Approved policy to Enforce: Delete unapproved.

Policy Types

  • Azure > Active Directory > User > Approved > Custom

azure-mysql v5.9.0 - Configure TLS version for Flexi Servers

Apr 08, 2024

What's new?

  • You can now configure TLS version for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Minimum TLS Version > * policies.

Azure Compliance mod v0.43 - Added new controls to All Controls benchmark

Apr 05, 2024

Enhancements

  • Added the following controls to the All Controls benchmark: (#253)
    • cosmosdb_account_uses_aad_and_rbac
    • iam_user_not_allowed_to_create_tenants
    • securitycenter_image_scan_enabled

Bug fixes

  • Updated the postgres_db_server_allow_access_to_azure_services_disabled query to check if the endIpAddress column is set to 0.0.0.0 instead of 255.255.255.255 as per the CIS documentation. (#253)

Turbot Guardrails Enterprise Database (TED) v1.41.0 - Added support for Postgres versions 11.21 and 11.22

Apr 05, 2024

What's new?

  • Added: Support for Postgres versions 11.21 and 11.22.

aws v5.30.0 - Account CMDB data will now also include alternate security contact details

Apr 05, 2024

What's new?

  • Account CMDB data will now also include alternate security contact details.

aws-cisv2-0 v5.0.0 is now available

Apr 05, 2024

What's new?

Control Types

  • AWS > CIS v2.0
  • AWS > CIS v2.0 > 1 - Identity and Access Management
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v2.0 > 2 - Storage
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v2.0 > 3 - Logging
  • AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
  • AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
  • AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v2.0 > 4 - Monitoring
  • AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v2.0 > 5 - Networking
  • AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2

Policy Types

  • AWS > CIS v2.0
  • AWS > CIS v2.0 > 1 - Identity and Access Management
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • AWS > CIS v2.0 > 2 - Storage
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v2.0 > 2 - Storage > Maximum Attestation Duration
  • AWS > CIS v2.0 > 3 - Logging
  • AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
  • AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
  • AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > Maximum Attestation Duration
  • AWS > CIS v2.0 > 4 - Monitoring
  • AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v2.0 > 4 - Monitoring > Maximum Attestation Duration
  • AWS > CIS v2.0 > 5 - Networking
  • AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
  • AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
  • AWS > CIS v2.0 > 5 - Networking > Maximum Attestation Duration
  • AWS > CIS v2.0 > Maximum Attestation Duration

GCP plugin v0.51.0 - Added gcp_tag_binding table

Apr 05, 2024

Steampipe CLI v0.22.2 - Fixed local plugin development workflow

Apr 05, 2024

Enhancements

  • Added support for nested dashboards. (#4208)

Bug fixes

  • Fixed the issue where local plugins were not being loaded. (#4196)
  • Re-added support for 'implicit' local plugins (i.e. the plugin binary exists but there is no entry in the versions.json). (#4223)
  • Fixed the issue where the daily update check message showed a <nil> when there was no message to show. (#4206)

gcp-sql v5.8.1 - Bug Fixed - SQL Instances were not updated/cleaned up correctly via real-time events in Guardrails

Apr 04, 2024

Bug fixes

  • SQL Instances were sometimes not updated/cleaned up correctly via real-time events in Guardrails. This is now fixed.

aws-ec2 v5.40.0 - Manage IMDS defaults for EC2 via the Account Attributes > Instance Metadata Service Defaults control

Apr 02, 2024

What's new?

  • You can now manage IMDS defaults for EC2 per region. To get started, set the AWS > EC2 > Account Attributes > Instance Metadata Service Defaults > * policies.

Bug fixes

  • The AWS > EC2 > Instance > Approved control would sometimes fail to stop instances that were discovered in Guardrails via real-time events if the AWS > EC2 > Instance > Approved policy was set to Enforce: Stop unapproved if new. This is now fixed.

Flowpipe CLI v0.4.3 - Lazy create `flowpipe.db`, `max_concurrency` and HTTP integration output fixes

Apr 01, 2024

Bug fixes

  • Lazy create flowpipe.db. (#808).
  • Respect max_concurrency in pipeline and input steps. (#815).
  • Misleading error message for invalid step dependencies. (#816).
  • HTTP integration address is shown correctly at the beginning of each input step loop. (#818).

azure-storage v5.16.0 - Blob service property details will now be available in CMDB for Storage Accounts

Apr 01, 2024

What's new?

  • Storage Account CMDB data will now also include details about the account's blob service properties.

azure-postgresql v5.12.0 - Configure connection_throttling parameter for PostgreSQL servers

Apr 01, 2024

What's new?

  • You can now configure connection_throttling parameter for PostgreSQL servers. To get started, set the Azure > PostgreSQL > Server > Audit Logging > Connection Throttling policy.

azure-mysql v5.8.0 - TLS version and audit log details will now be available in CMDB for Flexi Servers

Apr 01, 2024

What's new?

  • TLS version and audit log details will now be available in CMDB for Flexi Servers.

aws-kms v5.18.0 - Disable unapproved Keys via the Key > Approved control

Mar 29, 2024

What's new?

  • Users can now disable unapproved Keys in AWS. To get started, set the AWS > KMS > Key > Approved policy to Enforce: Disable unapproved.

GCP plugin v0.50.0 - Added gcp_vertex_ai_model table and fixed retry_policy_maximum_backoff and retry_policy_minimum_backoff columns of gcp_pubsub_subscription table to correctly return data

Mar 29, 2024

What's new?

Enhancements

  • Added support for quota_project config arg to provide users the ability to set the Project ID used for billing and quota. (#556)

Bug fixes

  • Fixed the retry_policy_maximum_backoff and retry_policy_minimum_backoff columns of gcp_pubsub_subscription table to correctly return data. (#552) (Thanks to @mvanholsteijn for the contribution!)

AWS plugin v0.134.0 - Added aws_backup_job, aws_elastic_beanstalk_application_version, aws_rds_db_engine_version, aws_s3_object_version and aws_servicequotas_service tables and fixed pagination in the aws_ebs_snapshot table to make fewer API calls

Mar 29, 2024

What's new?

Bug fixes

  • Fixed the aws_vpc_eip table to return an Access Denied error instead of an Invalid Memory Address or Nil Pointer Dereference error when a Service Control Policy is applied to an account for a specific region. (#2136)
  • Fixed the aws_s3_bucket terraform script to prevent the AccessControlListNotSupported: The bucket does not allow ACLs error during the PutBucketAcl terraform call. (#2080) (Thanks @pdecat for the contribution!)
  • Fixed an issue where querying regional tables while using AWS profiles with cross-account role credentials results in the correct error being reported instead of zero rows. (#2137)
  • Fixed pagination in the aws_ebs_snapshot table to make fewer API calls when the limit parameter is passed to the query. (#2088)

AWS Thrifty mod v0.29 - Added new control rds_mysql_postresql_db_no_unsupported_version

Mar 27, 2024

What's new?

  • New control added:
    • rds_mysql_postresql_db_no_unsupported_version (#174)

AWS Insights mod v0.20 - Fixed the `ecs_cluster_active_service_count` query in the `AWS ECS Cluster Dashboard` to correctly return the count of `Cluster Active Services` instead of `ECS Clusters`

Mar 27, 2024

Bug fixes

  • Fixed the ecs_cluster_active_service_count query in the AWS ECS Cluster Dashboard to correctly return the count of Cluster Active Services instead of ECS Clusters. (#341) (Thanks @mupi2k for the contribution!)

aws-sns v5.15.3 - Bug Fixed - EventBridge Rule for real-time SNS events, created by Event Handlers, will now respect `Enforce: Enabled but ignore permission errors` policy value for Subscription CMDB

Mar 27, 2024

Bug fixes

  • In v5.15.1, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > SNS > Subscription > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of real-time events for Subscription from the SNS EventBridge rule created by the Event Handlers. This issue has now been fixed.

aws-kms v5.17.1 - Bug Fixed - EventBridge Rule for real-time KMS events, created by Event Handlers, will now respect `Enforce: Enabled but ignore permission errors` policy value for Key CMDB

Mar 27, 2024

Bug fixes

  • In v5.13.0, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > KMS > Key > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of the EventBridge Rule for KMS by the Event Handlers. This issue has now been fixed.

Flowpipe CLI v0.4.2 - `loop`, `max_concurrency` and error handling fixes

Mar 26, 2024

Bug fixes

  • loop block now works in container, function, message and input steps.
  • Use HCL expressions in max_concurrency step argument. (#800).
  • throw, retry and error block now works for input step.

AWS Compliance mod v0.90 - Added new sub-benchmarks and controls to AWS Foundational Security Best Practices benchmark

Mar 22, 2024

Breaking changes

  • The Foundational Security Best Practices v1.0.0 benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)
    • The foundational_security_elbv2 sub-benchmark have been removed.
    • The following controls are no longer included in the benchmarks:
      • foundational_security_cloudfront_2
      • foundational_security_ec2_22
      • foundational_security_s3_4

Enhancements

  • The Foundational Security Best Practices v1.0.0 benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)
    • The following sub-benchmarks have been added to the foundational_security benchmark:
      • foundational_security_appsync
      • foundational_security_backup
      • foundational_security_eventbridge
      • foundational_security_fsx
      • foundational_security_msk
      • foundational_security_pca
      • foundational_security_route53
      • foundational_security_sfn
    • The following controls have been added to the benchmarks:
      • foundational_security_acm_2
      • foundational_security_appsync_2
      • foundational_security_backup_1
      • foundational_security_cloudfront_13
      • foundational_security_dms_6
      • foundational_security_dms_7
      • foundational_security_dms_8
      • foundational_security_dms_9
      • foundational_security_docdb_3
      • foundational_security_docdb_4
      • foundational_security_docdb_5
      • foundational_security_dms_9
      • foundational_security_dynamodb_6
      • foundational_security_ec2_51
      • foundational_security_ecs_9
      • foundational_security_eks_8
      • foundational_security_elasticbeanstalk_3
      • foundational_security_emr_2
      • foundational_security_eventbridge_3
      • foundational_security_fsx_1
      • foundational_security_msk_1
      • foundational_security_networkfirewall_2
      • foundational_security_networkfirewall_9
      • foundational_security_opensearch_10
      • foundational_security_pca_1
      • foundational_security_rds_34
      • foundational_security_rds_35
      • foundational_security_route53_2
      • foundational_security_s3_19
      • foundational_security_sfn_1
      • foundational_security_waf_12

Azure plugin v0.55.0 - Added azure_compute_virtual_machine_metric_available_memory azure_compute_virtual_machine_metric_available_memory_daily and azure_compute_virtual_machine_metric_available_memory_hourly tables

Mar 22, 2024

Pipes Terraform Provider v0.13.2 now available

Mar 21, 2024

v0.13.2 of the Terraform Provider for Pipes is now available.

Bug fixes

  • pipes_workspace_datatank_table: Set PartPer setting for datatank table to be nil if nothing is passed in configuration while updating a datatank table. (#23)

Enhancements:

  • resources/pipes_workspace: Add support for passing desired_state, db_volume_size_bytes attribute when creating or updating a workspace. Add missing attribute state_reason.
  • resources/pipes_workspace_pipeline: Add support for passing desired_state attribute when creating or updating a pipeline. Add attributes state and state_reason.
  • resources/pipes_workspace_datatank: Add support for passing desired_state attribute when creating a datatank.
  • resources/pipes_workspace_datatank_table: Add support for passing desired_state attribute when creating a datatank_table.

GitLab Insights mod v0.4 - Fixed the `project_license_table`, `project_other_license_count` and `project_weak_copyleft_license_count` queries to use the latest version of EUP (European Union Public License 1.2)

Mar 20, 2024

Bug fixes

  • Fixed the project_license_table, project_other_license_count and project_weak_copyleft_license_count queries to use the latest version of EUP (European Union Public License 1.2). (#13)

GitHub Insights mod v0.5 - Fixed the `project_license_table`, `project_other_license_count` and `project_weak_copyleft_license_count` queries to use the latest version of EUP (European Union Public License 1.2)

Mar 20, 2024

Bug fixes

  • Fixed the repository_license_table, repository_other_license_count and repository_weak_copyleft_license_count queries to use the latest version of EUP (European Union Public License 1.2). (#25)

GCP Compliance mod v0.29 - Fixed the CIS controls from `cis_v200_2_4` to `cis_v200_2_11` to correctly evaluate results when using the aggregator connection of the GCP plugin

Mar 20, 2024

Bug fixes

  • Fixed the CIS controls from cis_v200_2_4 to cis_v200_2_11 to correctly evaluate results when using the aggregator connection of the GCP plugin. (#154)

Flowpipe CLI v0.4.1 - Erroneous error message, `max_concurrency`, `try()` function, and URL bug fixes

Mar 19, 2024

Bug fixes

  • Input step respects the max_concurrency argument. (#798).
  • Erroneous error message detecting a missing credential where there isn't one.
  • HCL try() function should be evaluated at runtime rather than parse time.
  • Integration and input step URLs should use the provided custom host & port. (#792).
  • Shows filename and line number for invalid step references.

Turbot Guardrails Enterprise (TE) v5.42.22 - Minor internal improvements

Mar 19, 2024

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

aws-ecr v5.13.0 - You can now configure IAM resource policies on repositories

Mar 19, 2024

What's new?

  • Control Types:

    • AWS > ECR > Repository > Policy
    • AWS > ECR > Repository > Policy > Required

  • Policy Types:

    • AWS > ECR > Repository > Policy
    • AWS > ECR > Repository > Policy > Required
    • AWS > ECR > Repository > Policy > Required > Items

  • Action Types:

    • AWS > ECR > Repository > Update Repository policy

Powerpipe CLI v0.1.3 - Fix snapshot output for `benchmark run` command

Mar 18, 2024

Bug fixes

  • When exporting or displaying a benchmark run result as a snapshot, ensure the top level panel has a valid summary. (#274)
  • Update mod list output to include resource_name and mod fields.

Turbot Guardrails Enterprise (TE) v5.42.21 - Account import will be smoother and more consistent than before

Mar 18, 2024

Bug fixes

  • Server
    • Account import will be smoother and more consistent than before.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

aws-vpc-connect v5.9.1 - Bug fixed - Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account

Mar 18, 2024

Bug fixes

  • Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Azure Compliance mod v0.42 - Added CIS v2.1.0 benchmark

Mar 15, 2024

What's new?

  • Added CIS v2.1.0 benchmark (powerpipe benchmark run azure_compliance.benchmark.cis_v210). (#250)

Powerpipe CLI v0.1.2 - Optimize workspace load time when many mod dependencies are installed.

Mar 15, 2024

Whats new

  • Optimize workspace load time for large workspaces with multiple dependent mods. (#365)

Steampipe v0.22.1 deploying to workspaces

Mar 15, 2024

All new Pipes workspaces will be running Steampipe v0.22.1 and existing workspaces will be upgraded by Monday 18th March 2024.

For more information on this Steampipe release, see the release notes.

Powerpipe v0.1.2 deploying to workspaces

Mar 15, 2024

All new Pipes workspaces will be running Powerpipe v0.1.2 and existing workspaces will be upgraded by Monday 18th March 2024.

For more information on this Powerpipe release, see the release notes.

aws-vpc-security v5.9.7 - `AWS > VPC > VPC > Stack` control failed to claim security group rules correctly if the `protocol` for such rules was set to `All` or `TCP` in the stack's source policy

Mar 15, 2024

Bug fixes

  • The AWS > VPC > VPC > Stack control failed to claim security group rules correctly if the protocol for such rules was set to All or TCP in the stack's source policy. This issue has been fixed, and the control will now claim such rules correctly.

aws v5.29.4 - Various policy definitions have been updated to allow for a smoother account import experience

Mar 15, 2024

Bug fixes

  • We have updated various policy definitions set during account imports to allow for a smoother account import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.

AWS plugin v0.133.0 - Added aws_acmpca_certificate_authority aws_dms_endpoint aws_dms_replication_task aws_docdb_cluster_snapshot and aws_transfer_user tables and fixed template_body_json column in table aws_cloudformation_stack

Mar 15, 2024

What's new?

Enhancements

  • Added auto_minor_version_upgrade column to aws_rds_db_cluster table. (#2109)
  • Added open_zfs_configuration column to aws_fsx_file_system table. (#2113)
  • Added logging_configuration column to aws_networkfirewall_firewall table. (#2115)
  • Added lf_tags column to aws_glue_catalog_table table. (#2128)

Bug fixes

  • Fixed the query in the aws_s3_bucket table doc to correctly filter out buckets without the application tag. (#2093)
  • Fixed the aws_cloudtrail_lookup_event input param to pass correctly end_time as an optional qual. (#2102)
  • Fixed the arn column of the aws_elastic_beanstalk_environment table to correctly return data instead of null. (#2105)
  • Fixed the template_body_json column of the aws_cloudformation_stack table to correctly return data by adding a new transform function formatJsonBody, replacing the UnmarshalYAML transform function. (#1959)
  • Fixed the next_execution_time column of aws_ssm_maintenance_window table to be of String datatype instead of TIMESTAMP. (#2116)
  • Renamed the client_log_options column to connection_log_options in aws_ec2_client_vpn_endpoint table to correctly return data instead of null. (#2122)

Steampipe CLI v0.22.1 - Improved startup performance when many plugins are installed

Mar 15, 2024

Whats new

  • Improved startup performance with high plugin count - parallelize plugin startup. (#4183)
  • Added database SSL password support for encrypted private key in order to handle your own certificates. (#4149)

Bug fixes

  • Fixed issue where plugin list cannot re-create top-level versions.json file if the file has been corrupted or empty. (#4191)

Steampipe CLI - install.sh moved to the scripts directory

Mar 15, 2024

Notice

  • Scripts must use the permanent installation script at https://steampipe.io/install/steampipe.sh.
  • The script above is automatically updated when the script moves location.
  • install.sh has been moved from the top level folder to the scripts folder.
  • Scripts directly referencing the raw GitHub location must be updated.

Steampipe CLI - End of support for an official Steampipe docker container

Mar 15, 2024

Notice

Steampipe will no longer officially publish or support a Dockerfile or container images.

Steampipe can be run in a containerized setup. We run it ourselves that way as part of Turbot Pipes. But, we've decided to cease publishing an supporting a container definition because:

  • The CLI is optimized for developer use on the command line.
  • Everyone has specific goals and requirements for their containers.
  • Container setup requires various mounts and access to configuration files.
  • It's hard to support containers across many different environments.

We welcome users to create and share your own open-source container definitions for Steampipe!

Flowpipe CLI v0.4.0 - Microsoft Teams integration and CLI argument bug fix

Mar 14, 2024

What's new?

Bug fixes

  • Function step output attribute should be called response not result. (#789).
  • Pipeline execution should not fail when a string argument is passed with double quotes. (#791).

Turbot Guardrails Enterprise (TE) v5.42.20 - Bug Fixed - AWS login dropdown button to accurately display both existing and new grants

Mar 13, 2024

Bug fixes

  • UI
    • Fixed the AWS login dropdown button to accurately display both existing and new grants.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

aws-sagemaker v5.10.0 - Bug fixed - Unsupported US Gov cloud regions for Code Repository are now removed from the Regions policy

Mar 13, 2024

Bug fixes

  • Unsupported US Gov cloud regions were inadvertently included in the AWS > SageMaker > Code Repository > Regions policy, which led to the AWS > SageMaker > Code Repository > Discovery control being in an error state for those regions. We've now removed the unsupported US Gov cloud regions from the Regions policy.

What's new?

  • Policy Types:
    • AWS > SageMaker > Notebook Instance > Approved > Custom

aws-iam v5.35.1 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`

Mar 13, 2024

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Flowpipe CLI v0.3.2 - Multi-select preselected Slack option and mod reload fixes

Mar 11, 2024

Bug fixes

  • Multiselect Inputs with preselected Options now correctly pre-populate in Slack.
  • Change detection in throw and output block in pipeline steps works correctly with ternary operators and will not trigger mod reload for white space changes.

aws-vpc-security v5.9.6 - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`

Mar 11, 2024

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
  • In the previous version, we fixed an issue with the AWS > VPC > VPC > Stack control that prevented it from recognizing security group rules with the port range set to 0 correctly. However, the control still failed to claim existing security group rules available in Guardrails CMDB, due to an inadvertent bug introduced in v5.9.2. This issue has now been fixed, and the control will correctly claim existing security group rules.

aws-sns v5.15.2 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`

Mar 11, 2024

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

gcp-storage v5.11.1 - Bug fixed - Guardrails unnecessarily listened to and processed real-time `lists` events for various storage resources

Mar 08, 2024

Bug fixes

  • Previously, Guardrails unnecessarily listened to and processed real-time lists events for various storage resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

aws-lambda v5.13.3 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`

Mar 08, 2024

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

aws-glue v5.11.1 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`

Mar 08, 2024

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

aws-ec2 v5.39.2 - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`

Mar 08, 2024

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
  • The AWS > EC2 > Snapshot > Active and AWS > EC2 > Snapshot > Approved controls will now not attempt to delete a snapshot if it has one or more AMIs attached to it.
  • In the previous version, although we fixed a bug to prevent upserting volumes and snapshots with incorrect AKAs, there was still a provision for instances to be upserted with incorrect AKAs. We have now addressed this issue as well, ensuring instances are upserted more correctly and consistently than before.
  • The deprecated ec2-reports:* permissions are now removed from the mod.

Flowpipe CLI v0.3.1 - Multi-select option and mod reload fixes

Mar 07, 2024

Bug fixes

  • Multi-select option in input step now works. (#776).
  • Input step white space changes will not trigger mod reload. (#297).

Powerpipe CLI v0.1.1 - Fix notification when updated CLI version is available

Mar 07, 2024

Bug fixes

  • Fix CLI available version check. (#250)
  • Notify when mod install creates a default mod. (#246)
  • Remove newline from end of mod install output. (#247)
  • Fix issue where asff output was always missing the first row. (#249)

Pipes Terraform Provider v0.13.1 now available

Mar 07, 2024

v0.13.1 of the Terraform Provider for Pipes is now available.

Bug fixes

  • Ensure tags are passed during creation of resource pipes_workspace_pipeline and are only updated when a valid value is present in the Terraform configuration.

Steampipe v0.22.0 deploying to workspaces

Mar 07, 2024

All new Pipes workspaces will be running Steampipe v0.22.0 and existing workspaces will be upgraded by Monday 11th March 2024.

For more information on this Steampipe release, see the release post or release notes.

Powerpipe v0.1.0 deploying to workspaces

Mar 07, 2024

Dashboards in Turbot Pipes are now powered by Powerpipe, allowing you to filter, group and share custom views of your cloud benchmarks.

All new Pipes workspaces will be running Powerpipe v0.1.0 and existing workspaces will be upgraded by Monday 11th March 2024.

For more information on the launch of Powerpipe, see the launch post or release notes.

aws-vpc-internet v5.11.2 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`

Mar 07, 2024

Bug fixes

  • Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
  • In the previous version, we believed we had resolved an issue with Internet Gateways not being upserted into the CMDB while processing real-time CreateDefaultVpc events. However, we overlooked an edge case in the fix. We have now addressed this issue, ensuring that Internet Gateways will be reliably discovered and upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to version 5.17.1 or higher to enable Guardrails to correctly process real-time CreateDefaultVpc events for Internet Gateways.
  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Powerpipe Mods - 52 new mods

Mar 06, 2024

We're thrilled to announce the release of 52 new Powerpipe mods, featuring pre-built dashboards and benchmarks for cloud inventory & insights, security & compliance, cost management and shift-left scanning. These include the 43 Steampipe mods to visualize AWS, Azure, GCP, GitHub, Terraform and more using Steampipe as the database. And 9 new, ready-to-use Powerpipe mods providing easy to learn examples to visualize data in Postgres, SQLite, DuckDB, and MySQL!

A full list of mods can be found in the Powerpipe Hub.

For more information on how you can get started incorporating these mods into your own custom dashboards and benchmarks, please see Introducing Powerpipe - Composable Mods.

Powerpipe v0.1.0 - Dashboards for DevOps

Mar 06, 2024

Introducing Powerpipe - Dashboards for DevOps.

Benchmarks - 5,000+ open-source controls from CIS, NIST, PCI, HIPAA, FedRamp and more. Run instantly on your machine or as part of your deployment pipeline.

Relationship Diagrams - The only dashboarding tool designed from the ground up to visualize DevOps data. Explore your cloud,understand relationships and drill down to the details.

Dashboards & Reports - High level dashboards provide a quick management view. Reports highlight misconfigurations and attention areas. Filter, pivot and snapshot results.

Code, not clicks - Our dashboards are code. Version controlled, composable, shareable, easy to edit - designed for the way you work. Join our open-source community!

Learn more at:

aws-vpc-security v5.9.5 - Bug fixed - The `AWS > VPC > VPC > Stack` control would sometimes go into an error state after creating security group rules with port range set to 0

Mar 06, 2024

Bug fixes

  • The AWS > VPC > VPC > Stack control would sometimes go into an error state after creating security group rules with port range set to 0. This occurred because the control failed to recognize the existing rule in Guardrails CMDB and attempted to create a new rule instead. This issue has been fixed, and the stack control will now work correctly as expected.
  • The AWS > VPC > Security Group > CMDB control would sometimes go into an error state for security groups shared from other AWS accounts. We will now exclude shared security groups and only upsert security groups that belong to the owner account.

aws-iam v5.35.0 - You can now also manage the IAM Permissions model for Guardrails Users via AWS > Turbot > IAM > Managed control

Mar 06, 2024

What's new?

  • You can now also manage the IAM Permissions model for Guardrails Users via the AWS > Turbot > IAM > Managed control. The AWS > Turbot > IAM > Managed control is faster and more efficient than the existing AWS > Turbot > IAM control because it utilizes Native AWS APIs rather than Terraform to manage IAM resources. Please note that this feature will work as intended only on TE v5.42.19 or higher and turbot-iam mod v5.11.0 or higher.

  • Control Types

    • AWS > Turbot > IAM > Group
    • AWS > Turbot > IAM > Group > Managed
    • AWS > Turbot > IAM > Managed
    • AWS > Turbot > IAM > Policy
    • AWS > Turbot > IAM > Policy > Managed
    • AWS > Turbot > IAM > Role
    • AWS > Turbot > IAM > Role > Managed
    • AWS > Turbot > IAM > User
    • AWS > Turbot > IAM > User > Managed

  • Policy Types

    • AWS > Turbot > IAM > Managed

  • Policy Types Renamed

    • AWS > IAM > Turbot to AWS > Turbot > IAM

  • Action Types

    • AWS > Account > Provision Managed Resources
    • AWS > IAM > Group > Detach and delete
    • AWS > IAM > Group > IAM Group Managed
    • AWS > IAM > Policy > Detach and delete
    • AWS > IAM > Role > IAM Role Managed
    • AWS > IAM > User > IAM User Managed

Bug fixes

The AWS > IAM > Group > CMDB, AWS > IAM > Role > CMDB, and AWS > IAM > User > CMDB controls previously failed to fetch all attachments for groups, roles, and users, respectively, due to the lack of pagination support. This issue has been fixed, and the controls will now correctly fetch all respective attachments.

Steampipe CLI v0.22.0 - Powerpipe is now recommended for dashboards and benchmarks

Mar 06, 2024

Steampipe unbundled, introducing Powerpipe

Powerpipe is now the recommended way to run dashboards and benchmarks!

Mods still work as normal in Steampipe for now, but they are deprecated and will be removed in a future release:

Whats new

  • Added version column to steampipe_plugin table. (#4141)
  • Direct all errors and warnings to standard error (stderr). (4162)

Bug fixes

  • Fixed the issue where search_path_prefix set in database options does not alter the search path. (#4160)
  • Fix issue where asff output was always missing the first row. (#4157)

Deprecations and migrations

  • Steampipe mods and dashboards are now separately available in Powerpipe, a new open-source project. The steampipe mod, check and dashboard commands have been deprecated and will be removed in a future version. Migration guide.
  • Deprecated cloud-host and cloud-token CLI args, and replaced them with pipes-host and pipes-token respectively. (#4137)
  • Deprecated STEAMPIPE_CLOUD_HOST and STEAMPIPE_CLOUD_TOKEN env vars, replaced with PIPES_HOST and PIPES_TOKEN respectively. (#4137)
  • Deprecated cloud_host and cloud_token workspace args, replaced with pipes_host and pipes_token respectively. (#4137)
  • Removed support for deprecated terminal options. (#3751)
  • Removed support for deprecated max_parallel property in general options. (#4132)
  • Removed support for deprecated connection options. (#4131)
  • Removed deprecated version property from the mod require block. (#3750)

Flowpipe CLI v0.3.0 – Human workflow, Slack and email messaging, Import Steampipe credentials, Concurrency controls.

Mar 05, 2024

What's new?

  • Workflow - message step for easy notifications. Documentation.
  • Workflow - input step for buttons, text and other data. Documentation.
  • Workflow - simple, reusable integration and notifier configuration for HTTP, Slack and Email. Documentation
  • Import Steampipe connections as Flowpipe credentials. Documentation.
  • Manage concurrency of pipelines and steps.
  • New credential types: alicloud and mastodon.
  • Shorter hash for HTTP triggers for simpler URLs.
  • DuckDB support in query step & trigger.
  • Step metadata, like started_at and finished_at added under a flowpipe attribute.
  • Moved flowpipe.db into the mod-level .flowpipe directory.
  • connection_string in query step and trigger renamed to database.

Deprecation

Bug fixes

  • log_level workspace setting is now respected (#618).
  • Default listen flag should be network, not localhost (#694)
  • Trigger attributes are now validated (#225).
  • Pipeline output attributes are now validated (#239).
  • Pipeline param default value data type is now validated against the specified type (#262).
  • Removed titles when merging multiple error messages (#263).
  • Runtime resolution of pipeline reference and credentials are now working correctly. (#732).
  • Scheduled triggers are now re-scheduled when mod files have changed.
  • File watcher reliability improvements.

Flowpipe Zendesk Mod v0.1.2 – Fixed metadata param type in create_ticket pipeline

Mar 05, 2024

Bug fixes

  • Updated metadata param type in create_ticket pipeline to be consistent with similar param types.

Flowpipe Vault Mod v0.1.1 – Fixed secret param type in create_secret pipeline

Mar 05, 2024

Bug fixes

  • Fixed secret param type in create_secret pipeline.

Flowpipe Samples v0.4.1 - Fixed broken links in new sample READMEs

Mar 05, 2024

Bug fixes

  • Fixed broken links to credential import docs in various sample READMEs.

Flowpipe Samples v0.4.0 - Added new samples highlighting query trigger, input and message steps

Mar 05, 2024

What's new?

  • Added the following new sample mods: (#108)
    • add_s3_bucket_cost_center_tags
    • aws_iam_access_key_events_notifier_with_multiple_pipelines
    • aws_iam_access_key_events_notifier_with_single_pipeline
    • deactivate_expired_aws_iam_access_keys_using_queries
    • deactivate_expired_aws_iam_access_keys_with_approval
    • notify_new_aws_iam_access_keys

Enhancements

  • Updated all AWS, Azure, PagerDuty, Slack, Zendesk library mod dependency versions in several sample mods. (#108)

Turbot Guardrails Enterprise (TE) v5.42.19 - Delete operations for resources is now faster and more efficient than before

Mar 05, 2024

Bug fixes

  • Server

    • Updated the tier for the SSM parameter /tenant/${workspaceFullId} to Advanced.
    • Delete operations for resources is now faster and more efficient than before.
    • Auto mod update control for mods will now look only for recommended versions instead of available and recommended.
    • Fixed policy value resolution to default to the value of resolvedSchema if not available in the schema.

  • UI

    • Fixed a table typo in the Steampipe query used in the resources developer tab.
    • Display the AWS login button when setting permissions via the AWS > Turbot > IAM > Managed control.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

turbot-iam v5.11.1 - The default value for `Turbot > IAM > Permissions > Compiled > Levels > Turbot` policy will now be evaluated correctly and consistently

Mar 05, 2024

Bug fixes

  • The default value for Turbot > IAM > Permissions > Compiled > Levels > Turbot policy will now be evaluated correctly and consistently.

aws-ssm v5.15.1 - Bug fixed - SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB

Mar 05, 2024

Bug fixes

  • SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB. This issue has now been fixed.

aws-s3 v5.24.0 - Bucket CMDB data will now also include information about Bucket Intelligent Tiering Configuration

Mar 05, 2024

What's new?

  • The AWS > S3 > Bucket CMDB data will now also include information about Bucket Intelligent Tiering Configuration.

  • A few policy values in the AWS > S3 > Bucket > Encyprion at Rest policy have now been deprecated and will be removed in the next major mod version (v6.0.0) because they are no longer supported by AWS.

    | Deprecated Values
    |- | Check: None
    | Check: None or higher
    | Enforce: None
    | Enforce: None or higher

Flowpipe Zendesk Mod v0.1.1 – Removed duplicate ticket_id param from update_ticket_comment pipeline

Mar 04, 2024

Bug fixes

  • Removed duplicate ticket_id param from update_ticket_comment pipeline.

Flowpipe PagerDuty Mod v0.1.1 – Fixed invalid type declaration for input parameter in create_user pipeline

Mar 04, 2024

Bug fixes

  • Fixed invalid type for license param in create_user pipeline. (#6)

Flowpipe Azure Mod v0.1.1 – Fixed several param types in Compute VM test pipelines

Mar 04, 2024

Bug fixes

  • Fixed mismatched types for generate_ssh_keys param in various Compute VM test pipelines.

aws-vpc-internet v5.11.1 - Bug fixed - Guardrails will now upsert Internet Gateways into CMDB correctly while processing real-time `CreateDefaultVpc` events

Mar 04, 2024

Bug fixes

  • Previously, Guardrails did not upsert Internet Gateways into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and Internet Gateways will now be more reliably upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to v5.17.1 or higher to allow Guardrails to process the CreateDefaultVpc event for Internet Gateways correctly.

aws-vpc-core v5.17.1 - Bug fixed - Guardrails will now upsert DHCP Options into CMDB correctly while processing real-time `CreateDefaultVpc` events

Mar 04, 2024

Bug fixes

  • Previously, Guardrails did not upsert DHCP Options into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and DHCP Options will now be more reliably upserted into the Guardrails CMDB.

Code plugin v0.7.0 - Updated the regex patterns of AWS access_key_id and slack_api_token to detect AWS SSO credentials and Slack bot tokens respectively

Mar 04, 2024

Enhancements

  • Updated the regex pattern of slack_api_token to also detect the Slack bot tokens. (#73)
  • Updated the regex pattern of AWS access_key_id to include key resources like AWS SSO credentials. (#74)

gcp-dataproc v5.8.1 - Bug fixed - Improved filters for real-time Dataproc lists events to reduce unnecessary processing

Mar 02, 2024

Bug fixes

  • Previously, Guardrails unnecessarily listened to and processed real-time lists events for various Dataproc resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

gcp v5.23.4 - Bug fixed - The Event Handlers > Pub/Sub stack control will now transition to an Invalid state until Guardrails can correctly fetch the project number

Feb 29, 2024

Bug fixes

  • The GCP > Turbot > Event Handlers > Pub/Sub stack control previously attempted to create a topic and its IAM member incorrectly when the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy was set to Enforce: Unique Identity, but the project number for the project was not available. This is fixed and the control will transition to an Invalid state until Guardrails can correctly fetch the project number.

Flowpipe Slack Mod v0.2.1 – Fixed the type mismatch of the input parameter in the get_channel_history pipeline

Feb 28, 2024

Bug fixes

  • Fixed the type mismatch of the input parameter in the get_channel_history pipeline. (#20)

gcp-pubsub v5.9.0 - You can now manage labels for Pub/Sub Topics via Guardrails

Feb 28, 2024

What's new?

  • Control Types:

    • GCP > Pub/Sub > Topic > Labels

  • Policy Types:

    • GCP > Pub/Sub > Topic > Labels
    • GCP > Pub/Sub > Topic > Labels > Template

  • Action Types

    • GCP > Pub/Sub > Topic > Set Labels

aws-s3 v5.23.1 - Bug fixed - Encryption in Transit and Encryption at Rest controls will now wait for a few minutes before applying their respective enforcements

Feb 28, 2024

Bug fixes

  • In a previous version (v5.6.2), we introduced a change in the AWS > S3 > Bucket > Encryption in Transit and AWS > S3 > Bucket > Encryption at Rest control to wait for a few minutes before applying the respective policies to new buckets created via Cloudformation Stacks. We've now extended this feature to all buckets regardless of how they were created, to ensure that IaC changes can be correctly applied to buckets without interference from immediate policy enforcements.

AWS Insights mod v0.18 - Added opensearch_domain_detail dashboard page

Feb 28, 2024

Turbot Guardrails Enterprise Foundation (TEF) v1.57.0 - Added support for Advanced Tier for SSM Parameters

Feb 27, 2024

What's new?

  • Added support for Advanced Tier for SSM Parameters.
  • Increased the visibility timeout from 60 seconds to 7200 seconds and decreased the message retention period to 7 days for runnable DLQ.

Turbot Guardrails Enterprise Database (TED) v1.40.0 - Added support for Postgres versions 15.5 and Redis 7.1

Feb 27, 2024

What's new?

  • Added: Support for Postgres versions 14.9, 14.10, 15.4 and 15.5.
  • Added: Support for Redis 7.1.
  • Added: m6gd.medium to instance type parameter for RDS.
  • Added: Support for Advanced Tier for SSM Parameters.
  • Removed: t4.micro and t4.small from instance type parameter for RDS.

Note

To use the latest RDS certificate in commercial cloud, please upgrade TE to 5.42.3 or higher and update the RDS CA Certificate for Commercial Cloud parameter.

Turbot Guardrails Enterprise (TE) v5.42.18 - Added support for AWS Custom Group Levels

Feb 27, 2024

Bug fixes

  • Server

    • Added: Support for AWS Custom Group Levels.
    • Updated: The DLQ lambda timeout has been updated to 2 minutes instead of 1 minute.
    • Updated: The Events DLQ visibility timeout has been increased from 15 minutes to 4 hours.
    • Updated: The Events DLQ MessageRetentionPeriod has been decreased from 14 days to 7 days.

  • UI

    • Added: Action button to run immediate policy value.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

turbot-iam v5.11.0 - Added support for group permission levels

Feb 27, 2024

What's new?

  • Added support for group permission levels.

servicenow-gcp-firebase v5.0.0 is now available

Feb 27, 2024

What's new?

  • Control Types:

    • GCP > Firebase > Android App > ServiceNow
    • GCP > Firebase > Android App > ServiceNow > Configuration Item
    • GCP > Firebase > Android App > ServiceNow > Table
    • GCP > Firebase > Firebase Project > ServiceNow
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
    • GCP > Firebase > Firebase Project > ServiceNow > Table
    • GCP > Firebase > Web App > ServiceNow
    • GCP > Firebase > Web App > ServiceNow > Configuration Item
    • GCP > Firebase > Web App > ServiceNow > Table
    • GCP > Firebase > iOS App > ServiceNow
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item
    • GCP > Firebase > iOS App > ServiceNow > Table

  • Policy Types:

    • GCP > Firebase > Android App > ServiceNow
    • GCP > Firebase > Android App > ServiceNow > Configuration Item
    • GCP > Firebase > Android App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Android App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Android App > ServiceNow > Table
    • GCP > Firebase > Android App > ServiceNow > Table > Definition
    • GCP > Firebase > Firebase Project > ServiceNow
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Firebase Project > ServiceNow > Table
    • GCP > Firebase > Firebase Project > ServiceNow > Table > Definition
    • GCP > Firebase > Web App > ServiceNow
    • GCP > Firebase > Web App > ServiceNow > Configuration Item
    • GCP > Firebase > Web App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Web App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Web App > ServiceNow > Table
    • GCP > Firebase > Web App > ServiceNow > Table > Definition
    • GCP > Firebase > iOS App > ServiceNow
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > iOS App > ServiceNow > Table
    • GCP > Firebase > iOS App > ServiceNow > Table > Definition

aws-secretsmanager v5.7.0 - Secret CMDB control would go into an error state if Guardrails did not have permissions to describe a secret

Feb 27, 2024

What's new?

  • The AWS > Secrets Manager > Secret > CMDB control would go into an error state if Guardrails did not have permissions to describe a secret. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > Secrets Manager > Secret > CMDB policy to Enforce: Enabled but ignore permission errors.

aws-iam v5.34.0 - You can now attach custom IAM Groups to Guardrails users

Feb 27, 2024

What's new?

  • You can now attach custom IAM Groups to Guardrails users if the AWS > Turbot > Permissions policy is set to Enforce: User Mode. To get started, set the AWS > Turbot > Permissions > Custom Group Levels [Account] policy and then attach the custom group to a user via the Grant Permission button on the Permissions page. Please note that this feature will work as intended only on TE v5.42.18 or higher and turbot-iam mod v5.11.0 or higher.

  • Policy Types:

    • AWS > Turbot > Permissions > Custom Group Levels [Account]

  • Policy Types renamed:

    • AWS > Turbot > Permissions > Custom Levels [Account] to AWS > Turbot > Permissions > Custom Role Levels [Account]
    • AWS > Turbot > Permissions > Custom Levels [Folder] to AWS > Turbot > Permissions > Custom Role Levels [Folder]

AWS plugin v0.132.0 - Added aws_ecr_registry_scanning_configuration table and recompiled plugin with Steampipe plugin SDK v5.9.0

Feb 27, 2024

HubSpot plugin v0.1.1 - Fixed the plugin to return nil instead of an error when API credentials are not set

Feb 26, 2024

Bug fixes

  • Fixed the plugin to return nil instead of an error when API credentials are not set in the *.spc file. (#14)
  • Fixed the default data type of the dynamic columns to be of the String type instead of JSON. (#16)

GCP Compliance mod v0.27 - Fixed the hierarchy in the benchmark list by properly integrating Cloud Functions benchmark into all_controls benchmark

Feb 26, 2024

Bug fixes

  • Fixed the hierarchy in the benchmark list by properly integrating Cloud Functions benchmark into all_controls benchmark. (#146)

Steampipe Plugin SDK v5.9.0 - Fix bug when cache is disabled for the server, but enabled for the client

Feb 26, 2024

What's new?

  • Removed support for Memoized functions to be directly assigned as column hydrate functions. Instead, require a wrapper hydrate function. (#756) (#738)

Bug fixes

  • If cache is disabled for the server, but enabled for the client, the query execution code tries to stream to the cache even though there is no active set operation. (#740)

servicenow-gcp-network v5.1.0 - Added support for various network resources

Feb 23, 2024

What's new?

  • Control Types:

    • GCP > Network > Address > ServiceNow
    • GCP > Network > Address > ServiceNow > Configuration Item
    • GCP > Network > Address > ServiceNow > Table
    • GCP > Network > Backend Bucket > ServiceNow
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
    • GCP > Network > Backend Bucket > ServiceNow > Table
    • GCP > Network > Backend Service > ServiceNow
    • GCP > Network > Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Backend Service > ServiceNow > Table
    • GCP > Network > Firewall > ServiceNow
    • GCP > Network > Firewall > ServiceNow > Configuration Item
    • GCP > Network > Firewall > ServiceNow > Table
    • GCP > Network > Forwarding Rule > ServiceNow
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Forwarding Rule > ServiceNow > Table
    • GCP > Network > Global Address > ServiceNow
    • GCP > Network > Global Address > ServiceNow > Configuration Item
    • GCP > Network > Global Address > ServiceNow > Table
    • GCP > Network > Global Forwarding Rule > ServiceNow
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table
    • GCP > Network > Interconnect > ServiceNow
    • GCP > Network > Interconnect > ServiceNow > Configuration Item
    • GCP > Network > Interconnect > ServiceNow > Table
    • GCP > Network > Packet Mirroring > ServiceNow
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
    • GCP > Network > Packet Mirroring > ServiceNow > Table
    • GCP > Network > Region Backend Service > ServiceNow
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Region Backend Service > ServiceNow > Table
    • GCP > Network > Region SSL Certificate > ServiceNow
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > Region SSL Certificate > ServiceNow > Table
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Region URL Map > ServiceNow
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item
    • GCP > Network > Region URL Map > ServiceNow > Table
    • GCP > Network > Route > ServiceNow
    • GCP > Network > Route > ServiceNow > Configuration Item
    • GCP > Network > Route > ServiceNow > Table
    • GCP > Network > Router > ServiceNow
    • GCP > Network > Router > ServiceNow > Configuration Item
    • GCP > Network > Router > ServiceNow > Table
    • GCP > Network > SSL Certificate > ServiceNow
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > SSL Certificate > ServiceNow > Table
    • GCP > Network > SSL Policy > ServiceNow
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item
    • GCP > Network > SSL Policy > ServiceNow > Table
    • GCP > Network > Target HTTPS Proxy > ServiceNow
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Target Pool > ServiceNow
    • GCP > Network > Target Pool > ServiceNow > Configuration Item
    • GCP > Network > Target Pool > ServiceNow > Table
    • GCP > Network > Target SSL Proxy > ServiceNow
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target SSL Proxy > ServiceNow > Table
    • GCP > Network > Target TCP Proxy > ServiceNow
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target TCP Proxy > ServiceNow > Table
    • GCP > Network > Target VPN Gateway > ServiceNow
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
    • GCP > Network > Target VPN Gateway > ServiceNow > Table
    • GCP > Network > URL Map > ServiceNow
    • GCP > Network > URL Map > ServiceNow > Configuration Item
    • GCP > Network > URL Map > ServiceNow > Table
    • GCP > Network > VPN Tunnel > ServiceNow
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
    • GCP > Network > VPN Tunnel > ServiceNow > Table

  • Policy Types:

    • GCP > Network > Address > ServiceNow
    • GCP > Network > Address > ServiceNow > Configuration Item
    • GCP > Network > Address > ServiceNow > Configuration Item > Record
    • GCP > Network > Address > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Address > ServiceNow > Table
    • GCP > Network > Address > ServiceNow > Table > Definition
    • GCP > Network > Backend Bucket > ServiceNow
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Record
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Backend Bucket > ServiceNow > Table
    • GCP > Network > Backend Bucket > ServiceNow > Table > Definition
    • GCP > Network > Backend Service > ServiceNow
    • GCP > Network > Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Backend Service > ServiceNow > Configuration Item > Record
    • GCP > Network > Backend Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Backend Service > ServiceNow > Table
    • GCP > Network > Backend Service > ServiceNow > Table > Definition
    • GCP > Network > Firewall > ServiceNow
    • GCP > Network > Firewall > ServiceNow > Configuration Item
    • GCP > Network > Firewall > ServiceNow > Configuration Item > Record
    • GCP > Network > Firewall > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Firewall > ServiceNow > Table
    • GCP > Network > Firewall > ServiceNow > Table > Definition
    • GCP > Network > Forwarding Rule > ServiceNow
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Record
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Forwarding Rule > ServiceNow > Table
    • GCP > Network > Forwarding Rule > ServiceNow > Table > Definition
    • GCP > Network > Global Address > ServiceNow
    • GCP > Network > Global Address > ServiceNow > Configuration Item
    • GCP > Network > Global Address > ServiceNow > Configuration Item > Record
    • GCP > Network > Global Address > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Global Address > ServiceNow > Table
    • GCP > Network > Global Address > ServiceNow > Table > Definition
    • GCP > Network > Global Forwarding Rule > ServiceNow
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Record
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table > Definition
    • GCP > Network > Interconnect > ServiceNow
    • GCP > Network > Interconnect > ServiceNow > Configuration Item
    • GCP > Network > Interconnect > ServiceNow > Configuration Item > Record
    • GCP > Network > Interconnect > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Interconnect > ServiceNow > Table
    • GCP > Network > Interconnect > ServiceNow > Table > Definition
    • GCP > Network > Packet Mirroring > ServiceNow
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Record
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Packet Mirroring > ServiceNow > Table
    • GCP > Network > Packet Mirroring > ServiceNow > Table > Definition
    • GCP > Network > Region Backend Service > ServiceNow
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Record
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region Backend Service > ServiceNow > Table
    • GCP > Network > Region Backend Service > ServiceNow > Table > Definition
    • GCP > Network > Region SSL Certificate > ServiceNow
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Record
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region SSL Certificate > ServiceNow > Table
    • GCP > Network > Region SSL Certificate > ServiceNow > Table > Definition
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table > Definition
    • GCP > Network > Region URL Map > ServiceNow
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Record
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region URL Map > ServiceNow > Table
    • GCP > Network > Region URL Map > ServiceNow > Table > Definition
    • GCP > Network > Route > ServiceNow
    • GCP > Network > Route > ServiceNow > Configuration Item
    • GCP > Network > Route > ServiceNow > Configuration Item > Record
    • GCP > Network > Route > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Route > ServiceNow > Table
    • GCP > Network > Route > ServiceNow > Table > Definition
    • GCP > Network > Router > ServiceNow
    • GCP > Network > Router > ServiceNow > Configuration Item
    • GCP > Network > Router > ServiceNow > Configuration Item > Record
    • GCP > Network > Router > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Router > ServiceNow > Table
    • GCP > Network > Router > ServiceNow > Table > Definition
    • GCP > Network > SSL Certificate > ServiceNow
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Record
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > SSL Certificate > ServiceNow > Table
    • GCP > Network > SSL Certificate > ServiceNow > Table > Definition
    • GCP > Network > SSL Policy > ServiceNow
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Record
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > SSL Policy > ServiceNow > Table
    • GCP > Network > SSL Policy > ServiceNow > Table > Definition
    • GCP > Network > Target HTTPS Proxy > ServiceNow
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target Pool > ServiceNow
    • GCP > Network > Target Pool > ServiceNow > Configuration Item
    • GCP > Network > Target Pool > ServiceNow > Configuration Item > Record
    • GCP > Network > Target Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target Pool > ServiceNow > Table
    • GCP > Network > Target Pool > ServiceNow > Table > Definition
    • GCP > Network > Target SSL Proxy > ServiceNow
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target SSL Proxy > ServiceNow > Table
    • GCP > Network > Target SSL Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target TCP Proxy > ServiceNow
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target TCP Proxy > ServiceNow > Table
    • GCP > Network > Target TCP Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target VPN Gateway > ServiceNow
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Record
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target VPN Gateway > ServiceNow > Table
    • GCP > Network > Target VPN Gateway > ServiceNow > Table > Definition
    • GCP > Network > URL Map > ServiceNow
    • GCP > Network > URL Map > ServiceNow > Configuration Item
    • GCP > Network > URL Map > ServiceNow > Configuration Item > Record
    • GCP > Network > URL Map > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > URL Map > ServiceNow > Table
    • GCP > Network > URL Map > ServiceNow > Table > Definition
    • GCP > Network > VPN Tunnel > ServiceNow
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Record
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > VPN Tunnel > ServiceNow > Table
    • GCP > Network > VPN Tunnel > ServiceNow > Table > Definition

Steampipe CLI v0.21.8 - Fixed growing memory usage following file watching events when running dashboard server

Feb 23, 2024

Bug fixes

  • Fixed growing memory usage following file watching events when running dashboard server. (#4150)

aws-vpc-security v5.9.4 - Bug fixed - VPC Stack control would sometimes fail to claim existing Flow Logs in Guardrails CMDB

Feb 22, 2024

Bug fixes

  • The AWS > VPC > VPC > Stack control would sometimes fail to claim existing Flow Logs in Guardrails CMDB. This is now fixed.

GCP Compliance mod v0.26 - Added new controls to All Controls benchmark

Feb 22, 2024

Dependencies

  • GCP plugin v0.49.0 or higher is now required. (#143)

Enhancements

  • Added 5 new controls to the All Controls benchmark across the following services: (#143)
    • App Engine
    • Cloud Run
    • Kubernetes

servicenow-gcp-iam v5.0.0 is now available

Feb 21, 2024

What's new?

  • Control Types:

    • GCP > IAM > Project Role > ServiceNow
    • GCP > IAM > Project Role > ServiceNow > Configuration Item
    • GCP > IAM > Project Role > ServiceNow > Table
    • GCP > IAM > Project User > ServiceNow
    • GCP > IAM > Project User > ServiceNow > Configuration Item
    • GCP > IAM > Project User > ServiceNow > Table
    • GCP > IAM > Service Account > ServiceNow
    • GCP > IAM > Service Account > ServiceNow > Configuration Item
    • GCP > IAM > Service Account > ServiceNow > Table
    • GCP > IAM > Service Account Key > ServiceNow
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
    • GCP > IAM > Service Account Key > ServiceNow > Table
    • GCP > Project > Policy > ServiceNow
    • GCP > Project > Policy > ServiceNow > Configuration Item
    • GCP > Project > Policy > ServiceNow > Table

  • Policy Types:

    • GCP > IAM > Project Role > ServiceNow
    • GCP > IAM > Project Role > ServiceNow > Configuration Item
    • GCP > IAM > Project Role > ServiceNow > Configuration Item > Record
    • GCP > IAM > Project Role > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Project Role > ServiceNow > Table
    • GCP > IAM > Project Role > ServiceNow > Table > Definition
    • GCP > IAM > Project User > ServiceNow
    • GCP > IAM > Project User > ServiceNow > Configuration Item
    • GCP > IAM > Project User > ServiceNow > Configuration Item > Record
    • GCP > IAM > Project User > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Project User > ServiceNow > Table
    • GCP > IAM > Project User > ServiceNow > Table > Definition
    • GCP > IAM > Service Account > ServiceNow
    • GCP > IAM > Service Account > ServiceNow > Configuration Item
    • GCP > IAM > Service Account > ServiceNow > Configuration Item > Record
    • GCP > IAM > Service Account > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Service Account > ServiceNow > Table
    • GCP > IAM > Service Account > ServiceNow > Table > Definition
    • GCP > IAM > Service Account Key > ServiceNow
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Record
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Service Account Key > ServiceNow > Table
    • GCP > IAM > Service Account Key > ServiceNow > Table > Definition
    • GCP > Project > Policy > ServiceNow
    • GCP > Project > Policy > ServiceNow > Configuration Item
    • GCP > Project > Policy > ServiceNow > Configuration Item > Record
    • GCP > Project > Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Project > Policy > ServiceNow > Table
    • GCP > Project > Policy > ServiceNow > Table > Definition

servicenow-gcp-functions v5.0.0 is now available

Feb 21, 2024

What's new?

  • Control Types:

    • GCP > Functions > Function > ServiceNow
    • GCP > Functions > Function > ServiceNow > Configuration Item
    • GCP > Functions > Function > ServiceNow > Table

  • Policy Types:

    • GCP > Functions > Function > ServiceNow
    • GCP > Functions > Function > ServiceNow > Configuration Item
    • GCP > Functions > Function > ServiceNow > Configuration Item > Record
    • GCP > Functions > Function > ServiceNow > Configuration Item > Table Definition
    • GCP > Functions > Function > ServiceNow > Table
    • GCP > Functions > Function > ServiceNow > Table > Definition

aws-sns v5.15.1 - Bug fixed - SNS Subscription CMDB control would go into an error state if Guardrails did not have permissions to describe a subscription

Feb 21, 2024

Bug fixes

  • The AWS > SNS > Subscription > CMDB control would go into an error state if Guardrails did not have permissions to describe a subscription. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > SNS > Subscription > CMDB policy to Enforce: Enabled but ignore permission errors.

AWS Compliance mod v0.87 - Added 11 new controls to All Controls benchmark

Feb 21, 2024

Dependencies

  • AWS plugin v0.131.0 or higher is now required. (#747)

Enhancements

  • Added 11 new controls to the All Controls benchmark across the following services: (#747)
    • API Gateway
    • DMS
    • EMR
    • MQ
    • VPC

Bug fixes

  • Fixed the foundational_security_ssm_2 control to correctly evaluate results when patches are not applicable for SSM managed EC2 instances. (#761)

servicenow-gcp v5.1.0 - Added support for GCP Projects

Feb 20, 2024

What's new?

  • Control Types:

    • GCP > Project > ServiceNow
    • GCP > Project > ServiceNow > Configuration Item
    • GCP > Project > ServiceNow > Table

  • Policy Types:

    • GCP > Project > ServiceNow
    • GCP > Project > ServiceNow > Configuration Item
    • GCP > Project > ServiceNow > Configuration Item > Record
    • GCP > Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Project > ServiceNow > Table
    • GCP > Project > ServiceNow > Table > Definition

servicenow-gcp-memorystore v5.0.0 is now available

Feb 20, 2024

What's new?

  • Control Types:

    • GCP > Memorystore > Instance > ServiceNow
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item
    • GCP > Memorystore > Instance > ServiceNow > Table

  • Policy Types:

    • GCP > Memorystore > Instance > ServiceNow
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Record
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Memorystore > Instance > ServiceNow > Table
    • GCP > Memorystore > Instance > ServiceNow > Table > Definition

servicenow-gcp-storage v5.1.0 - Added support for Storage Objects

Feb 19, 2024

What's new?

  • Control Types:

    • GCP > Storage > Object > ServiceNow
    • GCP > Storage > Object > ServiceNow > Configuration Item
    • GCP > Storage > Object > ServiceNow > Table

  • Policy Types:

    • GCP > Storage > Object > ServiceNow
    • GCP > Storage > Object > ServiceNow > Configuration Item
    • GCP > Storage > Object > ServiceNow > Configuration Item > Record
    • GCP > Storage > Object > ServiceNow > Configuration Item > Table Definition
    • GCP > Storage > Object > ServiceNow > Table
    • GCP > Storage > Object > ServiceNow > Table > Definition

servicenow-gcp-secretmanager v5.0.0 is now available

Feb 19, 2024

What's new?

  • Control Types:

    • GCP > Secret Manager > Secret > ServiceNow
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
    • GCP > Secret Manager > Secret > ServiceNow > Table

  • Policy Types:

    • GCP > Secret Manager > Secret > ServiceNow
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Record
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Table Definition
    • GCP > Secret Manager > Secret > ServiceNow > Table
    • GCP > Secret Manager > Secret > ServiceNow > Table > Definition

servicenow-gcp-scheduler v5.0.0 is now available

Feb 19, 2024

What's new?

  • Control Types:

    • GCP > Scheduler > Job > ServiceNow
    • GCP > Scheduler > Job > ServiceNow > Configuration Item
    • GCP > Scheduler > Job > ServiceNow > Table

  • Policy Types:

    • GCP > Scheduler > Job > ServiceNow
    • GCP > Scheduler > Job > ServiceNow > Configuration Item
    • GCP > Scheduler > Job > ServiceNow > Configuration Item > Record
    • GCP > Scheduler > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Scheduler > Job > ServiceNow > Table
    • GCP > Scheduler > Job > ServiceNow > Table > Definition

servicenow-gcp-dataproc v5.0.0 is now available

Feb 19, 2024

What's new?

  • Control Types:

    • GCP > Dataproc > Cluster > ServiceNow
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
    • GCP > Dataproc > Cluster > ServiceNow > Table
    • GCP > Dataproc > Job > ServiceNow
    • GCP > Dataproc > Job > ServiceNow > Configuration Item
    • GCP > Dataproc > Job > ServiceNow > Table
    • GCP > Dataproc > Workflow Template > ServiceNow
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
    • GCP > Dataproc > Workflow Template > ServiceNow > Table

  • Policy Types:

    • GCP > Dataproc > Cluster > ServiceNow
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Cluster > ServiceNow > Table
    • GCP > Dataproc > Cluster > ServiceNow > Table > Definition
    • GCP > Dataproc > Job > ServiceNow
    • GCP > Dataproc > Job > ServiceNow > Configuration Item
    • GCP > Dataproc > Job > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Job > ServiceNow > Table
    • GCP > Dataproc > Job > ServiceNow > Table > Definition
    • GCP > Dataproc > Workflow Template > ServiceNow
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Workflow Template > ServiceNow > Table
    • GCP > Dataproc > Workflow Template > ServiceNow > Table > Definition

servicenow-gcp-composer v5.0.0 is now available

Feb 19, 2024

What's new?

  • Control Types:

    • GCP > Composer > Environment > ServiceNow
    • GCP > Composer > Environment > ServiceNow > Configuration Item
    • GCP > Composer > Environment > ServiceNow > Table

  • Policy Types:

    • GCP > Composer > Environment > ServiceNow
    • GCP > Composer > Environment > ServiceNow > Configuration Item
    • GCP > Composer > Environment > ServiceNow > Configuration Item > Record
    • GCP > Composer > Environment > ServiceNow > Configuration Item > Table Definition
    • GCP > Composer > Environment > ServiceNow > Table
    • GCP > Composer > Environment > ServiceNow > Table > Definition

Extended timeout for scheduled snapshot pipelines

Feb 16, 2024

The timeout for scheduled snapshot pipelines has been extended from 10 minutes to 1 hour, giving complex benchmarks and dashboards longer to successfully complete.

servicenow-gcp-monitoring v5.0.0 is now available

Feb 16, 2024

What's new?

  • Control Types:

    • GCP > Monitoring > Alert Policy > ServiceNow
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
    • GCP > Monitoring > Alert Policy > ServiceNow > Table
    • GCP > Monitoring > Group > ServiceNow
    • GCP > Monitoring > Group > ServiceNow > Configuration Item
    • GCP > Monitoring > Group > ServiceNow > Table
    • GCP > Monitoring > Notification Channel > ServiceNow
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
    • GCP > Monitoring > Notification Channel > ServiceNow > Table

  • Policy Types:

    • GCP > Monitoring > Alert Policy > ServiceNow
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Alert Policy > ServiceNow > Table
    • GCP > Monitoring > Alert Policy > ServiceNow > Table > Definition
    • GCP > Monitoring > Group > ServiceNow
    • GCP > Monitoring > Group > ServiceNow > Configuration Item
    • GCP > Monitoring > Group > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Group > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Group > ServiceNow > Table
    • GCP > Monitoring > Group > ServiceNow > Table > Definition
    • GCP > Monitoring > Notification Channel > ServiceNow
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Notification Channel > ServiceNow > Table
    • GCP > Monitoring > Notification Channel > ServiceNow > Table > Definition

servicenow-gcp-dns v5.0.0 is now available

Feb 16, 2024

What's new?

  • Control Types:

    • GCP > DNS > Managed Zone > ServiceNow
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
    • GCP > DNS > Managed Zone > ServiceNow > Table

  • Policy Types:

    • GCP > DNS > Managed Zone > ServiceNow
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Record
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Table Definition
    • GCP > DNS > Managed Zone > ServiceNow > Table
    • GCP > DNS > Managed Zone > ServiceNow > Table > Definition

servicenow-gcp-datapipeline v5.0.0 is now available

Feb 16, 2024

What's new?

  • Control Types:

    • GCP > Datapipeline > Pipeline > ServiceNow
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
    • GCP > Datapipeline > Pipeline > ServiceNow > Table

  • Policy Types:

    • GCP > Datapipeline > Pipeline > ServiceNow
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Record
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Table Definition
    • GCP > Datapipeline > Pipeline > ServiceNow > Table
    • GCP > Datapipeline > Pipeline > ServiceNow > Table > Definition

servicenow-gcp-dataflow v5.0.0 is now available

Feb 16, 2024

What's new?

  • Control Types:

    • GCP > Dataflow > Job > ServiceNow
    • GCP > Dataflow > Job > ServiceNow > Configuration Item
    • GCP > Dataflow > Job > ServiceNow > Table

  • Policy Types:

    • GCP > Dataflow > Job > ServiceNow
    • GCP > Dataflow > Job > ServiceNow > Configuration Item
    • GCP > Dataflow > Job > ServiceNow > Configuration Item > Record
    • GCP > Dataflow > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataflow > Job > ServiceNow > Table
    • GCP > Dataflow > Job > ServiceNow > Table > Definition

gcp-computeengine v5.18.1 - Bug fixed - Instance Template CMDB control would go into an error state due to a bad internal build

Feb 16, 2024

Bug fixes

  • The GCP > Compute Engine > Instance Template > CMDB control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.

azure v5.18.2 - Bug fixed - Guardrails would sometimes fail to import Azure Subscriptions

Feb 16, 2024

Bug fixes

  • Due to an inadvertently introduced issue with an internal build for Azure > Subscription, importing subscriptions encountered schema validation problems. This issue has been resolved, and you can now successfully import subscriptions as before.

aws-ec2 v5.39.1 - Bugs fixed - Guardrails would sometimes upsert Snapshots and Volumes with incorrect AKAs

Feb 16, 2024

Bug fixes

  • In the previous version, while we improved on the way we discovered missing Snapshots and Volumes while processing their update events, we inadvertently introduced a bug where some resources were upserted with incorrect AKAs. Such resources with malformed AKAs should now be cleaned up automatically from the environment, and Guardrails will now discover resources more correctly and consistently than before.
  • In a previous version (v5.31.4), we implemented a feature to Discover Instances while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

Scaleway plugin v0.11.1 - Fixed typo in `scaleway_billing_consumption` table docs

Feb 16, 2024

Bug fixes

  • Fixed the typo in the scaleway_billing_consumption table docs to use consumption instead of consumtion. (#80)

Scaleway plugin v0.11.0 - Add tables scaleway_account_project and scaleway_billing_consumption

Feb 16, 2024

Wiz plugin v0.3.0 - Fixed service_tickets column in wiz_issue table and improved the plugin error message for invalid config arguments

Feb 15, 2024

Enhancements

  • Improved the plugin error message when invalid credentials are set in the wiz.spc file. (#23)

Bug fixes

  • Fixed the service_tickets column in wiz_issue table by removing the action subfield from the ServiceTickets field in the GraphQL response since it was no longer available. (#24 #25) (Thanks @sycophantic for the contribution!)

Terraform AWS Compliance mod v0.24 - Removed duplicate control rds_db_cluster_encrypted_with_kms_cmk

Feb 15, 2024

Bug fixes

  • Removed duplicate control rds_db_cluster_encrypted_with_kms_cmk. (#105)

Kubernetes Insights mod v0.6 - Removed duplicate node service_account

Feb 15, 2024

Bug fixes

  • Removed duplicate node service_account. (#56)

GitHub plugin v0.39.1 - Fixed pipeline column of github_workflow table to correctly return data instead of an error

Feb 15, 2024

Bug fixes

  • Fixed the pipeline column of the github_workflow table to correctly return data instead of an error. (#388)
  • Fixed the example query in the docs/index.md file by replacing the stargazers_count column with stargazer_count. (#397)

AWS plugin v0.131.0 - Added aws_api_gateway_method, aws_dms_certificate, aws_emr_security_configuration, aws_iot_thing, aws_organizations_organizational_unit, aws_ssmincidents_response_plan, aws_trusted_advisor_check_summary tables

Feb 15, 2024

What's new?

Bug fixes

  • Fixed aws_sfn_state_machine_execution_history table to handle pagination and ignore errors for expired execution history. (#1934) (Thanks @pdecat for the contribution!)
  • Fixed the aws_health_affected_entity table to correctly return data instead of an interface conversion error. (#2072)

Flowpipe CLI v0.2.3 – Podman support, respect Docker env vars, complete all step retries before failing

Feb 13, 2024

Bug fixes

  • Only trigger pipeline failure after a step has completed all retries (#630).
  • DOCKER_HOST, DOCKER_API_VERSION, DOCKER_CERT_PATH, DOCKER_TLS_VERIFY environment variables are now correctly passed to the Docker client (#651).
  • Do not set memory_swappiness when using Podman (#652).

aws v5.29.3 - Added support for `ap-northeast-3` in the `AWS > Account > Regions` policy

Feb 13, 2024

What's new?

  • Added support for ap-northeast-3 in the AWS > Account > Regions policy.

aws-logs v5.12.1 - Added support for newer `ap-*` and `eu-*` regions in the `AWS > Logs > Regions` policy

Feb 13, 2024

What's new?

  • Added support for af-south-1, ap-northeast-3, ap-south-2, ap-southeast-3, ap-southeast-4, ca-west-1, eu-central-2, eu-south-1, eu-south-2, il-central-1 and me-central-1 regions in the AWS > Logs > Regions policy.

aws-ec2 v5.39.0 - You can now configure Block Public Access for Snapshots

Feb 13, 2024

What's new?

  • You can now configure Block Public Access for Snapshots. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for Snapshots policy.

  • You can now also disable Block Public Access for AMIs. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for AMIs policy.

  • AWS/EC2/Admin, AWS/EC2/Metadata and AWS/EC2/Operator now includes permissions for Verified Access Endpoints, Verified Access Groups and Verified Access Trust Providers.

  • Control Types:

    • AWS > EC2 > Account Attributes > Block Public Access for Snapshots

  • Policy Types:

    • AWS > EC2 > Account Attributes > Block Public Access for Snapshots

  • Action Types:

    • AWS > EC2 > Account Attributes > Update Block Public Access for Snapshots

Bug fixes

  • In a previous version (v5.31.4), we implemented a feature to Discover Snapshots and Volumes while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

Terraform Enterprise plugin v0.7.0 - Added tfe_project table

Feb 13, 2024

Prometheus plugin v0.6.2 - Fixed the plugin initialization error by returning only the static tables when invalid config parameters were set for dynamic tables

Feb 13, 2024

Bug fixes

  • Fixed the plugin initialization error by returning only the static tables when invalid config parameters were set for dynamic tables. #39

Steampipe CLI v0.21.7 - Fixed variables not being reloaded after file watch event

Feb 09, 2024

Bug fixes

  • Fixed variables not being reloaded after the file watch event. (#4123)
  • Fixed mod file being left invalid after mod uninstall. (#4124)

Flowpipe GitHub Mod v0.2.0 – Added create_branch, delete_branch and get_branch pipelines

Feb 08, 2024

What's new?

  • Added create_branch, delete_branch and get_branch pipelines. (#10)

AWS Compliance mod v0.86 - Added CIS v3.0.0 benchmark

Feb 08, 2024

v0.86 [2024-02-08]

What's new?

  • Added CIS v3.0.0 benchmark (steampipe check benchmark.cis_v300). (#755)

Flowpipe Slack Mod v0.2.0 – Added pipeline get_channel_id

Feb 07, 2024

What's new?

  • Added pipeline get_channel_id. (#17).

Bug fixes

  • Fixed the input parameters of the test_post_message pipeline. (#17)

Turbot Guardrails Enterprise Foundation (TEF) v1.56.0 - Added `Deny: *` for HTTP traffic in Turbot Policy Parameter for SNS Policy

Feb 07, 2024

What's new?

  • Updated: MaxPalyloadSize parameter description.
  • Updated: Turbot Policy Parameter to add back Deny: * for HTTP in SNS Policy.

Turbot Guardrails Enterprise Database (TED) v1.39.0 - Added support for Postgres versions 13.12 and 13.13

Feb 07, 2024

What's new?

  • Added: Postgres versions 13.12 and 13.13.
  • Updated: CloudWatch Alarms will now use TEF SNS topic.

Turbot Guardrails Enterprise (TE) v5.42.17 - Added explicit Deny policy for HTTP traffic

Feb 07, 2024

Bug fixes

  • Server
    • Added the Deny:* policy for HTTP traffic back to the turbot-policy-parameter custom lambda code.
    • Event DLQ should not set the control or policy value to error if there has been a new process started for the control or policy value.
    • Run next should drop the events in case of recursive loop.
    • Add additional retryable throttling codes for actions.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

gcp-dataproc v5.8.0 - Lambda runtimes now powered by Node 18

Feb 07, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

gcp-composer v5.4.0 - Lambda runtimes now powered by Node 18

Feb 07, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

gcp-spanner v5.8.0 - Lambda runtimes now powered by Node 18

Feb 06, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Datadog plugin v0.8.0 - Fixed pagination in the datadog_monitor table to correctly return data instead of an error

Feb 06, 2024

Bug fixes

  • Fixed pagination in the datadog_monitor table to correctly return data instead of an error. (#48) (Thanks @mdb for the contribution!)

Steampipe CLI v0.21.6 - Fixed error when running Steampipe from home directory

Feb 06, 2024

Bug fixes

  • Fixed HomeDirectoryModfileCheck returning false positive, causing errors when executing steampipe out of the home directory. (#4118)

Terraform Provider v1.10.1 is now available

Feb 05, 2024

v1.10.1 of the Terraform Provider for Guardrails is now available.

Bug fixes

  • resource/turbot_file: terraform apply failed to update content of an existing File in Guardrails. This is now fixed.

gcp-logging v5.4.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • GCP > Logging > Exclusion > Approved > Custom
    • GCP > Logging > Metric > Approved > Custom
    • GCP > Logging > Sink > Approved > Custom

gcp-kubernetesengine v5.5.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • GCP > Kubernetes Engine > Region Cluster > Approved > Custom
    • GCP > Kubernetes Engine > Region Node Pool > Approved > Custom
    • GCP > Kubernetes Engine > Zone Cluster > Approved > Custom
    • GCP > Kubernetes Engine > Zone Node Pool > Approved > Custom

gcp-dataflow v5.5.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • GCP > Dataflow > Job > Approved > Custom

gcp-computeengine v5.18.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-monitor v5.7.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

azure-keyvault v5.12.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-compute v5.16.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-applicationgateway v5.7.0 - Lambda runtimes now powered by Node 18

Feb 05, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

aws-ec2 v5.38.1 - Bugs Fixed - Discovery control for Key Pair would go into an error state due to unhandled escape characters

Feb 05, 2024

Bug fixes

  • The AWS > EC2 > Key Pair > Discovery control would sometimes go into an error state if a Key Pair alias included escape characters. This is now fixed.

  • Control Types renamed:

    • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration

  • Policy Types renamed:

    • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration
    • AWS > EC2 > Volume > Configuration > IOPS Capacity to AWS > EC2 > Volume > Performance Configuration > IOPS Capacity
    • AWS > EC2 > Volume > Configuration > Throughput to AWS > EC2 > Volume > Performance Configuration > Throughput
    • AWS > EC2 > Volume > Configuration > Type to AWS > EC2 > Volume > Performance Configuration > Type

  • Action Types renamed:

    • AWS > EC2 > Volume > Update Configuration to AWS > EC2 > Volume > Update Performance Configuration

Guardrails plugin v0.16.0 - Updated all the tables to fetch the column data using hydrate functions to optimize the API calls and increase query speed when querying specific columns

Feb 05, 2024

Enhancements

  • Updated all the tables to fetch the column data using hydrate functions to optimize the API calls and increase query speed when querying specific columns. (#30)

Steampipe CLI v0.21.5 - Fixed interactive entry of missing variable values and variable validation.

Feb 05, 2024

Bug fixes

  • Fixed UI freeze when prompting for workspace variables. (#4105)
  • Fixed dependency variable validation - it was failing if dependency variable value was set in the vars file. (#4110)

turbot v5.42.1 - Policy Setting Expiration control will now run every 12 hours by default

Feb 04, 2024

Bug fixes

  • The Turbot > Policy Setting Expiration control will now run every 12 hours to manage policy setting expirations more consistently than before.

Flowpipe CLI v0.2.2 – Container and function steps build error and complex data type handling

Feb 02, 2024

Bug fixes

  • Build error no longer suppressed in container and function steps (#625).
  • Handles complex data types in step output (#626).

Flowpipe GCP Mod v0.2.0 – Fix commands in add_labels_to_compute_disk and add_labels_to_compute_instance pipelines

Feb 02, 2024

Bug fixes

  • Fix the commands in add_labels_to_compute_disk and add_labels_to_compute_instance pipelines. (#7)

gcp-network v5.13.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

gcp-iam v5.13.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

gcp-bigtable v5.8.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

gcp-appengine v5.3.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

azure-sql v5.13.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-provider v5.10.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-loganalytics v5.8.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

azure-loadbalancer v5.7.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

azure-iam v5.11.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-dns v5.8.0 - Lambda runtimes now powered by Node 18

Feb 02, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

OCI Compliance mod v0.11 - Added CIS v2.0.0 benchmark

Feb 02, 2024

Dependencies

  • OCI plugin v0.35.0 or higher is now required. (#83)

What's new?

  • Added CIS v2.0.0 benchmark (steampipe check benchmark.cis_v200). (#80)

GCP plugin v0.49.0 - Added gcp_app_engine_application and gcp_compute_machine_image tables

Feb 02, 2024

Databricks plugin v0.4.0 - Added support for OAuth authentication mechanism

Feb 02, 2024

What's new?

  • Added OAuth config support to provide users the ability to set OAuth secret client ID and OAuth secret value of a service principal. For more information, please see Databricks plugin configuration. (#6) (Thanks @rinzool for the contribution!)
  • Added Config object to directly pass credentials to the client. (#10)

Azure plugin v0.54.0 - Added azure_api_management_backend, azure_consumption_usage and azure_monitor_log_profile tables

Feb 02, 2024

AWS plugin v0.130.0 - Optimized aws_cloudwatch_log_stream and aws_ssm_inventory table's query performance by adding new optional key qual columns

Feb 02, 2024

Enhancements

  • Optimized aws_cloudwatch_log_stream table's query performance by adding descending, log_group_name, log_stream_name_prefix and order_by new optional key qual columns. (#1951)
  • Optimized aws_ssm_inventory table's query performance by adding new optional key qual columns such as filter_key, filter_value, network_attribute_key, network_attribute_value, etc. (#1980)

Bug fixes

  • Fixed aws_cloudwatch_log_group table key column to be globally unique by filtering the results by region. (#1976)
  • Removed duplicate memoizing of getCommonColumns function from aws_s3_multi_region_access_point and aws_ec2_launch_template tables.(#2065)
  • Fixed error for column type_name in table aws_ssm_inventory_entry. (#1980)
  • Added the missing rate-limiter tags for aws_s3_bucket table's GetBucketLocation hydrate function to optimize query performance. (#2066)

gcp v5.23.3 - Bug fixed - Org Policy details will now be properly and consistently sorted for Projects

Feb 01, 2024

Bug fixes

  • The Org policy details in the Project CMDB data will now be properly and consistently sorted.

gcp-storage v5.11.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

gcp-sql v5.8.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

gcp-scheduler v5.4.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • GCP > Scheduler > Job > Approved > Custom

gcp-pubsub v5.8.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

gcp-monitoring v5.6.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

gcp-dns v5.6.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

gcp-build v5.2.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-storage v5.15.0 - Lambda runtimes now powered by Node 18

Feb 01, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Guardrails plugin v0.15.0 - Added guardrails_query table

Jan 30, 2024

Azure Compliance mod v0.40 - Added new controls to All Controls benchmark

Jan 30, 2024

Dependencies

  • Azure plugin v0.53.0 or higher is now required. (#242)

Enhancements

  • Added 41 new controls to the All Controls benchmark across the following services: (#234 #233)
    • Active Directory
    • App Service
    • Batch
    • Compute
    • Container Instance
    • Key Vault
    • Kubernetes Service
    • Network
    • Recovery Service
    • Service Bus
    • Storage

Bug fixes

  • Fixed the description of CIS_v150_2_1_9 control. (#238) (Thanks @sfunkernw for the contribution!)

Flowpipe CLI v0.2.1 – Handle null values in query trigger

Jan 29, 2024

Bug fixes

  • Map MySQL query results to correct types (#604).
  • Handle null values in query trigger results (#611).
  • Convert binary data in query results to a string.
  • Docker containers now clear the cache to get correct parameters (#561).
  • Improved error message when Flowpipe CLI port is already in use (#603).

Pipes Terraform Provider v0.13.0 now available

Jan 25, 2024

v0.13.0 of the Terraform Provider for Pipes is now available.

What's new?

  • Data Source pipes_tenant.
  • Resource pipes_tenant_member.

Enhancements

  • Resource pipes_organization_member now supports adding users directly to an organization in a custom tenant, rather than by invitation.

servicenow-gcp-spanner v5.0.0 is now available

Jan 25, 2024

What's new?

  • Control Types:

    • GCP > Cloud Run > Service > ServiceNow
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item
    • GCP > Cloud Run > Service > ServiceNow > Table

  • Policy Types:

    • GCP > Cloud Run > Service > ServiceNow
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Record
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Cloud Run > Service > ServiceNow > Table
    • GCP > Cloud Run > Service > ServiceNow > Table > Definition

servicenow-gcp-run v5.0.0 is now available

Jan 25, 2024

What's new?

  • Control Types:

    • GCP > Spanner > Database > ServiceNow
    • GCP > Spanner > Database > ServiceNow > Configuration Item
    • GCP > Spanner > Database > ServiceNow > Table
    • GCP > Spanner > Instance > ServiceNow
    • GCP > Spanner > Instance > ServiceNow > Configuration Item
    • GCP > Spanner > Instance > ServiceNow > Table

  • Policy Types:

    • GCP > Spanner > Database > ServiceNow
    • GCP > Spanner > Database > ServiceNow > Configuration Item
    • GCP > Spanner > Database > ServiceNow > Configuration Item > Record
    • GCP > Spanner > Database > ServiceNow > Configuration Item > Table Definition
    • GCP > Spanner > Database > ServiceNow > Table
    • GCP > Spanner > Database > ServiceNow > Table > Definition
    • GCP > Spanner > Instance > ServiceNow
    • GCP > Spanner > Instance > ServiceNow > Configuration Item
    • GCP > Spanner > Instance > ServiceNow > Configuration Item > Record
    • GCP > Spanner > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Spanner > Instance > ServiceNow > Table
    • GCP > Spanner > Instance > ServiceNow > Table > Definition

aws-ec2 v5.38.0 - You can now configure Volume Type, IOPS Capacity and Throughput for EBS Volumes

Jan 25, 2024

What's new?

  • Control Types:

    • AWS > EC2 > Volume > Configuration

  • Policy Types:

    • AWS > EC2 > Volume > Configuration
    • AWS > EC2 > Volume > Configuration > IOPS Capacity
    • AWS > EC2 > Volume > Configuration > Throughput
    • AWS > EC2 > Volume > Configuration > Type

  • Action Types:

    • AWS > EC2 > Volume > Update Configuration

AWS Compliance mod v0.85 - Removed iam_root_user_virtual_mfa control and replaced iam_account_password_policy_strong with iam_account_password_policy_strong_min_reuse_24 control

Jan 25, 2024

Breaking changes

  • Removed the iam_root_user_virtual_mfa control since it is not recommended as good practice. (#743)
  • Replaced iam_account_password_policy_strong with iam_account_password_policy_strong_min_reuse_24 in the GDPR, FFIEC and CISA Cyber Essentials benchmarks to align more accurately with the requirements specified in the AWS Config rules. (#739)

Bug fixes

  • Updated the dashboard image to correctly list all the 25 benchmarks. (#748)

OCI plugin v0.35.0 - Added oci_identity_db_credential table

Jan 25, 2024

Flowpipe CLI v0.2.0 – Database query trigger, GET & POST methods for HTTP trigger, set a timeout for steps

Jan 24, 2024

What's new?

  • Query trigger type to watch & event on database changes. Documentation.
  • HTTP trigger can now handle both GET and POST methods. Documentation.
  • Query steps & triggers now support Postgres, MySQL, SQLite, and Postgres.
  • Define container step using a source argument for inline image definitions.
  • Add a timeout to pipeline steps.
  • Enable or disable triggers using the enabled attribute.
  • Improved and expanded output for flowpipe server.
  • Improved and standardized output for CLI list and show commands.
  • Expanded intervals available in schedule and query triggers (e.g. 5m, 10m, etc).
  • New credential types: BitBucket, Datadog, Freshdesk, JumpCloud, ServiceNow, Turbot Guardrails.
  • Automatic check & notify for new CLI versions.

Bug fixes

  • Implemented a more descriptive error message for server startup failures.
  • Fixed Step Arguments unable to be referenced in the Pipeline definition.
  • Added missing execution_mode argument to HTTP Trigger (#533).
  • Fixed args arguments unable to be updated in the Pipeline Step loop block (#559).
  • Fixed an issue in the bootstrap process for identifying the config path.

Terraform AWS Compliance mod v0.23 - Added new controls across Simple Email Service and VPC benchmarks

Jan 23, 2024

What's new?

  • Added the following controls across Simple Email Service and VPC benchmarks. (#88 #102)
    • ses_configuration_set_tls_enforced
    • vpc_security_group_restrict_ingress_rdp_all
    • vpc_security_group_restrict_ingress_ssh_all

Steampipe CLI v0.21.4 - Fixed schema cloning for tables with LTREE columns

Jan 23, 2024

Bug fixes

  • Fixed schema clone function failing if table has an LTREE column. (#4079)
  • Maintained the order of execution when running multiple queries in batch mode. (#3728)
  • Fixed issue where using any meta-command would load connection state even if not required. (#3614)
  • Fixed issue where plugin version file back-filling would write versions.json to the CWD if the plugin folder is not found. (#4073)
  • Simplified and fixed available port check. (#4030)

WHOIS plugin v0.11.0 - Added rdap_domain table

Jan 22, 2024

Terraform GCP Compliance mod v0.12 - Added control kubernetes_cluster_no_cluster_level_node_pool to Kubernetes benchmark

Jan 22, 2024

What's new?

  • Added the kubernetes_cluster_no_cluster_level_node_pool control to the Kubernetes benchmark. (#53)

OCI plugin v0.34.0 - Added oci_identity_domain and oci_database_cloud_vm_cluster tables and snapshot_time and snapshot_type columns to table oci_file_storage_snapshot

Jan 22, 2024

Kubernetes plugin v0.27.0 - Added annotations columns on all CRD resources and updated API version for table kubernetes_horizontal_pod_autoscaler

Jan 22, 2024

Enhancements

  • Added the annotations columns on all CRD resources. (#202)
  • Updated the API version for table kubernetes_horizontal_pod_autoscaler. (#190)

GCP plugin v0.48.0 - Added gcp_cloud_asset table and fixed addons_config network_config and network_policy column of gcp_kubernetes_cluster table to correctly return data instead of null

Jan 22, 2024

What's new?

Enhancements

  • Added column iam_policy to gcp_cloud_run_service table. (#531)
  • Optimized the gcp_logging_log_entry table result or result timing by applying a timestamp filter. (#508)
  • Added the json_payload, proto_payload, metadata, resource, operation, and tags columns to gcp_logging_log_entry table. (#508)

Bug fixes

  • Fixed the addons_config, network_config and network_policy column of gcp_kubernetes_cluster table to correctly return data instead of null. (#530)
  • Fixed the end_time column of the gcp_sql_backup table to return null instead of an error when end time is unavailable for a SQL backup. (#534)
  • Fixed the enqueued_time, start_time and window_start_time columns of the gcp_sql_backup table to return null instead of an error when timestamp is unavailable for a SQL backup. (#536)

Azure plugin v0.53.0 - Added audit_policy column to azure_sql_database and azure_sql_server tables and fixed table azure_key_vault_secret to correctly return data when keyvault name is in camel-case

Jan 22, 2024

Enhancements

  • Added the audit_policy column to azure_sql_database and azure_sql_server tables. (#711)
  • Added the webhooks column to azure_container_registry table. (#710)
  • Added the disable_local_auth and status columns to azure_servicebus_namespace table. (#715)

Bug fixes

  • Fixed the azure_key_vault_secret table to correctly return data when keyvault name is in camel-case. (#638)

AWS Thrifty mod v0.27 - Fixed low_iops_ebs_volumes control to now suggest converting io1 and io2 volumes to GP3 volumes when the base IOPS is less than 16000 instead of 3000

Jan 22, 2024

Bug fixes

  • Fixed the low_iops_ebs_volumes control to now suggest converting io1 and io2 volumes to GP3 volumes, when the base IOPS is less than 16000 instead of 3000. (#167)

Turbot Guardrails Enterprise (TE) v5.42.16 - Added MAX_PAYLOAD_SIZE parameter to customize API size limit

Jan 19, 2024

What's new?

  • Server
    • You can now update API size limit via the MAX_PAYLOAD_SIZE parameter.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

gcp-datapipeline v5.1.0 - Lambda runtimes now powered by Node 18

Jan 19, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

aws-kinesis v5.9.0 - Added support for Kinesis Video Streams

Jan 19, 2024

What's new?

  • Resource Types:

    • AWS > Kinesis > Kinesis Video Stream

  • Control Types:

    • AWS > Kinesis > Kinesis Video Stream > Active
    • AWS > Kinesis > Kinesis Video Stream > Approved
    • AWS > Kinesis > Kinesis Video Stream > CMDB
    • AWS > Kinesis > Kinesis Video Stream > Discovery
    • AWS > Kinesis > Kinesis Video Stream > Tags

  • Policy Types:

    • AWS > Kinesis > Kinesis Video Stream > Active
    • AWS > Kinesis > Kinesis Video Stream > Active > Age
    • AWS > Kinesis > Kinesis Video Stream > Active > Budget
    • AWS > Kinesis > Kinesis Video Stream > Active > Last Modified
    • AWS > Kinesis > Kinesis Video Stream > Approved
    • AWS > Kinesis > Kinesis Video Stream > Approved > Budget
    • AWS > Kinesis > Kinesis Video Stream > Approved > Custom
    • AWS > Kinesis > Kinesis Video Stream > Approved > Regions
    • AWS > Kinesis > Kinesis Video Stream > Approved > Usage
    • AWS > Kinesis > Kinesis Video Stream > CMDB
    • AWS > Kinesis > Kinesis Video Stream > Regions
    • AWS > Kinesis > Kinesis Video Stream > Tags
    • AWS > Kinesis > Kinesis Video Stream > Tags > Template

  • Action Types:

    • AWS > Kinesis > Kinesis Video Stream > Delete
    • AWS > Kinesis > Kinesis Video Stream > Delete from AWS
    • AWS > Kinesis > Kinesis Video Stream > Router
    • AWS > Kinesis > Kinesis Video Stream > Set Tags
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Update Tags

AWS plugin v0.129.0 - Added aws_servicecatalog_provisioned_product table and temporarily removed aws_organizations_organizational_unit table due to LTREE column issue

Jan 19, 2024

What's new?

Enhancements

  • Added deletion_protection_enabled column to aws_dynamodb_table table. (#2049)

Bug fixes

  • Fixed default page size in aws_organizations_account table. (#2058)
  • Fixed processor_features column in aws_rds_db_instance not returning data when default value is set. (#2028)
  • Temporarily removed aws_organizations_organizational_unit table due to LTREE column issue. (#2058)

servicenow-gcp-logging v5.0.0 is now available

Jan 18, 2024

What's new?

  • Control Types:

    • GCP > Logging > Exclusion > ServiceNow
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item
    • GCP > Logging > Exclusion > ServiceNow > Table
    • GCP > Logging > Metric > ServiceNow
    • GCP > Logging > Metric > ServiceNow > Configuration Item
    • GCP > Logging > Metric > ServiceNow > Table
    • GCP > Logging > Sink > ServiceNow
    • GCP > Logging > Sink > ServiceNow > Configuration Item
    • GCP > Logging > Sink > ServiceNow > Table

  • Policy Types:

    • GCP > Logging > Exclusion > ServiceNow
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Record
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Exclusion > ServiceNow > Table
    • GCP > Logging > Exclusion > ServiceNow > Table > Definition
    • GCP > Logging > Metric > ServiceNow
    • GCP > Logging > Metric > ServiceNow > Configuration Item
    • GCP > Logging > Metric > ServiceNow > Configuration Item > Record
    • GCP > Logging > Metric > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Metric > ServiceNow > Table
    • GCP > Logging > Metric > ServiceNow > Table > Definition
    • GCP > Logging > Sink > ServiceNow
    • GCP > Logging > Sink > ServiceNow > Configuration Item
    • GCP > Logging > Sink > ServiceNow > Configuration Item > Record
    • GCP > Logging > Sink > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Sink > ServiceNow > Table
    • GCP > Logging > Sink > ServiceNow > Table > Definition

servicenow-gcp-computeengine v5.1.0 - Added support for HTTP Health Check, HTTPS Health Check, Health Check, Instance Template, Node Group, Node Template, Project, Region Disk and Region Health Check

Jan 18, 2024

What's new?

  • Control Types:

    • GCP > Compute Engine > HTTP Health Check > ServiceNow
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
    • GCP > Compute Engine > Health Check > ServiceNow
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Health Check > ServiceNow > Table
    • GCP > Compute Engine > Instance Template > ServiceNow
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance Template > ServiceNow > Table
    • GCP > Compute Engine > Node Group > ServiceNow
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Group > ServiceNow > Table
    • GCP > Compute Engine > Node Template > ServiceNow
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Template > ServiceNow > Table
    • GCP > Compute Engine > Project > ServiceNow
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item
    • GCP > Compute Engine > Project > ServiceNow > Table
    • GCP > Compute Engine > Region Disk > ServiceNow
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Disk > ServiceNow > Table
    • GCP > Compute Engine > Region Health Check > ServiceNow
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table

  • Policy Types:

    • GCP > Compute Engine > HTTP Health Check > ServiceNow
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > Health Check > ServiceNow
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Health Check > ServiceNow > Table
    • GCP > Compute Engine > Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > Instance Template > ServiceNow
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Instance Template > ServiceNow > Table
    • GCP > Compute Engine > Instance Template > ServiceNow > Table > Definition
    • GCP > Compute Engine > Node Group > ServiceNow
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Node Group > ServiceNow > Table
    • GCP > Compute Engine > Node Group > ServiceNow > Table > Definition
    • GCP > Compute Engine > Node Template > ServiceNow
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Node Template > ServiceNow > Table
    • GCP > Compute Engine > Node Template > ServiceNow > Table > Definition
    • GCP > Compute Engine > Project > ServiceNow
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Project > ServiceNow > Table
    • GCP > Compute Engine > Project > ServiceNow > Table > Definition
    • GCP > Compute Engine > Region Disk > ServiceNow
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Region Disk > ServiceNow > Table
    • GCP > Compute Engine > Region Disk > ServiceNow > Table > Definition
    • GCP > Compute Engine > Region Health Check > ServiceNow
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table > Definition

servicenow-gcp-sql v5.1.0 - Added support for Backup and Database

Jan 17, 2024

What's new?

  • Control Types:

    • GCP > SQL > Backup > ServiceNow
    • GCP > SQL > Backup > ServiceNow > Configuration Item
    • GCP > SQL > Backup > ServiceNow > Table
    • GCP > SQL > Database > ServiceNow
    • GCP > SQL > Database > ServiceNow > Configuration Item
    • GCP > SQL > Database > ServiceNow > Table

  • Policy Types:

    • GCP > SQL > Backup > ServiceNow
    • GCP > SQL > Backup > ServiceNow > Configuration Item
    • GCP > SQL > Backup > ServiceNow > Configuration Item > Record
    • GCP > SQL > Backup > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Backup > ServiceNow > Table
    • GCP > SQL > Backup > ServiceNow > Table > Definition
    • GCP > SQL > Database > ServiceNow
    • GCP > SQL > Database > ServiceNow > Configuration Item
    • GCP > SQL > Database > ServiceNow > Configuration Item > Record
    • GCP > SQL > Database > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Database > ServiceNow > Table
    • GCP > SQL > Database > ServiceNow > Table > Definition

servicenow-gcp-kms v5.0.0 is now available

Jan 17, 2024

What's new?

  • Control Types:

    • GCP > KMS > Crypto Key > ServiceNow
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
    • GCP > KMS > Crypto Key > ServiceNow > Table
    • GCP > KMS > Key Ring > ServiceNow
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item
    • GCP > KMS > Key Ring > ServiceNow > Table

  • Policy Types:

    • GCP > KMS > Crypto Key > ServiceNow
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Record
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Table Definition
    • GCP > KMS > Crypto Key > ServiceNow > Table
    • GCP > KMS > Crypto Key > ServiceNow > Table > Definition
    • GCP > KMS > Key Ring > ServiceNow
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Record
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Table Definition
    • GCP > KMS > Key Ring > ServiceNow > Table
    • GCP > KMS > Key Ring > ServiceNow > Table > Definition

servicenow-gcp-bigquery v5.0.0 is now available

Jan 17, 2024

What's new?

  • Control Types:

    • GCP > BigQuery > Dataset > ServiceNow
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
    • GCP > BigQuery > Dataset > ServiceNow > Table
    • GCP > BigQuery > Table > ServiceNow
    • GCP > BigQuery > Table > ServiceNow > Configuration Item
    • GCP > BigQuery > Table > ServiceNow > Table

  • Policy Types:

    • GCP > BigQuery > Dataset > ServiceNow
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Record
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Table Definition
    • GCP > BigQuery > Dataset > ServiceNow > Table
    • GCP > BigQuery > Dataset > ServiceNow > Table > Definition
    • GCP > BigQuery > Table > ServiceNow
    • GCP > BigQuery > Table > ServiceNow > Configuration Item
    • GCP > BigQuery > Table > ServiceNow > Configuration Item > Record
    • GCP > BigQuery > Table > ServiceNow > Configuration Item > Table Definition
    • GCP > BigQuery > Table > ServiceNow > Table
    • GCP > BigQuery > Table > ServiceNow > Table > Definition

Turbot Guardrails Enterprise (TE) v5.42.15 - Minor internal improvements

Jan 16, 2024

Bug fixes

  • Server
    • Updated: Enhanced IAM policy for tighter access around custom Lambda.
    • Fixed: Turbot > Workspace > Health Control should not break if there is no input.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

servicenow-gcp-bigtable v5.0.0 is now available

Jan 16, 2024

What's new?

  • Control Types:

    • GCP > Bigtable > Cluster > ServiceNow
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
    • GCP > Bigtable > Cluster > ServiceNow > Table
    • GCP > Bigtable > Instance > ServiceNow
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item
    • GCP > Bigtable > Instance > ServiceNow > Table
    • GCP > Bigtable > Table > ServiceNow
    • GCP > Bigtable > Table > ServiceNow > Configuration Item
    • GCP > Bigtable > Table > ServiceNow > Table

  • Policy Types:

    • GCP > Bigtable > Cluster > ServiceNow
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Cluster > ServiceNow > Table
    • GCP > Bigtable > Cluster > ServiceNow > Table > Definition
    • GCP > Bigtable > Instance > ServiceNow
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Instance > ServiceNow > Table
    • GCP > Bigtable > Instance > ServiceNow > Table > Definition
    • GCP > Bigtable > Table > ServiceNow
    • GCP > Bigtable > Table > ServiceNow > Configuration Item
    • GCP > Bigtable > Table > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Table > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Table > ServiceNow > Table
    • GCP > Bigtable > Table > ServiceNow > Table > Definition

servicenow-gcp-appengine v5.0.0 is now available

Jan 16, 2024

What's new?

  • Control Types:

    • GCP > App Engine > Application > ServiceNow
    • GCP > App Engine > Application > ServiceNow > Configuration Item
    • GCP > App Engine > Application > ServiceNow > Table
    • GCP > App Engine > Firewall Rule > ServiceNow
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
    • GCP > App Engine > Firewall Rule > ServiceNow > Table
    • GCP > App Engine > Instance > ServiceNow
    • GCP > App Engine > Instance > ServiceNow > Configuration Item
    • GCP > App Engine > Instance > ServiceNow > Table
    • GCP > App Engine > Service > ServiceNow
    • GCP > App Engine > Service > ServiceNow > Configuration Item
    • GCP > App Engine > Service > ServiceNow > Table
    • GCP > App Engine > Version > ServiceNow
    • GCP > App Engine > Version > ServiceNow > Configuration Item
    • GCP > App Engine > Version > ServiceNow > Table

  • Policy Types:

    • GCP > App Engine > Application > ServiceNow
    • GCP > App Engine > Application > ServiceNow > Configuration Item
    • GCP > App Engine > Application > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Application > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Application > ServiceNow > Table
    • GCP > App Engine > Application > ServiceNow > Table > Definition
    • GCP > App Engine > Firewall Rule > ServiceNow
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Firewall Rule > ServiceNow > Table
    • GCP > App Engine > Firewall Rule > ServiceNow > Table > Definition
    • GCP > App Engine > Instance > ServiceNow
    • GCP > App Engine > Instance > ServiceNow > Configuration Item
    • GCP > App Engine > Instance > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Instance > ServiceNow > Table
    • GCP > App Engine > Instance > ServiceNow > Table > Definition
    • GCP > App Engine > Service > ServiceNow
    • GCP > App Engine > Service > ServiceNow > Configuration Item
    • GCP > App Engine > Service > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Service > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Service > ServiceNow > Table
    • GCP > App Engine > Service > ServiceNow > Table > Definition
    • GCP > App Engine > Version > ServiceNow
    • GCP > App Engine > Version > ServiceNow > Configuration Item
    • GCP > App Engine > Version > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Version > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Version > ServiceNow > Table
    • GCP > App Engine > Version > ServiceNow > Table > Definition

gcp v5.23.2 - Bug Fixed - Event Poller control will now run lighter and quicker than before

Jan 16, 2024

Bug fixes

  • The GCP > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the GCP > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

azure v5.18.1 - Bug Fixed - Event Poller controls will now run lighter and quicker than before

Jan 16, 2024

Bug fixes

  • The Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller controls now include a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller policies are set to Disabled respectively. You won’t notice any difference and the controls should run lighter and quicker than before.

azure-activedirectory v5.4.1 - Bug Fixed - Event Poller control will now run lighter and quicker than before

Jan 16, 2024

Bug fixes

  • The Azure > Turbot > Directory Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Directory Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

aws v5.29.2 - Bug Fixed - Event Poller control will now run lighter and quicker than before

Jan 16, 2024

Bug fixes

  • The AWS > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the AWS > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

aws-opensearch v5.0.0 is now available

Jan 16, 2024

What's new?

  • Resource Types:

    • AWS > OpenSearch

  • Policy Types:

    • AWS > OpenSearch > API Enabled
    • AWS > OpenSearch > Approved Regions [Default]
    • AWS > OpenSearch > Enabled
    • AWS > OpenSearch > Permissions
    • AWS > OpenSearch > Permissions > Levels
    • AWS > OpenSearch > Permissions > Levels > Modifiers
    • AWS > OpenSearch > Permissions > Lockdown
    • AWS > OpenSearch > Permissions > Lockdown > API Boundary
    • AWS > OpenSearch > Regions
    • AWS > OpenSearch > Tags Template [Default]
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-opensearch
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-opensearch
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-opensearch

DigitalOcean Thrifty mod v0.6 - Added input variables to allow different thresholds to be passed in Droplet, Database, Block Storage and Kubernetes services

Jan 16, 2024

AWS plugin v0.128.0 - Added aws_cloudtrail_lookup_event, aws_organizations_organizational_unit, aws_organizations_root, and aws_sns_subscription tables

Jan 15, 2024

Flowpipe Samples v0.3.0 - Added query_and_stop_aws_ec2_instances_by_tag sample mod and fixed bugs in README

Jan 12, 2024

What's new?

  • Added the query_and_stop_aws_ec2_instances_by_tag sample mod that can be used with Flowpipe. (#99)

Bug fixes

  • Fixed the README docs to use --arg instead of --pipeline-arg as the argument flag. (#102)
  • Fixed the link for installing mod dependencies in all the README docs. (#98)

servicenow-azure v5.1.0 - Added support for Resource Group, Subscription and Tenant

Jan 12, 2024

What's new?

  • Control Types:

    • Azure > Resource Group > ServiceNow
    • Azure > Resource Group > ServiceNow > Configuration Item
    • Azure > Resource Group > ServiceNow > Table
    • Azure > Subscription > ServiceNow
    • Azure > Subscription > ServiceNow > Configuration Item
    • Azure > Subscription > ServiceNow > Table
    • Azure > Tenant > ServiceNow
    • Azure > Tenant > ServiceNow > Configuration Item
    • Azure > Tenant > ServiceNow > Table

  • Policy Types:

    • Azure > Resource Group > ServiceNow
    • Azure > Resource Group > ServiceNow > Configuration Item
    • Azure > Resource Group > ServiceNow > Configuration Item > Record
    • Azure > Resource Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Resource Group > ServiceNow > Table
    • Azure > Resource Group > ServiceNow > Table > Definition
    • Azure > Subscription > ServiceNow
    • Azure > Subscription > ServiceNow > Configuration Item
    • Azure > Subscription > ServiceNow > Configuration Item > Record
    • Azure > Subscription > ServiceNow > Configuration Item > Table Definition
    • Azure > Subscription > ServiceNow > Table
    • Azure > Subscription > ServiceNow > Table > Definition
    • Azure > Tenant > ServiceNow
    • Azure > Tenant > ServiceNow > Configuration Item
    • Azure > Tenant > ServiceNow > Configuration Item > Record
    • Azure > Tenant > ServiceNow > Configuration Item > Table Definition
    • Azure > Tenant > ServiceNow > Table
    • Azure > Tenant > ServiceNow > Table > Definition

AWS Well Architected mod v0.10 - Updated tags to use risk instead of severity to eliminate duplicate column names in output files

Jan 12, 2024

Bug fixes

  • Updated the tags to use risk instead of severity to eliminate duplicate column names in output files. (#41)

servicenow-azure-network v5.2.0 - Added support for Private Endpoints

Jan 11, 2024

What's new?

  • Control Types:

    • Azure > Network > Private Endpoints > ServiceNow
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
    • Azure > Network > Private Endpoints > ServiceNow > Table

  • Policy Types:

    • Azure > Network > Private Endpoints > ServiceNow
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Record
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Private Endpoints > ServiceNow > Table
    • Azure > Network > Private Endpoints > ServiceNow > Table > Definition

servicenow-azure-automation v5.0.0 is now available

Jan 11, 2024

What's new?

  • Control Types:

    • Azure > Automation > Automation Account > ServiceNow
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item
    • Azure > Automation > Automation Account > ServiceNow > Table
    • Azure > Automation > Runbook > ServiceNow
    • Azure > Automation > Runbook > ServiceNow > Configuration Item
    • Azure > Automation > Runbook > ServiceNow > Table

  • Policy Types:

    • Azure > Automation > Automation Account > ServiceNow
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Record
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Automation > Automation Account > ServiceNow > Table
    • Azure > Automation > Automation Account > ServiceNow > Table > Definition
    • Azure > Automation > Runbook > ServiceNow
    • Azure > Automation > Runbook > ServiceNow > Configuration Item
    • Azure > Automation > Runbook > ServiceNow > Configuration Item > Record
    • Azure > Automation > Runbook > ServiceNow > Configuration Item > Table Definition
    • Azure > Automation > Runbook > ServiceNow > Table
    • Azure > Automation > Runbook > ServiceNow > Table > Definition

aws-ec2 v5.37.0 - Added support for `aws_network_interface_sg_attachment` Terraform resource for Elastic Network Interfaces

Jan 11, 2024

What's new?

  • Added support for aws_network_interface_sg_attachment Terraform resource for AWS > EC2 > Network Interface.

Bug fixes

  • The AWS > EC2 > Instance > CMDB control would sometimes trigger multiple times if EnclaveOptions was not set as part of the AWS > EC2 > Instance > CMDB > Attributes policy. This would result in unnecessary Lambda runs for the control. The EnclaveOptions attribute is now available in the CMDB data by default and the EnclaveOptions policy value in AWS > EC2 > Instance > CMDB > Attributes policy has now been deprecated, and will be removed in the next major version.

Flowpipe IP2Locationio Mod v0.2 – Updated credential section of README to use api_key instead of token

Jan 10, 2024

Bug fixes

  • Updated the credential section of README to use api_key instead of token. (#7)

Turbot Guardrails Enterprise Foundation (TEF) v1.54.0 - Updated Launch Template to prevent association of Network Interface with public IPs

Jan 10, 2024

What's new?

  • Updated: Launch Template to prevent association of Network Interface with public IPs.

servicenow-azure-storage v5.1.0 is now available

Jan 10, 2024

What's new?

  • Control Types:

    • Azure > Storage > Container > ServiceNow
    • Azure > Storage > Container > ServiceNow > Configuration Item
    • Azure > Storage > Container > ServiceNow > Table
    • Azure > Storage > FileShare > ServiceNow
    • Azure > Storage > FileShare > ServiceNow > Configuration Item
    • Azure > Storage > FileShare > ServiceNow > Table
    • Azure > Storage > Queue > ServiceNow
    • Azure > Storage > Queue > ServiceNow > Configuration Item
    • Azure > Storage > Queue > ServiceNow > Table

  • Policy Types:

    • Azure > Storage > Container > ServiceNow
    • Azure > Storage > Container > ServiceNow > Configuration Item
    • Azure > Storage > Container > ServiceNow > Configuration Item > Record
    • Azure > Storage > Container > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Container > ServiceNow > Table
    • Azure > Storage > Container > ServiceNow > Table > Definition
    • Azure > Storage > FileShare > ServiceNow
    • Azure > Storage > FileShare > ServiceNow > Configuration Item
    • Azure > Storage > FileShare > ServiceNow > Configuration Item > Record
    • Azure > Storage > FileShare > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > FileShare > ServiceNow > Table
    • Azure > Storage > FileShare > ServiceNow > Table > Definition
    • Azure > Storage > Queue > ServiceNow
    • Azure > Storage > Queue > ServiceNow > Configuration Item
    • Azure > Storage > Queue > ServiceNow > Configuration Item > Record
    • Azure > Storage > Queue > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Queue > ServiceNow > Table
    • Azure > Storage > Queue > ServiceNow > Table > Definition

servicenow-azure-recoveryservice v5.0.0 is now available

Jan 10, 2024

What's new?

  • Control Types:

    • Azure > Recovery Service > Backup > ServiceNow
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
    • Azure > Recovery Service > Backup > ServiceNow > Table
    • Azure > Recovery Service > Vault > ServiceNow
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
    • Azure > Recovery Service > Vault > ServiceNow > Table

  • Policy Types:

    • Azure > Recovery Service > Backup > ServiceNow
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Record
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Table Definition
    • Azure > Recovery Service > Backup > ServiceNow > Table
    • Azure > Recovery Service > Backup > ServiceNow > Table > Definition
    • Azure > Recovery Service > Vault > ServiceNow
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Record
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Table Definition
    • Azure > Recovery Service > Vault > ServiceNow > Table
    • Azure > Recovery Service > Vault > ServiceNow > Table > Definition

servicenow-azure-monitor v5.0.0 is now available

Jan 10, 2024

What's new?

  • Control Types:

    • Azure > Monitor > Action Group > ServiceNow
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item
    • Azure > Monitor > Action Group > ServiceNow > Table
    • Azure > Monitor > Alerts > ServiceNow
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item
    • Azure > Monitor > Alerts > ServiceNow > Table
    • Azure > Monitor > Log Profile > ServiceNow
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
    • Azure > Monitor > Log Profile > ServiceNow > Table

  • Policy Types:

    • Azure > Monitor > Action Group > ServiceNow
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Action Group > ServiceNow > Table
    • Azure > Monitor > Action Group > ServiceNow > Table > Definition
    • Azure > Monitor > Alerts > ServiceNow
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Alerts > ServiceNow > Table
    • Azure > Monitor > Alerts > ServiceNow > Table > Definition
    • Azure > Monitor > Log Profile > ServiceNow
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Log Profile > ServiceNow > Table
    • Azure > Monitor > Log Profile > ServiceNow > Table > Definition

Terraform Azure Compliance mod v0.12 - Added new controls for Container Registry and Instance services

Jan 10, 2024

What's new?

  • Added the following controls across the benchmarks: (#51)
    • container_instance_container_group_secure_environment_variable
    • container_registry_zone_redundant_enabled

AWS plugin v0.127.0 - Added aws_appsync_graphql_api and aws_mq_broker tables and fixed custom HTTP client to allow buildable settings through env var options such as AWS_CA_BUNDLE

Jan 10, 2024

What's new?

Enhancements

  • Added storage_throughput column to aws_rds_db_instance table. (#2010) (Thanks @toddwh50 for the contribution!)
  • Added layers column to aws_lambda_function table. (#2008) (Thanks @icaliskanoglu for the contribution!)
  • Added tags column to aws_backup_recovery_point and aws_backup_vault tables. (#2033)

Bug fixes

  • Custom HTTP client should allow buildable settings through env var options such as AWS_CA_BUNDLE. (#2044)
  • Fixed MaxItems in aws_iam_policy and aws_iam_policy_attachment tables to use 1000 instead of 100 to avoid unnecessary API calls. (#2025) (#2026)

Flowpipe CLI v0.1.1 – Fixed inaccurate SQL query string validation

Jan 09, 2024

Bug fixes

  • Removed inaccurate SQL Query string validation to check for arguments. (#516)

servicenow-gcp-kubernetesengine v5.0.0 is now available

Jan 09, 2024

What's new?

  • Control Types:

    • GCP > Kubernetes Engine > Region Cluster > ServiceNow
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table

  • Policy Types:

    • GCP > Kubernetes Engine > Region Cluster > ServiceNow
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table > Definition

servicenow-azure-iam v5.0.0 is now available

Jan 09, 2024

What's new?

  • Control Types:

    • Azure > IAM > Role Assignment > ServiceNow
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
    • Azure > IAM > Role Assignment > ServiceNow > Table
    • Azure > IAM > Role Definition > ServiceNow
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item
    • Azure > IAM > Role Definition > ServiceNow > Table

  • Policy Types:

    • Azure > IAM > Role Assignment > ServiceNow
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Record
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Table Definition
    • Azure > IAM > Role Assignment > ServiceNow > Table
    • Azure > IAM > Role Assignment > ServiceNow > Table > Definition
    • Azure > IAM > Role Definition > ServiceNow
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Record
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Table Definition
    • Azure > IAM > Role Definition > ServiceNow > Table
    • Azure > IAM > Role Definition > ServiceNow > Table > Definition

servicenow-azure-datafactory v5.0.0 is now available

Jan 09, 2024

What's new?

  • Control Types:

    • Azure > Data Factory > Dataset > ServiceNow
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
    • Azure > Data Factory > Dataset > ServiceNow > Table
    • Azure > Data Factory > Factory > ServiceNow
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item
    • Azure > Data Factory > Factory > ServiceNow > Table
    • Azure > Data Factory > Pipeline > ServiceNow
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
    • Azure > Data Factory > Pipeline > ServiceNow > Table

  • Policy Types:

    • Azure > Data Factory > Dataset > ServiceNow
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Dataset > ServiceNow > Table
    • Azure > Data Factory > Dataset > ServiceNow > Table > Definition
    • Azure > Data Factory > Factory > ServiceNow
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Factory > ServiceNow > Table
    • Azure > Data Factory > Factory > ServiceNow > Table > Definition
    • Azure > Data Factory > Pipeline > ServiceNow
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Pipeline > ServiceNow > Table
    • Azure > Data Factory > Pipeline > ServiceNow > Table > Definition

servicenow-azure-databricks v5.0.0 is now available

Jan 09, 2024

What's new?

  • Control Types:

    • Azure > Databricks > Workspace > ServiceNow
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item
    • Azure > Databricks > Workspace > ServiceNow > Table

  • Policy Types:

    • Azure > Databricks > Workspace > ServiceNow
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Record
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Databricks > Workspace > ServiceNow > Table
    • Azure > Databricks > Workspace > ServiceNow > Table > Definition

Turbot Guardrails Enterprise (TE) v5.42.14 - Minor internal improvements

Jan 09, 2024

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

IBM Compliance mod v0.7 - Updated controls to use the latest query format

Jan 09, 2024

Enhancements

  • Updated the controls to reference their query using query = rather than sql =. (#25)

Azure insights mod v0.14 - Fixed broken network_subnet_to_network_virtual_network edge of relationship graph in sql_server_detail dashboard page to correctly reference network_subnets_for_sql_server query

Jan 09, 2024

Bug fixes

  • Fixed the broken network_subnet_to_network_virtual_network edge of the relationship graph in the sql_server_detail dashboard page to correctly reference the network_subnets_for_sql_server query. (#118)

Azure Compliance mod v0.39 - Fixed kubernetes_cluster_upgraded_with_non_vulnerable_version query to correctly check if a Kubernetes cluster is using an outdated software version

Jan 09, 2024

Bug fixes

  • Fixed the kubernetes_cluster_upgraded_with_non_vulnerable_version query to correctly check if a Kubernetes cluster is using an outdated software version. (#235)

Turbot Guardrails Enterprise (TE) v5.42.13 - Bug Fixed - Scheduled actions will now not fail for firehose-aws-sns mod

Jan 08, 2024

Bug fixes

  • Server
    • The scheduled actions would sometimes fail to work for the firehose-aws-sns mod due an inadvertent bug introduced in TE v5.42.10. This is now fixed.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

servicenow-azure-activedirectory v5.0.0 is now available

Jan 08, 2024

What's new?

  • Control Types:

    • Azure > Active Directory > Application > ServiceNow
    • Azure > Active Directory > Application > ServiceNow > Configuration Item
    • Azure > Active Directory > Application > ServiceNow > Table
    • Azure > Active Directory > Client Secret > ServiceNow
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
    • Azure > Active Directory > Client Secret > ServiceNow > Table
    • Azure > Active Directory > Custom Domain > ServiceNow
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
    • Azure > Active Directory > Custom Domain > ServiceNow > Table
    • Azure > Active Directory > Directory > ServiceNow
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item
    • Azure > Active Directory > Directory > ServiceNow > Table
    • Azure > Active Directory > Group > ServiceNow
    • Azure > Active Directory > Group > ServiceNow > Configuration Item
    • Azure > Active Directory > Group > ServiceNow > Table
    • Azure > Active Directory > Service Principal > ServiceNow
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
    • Azure > Active Directory > Service Principal > ServiceNow > Table
    • Azure > Active Directory > User > ServiceNow
    • Azure > Active Directory > User > ServiceNow > Configuration Item
    • Azure > Active Directory > User > ServiceNow > Table

  • Policy Types:

    • Azure > Active Directory > Application > ServiceNow
    • Azure > Active Directory > Application > ServiceNow > Configuration Item
    • Azure > Active Directory > Application > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Application > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Application > ServiceNow > Table
    • Azure > Active Directory > Application > ServiceNow > Table > Definition
    • Azure > Active Directory > Client Secret > ServiceNow
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Client Secret > ServiceNow > Table
    • Azure > Active Directory > Client Secret > ServiceNow > Table > Definition
    • Azure > Active Directory > Custom Domain > ServiceNow
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Custom Domain > ServiceNow > Table
    • Azure > Active Directory > Custom Domain > ServiceNow > Table > Definition
    • Azure > Active Directory > Directory > ServiceNow
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Directory > ServiceNow > Table
    • Azure > Active Directory > Directory > ServiceNow > Table > Definition
    • Azure > Active Directory > Group > ServiceNow
    • Azure > Active Directory > Group > ServiceNow > Configuration Item
    • Azure > Active Directory > Group > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Group > ServiceNow > Table
    • Azure > Active Directory > Group > ServiceNow > Table > Definition
    • Azure > Active Directory > Service Principal > ServiceNow
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Service Principal > ServiceNow > Table
    • Azure > Active Directory > Service Principal > ServiceNow > Table > Definition
    • Azure > Active Directory > User > ServiceNow
    • Azure > Active Directory > User > ServiceNow > Configuration Item
    • Azure > Active Directory > User > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > User > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > User > ServiceNow > Table
    • Azure > Active Directory > User > ServiceNow > Table > Definition

ServiceNow plugin v0.3.1 - Fixed plugin to return only static tables instead of an error when the objects config argument is not set or credentials are not set correctly

Jan 08, 2024

Bug fixes

  • Fixed the plugin to return only static tables instead of an error when the objects config argument is not set or the plugin credentials are not set correctly. (#26)

Reddit plugin v0.5.0 - Added reddit_my_saved_post and reddit_my_saved_comment tables

Jan 08, 2024

servicenow-gcp-pubsub v5.0.0 is now available

Jan 05, 2024

What's new?

  • Control Types:

    • GCP > Pub/Sub > Snapshot > ServiceNow
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table
    • GCP > Pub/Sub > Subscription > ServiceNow
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Subscription > ServiceNow > Table
    • GCP > Pub/Sub > Topic > ServiceNow
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Topic > ServiceNow > Table

  • Policy Types:

    • GCP > Pub/Sub > Snapshot > ServiceNow
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table > Definition
    • GCP > Pub/Sub > Subscription > ServiceNow
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Subscription > ServiceNow > Table
    • GCP > Pub/Sub > Subscription > ServiceNow > Table > Definition
    • GCP > Pub/Sub > Topic > ServiceNow
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Topic > ServiceNow > Table
    • GCP > Pub/Sub > Topic > ServiceNow > Table > Definition

servicenow-azure-synapseanalytics v5.0.0 is now available

Jan 05, 2024

What's new?

  • Control Types:

    • Azure > Synapse Analytics > SQL Pool > ServiceNow
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
    • Azure > Synapse Analytics > Workspace > ServiceNow
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table

  • Policy Types:

    • Azure > Synapse Analytics > SQL Pool > ServiceNow
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Record
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Table Definition
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table > Definition
    • Azure > Synapse Analytics > Workspace > ServiceNow
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Record
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table > Definition

servicenow-azure-sqlvirtualmachine v5.0.0 is now available

Jan 05, 2024

What's new?

  • Control Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Table

  • Policy Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
    • Azure > Search Management > Search Service > ServiceNow > Table
    • Azure > Search Management > Search Service > ServiceNow > Table > Definition

servicenow-azure-servicebus v5.0.0 is now available

Jan 05, 2024

What's new?

  • Control Types:

    • Azure > Service Bus > Namespace > ServiceNow
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
    • Azure > Service Bus > Namespace > ServiceNow > Table
    • Azure > Service Bus > Queue > ServiceNow
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item
    • Azure > Service Bus > Queue > ServiceNow > Table
    • Azure > Service Bus > Topic > ServiceNow
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item
    • Azure > Service Bus > Topic > ServiceNow > Table

  • Policy Types:

    • Azure > Service Bus > Namespace > ServiceNow
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Namespace > ServiceNow > Table
    • Azure > Service Bus > Namespace > ServiceNow > Table > Definition
    • Azure > Service Bus > Queue > ServiceNow
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Queue > ServiceNow > Table
    • Azure > Service Bus > Queue > ServiceNow > Table > Definition
    • Azure > Service Bus > Topic > ServiceNow
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Topic > ServiceNow > Table
    • Azure > Service Bus > Topic > ServiceNow > Table > Definition

servicenow-azure-loadbalancer v5.0.0 is now available

Jan 05, 2024

What's new?

  • Control Types:

    • Azure > Load Balancer > Load Balance > ServiceNow
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
    • Azure > Load Balancer > Load Balance > ServiceNow > Table

  • Policy Types:

    • Azure > Load Balancer > Load Balance > ServiceNow
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Record
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Table Definition
    • Azure > Load Balancer > Load Balance > ServiceNow > Table
    • Azure > Load Balancer > Load Balance > ServiceNow > Table > Definition

servicenow-azure-dns v5.0.0 is now available

Jan 05, 2024

What's new?

  • Control Types:

    • Azure > DNS > Record Set > ServiceNow
    • Azure > DNS > Record Set > ServiceNow > Configuration Item
    • Azure > DNS > Record Set > ServiceNow > Table
    • Azure > DNS > Zone > ServiceNow
    • Azure > DNS > Zone > ServiceNow > Configuration Item
    • Azure > DNS > Zone > ServiceNow > Table

  • Policy Types:

    • Azure > DNS > Record Set > ServiceNow
    • Azure > DNS > Record Set > ServiceNow > Configuration Item
    • Azure > DNS > Record Set > ServiceNow > Configuration Item > Record
    • Azure > DNS > Record Set > ServiceNow > Configuration Item > Table Definition
    • Azure > DNS > Record Set > ServiceNow > Table
    • Azure > DNS > Record Set > ServiceNow > Table > Definition
    • Azure > DNS > Zone > ServiceNow
    • Azure > DNS > Zone > ServiceNow > Configuration Item
    • Azure > DNS > Zone > ServiceNow > Configuration Item > Record
    • Azure > DNS > Zone > ServiceNow > Configuration Item > Table Definition
    • Azure > DNS > Zone > ServiceNow > Table
    • Azure > DNS > Zone > ServiceNow > Table > Definition

servicenow-azure-cosmosdb v5.0.0 is now available

Jan 05, 2024

What's new?

  • Control Types:

    • Azure > Cosmos DB > Database Account > ServiceNow
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
    • Azure > Cosmos DB > Database Account > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Database > ServiceNow
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
    • Azure > Cosmos DB > SQL Container > ServiceNow
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table
    • Azure > Cosmos DB > SQL Database > ServiceNow
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table

  • Policy Types:

    • Azure > Cosmos DB > Database Account > ServiceNow
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > Database Account > ServiceNow > Table
    • Azure > Cosmos DB > Database Account > ServiceNow > Table > Definition
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table > Definition
    • Azure > Cosmos DB > MongoDB Database > ServiceNow
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table > Definition
    • Azure > Cosmos DB > SQL Container > ServiceNow
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table > Definition
    • Azure > Cosmos DB > SQL Database > ServiceNow
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table > Definition

Steampipe CLI v0.21.3 - Fixed incorrect row count in timing output for aggregator connections, set connection state to error if plugin load fails

Jan 05, 2024

Whats new

  • Allow using pprof on FDW when STEAMPIPE_FDW_PPROF environment variable is set. (#368)

Bug fixes

  • Set connection state to error if plugin load fails. (#4043)
  • Fixes incorrect row count in timing output for aggregator connections. (#402)
  • OpenTelemetry metric names must only contain [A-Za-z0-9_.-]. (#369)
  • Maintain the order of execution when running multiple queries in batch mode. (#3728)

Pipes Terraform Provider v0.12.1 now available

Jan 04, 2024

v0.12.1 of the Terraform Provider for Pipes is now available.

Bug fixes

  • Omitting the PartPer setting for a pipes_workspace_datatank_table resource would have previously resulted in an error, meaning you had to pass connection as the value. This field is now optional, allowing single part tables to be defined.

Turbot Guardrails Enterprise (TE) v5.42.12 - Policy updated for Mod Lambda SNS topic

Jan 04, 2024

What's new?

  • Server
    • Updated: Enhanced IAM policy for tighter access around Mod Lambda SNS topic.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

servicenow-azure-searchmanagement v5.0.0 is now available

Jan 04, 2024

What's new?

  • Control Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Table

  • Policy Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
    • Azure > Search Management > Search Service > ServiceNow > Table
    • Azure > Search Management > Search Service > ServiceNow > Table > Definition

servicenow-azure-networkwatcher v5.0.0 is now available

Jan 04, 2024

What's new?

  • Control Types:

    • Azure > Network Watcher > Flow Log > ServiceNow
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
    • Azure > Network Watcher > Flow Log > ServiceNow > Table
    • Azure > Network Watcher > Network Watcher > ServiceNow
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table

  • Policy Types:

    • Azure > Network Watcher > Flow Log > ServiceNow
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Record
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Table Definition
    • Azure > Network Watcher > Flow Log > ServiceNow > Table
    • Azure > Network Watcher > Flow Log > ServiceNow > Table > Definition
    • Azure > Network Watcher > Network Watcher > ServiceNow
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Record
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Table Definition
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table > Definition

servicenow-azure-frontdoorservice v5.0.0 is now available

Jan 04, 2024

What's new?

  • Control Types:

    • Azure > Front Door > Front Door > ServiceNow
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item
    • Azure > Front Door > Front Door > ServiceNow > Table

  • Policy Types:

    • Azure > Front Door > Front Door > ServiceNow
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Record
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Table Definition
    • Azure > Front Door > Front Door > ServiceNow > Table
    • Azure > Front Door > Front Door > ServiceNow > Table > Definition

servicenow-azure-applicationinsights v5.0.0 is now available

Jan 04, 2024

What's new?

  • Control Types:

    • Azure > Application Insights > Application Insight > ServiceNow
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
    • Azure > Application Insights > Application Insight > ServiceNow > Table

  • Policy Types:

    • Azure > Application Insights > Application Insight > ServiceNow
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Record
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Table Definition
    • Azure > Application Insights > Application Insight > ServiceNow > Table
    • Azure > Application Insights > Application Insight > ServiceNow > Table > Definition

firehose-aws-sns v1.1.6 - Lambda runtimes now powered by Node 18

Jan 04, 2024

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

GCP Compliance mod v0.25 - Added new controls to All Controls benchmark

Jan 04, 2024

Enhancements

  • Added 61 new controls to the All Controls benchmark across the following services: (#140)
    • CloudFunctions
    • Compute
    • KMS
    • Kubernetes
    • Project
    • SQL
    • Storage

AWS Compliance mod v0.84 - Added new controls to All Controls benchmark

Jan 04, 2024

Enhancements

  • Added 50 new controls to the All Controls benchmark across the following services: (#736)
    • ACM
    • CloudFront
    • CloudTrail
    • Config
    • DocumentDB
    • EC2
    • ECS
    • EKS
    • ElastiCache
    • ELB
    • EMR
    • Kinesis
    • RDS
    • Redshift
    • S3
    • SNS
    • SQS
    • SSM
    • VPC

servicenow-azure-securitycenter v5.0.0 is now available

Jan 03, 2024

What's new?

  • Control Types:

    • Azure > Security Center > Security Center > ServiceNow
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item
    • Azure > Security Center > Security Center > ServiceNow > Table

  • Policy Types:

    • Azure > Security Center > Security Center > ServiceNow
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Record
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Table Definition
    • Azure > Security Center > Security Center > ServiceNow > Table
    • Azure > Security Center > Security Center > ServiceNow > Table > Definition

servicenow-azure-firewall v5.0.0 is now available

Jan 03, 2024

What's new?

  • Control Types:

    • Azure > Firewall > Firewall > ServiceNow
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item
    • Azure > Firewall > Firewall > ServiceNow > Table

  • Policy Types:

    • Azure > Firewall > Firewall > ServiceNow
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Record
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Table Definition
    • Azure > Firewall > Firewall > ServiceNow > Table
    • Azure > Firewall > Firewall > ServiceNow > Table > Definition

servicenow-azure-applicationgateway v5.0.0 is now available

Jan 03, 2024

What's new?

  • Control Types:

    • Azure > Application Gateway Service > Application Gateway > ServiceNow
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table

  • Policy Types:

    • Azure > Application Gateway Service > Application Gateway > ServiceNow
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Record
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Table Definition
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table > Definition

servicenow-azure-apimanagement v5.0.0 is now available

Jan 03, 2024

What's new?

  • Control Types:

    • Azure > API Management > API Management Service > ServiceNow
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item
    • Azure > API Management > API Management Service > ServiceNow > Table

  • Policy Types:

    • Azure > API Management > API Management Service > ServiceNow
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Record
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Table Definition
    • Azure > API Management > API Management Service > ServiceNow > Table
    • Azure > API Management > API Management Service > ServiceNow > Table > Definition

SAP BTP plugin v0.0.2 - Initial plugin release

Jan 03, 2024

Turbot Guardrails Enterprise (TE) v5.42.11 - SAML Security Enhancements

Jan 02, 2024

What's new?

  • Server

    • Updated: The directory API to support Require Signed Assertion Response.

  • UI:

    • Added: Introduced UI options for Require Signed Assertion Response for enhanced security in SAML authentication.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Enhanced Security and Compatibility Guide for SAML Authentication

Description: The recent update to @node-saml/passport-saml mandates the signing of the assertion response. To ensure backward compatibility, we have introduced a new configuration option in the UI:

  • Require Signed Assertion Response

By default, this option is set to Disabled to maintain compatibility with existing setups.

Recommendations: We recommend enabling this option as it adds an additional layer of security. However, please be aware that enabling this setting might impact the SAML login functionality.

servicenow-azure-relay v5.0.0 is now available

Jan 02, 2024

What's new?

  • Control Types:

    • Azure > Relay > Namespace > ServiceNow
    • Azure > Relay > Namespace > ServiceNow > Configuration Item
    • Azure > Relay > Namespace > ServiceNow > Table

  • Policy Types:

    • Azure > Relay > Namespace > ServiceNow
    • Azure > Relay > Namespace > ServiceNow > Configuration Item
    • Azure > Relay > Namespace > ServiceNow > Configuration Item > Record
    • Azure > Relay > Namespace > ServiceNow > Configuration Item > Table Definition
    • Azure > Relay > Namespace > ServiceNow > Table
    • Azure > Relay > Namespace > ServiceNow > Table > Definition

servicenow-azure-loganalytics v5.0.0 is now available

Jan 02, 2024

What's new?

  • Control Types:

    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table

  • Policy Types:

    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Record
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table > Definition

servicenow-azure-appservice v5.0.0 is now available

Jan 02, 2024

What's new?

  • Control Types:

    • Azure > App Service > App Service Plan > ServiceNow
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
    • Azure > App Service > App Service Plan > ServiceNow > Table
    • Azure > App Service > Function App > ServiceNow
    • Azure > App Service > Function App > ServiceNow > Configuration Item
    • Azure > App Service > Function App > ServiceNow > Table
    • Azure > App Service > Web App > ServiceNow
    • Azure > App Service > Web App > ServiceNow > Configuration Item
    • Azure > App Service > Web App > ServiceNow > Table

  • Policy Types:

    • Azure > App Service > App Service Plan > ServiceNow
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Record
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > App Service Plan > ServiceNow > Table
    • Azure > App Service > App Service Plan > ServiceNow > Table > Definition
    • Azure > App Service > Function App > ServiceNow
    • Azure > App Service > Function App > ServiceNow > Configuration Item
    • Azure > App Service > Function App > ServiceNow > Configuration Item > Record
    • Azure > App Service > Function App > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > Function App > ServiceNow > Table
    • Azure > App Service > Function App > ServiceNow > Table > Definition
    • Azure > App Service > Web App > ServiceNow
    • Azure > App Service > Web App > ServiceNow > Configuration Item
    • Azure > App Service > Web App > ServiceNow > Configuration Item > Record
    • Azure > App Service > Web App > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > Web App > ServiceNow > Table
    • Azure > App Service > Web App > ServiceNow > Table > Definition

AWS plugin v0.126.0 - Updated the plugin to enhance DNS management and reduce connection floods for more stable and efficient queries

Dec 29, 2023

Enhancements

  • Updated the plugin to use a shared, optimized HTTP client that enhances DNS management and reduces connection floods for more stable and efficient queries. (#2036)

servicenow-azure-signalr v5.0.0 is now available

Dec 23, 2023

What's new?

  • Control Types:

    • Azure > SignalR Service > SignalR > ServiceNow
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
    • Azure > SignalR Service > SignalR > ServiceNow > Table

  • Policy Types:

    • Azure > SignalR Service > SignalR > ServiceNow
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Record
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Table Definition
    • Azure > SignalR Service > SignalR > ServiceNow > Table
    • Azure > SignalR Service > SignalR > ServiceNow > Table > Definition

servicenow-azure-aks v5.0.0 is now available

Dec 23, 2023

What's new?

  • Control Types:

    • Azure > AKS > Managed Cluster > ServiceNow
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
    • Azure > AKS > Managed Cluster > ServiceNow > Table

  • Policy Types:

    • Azure > AKS > Managed Cluster > ServiceNow
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Record
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Table Definition
    • Azure > AKS > Managed Cluster > ServiceNow > Table
    • Azure > AKS > Managed Cluster > ServiceNow > Table > Definition

AWS plugin v0.125.0 - Updated the plugin to build the netgo package only for Darwin systems

Dec 20, 2023

Enhancements

  • Updated the plugin's .goreleaser file to build the netgo package only for Darwin systems. (#2029)

servicenow-azure-sql v5.1.0 - Added support for Database and Elastic Pool

Dec 19, 2023

What's new?

  • Control Types:

    • Azure > SQL > Database > ServiceNow
    • Azure > SQL > Database > ServiceNow > Configuration Item
    • Azure > SQL > Database > ServiceNow > Table
    • Azure > SQL > Elastic Pool > ServiceNow
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
    • Azure > SQL > Elastic Pool > ServiceNow > Table

  • Policy Types:

    • Azure > SQL > Database > ServiceNow
    • Azure > SQL > Database > ServiceNow > Configuration Item
    • Azure > SQL > Database > ServiceNow > Configuration Item > Record
    • Azure > SQL > Database > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Database > ServiceNow > Table
    • Azure > SQL > Database > ServiceNow > Table > Definition
    • Azure > SQL > Elastic Pool > ServiceNow
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Record
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Elastic Pool > ServiceNow > Table
    • Azure > SQL > Elastic Pool > ServiceNow > Table > Definition

servicenow-azure-network v5.1.0 - Added support for Application Security Group, Express Route Circuits, Network Interface, Private DNS Zones, Public IP Address, Route Table and Virtual Network Gateway

Dec 19, 2023

What's new?

  • Control Types:
    • Azure > Network > Application Security Group > ServiceNow
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item
    • Azure > Network > Application Security Group > ServiceNow > Table
    • Azure > Network > Express Route Circuits > ServiceNow
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
    • Azure > Network > Express Route Circuits > ServiceNow > Table
    • Azure > Network > Network Interface > ServiceNow
    • Azure > Network > Network Interface > ServiceNow > Configuration Item
    • Azure > Network > Network Interface > ServiceNow > Table
    • Azure > Network > Private DNS Zones > ServiceNow
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
    • Azure > Network > Private DNS Zones > ServiceNow > Table
    • Azure > Network > Public IP Address > ServiceNow
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item
    • Azure > Network > Public IP Address > ServiceNow > Table
    • Azure > Network > Route Table > ServiceNow
    • Azure > Network > Route Table > ServiceNow > Configuration Item
    • Azure > Network > Route Table > ServiceNow > Table
    • Azure > Network > Virtual Network Gateway > ServiceNow
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table
  • Policy Types:
    • Azure > Network > Application Security Group > ServiceNow
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Record
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Application Security Group > ServiceNow > Table
    • Azure > Network > Application Security Group > ServiceNow > Table > Definition
    • Azure > Network > Express Route Circuits > ServiceNow
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Record
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Express Route Circuits > ServiceNow > Table
    • Azure > Network > Express Route Circuits > ServiceNow > Table > Definition
    • Azure > Network > Network Interface > ServiceNow
    • Azure > Network > Network Interface > ServiceNow > Configuration Item
    • Azure > Network > Network Interface > ServiceNow > Configuration Item > Record
    • Azure > Network > Network Interface > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Network Interface > ServiceNow > Table
    • Azure > Network > Network Interface > ServiceNow > Table > Definition
    • Azure > Network > Private DNS Zones > ServiceNow
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Record
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Private DNS Zones > ServiceNow > Table
    • Azure > Network > Private DNS Zones > ServiceNow > Table > Definition
    • Azure > Network > Public IP Address > ServiceNow
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Record
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Public IP Address > ServiceNow > Table
    • Azure > Network > Public IP Address > ServiceNow > Table > Definition
    • Azure > Network > Route Table > ServiceNow
    • Azure > Network > Route Table > ServiceNow > Configuration Item
    • Azure > Network > Route Table > ServiceNow > Configuration Item > Record
    • Azure > Network > Route Table > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Route Table > ServiceNow > Table
    • Azure > Network > Route Table > ServiceNow > Table > Definition
    • Azure > Network > Virtual Network Gateway > ServiceNow
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Record
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table > Definition

servicenow-azure-keyvault v5.0.0 is now available

Dec 19, 2023

What's new?

  • Control Types:

    • Azure > Key Vault > Key > ServiceNow
    • Azure > Key Vault > Key > ServiceNow > Configuration Item
    • Azure > Key Vault > Key > ServiceNow > Table
    • Azure > Key Vault > Secret > ServiceNow
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item
    • Azure > Key Vault > Secret > ServiceNow > Table
    • Azure > Key Vault > Vault > ServiceNow
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item
    • Azure > Key Vault > Vault > ServiceNow > Table

  • Policy Types:

    • Azure > Key Vault > Key > ServiceNow
    • Azure > Key Vault > Key > ServiceNow > Configuration Item
    • Azure > Key Vault > Key > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Key > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Key > ServiceNow > Table
    • Azure > Key Vault > Key > ServiceNow > Table > Definition
    • Azure > Key Vault > Secret > ServiceNow
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Secret > ServiceNow > Table
    • Azure > Key Vault > Secret > ServiceNow > Table > Definition
    • Azure > Key Vault > Vault > ServiceNow
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Vault > ServiceNow > Table
    • Azure > Key Vault > Vault > ServiceNow > Table > Definition

servicenow-azure-postgresql v5.1.0 - Added support for Flexible Server

Dec 18, 2023

What's new?

  • Control Types:

    • Azure > PostgreSQL > Flexible Server > ServiceNow
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table

  • Policy Types:

    • Azure > PostgreSQL > Flexible Server > ServiceNow
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Record
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table > Definition

servicenow-azure-mysql v5.1.0 - Added support for Flexible Server

Dec 18, 2023

What's new?

  • Control Types:

    • Azure > MySQL > Flexible Server > ServiceNow
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > MySQL > Flexible Server > ServiceNow > Table

  • Policy Types:

    • Azure > MySQL > Flexible Server > ServiceNow
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Record
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
    • Azure > MySQL > Flexible Server > ServiceNow > Table
    • Azure > MySQL > Flexible Server > ServiceNow > Table > Definition

servicenow-aws-kms v5.0.0 is now available

Dec 18, 2023

What's new?

  • Control Types:

    • AWS > KMS > Key > ServiceNow
    • AWS > KMS > Key > ServiceNow > Configuration Item
    • AWS > KMS > Key > ServiceNow > Table

  • Policy Types:

    • AWS > KMS > Key > ServiceNow
    • AWS > KMS > Key > ServiceNow > Configuration Item
    • AWS > KMS > Key > ServiceNow > Configuration Item > Record
    • AWS > KMS > Key > ServiceNow > Configuration Item > Table Definition
    • AWS > KMS > Key > ServiceNow > Table
    • AWS > KMS > Key > ServiceNow > Table > Definition

servicenow-aws-cloudwatch v5.0.0 is now available

Dec 18, 2023

What's new?

  • Control Types:

    • AWS > CloudWatch > Alarm > ServiceNow
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
    • AWS > CloudWatch > Alarm > ServiceNow > Table

  • Policy Types:

    • AWS > CloudWatch > Alarm > ServiceNow
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Record
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Table Definition
    • AWS > CloudWatch > Alarm > ServiceNow > Table
    • AWS > CloudWatch > Alarm > ServiceNow > Table > Definition

servicenow-aws-cloudtrail v5.0.0 is now available

Dec 18, 2023

What's new?

  • Control Types:

    • AWS > CloudTrail > Trail > ServiceNow
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
    • AWS > CloudTrail > Trail > ServiceNow > Table

  • Policy Types:

    • AWS > CloudTrail > Trail > ServiceNow
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Record
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Table Definition
    • AWS > CloudTrail > Trail > ServiceNow > Table
    • AWS > CloudTrail > Trail > ServiceNow > Table > Definition

aws-rds v5.26.1 - Bug Fixed - DB Instance Discovery control would sometimes incorrectly upsert DocumentDB Instances

Dec 15, 2023

Bug fixes

  • The AWS > RDS > DB Instance > Discovery control would sometimes upsert DocumentDB Instances as RDS Instances in Guardrails CMDB. This is fixed and the control will now filter out DocumentDB Instances while upserting resources in CMDB.

Turbot Pipes for Enterprise is now available

Dec 14, 2023

Turbot Pipes Enterprise plan is now available.

The Enterprise tier expands on the Team tier’s features with enhanced collaboration, enterprise-grade security, and improved scalability, making it ideal for larger organizations:

  • Organization-wide cloud intelligence & security: Enables tailored data management across business units and teams for sharing insights.
  • SAML Authentication: Provides secure and seamless SSO user experience using your identity provider.
  • Multi-Organization RBAC: Allows granular access permissions across organizations and workspaces to protect sensitive data.
  • Trusted Login Domains: Significantly reduces unauthorized access by restricting logins to trusted domains.
  • Consolidated Usage and Billing: Simplifies resource and financial tracking with tenant-level visibility plus per organization/workspace details.

Get started in a 14-day free trial then switch to flexible, usage based pricing.

For more information, see the launch post.

Pipes Enterprise plan now supports AWS Marketplace billing

Dec 14, 2023

Turbot Pipes now officially supports billing for your organization Enterprise plan via the AWS Marketplace.

For more information, see the Pipes billing docs.

Trademark policy updates. CLA for AGPL repositories.

Dec 14, 2023

Our trademark policy & terms now clarify that while others are allowed to make their own distribution of Turbot open-source software, they cannot use any of the Turbot trademarks, cloud services, etc.

We now require a signed Contributor License Agreement for all contributions to our AGPL 3.0 and CC BY-NC-ND licensed repositories.

Learn more in our open source FAQ.

Postgres FDW, SQLite extension and export CLI engines for 114 plugins

Dec 14, 2023

114 plugins have been updated to include the following changes:

What's new?

Dependencies

  • Recompiled with steampipe-plugin-sdk v5.8.0 that includes plugin server encapsulation for in-process and GRPC usage, adding Steampipe Plugin SDK version to _ctx column, and fixing connection and potential divide-by-zero bugs.

Flowpipe Samples v0.1.0 - 35 new mods

Dec 13, 2023

35 new, ready-to-use Flowpipe sample mods are now available! These mods serve as practical examples, showcasing the patterns and applications of various library mods. Every mod comes with specific instructions for installation and use, enabling fast and easy setup.

A full list of sample mods can be found in the Flowpipe Hub and the source code is available at turbot/flowpipe-samples.

Flowpipe CLI v0.1 – Initial release

Dec 13, 2023

Introducing Flowpipe, a cloud scripting engine. Automation and workflow to connect your clouds to the people, systems and data that matter. Pipelines for DevOps written in HCL.

Initial support for:

  • Pipeline execution
  • Steps: container, email, function, http, pipeline, query, sleep, transform
  • Triggers: schedule, http
  • Credential management
  • Mod composition

Learn more at:

Flowpipe Library Mods - 28 new mods

Dec 13, 2023

aws-lambda v5.13.2 - Added support for latest Lambda runtimes in the `AWS > Lambda > Function > Allowed Runtime > Values` policy

Dec 13, 2023

What's new?

  • Added support for latest lambda runtimes in the AWS > Lambda > Function > Allowed Runtime > Values policy.

aws-iam v5.33.0 - Added support for Approved policies and control for Root Resource Type

Dec 13, 2023

What's new?

  • Control Types:

    • AWS > IAM > Root > Approved

  • Policy Types:

    • AWS > IAM > Root > Approved
    • AWS > IAM > Root > Approved > Custom
    • AWS > IAM > Root > Approved > Usage

  • Action Types:

    • AWS > IAM > Root > Skip alarm for Approved control
    • AWS > IAM > Root > Skip alarm for Approved control [90 days]

Bug fixes

  • The AWS > IAM > Account Password Policy > CMDB control would incorrectly go into an Alarm state when Guardrails was denied access to fetch the Account Password Policy data. This is fixed and the control will now move to an Error state instead for such cases.
  • Guardrails stack controls would sometimes fail to update IAM resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

Steampipe CLI v0.21.2 - Added `steampipe_plugin_column` introspection table to the `steampipe_internal` schema

Dec 12, 2023

Whats new

  • Added steampipe_plugin_column introspection table to the steampipe_internal schema. (#4003)

Bug fixes

  • Fixed issue where a query would return 'null' for an empty result set when output is set to json. (#3955)
  • Fixed custom registries bugs.
  • Clean up apt temporary files in Dockerfile.

servicenow v5.0.2 - README.md file is now available for users to check details about resource types that the mod covers

Dec 11, 2023

Bug fixes

  • README.md file is now available for users to check details about resource types that the mod covers.

aws-cloudfront v5.5.0 - Added support for CloudFront KeyValueStore permissions

Dec 11, 2023

What's new?

  • AWS/CloudFront/Admin and AWS/CloudFront/Metadata will now also include permissions for CloudFront KeyValueStore.

Turbot Guardrails Enterprise (TE) v5.42.10 - Bug fixed - Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk

Dec 08, 2023

Bug fixes

  • Server
    • Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

servicenow-gcp v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > GCP

  • Control Types:

    • ServiceNow > Turbot > Watches > GCP

  • Action Types:

    • ServiceNow > Turbot > Watches > GCP Archive And Delete Record

servicenow-gcp-storage v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • GCP > Storage > Bucket > ServiceNow
    • GCP > Storage > Bucket > ServiceNow > Configuration Item
    • GCP > Storage > Bucket > ServiceNow > Configuration Item > Record
    • GCP > Storage > Bucket > ServiceNow > Configuration Item > Table Definition
    • GCP > Storage > Bucket > ServiceNow > Table
    • GCP > Storage > Bucket > ServiceNow > Table > Definition

  • Control Types:

    • GCP > Storage > Bucket > ServiceNow
    • GCP > Storage > Bucket > ServiceNow > Configuration Item
    • GCP > Storage > Bucket > ServiceNow > Table

servicenow-gcp-sql v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • GCP > SQL > Instance > ServiceNow
    • GCP > SQL > Instance > ServiceNow > Configuration Item
    • GCP > SQL > Instance > ServiceNow > Configuration Item > Record
    • GCP > SQL > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Instance > ServiceNow > Table
    • GCP > SQL > Instance > ServiceNow > Table > Definition

  • Control Types:

    • GCP > SQL > Instance > ServiceNow
    • GCP > SQL > Instance > ServiceNow > Configuration Item
    • GCP > SQL > Instance > ServiceNow > Table

servicenow-gcp-network v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • GCP > Network > Network > ServiceNow
    • GCP > Network > Network > ServiceNow > Configuration Item
    • GCP > Network > Network > ServiceNow > Configuration Item > Record
    • GCP > Network > Network > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Network > ServiceNow > Table
    • GCP > Network > Network > ServiceNow > Table > Definition
    • GCP > Network > Subnetwork > ServiceNow
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Record
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Subnetwork > ServiceNow > Table
    • GCP > Network > Subnetwork > ServiceNow > Table > Definition

  • Control Types:

    • GCP > Network > Network > ServiceNow
    • GCP > Network > Network > ServiceNow > Configuration Item
    • GCP > Network > Network > ServiceNow > Table
    • GCP > Network > Subnetwork > ServiceNow
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item
    • GCP > Network > Subnetwork > ServiceNow > Table

servicenow-gcp-computeengine v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • GCP > Compute Engine > Disk > ServiceNow
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Disk > ServiceNow > Table
    • GCP > Compute Engine > Disk > ServiceNow > Table > Definition
    • GCP > Compute Engine > Image > ServiceNow
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Image > ServiceNow > Table
    • GCP > Compute Engine > Image > ServiceNow > Table > Definition
    • GCP > Compute Engine > Instance > ServiceNow
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Instance > ServiceNow > Table
    • GCP > Compute Engine > Instance > ServiceNow > Table > Definition
    • GCP > Compute Engine > Snapshot > ServiceNow
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Snapshot > ServiceNow > Table
    • GCP > Compute Engine > Snapshot > ServiceNow > Table > Definition

  • Control Types:

    • GCP > Compute Engine > Disk > ServiceNow
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Disk > ServiceNow > Table
    • GCP > Compute Engine > Image > ServiceNow
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item
    • GCP > Compute Engine > Image > ServiceNow > Table
    • GCP > Compute Engine > Instance > ServiceNow
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance > ServiceNow > Table
    • GCP > Compute Engine > Snapshot > ServiceNow
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
    • GCP > Compute Engine > Snapshot > ServiceNow > Table

servicenow-azure v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > Azure

  • Control Types:

    • ServiceNow > Turbot > Watches > Azure

  • Action Types:

    • ServiceNow > Turbot > Watches > Azure Archive And Delete Record

servicenow-azure-storage v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • Azure > Storage > Storage Account > ServiceNow
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Record
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Storage Account > ServiceNow > Table
    • Azure > Storage > Storage Account > ServiceNow > Table > Definition

  • Control Types:

    • Azure > Storage > Storage Account > ServiceNow
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item
    • Azure > Storage > Storage Account > ServiceNow > Table

servicenow-azure-sql v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • Azure > SQL > Server > ServiceNow
    • Azure > SQL > Server > ServiceNow > Configuration Item
    • Azure > SQL > Server > ServiceNow > Configuration Item > Record
    • Azure > SQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Server > ServiceNow > Table
    • Azure > SQL > Server > ServiceNow > Table > Definition

  • Control Types:

    • Azure > SQL > Server > ServiceNow
    • Azure > SQL > Server > ServiceNow > Configuration Item
    • Azure > SQL > Server > ServiceNow > Table

servicenow-azure-postgresql v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • Azure > PostgreSQL > Server > ServiceNow
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Record
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > PostgreSQL > Server > ServiceNow > Table
    • Azure > PostgreSQL > Server > ServiceNow > Table > Definition

  • Control Types:

    • Azure > PostgreSQL > Server > ServiceNow
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Server > ServiceNow > Table

servicenow-azure-network v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • Azure > Network > Network Security Group > ServiceNow
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Record
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Network Security Group > ServiceNow > Table
    • Azure > Network > Network Security Group > ServiceNow > Table > Definition
    • Azure > Network > Subnet > ServiceNow
    • Azure > Network > Subnet > ServiceNow > Configuration Item
    • Azure > Network > Subnet > ServiceNow > Configuration Item > Record
    • Azure > Network > Subnet > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Subnet > ServiceNow > Table
    • Azure > Network > Subnet > ServiceNow > Table > Definition
    • Azure > Network > Virtual Network > ServiceNow
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Record
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Virtual Network > ServiceNow > Table
    • Azure > Network > Virtual Network > ServiceNow > Table > Definition

  • Control Types:

    • Azure > Network > Network Security Group > ServiceNow
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item
    • Azure > Network > Network Security Group > ServiceNow > Table
    • Azure > Network > Subnet > ServiceNow
    • Azure > Network > Subnet > ServiceNow > Configuration Item
    • Azure > Network > Subnet > ServiceNow > Table
    • Azure > Network > Virtual Network > ServiceNow
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network > ServiceNow > Table

servicenow-azure-mysql v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • Azure > MySQL > Server > ServiceNow
    • Azure > MySQL > Server > ServiceNow > Configuration Item
    • Azure > MySQL > Server > ServiceNow > Configuration Item > Record
    • Azure > MySQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > MySQL > Server > ServiceNow > Table
    • Azure > MySQL > Server > ServiceNow > Table > Definition

  • Control Types:

    • Azure > MySQL > Server > ServiceNow
    • Azure > MySQL > Server > ServiceNow > Configuration Item
    • Azure > MySQL > Server > ServiceNow > Table

servicenow-azure-compute v5.0.0 is now available

Dec 08, 2023

What's new?

  • Policy Types:

    • Azure > Compute > Availability Set > ServiceNow
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Availability Set > ServiceNow > Table
    • Azure > Compute > Availability Set > ServiceNow > Table > Definition
    • Azure > Compute > Disk > ServiceNow
    • Azure > Compute > Disk > ServiceNow > Configuration Item
    • Azure > Compute > Disk > ServiceNow > Configuration Item > Record
    • Azure > Compute > Disk > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Disk > ServiceNow > Table
    • Azure > Compute > Disk > ServiceNow > Table > Definition
    • Azure > Compute > Disk Encryption Set > ServiceNow
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table > Definition
    • Azure > Compute > Image > ServiceNow
    • Azure > Compute > Image > ServiceNow > Configuration Item
    • Azure > Compute > Image > ServiceNow > Configuration Item > Record
    • Azure > Compute > Image > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Image > ServiceNow > Table
    • Azure > Compute > Image > ServiceNow > Table > Definition
    • Azure > Compute > Snapshot > ServiceNow
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Record
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Snapshot > ServiceNow > Table
    • Azure > Compute > Snapshot > ServiceNow > Table > Definition
    • Azure > Compute > Ssh Public Key > ServiceNow
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Record
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Ssh Public Key > ServiceNow > Table
    • Azure > Compute > Ssh Public Key > ServiceNow > Table > Definition
    • Azure > Compute > Virtual Machine > ServiceNow
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Record
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Virtual Machine > ServiceNow > Table
    • Azure > Compute > Virtual Machine > ServiceNow > Table > Definition
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table > Definition

  • Control Types:

    • Azure > Compute > Availability Set > ServiceNow
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item
    • Azure > Compute > Availability Set > ServiceNow > Table
    • Azure > Compute > Disk > ServiceNow
    • Azure > Compute > Disk > ServiceNow > Configuration Item
    • Azure > Compute > Disk > ServiceNow > Table
    • Azure > Compute > Disk Encryption Set > ServiceNow
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table
    • Azure > Compute > Image > ServiceNow
    • Azure > Compute > Image > ServiceNow > Configuration Item
    • Azure > Compute > Image > ServiceNow > Table
    • Azure > Compute > Snapshot > ServiceNow
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item
    • Azure > Compute > Snapshot > ServiceNow > Table
    • Azure > Compute > Ssh Public Key > ServiceNow
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
    • Azure > Compute > Ssh Public Key > ServiceNow > Table
    • Azure > Compute > Virtual Machine > ServiceNow
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine > ServiceNow > Table
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table

servicenow-aws v5.0.1 - Bug Fixed - Watches control would fail to delete/archive records in ServiceNow

Dec 08, 2023

Bug fixes

  • The ServiceNow > Turbot > Watches > AWS control would fail to delete/archive records in ServiceNow. This is now fixed.

Turbot Guardrails Enterprise (TE) v5.42.9 - Minor fixes - TE stack will now enable propagation of custom tags to ECS tasks

Dec 07, 2023

Bug fixes

  • Server
    • Updated TE stack to enable propagation of custom tags to ECS tasks.
    • Updated @turbot/aws-sdk to 5.13.0, @turbot/fn to 5.21.0 and aws-sdk to 2.922.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

servicenow-aws-vpc-security v5.0.2 - Minor fixes on Configuration Item and Table controls

Dec 07, 2023

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

servicenow-aws-vpc-internet v5.0.2 - Minor fixes on Configuration Item and Table controls

Dec 07, 2023

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

servicenow-aws-vpc-core v5.0.2 - Minor fixes on Configuration Item and Table controls

Dec 07, 2023

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

servicenow-aws-s3 v5.0.2 - Minor fixes on Configuration Item and Table controls

Dec 07, 2023

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

servicenow-aws-rds v5.0.2 - Minor fixes on Configuration Item and Table controls

Dec 07, 2023

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

servicenow-aws-iam v5.0.2 - Minor fixes on Configuration Item and Table controls

Dec 07, 2023

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

servicenow-aws-ec2 v5.0.2 - Minor fixes on Configuration Item and Table controls

Dec 07, 2023

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Fly plugin v0.2.2 - Fixed plugin to correctly return results when environment variables are only used for authentication

Dec 07, 2023

Bug fixes

  • Fixed the plugin to correctly return results when environment variables are only used for authentication. (#21)

Consul plugin v0.1.2 - Fixed invalid Go module path of the plugin

Dec 07, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#15)

servicenow v5.0.1 - Bug Fixed - Discovery controls would sometimes upsert resources with incorrect AKAs

Dec 06, 2023

Bug fixes

  • The Discovery controls for Application, Cost Center and User would sometimes upsert resources with incorrect AKAs for a freshly imported ServiceNow Instance in Guardrails CMDB. This is fixed and the controls will now work as expected.

servicenow-aws-vpc-security v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow

Dec 06, 2023

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

servicenow-aws-vpc-internet v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow

Dec 06, 2023

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

servicenow-aws-vpc-core v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow

Dec 06, 2023

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

servicenow-aws-s3 v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow

Dec 06, 2023

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

servicenow-aws-rds v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow

Dec 06, 2023

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

servicenow-aws-iam v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow

Dec 06, 2023

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

servicenow-aws-ec2 v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow

Dec 06, 2023

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

aws v5.29.1 - Event Poller will now be automatically set to `Disabled` if either the Event Handlers or Event Handlers [Global] is set to `Enforce: Configured`

Dec 06, 2023

Bug fixes

  • The AWS > Turbot > Event Poller policy will now be automatically set to Disabled if any of the AWS > Turbot > Event Handlers or AWS > Turbot > Event Handlers [Global] policies is set to Enforce: Configured.

Pipes plugin v0.12.2 - Fixed invalid Go module path of the plugin

Dec 06, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#20)

Nomad plugin v0.1.2 - Fixed invalid Go module path of the plugin

Dec 06, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#13)

New Relic plugin v0.1.2 - Fixed invalid Go module path of the plugin

Dec 06, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#43)

Mastodon plugin v0.1.2 - Fixed invalid Go module path of the plugin

Dec 06, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#36)

Linear plugin v0.1.2 - Fixed invalid Go module path of the plugin

Dec 06, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#20)

Hibp plugin v0.4.2 - Fixed invalid Go module path of the plugin

Dec 06, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#26)

Github plugin v0.38.0 - Added github_repository_sbom table and updated tables to include support for dynamic GraphQL queries

Dec 06, 2023

What's new?

Enhancements

  • Updated the following tables to include support for dynamic GraphQL queries:
    • github_my_star (#369)
    • github_stargazer (#370)
    • github_tag (#371)
    • github_rate_limit (#368)
    • github_community_profile (#367)
    • github_license (#366)
    • github_organization_member (#364)
    • github_team_member (#364)
    • github_user (#364)
    • github_my_team (#363)
    • github_team (#363)
    • github_commit (#362)
    • github_my_organization (#361)
    • github_organization (#361)
    • github_organization_external_identity (#361)
    • github_branch (#360)
    • github_branch_protection (#360)
    • github_repository_collaborator (#365)
    • github_repository_deployment (#365)
    • github_repository_environment (#365)
    • github_repository_vulnerability_alert (#365)
    • github_issue (#359)
    • github_issue_comment (#359)
    • github_pull_request (#359)
    • github_pull_request_comment (#359)
    • github_pull_request_review (#359)

Crowdstrike plugin v0.3.2 - Fixed invalid Go module path of the plugin

Dec 06, 2023

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#27)

Turbot Guardrails Enterprise (TE) v5.42.8 - Bug Fixed - ServiceNow Instance Client Secret and Password were processed incorrectly while fetching credentials for the Instance

Dec 05, 2023

Bug fixes

  • Server
    • ServiceNow Instance Client Secret and Password were processed incorrectly while fetching credentials for the Instance.

Turbot Guardrails Enterprise (TE) v5.42.7 - Bug Fixed - Create mutation for ServiceNow instance failed if no instances were available in a Guardrails workspace

Dec 05, 2023

Bug fixes

  • Server
    • Create mutation for ServiceNow instance failed if no instances were available in a Guardrails workspace.

servicenow v5.0.0 is now available

Dec 05, 2023

What's new?

  • Resource Types:

    • ServiceNow
    • ServiceNow > Application
    • ServiceNow > Cost Center
    • ServiceNow > Instance
    • ServiceNow > User

  • Policy Types:

    • ServiceNow > Application > Business Rule
    • ServiceNow > Application > Business Rule > Name
    • ServiceNow > Application > CMDB
    • ServiceNow > Config
    • ServiceNow > Config > Application Scope
    • ServiceNow > Config > Client ID
    • ServiceNow > Config > Client Secret
    • ServiceNow > Config > Instance URL
    • ServiceNow > Config > Password
    • ServiceNow > Config > System Properties
    • ServiceNow > Config > System Properties > Template
    • ServiceNow > Config > Username
    • ServiceNow > Cost Center > Business Rule
    • ServiceNow > Cost Center > Business Rule > Name
    • ServiceNow > Cost Center > CMDB
    • ServiceNow > Instance > CMDB
    • ServiceNow > Login Names
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches
    • ServiceNow > User > Business Rule
    • ServiceNow > User > Business Rule > Name
    • ServiceNow > User > CMDB

  • Control Types:

    • ServiceNow > Application > Business Rule
    • ServiceNow > Application > CMDB
    • ServiceNow > Application > Discovery
    • ServiceNow > Config
    • ServiceNow > Config > System Properties
    • ServiceNow > Cost Center > Business Rule
    • ServiceNow > Cost Center > CMDB
    • ServiceNow > Cost Center > Discovery
    • ServiceNow > Instance > CMDB
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches
    • ServiceNow > User > Business Rule
    • ServiceNow > User > CMDB
    • ServiceNow > User > Discovery

  • Action Types:

    • ServiceNow > Instance > Event Handler
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches

servicenow-aws-vpc-security v5.0.0 is now available

Dec 05, 2023

What's new?

  • Policy Types:

    • AWS > VPC > Network ACL > ServiceNow
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item > Record
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Network ACL > ServiceNow > Table
    • AWS > VPC > Network ACL > ServiceNow > Table > Definition
    • AWS > VPC > Security Group > ServiceNow
    • AWS > VPC > Security Group > ServiceNow > Configuration Item
    • AWS > VPC > Security Group > ServiceNow > Configuration Item > Record
    • AWS > VPC > Security Group > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Security Group > ServiceNow > Table
    • AWS > VPC > Security Group > ServiceNow > Table > Definition

  • Control Types:

    • AWS > VPC > Network ACL > ServiceNow
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item
    • AWS > VPC > Network ACL > ServiceNow > Table
    • AWS > VPC > Security Group > ServiceNow
    • AWS > VPC > Security Group > ServiceNow > Configuration Item
    • AWS > VPC > Security Group > ServiceNow > Table

servicenow-aws-vpc-internet v5.0.0 is now available

Dec 05, 2023

What's new?

  • Policy Types:

    • AWS > VPC > Elastic IP > ServiceNow
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Record
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Elastic IP > ServiceNow > Table
    • AWS > VPC > Elastic IP > ServiceNow > Table > Definition

  • Control Types:

    • AWS > VPC > Elastic IP > ServiceNow
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item
    • AWS > VPC > Elastic IP > ServiceNow > Table

servicenow-aws-vpc-core v5.0.0 is now available

Dec 05, 2023

What's new?

  • Policy Types:

    • AWS > VPC > Route Table > ServiceNow
    • AWS > VPC > Route Table > ServiceNow > Configuration Item
    • AWS > VPC > Route Table > ServiceNow > Configuration Item > Record
    • AWS > VPC > Route Table > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Route Table > ServiceNow > Table
    • AWS > VPC > Route Table > ServiceNow > Table > Definition
    • AWS > VPC > Subnet > ServiceNow
    • AWS > VPC > Subnet > ServiceNow > Configuration Item
    • AWS > VPC > Subnet > ServiceNow > Configuration Item > Record
    • AWS > VPC > Subnet > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Subnet > ServiceNow > Table
    • AWS > VPC > Subnet > ServiceNow > Table > Definition
    • AWS > VPC > VPC > ServiceNow
    • AWS > VPC > VPC > ServiceNow > Configuration Item
    • AWS > VPC > VPC > ServiceNow > Configuration Item > Record
    • AWS > VPC > VPC > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > VPC > ServiceNow > Table
    • AWS > VPC > VPC > ServiceNow > Table > Definition

  • Control Types:

    • AWS > VPC > Route Table > ServiceNow
    • AWS > VPC > Route Table > ServiceNow > Configuration Item
    • AWS > VPC > Route Table > ServiceNow > Table
    • AWS > VPC > Subnet > ServiceNow
    • AWS > VPC > Subnet > ServiceNow > Configuration Item
    • AWS > VPC > Subnet > ServiceNow > Table
    • AWS > VPC > VPC > ServiceNow
    • AWS > VPC > VPC > ServiceNow > Configuration Item
    • AWS > VPC > VPC > ServiceNow > Table

servicenow-aws v5.0.0 is now available

Dec 05, 2023

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > AWS

  • Control Types:

    • ServiceNow > Turbot > Watches > AWS

  • Action Types:

    • ServiceNow > Turbot > Watches > AWS Archive And Delete Record

servicenow-aws-s3 v5.0.0 is now available

Dec 05, 2023

What's new?

  • Policy Types:

    • AWS > S3 > Bucket > ServiceNow
    • AWS > S3 > Bucket > ServiceNow > Configuration Item
    • AWS > S3 > Bucket > ServiceNow > Configuration Item > Record
    • AWS > S3 > Bucket > ServiceNow > Configuration Item > Table Definition
    • AWS > S3 > Bucket > ServiceNow > Table
    • AWS > S3 > Bucket > ServiceNow > Table > Definition

  • Control Types:

    • AWS > S3 > Bucket > ServiceNow
    • AWS > S3 > Bucket > ServiceNow > Configuration Item
    • AWS > S3 > Bucket > ServiceNow > Table

servicenow-aws-iam v5.0.0 is now available

Dec 05, 2023

What's new?

  • Policy Types:

    • AWS > IAM > Group > ServiceNow
    • AWS > IAM > Group > ServiceNow > Configuration Item
    • AWS > IAM > Group > ServiceNow > Configuration Item > Record
    • AWS > IAM > Group > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > Group > ServiceNow > Table
    • AWS > IAM > Group > ServiceNow > Table > Definition
    • AWS > IAM > Role > ServiceNow
    • AWS > IAM > Role > ServiceNow > Configuration Item
    • AWS > IAM > Role > ServiceNow > Configuration Item > Record
    • AWS > IAM > Role > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > Role > ServiceNow > Table
    • AWS > IAM > Role > ServiceNow > Table > Definition
    • AWS > IAM > User > ServiceNow
    • AWS > IAM > User > ServiceNow > Configuration Item
    • AWS > IAM > User > ServiceNow > Configuration Item > Record
    • AWS > IAM > User > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > User > ServiceNow > Table
    • AWS > IAM > User > ServiceNow > Table > Definition

  • Control Types:

    • AWS > IAM > Group > ServiceNow
    • AWS > IAM > Group > ServiceNow > Configuration Item
    • AWS > IAM > Group > ServiceNow > Table
    • AWS > IAM > Role > ServiceNow
    • AWS > IAM > Role > ServiceNow > Configuration Item
    • AWS > IAM > Role > ServiceNow > Table
    • AWS > IAM > User > ServiceNow
    • AWS > IAM > User > ServiceNow > Configuration Item
    • AWS > IAM > User > ServiceNow > Table

servicenow-aws-ec2 v5.0.0 is now available

Dec 05, 2023

What's new?

  • Policy Types:

    • AWS > EC2 > Instance > ServiceNow
    • AWS > EC2 > Instance > ServiceNow > Configuration Item
    • AWS > EC2 > Instance > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Instance > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Instance > ServiceNow > Table
    • AWS > EC2 > Instance > ServiceNow > Table > Definition
    • AWS > EC2 > Snapshot > ServiceNow
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Snapshot > ServiceNow > Table
    • AWS > EC2 > Snapshot > ServiceNow > Table > Definition
    • AWS > EC2 > Volume > ServiceNow
    • AWS > EC2 > Volume > ServiceNow > Configuration Item
    • AWS > EC2 > Volume > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Volume > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Volume > ServiceNow > Table
    • AWS > EC2 > Volume > ServiceNow > Table > Definition

  • Control Types:

    • AWS > EC2 > Instance > ServiceNow
    • AWS > EC2 > Instance > ServiceNow > Configuration Item
    • AWS > EC2 > Instance > ServiceNow > Table
    • AWS > EC2 > Snapshot > ServiceNow
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item
    • AWS > EC2 > Snapshot > ServiceNow > Table
    • AWS > EC2 > Volume > ServiceNow
    • AWS > EC2 > Volume > ServiceNow > Configuration Item
    • AWS > EC2 > Volume > ServiceNow > Table

Semgrep plugin v0.0.1 - Initial plugin release

Dec 05, 2023

Pipes Team plan now supports AWS Marketplace billing

Dec 04, 2023

Turbot Pipes now officially supports billing for your organization team plan via AWS Marketplace.

For more information, see the Pipes billing docs.

Turbot Guardrails Enterprise (TE) v5.42.6 - Added support to import ServiceNow Instances in Guardrails

Dec 01, 2023

What's new?

  • Server

    • Added: Support for creating and deleting watches using @turbot/sdk.
    • Updated: @turbot/fn, @turbot/aws-sdk, aws-sdk, @turbot/utils, @turbot/errors, @turbot/log, @turbot/responses packages.
    • Added: Support for ServiceNow credentials.

  • UI:

    • Added: Support to import ServiceNow Instance in Guardrails.

turbot v5.42.0 - Added support for new Control Categories in Guardrails

Nov 30, 2023

What's new?

  • Control Category Types:
    • CMDB > External
    • Cloud > Integration

Terraform GCP mod v0.11 - Added new controls across BigQuery, Bigtable, and Spanner services

Nov 30, 2023

What's new?

  • Added the following controls across the benchmarks: (#49)
    • bigquery_table_deletion_protection_enabled
    • bigtable_instance_deletion_protection_enabled
    • spanner_database_deletion_protection_enabled
    • spanner_database_drop_protection_enabled

Terraform Azure mod v0.11 - Added new controls across App Service, Event Hub, Kubernetes, Redis and SQL services

Nov 30, 2023

What's new?

  • Added the following controls across the benchmarks: (#47)
    • appservice_environment_zone_redundant_enabled
    • appservice_function_app_public_access_disabled
    • appservice_plan_zone_redundant
    • appservice_web_app_public_access_disabled
    • eventhub_namespace_uses_latest_tls_version
    • eventhub_namespace_zone_redundant
    • kubernetes_cluster_critical_pods_on_system_nodes
    • kubernetes_cluster_os_disk_ephemeral
    • redis_cache_standard_replication_enabled
    • sql_database_ledger_enabled
    • sql_database_zone_redundant_enabled

Terraform AWS mod v0.22 - Added new controls across DocumentDB, Lambda, and Neptune services

Nov 30, 2023

What's new?

  • Added the following controls across the benchmarks: (#98)
    • docdb_cluster_backup_retention_period_7
    • lambda_permission_restricted_service_permission
    • neptune_cluster_backup_retention_period_7
    • neptune_cluster_copy_tags_to_snapshot_enabled
    • neptune_cluster_iam_authentication_enabled

AWS Insights mod v0.17 - Fixed index doc by removing unsupported images

Nov 30, 2023

Bug fixes

  • Fixed the index doc by removing unsupported images. (#334)

AWS Compliance mod v0.83 - Added new controls to All Controls benchmark

Nov 30, 2023

Enhancements

  • Added the following controls to the All Controls benchmark: (#733)
    • api_gateway_rest_api_public_endpoint_with_authorizer
    • dlm_ebs_snapshot_lifecycle_policy_enabled
    • docdb_cluster_instance_encryption_at_rest_enabled
    • ebs_volume_snapshot_exists
    • elasticache_cluster_no_public_subnet
    • iam_role_no_administrator_access_policy_attached
    • iam_user_access_key_unused_45
    • iam_user_console_access_unused_45
    • neptune_db_cluster_no_public_subnet

AWS Insights mod v0.16 - Fixed missing closing tag in index doc

Nov 29, 2023

Bug fixes

  • Fixed missing closing tag in index doc. (#331)

aws-kendra v5.0.0 is now available

Nov 28, 2023

What's new?

  • Resource Types:

    • AWS > Kendra

  • Policy Types:

    • AWS > Kendra > API Enabled
    • AWS > Kendra > Approved Regions [Default]
    • AWS > Kendra > Enabled
    • AWS > Kendra > Permissions
    • AWS > Kendra > Permissions > Levels
    • AWS > Kendra > Permissions > Levels > Modifiers
    • AWS > Kendra > Permissions > Lockdown
    • AWS > Kendra > Permissions > Lockdown > API Boundary
    • AWS > Kendra > Regions
    • AWS > Kendra > Tags Template [Default]
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-kendra
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-kendra
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-kendra

Azure Compliance mod v0.38 - Fixed Azure Active Directory and Azure IAM queries to remove duplicate benchmark results

Nov 27, 2023

Bug fixes

  • Fixed ad_guest_user_reviewed_monthly, iam_deprecated_account_with_owner_roles, iam_external_user_with_read_permission, iam_external_user_with_write_permission, iam_user_not_allowed_to_create_security_group and iam_user_not_allowed_to_register_application queries to remove duplicate benchmark results. (#228)

turbot v5.41.0 - Added support for new Categories in Guardrails

Nov 24, 2023

What's new?

  • Category Types:
    • Turbot > Resource > Category > Business Application
    • Turbot > Resource > Category > Cloud > Api
    • Turbot > Resource > Category > Cloud > Provider
    • Turbot > Resource > Category > Cloud > Resource Group
    • Turbot > Resource > Category > Container
    • Turbot > Resource > Category > Cost Management
    • Turbot > Resource > Category > End User Computing
    • Turbot > Resource > Category > Migration
    • Turbot > Resource > Category > Robotics

gcp v5.23.1 - Added support to process enable and disable real-time events for Firebase Management APIs

Nov 24, 2023

What's new?

  • Added support to process enable and disable real-time events for Firebase Management APIs.

gcp-firebase v5.1.0 - You can can now enable Firebase Management API via Guardrails; Lambda runtimes now powered by Node 18

Nov 24, 2023

What's new?

  • You can now Enable/Disable Firebase Management API via Guardrails. To get started, set the GCP > Firebase > API Enabled policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • GCP > Firebase > API Enabled

  • Policy Types:

    • GCP > Firebase > API Enabled
    • GCP > Firebase > Android App > Approved > Custom
    • GCP > Firebase > Web App > Approved > Custom
    • GCP > Firebase > iOS App > Approved > Custom

  • Action Types:

    • GCP > Firebase > Set API Enabled

azure-synapseanalytics v5.7.0 - Added support for newer Europe, India, US and US Government regions; Lambda runtimes now powered by Node 18

Nov 24, 2023

What's new?

  • Added support for newer US, Europe, India and US Government regions in the Azure > Synapse Analytics > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Synapse Analytics > SQL Pool > Approved > Custom
    • Azure > Synapse Analytics > SQL Pool > Regions
    • Azure > Synapse Analytics > Workspace > Approved > Custom

azure-apimanagement v5.3.0 - Lambda runtimes now powered by Node 18

Nov 24, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > API Management > API Management Service > Approved > Custom

azure-aks v5.6.0 - Lambda runtimes now powered by Node 18

Nov 24, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > AKS > Managed Cluster > Approved > Custom

azure-networkwatcher v5.8.0 - Lambda runtimes now powered by Node 18

Nov 23, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Network Watcher > Flow Log > Approved > Custom
    • Azure > Network Watcher > Network Watcher > Approved > Custom

azure-datafactory v5.6.0 - Lambda runtimes now powered by Node 18

Nov 23, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Data Factory > Dataset > Approved > Custom
    • Azure > Data Factory > Factory > Approved > Custom
    • Azure > Data Factory > Pipeline > Approved > Custom

gcp-notebooks v5.1.0 - Lambda runtimes now powered by Node 18

Nov 21, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

gcp-datacatalog v5.2.0 - Lambda runtimes now powered by Node 18

Nov 21, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

azure-firewall v5.6.0 - Lambda runtimes now powered by Node 18

Nov 21, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Firewall > Firewall > Approved > Custom

azure-securitycenter v5.2.0 - Lambda runtimes now powered by Node 18

Nov 20, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

azure-frontdoorservice v5.7.0 - Lambda runtimes now powered by Node 18

Nov 20, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Front Door > Front Door > Approved > Custom

azure-databricks v5.3.0 - Lambda runtimes now powered by Node 18

Nov 20, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Databricks > Workspace > Approved > Custom

azure-cosmosdb v5.5.0 - Lambda runtimes now powered by Node 18

Nov 20, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

gcp-computeengine v5.17.0 - Trusted Access control for Images now also supports All Authenticated and All Users policies

Nov 17, 2023

What's new?

  • Policy Types:
    • GCP > Compute Engine > Image > Policy > Trusted Access > All Authenticated
    • GCP > Compute Engine > Image > Policy > Trusted Access > All Users

azure-signalr v5.1.0 - Lambda runtimes now powered by Node 18

Nov 17, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > SignalR Service > SignalR > Approved > Custom

azure-relay v5.1.0 - Lambda runtimes now powered by Node 18

Nov 17, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Relay > Namespace > Approved > Custom

Hubspot plugin v0.0.2 - Fixed plugin brand colour

Nov 17, 2023

Bug fixes

  • Fixed the plugin brand colour.

Hubspot plugin v0.0.1 - Initial plugin release

Nov 17, 2023

Kubernetes plugin v0.25.2 - Fixed the plugin to pass the namespace qualifier to the kubernetes API client

Nov 17, 2023

Bug fixes

  • Fixed the plugin to pass the namespace qualifier to the kubernetes API client when querying namespace scoped resources. (#181) (Thanks @pdecat for the contribution!!)

gcp-functions v5.8.0 - Trusted Access control now also supports All Authenticated and All Users policies

Nov 16, 2023

What's new?

  • Policy Types:
    • GCP > Functions > Function > Policy > Trusted Access > All Authenticated
    • GCP > Functions > Function > Policy > Trusted Access > All Users

azure-searchmanagement v5.7.0 - Lambda runtimes now powered by Node 18

Nov 16, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Search Management > Search Service > Approved > Custom

azure-recoveryservice v5.5.0 - Lambda runtimes now powered by Node 18

Nov 16, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Recovery Service > Vault > Approved > Custom

aws-swf v5.4.0 - Quick Actions now available for Domains; Lambda runtimes now powered by Node 18

Nov 16, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > SWF > Domain > Approved > Custom

  • Action Types:

    • AWS > SWF > Domain > Set Tags
    • AWS > SWF > Domain > Skip alarm for Active control
    • AWS > SWF > Domain > Skip alarm for Active control [90 days]
    • AWS > SWF > Domain > Skip alarm for Approved control
    • AWS > SWF > Domain > Skip alarm for Approved control [90 days]
    • AWS > SWF > Domain > Skip alarm for Tags control
    • AWS > SWF > Domain > Skip alarm for Tags control [90 days]

Github plugin v0.37.1 - Fixed GetConfig of github_team_repository table to include support for dynamic GraphQL queries

Nov 16, 2023

Bug fixes

  • Fixed the GetConfig of github_team_repository table to include support for dynamic GraphQL queries. (#379)
  • Fixed the example queries in github_commit doc file. (#377)
  • Fixed the example queries in github_search_issue doc file to filter out results from the API. (#378)

GCP plugin v0.46.0 - Added gcp_vertex_ai_endpoint table, and fixed retention_policy column of gcp_storage_bucket table

Nov 16, 2023

What's new?

Bug fixes

  • Fixed the retention_policy column of gcp_storage_bucket table to correctly return data instead of null. (#502)

AWS plugin v0.123.0 - Added aws_lambda_event_source_mapping table, and added resource_record_set_limit column to aws_route53_zone table

Nov 16, 2023

Jira plugin v0.13.0 - Added new tables, new columns to existing tables, and fixed bugs

Nov 15, 2023

What's new?

Enhancements

  • Added the properties column to jira_project table. (#105)

Bug fixes

  • Fixed typo in the docs/index.md file. (#102) (Thanks @adrfrank for the contribution!)
  • Fixed the jira_issue table by enhancing case insensitivity support for the status column. (#90)

Microsoft365 Compliance mod v0.9 - Added CIS v3.0.0 benchmark

Nov 14, 2023

What's new?

  • Added CIS v3.0.0 benchmark (steampipe check benchmark.cis_v300). (#57)

Linkedin plugin v0.4.0 - Removed tables using the search API that no longer work due to API limitations

Nov 14, 2023

Breaking Changes

  • Removed the following tables using the search API that no longer work due to API limitations. These tables will be added back if functionality can be restored.
    • linkedin_company_employee
    • linkedin_company_past_employee
    • linkedin_connection
    • linkedin_search_company
    • linkedin_search_profile

GCP Compliance mod v0.24 - Fixed compute_firewall_allow_tcp_connections_proxied_by_iap query to correctly include all the ports and source IP ranges

Nov 14, 2023

Bug fixes

  • Fixed the compute_firewall_allow_tcp_connections_proxied_by_iap query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)

Steampipe Plugin SDK v5.8.0 - Add support for running the plugin in-process.

Nov 11, 2023

What's new?

  • Encapsulate plugin server so it is possible to use it in-process as well as via GRPC. (#719)
  • Add steampipe field to _ctx column, containing sdk version. (#712)

Bug fixes

  • Remove plugin has no connections error when deleting and then re-adding a connection. (#725)
  • Fix potential divide by zero bug when setting cache size

Net Insights mod v0.6 - Added dns_mx_dmarc_record_enabled control to dns_mx_best_practices benchmark

Nov 10, 2023

Enhancements

  • Added the dns_mx_dmarc_record_enabled control to the dns_mx_best_practices benchmark. (#20)

Bug fixes

  • Fixed dashboard localhost URLs in README and index doc. (#23)

Github plugin v0.37.0 - Added run_started_at column to github_actions_repository_workflow_run table

Nov 10, 2023

Enhancements

  • Added the run_started_at column to github_actions_repository_workflow_run table. (#358) (Thanks @mridang for the contribution!)

AWS plugin v0.122.0 - Added new tables and new columns to existing tables

Nov 10, 2023

aws-qldb v5.3.0 - Quick Actions now available for Ledgers; Lambda runtimes now powered by Node 18

Nov 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > QLDB > Ledger > Approved > Custom

  • Action Types:

    • AWS > QLDB > Ledger > Delete from AWS
    • AWS > QLDB > Ledger > Set Tags
    • AWS > QLDB > Ledger > Skip alarm for Active control
    • AWS > QLDB > Ledger > Skip alarm for Active control [90 days]
    • AWS > QLDB > Ledger > Skip alarm for Approved control
    • AWS > QLDB > Ledger > Skip alarm for Approved control [90 days]
    • AWS > QLDB > Ledger > Skip alarm for Tags control
    • AWS > QLDB > Ledger > Skip alarm for Tags control [90 days]

aws-neptune v5.4.0 - Quick Actions now available for DB Clusters and Instances; Lambda runtimes now powered by Node 18

Nov 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Neptune > DB Cluster > Approved > Custom
    • AWS > Neptune > DB Instance > Approved > Custom

  • Action Types:

    • AWS > Neptune > DB Cluster > Delete from AWS
    • AWS > Neptune > DB Cluster > Set Tags
    • AWS > Neptune > DB Cluster > Skip alarm for Active control
    • AWS > Neptune > DB Cluster > Skip alarm for Active control [90 days]
    • AWS > Neptune > DB Cluster > Skip alarm for Approved control
    • AWS > Neptune > DB Cluster > Skip alarm for Approved control [90 days]
    • AWS > Neptune > DB Cluster > Skip alarm for Tags control
    • AWS > Neptune > DB Cluster > Skip alarm for Tags control [90 days]
    • AWS > Neptune > DB Instance > Delete from AWS
    • AWS > Neptune > DB Instance > Set Tags
    • AWS > Neptune > DB Instance > Skip alarm for Active control
    • AWS > Neptune > DB Instance > Skip alarm for Active control [90 days]
    • AWS > Neptune > DB Instance > Skip alarm for Approved control
    • AWS > Neptune > DB Instance > Skip alarm for Approved control [90 days]
    • AWS > Neptune > DB Instance > Skip alarm for Tags control
    • AWS > Neptune > DB Instance > Skip alarm for Tags control [90 days]

aws-inspector v5.2.0 - Quick Actions now available for Assessment Targets and Templates; Lambda runtimes now powered by Node 18

Nov 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Inspector > Assessment Target > Approved > Custom
    • AWS > Inspector > Assessment Template > Approved > Custom

  • Action Types:

    • AWS > Inspector > Assessment Target > Delete from AWS
    • AWS > Inspector > Assessment Target > Skip alarm for Active control
    • AWS > Inspector > Assessment Target > Skip alarm for Active control [90 days]
    • AWS > Inspector > Assessment Target > Skip alarm for Approved control
    • AWS > Inspector > Assessment Target > Skip alarm for Approved control [90 days]
    • AWS > Inspector > Assessment Template > Delete from AWS
    • AWS > Inspector > Assessment Template > Set Tags
    • AWS > Inspector > Assessment Template > Skip alarm for Active control
    • AWS > Inspector > Assessment Template > Skip alarm for Active control [90 days]
    • AWS > Inspector > Assessment Template > Skip alarm for Approved control
    • AWS > Inspector > Assessment Template > Skip alarm for Approved control [90 days]
    • AWS > Inspector > Assessment Template > Skip alarm for Tags control
    • AWS > Inspector > Assessment Template > Skip alarm for Tags control [90 days]

aws-dax v5.4.0 - Quick Actions now available for Clusters; Lambda runtimes now powered by Node 18

Nov 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > DAX > Cluster > Approved > Custom

  • Action Types:

    • AWS > DAX > Cluster > Delete from AWS
    • AWS > DAX > Cluster > Set Tags
    • AWS > DAX > Cluster > Skip alarm for Active control
    • AWS > DAX > Cluster > Skip alarm for Active control [90 days]
    • AWS > DAX > Cluster > Skip alarm for Approved control
    • AWS > DAX > Cluster > Skip alarm for Approved control [90 days]
    • AWS > DAX > Cluster > Skip alarm for Tags control
    • AWS > DAX > Cluster > Skip alarm for Tags control [90 days]

GCP Compliance mod v0.23 - Added new All Controls benchmark

Nov 09, 2023

What's new?_

  • Added the new All Controls benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)

Turbot Guardrails Enterprise (TE) v5.42.5 - SAML Security Enhancements and Package Update (v4.0.4).

Nov 08, 2023

What's new?

  • Server

    • Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4
    • Updated: The directory API to support Require Signed Authentication Response and Strict Audience Validation.

  • UI:

    • Added: Introduced UI options for Require Signed Authentication Response and Strict Audience Validation for enhanced security in SAML authentication.

Enhanced Security and Compatibility Guide for SAML Authentication

Description

The recent package change for @node-saml/passport-saml has made it mandatory to sign the audience response and perform audience validation. To maintain backward compatibility, we have introduced two new options in the UI:

  1. Require Signed Authentication Response
  2. Strict Audience Validation

To make it backward compatible, both of these options are initially set to Disabled by default.

Important Note: This change ensures that the audience response is signed and audience validation is enforced. These checks were not available in earlier versions of the package.

Recommendations

We recommend customers enable both of these properties as they add an additional layer of security. However, it's important to be aware that enabling these properties might potentially break SAML login functionality. Therefore, certain steps need to be taken before enabling them.

Here are specific recommendations for popular Identity Providers (IDPs):

Okta

  • Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience Restriction."

OneLogin

  • Require Signed Authentication Response: This feature should be disabled in OneLogin, as OneLogin does not support it.
  • Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience".

Azure Entra ID (Previously Known as Azure AD)

  • Require Signed Authentication Response: If enabled, make sure you choose the Signing option to be "SIGN SAML response and assertion". The Signing option is available on the Signing Certificate page of Entra ID

Please follow these recommendations carefully to make sure you're able to transition smoothly to the updated SAML package.

aws-outposts v5.3.0 - Lambda runtimes now powered by Node 18

Nov 08, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

aws-lightsail v5.5.0 - Quick Actions now available for all Lightsail resources; Lambda runtimes now powered by Node 18

Nov 08, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > Lightsail > Instance > Approved > Custom
    • AWS > Lightsail > Load Balancer > Approved > Custom
    • AWS > Lightsail > Relational Database > Approved > Custom

  • Action Types:

    • AWS > Lightsail > Instance > Delete from AWS
    • AWS > Lightsail > Instance > Set Tags
    • AWS > Lightsail > Instance > Skip alarm for Active control
    • AWS > Lightsail > Instance > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Instance > Skip alarm for Approved control
    • AWS > Lightsail > Instance > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Instance > Skip alarm for Tags control
    • AWS > Lightsail > Instance > Skip alarm for Tags control [90 days]
    • AWS > Lightsail > Load Balancer > Delete from AWS
    • AWS > Lightsail > Load Balancer > Set Tags
    • AWS > Lightsail > Load Balancer > Skip alarm for Active control
    • AWS > Lightsail > Load Balancer > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Load Balancer > Skip alarm for Approved control
    • AWS > Lightsail > Load Balancer > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Load Balancer > Skip alarm for Tags control
    • AWS > Lightsail > Load Balancer > Skip alarm for Tags control [90 days]
    • AWS > Lightsail > Relational Database > Delete from AWS
    • AWS > Lightsail > Relational Database > Set Tags
    • AWS > Lightsail > Relational Database > Skip alarm for Active control
    • AWS > Lightsail > Relational Database > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Relational Database > Skip alarm for Approved control
    • AWS > Lightsail > Relational Database > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Relational Database > Skip alarm for Tags control
    • AWS > Lightsail > Relational Database > Skip alarm for Tags control [90 days]

aws-bedrock v5.0.0 is now available

Nov 08, 2023

What's new?

  • Resource Types:

    • AWS > Bedrock

  • Policy Types:

    • AWS > Bedrock > API Enabled
    • AWS > Bedrock > Approved Regions [Default]
    • AWS > Bedrock > Enabled
    • AWS > Bedrock > Permissions
    • AWS > Bedrock > Permissions > Levels
    • AWS > Bedrock > Permissions > Levels > Modifiers
    • AWS > Bedrock > Permissions > Lockdown
    • AWS > Bedrock > Permissions > Lockdown > API Boundary
    • AWS > Bedrock > Regions
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-bedrock
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-bedrock
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-bedrock

aws-appmesh v5.4.0 - Quick Actions now available for Mesh; Lambda runtimes now powered by Node 18

Nov 08, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > App Mesh > Mesh > Approved > Custom

  • Action Types:

    • AWS > App Mesh > Mesh > Delete from AWS
    • AWS > App Mesh > Mesh > Set Tags
    • AWS > App Mesh > Mesh > Skip alarm for Active control
    • AWS > App Mesh > Mesh > Skip alarm for Active control [90 days]
    • AWS > App Mesh > Mesh > Skip alarm for Approved control
    • AWS > App Mesh > Mesh > Skip alarm for Approved control [90 days]
    • AWS > App Mesh > Mesh > Skip alarm for Tags control
    • AWS > App Mesh > Mesh > Skip alarm for Tags control [90 days]

Updated plugin dependency section of 25 mods to use min_version instead of version

Nov 08, 2023
  • Updated the plugin dependency section of the following mods to use min_version instead of version:
    • Alicloud Insights
    • AWS Insights
    • AWS Tags
    • Azure Insights
    • Digitalocean Insights
    • Docker Compliance
    • GCP Insights
    • GCP Labels
    • Github Compliance
    • Github Insights
    • Gitlab Insights
    • Hackernews Insights
    • IBM Insights
    • Kubernetes Insights
    • Microsoft 365 Compliance
    • OCI Compliance
    • OCI Insights
    • OCI Thrifty
    • Snowflake Compliance
    • Tailscale Compliance
    • Terraform AWS Compliance
    • Terraform Azure Compliance
    • Terraform GCP Compliance
    • Terraform OCI Compliance
    • Turbot Guardrails Insights

Kubernetes Compliance mod v0.17 - Updated docs to include correct links and fixed queries to cast data to a boolean format

Nov 08, 2023

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#82)

Bug fixes

  • Updated the docs to include the correct links for the nsa_cisa_v1 benchmark. (#80) (Thanks @aniketh-varma for the contribution!)
  • Fixed the following queries to cast the data to boolean format. (#79)
    • cronjob_container_privilege_disabled
    • cronjob_host_network_access_disabled
    • cronjob_hostpid_hostipc_sharing_disabled
    • cronjob_immutable_container_filesystem
    • cronjob_non_root_container
    • daemonset_container_privilege_disabled
    • daemonset_host_network_access_disabled
    • daemonset_hostpid_hostipc_sharing_disabled
    • daemonset_immutable_container_filesystem
    • daemonset_non_root_container
    • deployment_container_privilege_disabled
    • deployment_host_network_access_disabled
    • deployment_hostpid_hostipc_sharing_disabled
    • deployment_immutable_container_filesystem
    • deployment_non_root_container
    • job_container_privilege_disabled
    • job_host_network_access_disabled
    • job_hostpid_hostipc_sharing_disabled
    • job_immutable_container_filesystem
    • job_non_root_container
    • pod_container_privilege_disabled
    • pod_immutable_container_filesystem
    • pod_non_root_container
    • pod_service_account_token_enabled
    • pod_template_container_privilege_disabled
    • pod_template_immutable_container_filesystem
    • replicaset_container_privilege_disabled
    • replicaset_host_network_access_disabled
    • replicaset_hostpid_hostipc_sharing_disabled
    • replicaset_immutable_container_filesystem
    • replicaset_non_root_container
    • replication_controller_container_privilege_disabled
    • replication_controller_host_network_access_disabled
    • replication_controller_hostpid_hostipc_sharing_disabled
    • replication_controller_immutable_container_filesystem
    • replication_controller_non_root_container
    • statefulset_container_privilege_disabled
    • statefulset_host_network_access_disabled
    • statefulset_hostpid_hostipc_sharing_disabled
    • statefulset_immutable_container_filesystem
    • statefulset_non_root_container

GCP Compliance mod v0.22 - Fixed kms_key_separation_of_duties_enforced query to ensure that separation of duties is enforced while assigning KMS-related roles to users

Nov 08, 2023

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#130)

Bug fixes

  • Fixed the kms_key_separation_of_duties_enforced query to ensure that separation of duties is enforced while assigning KMS-related roles to users. (#132)

Azure Compliance mod v0.37 - Fixed compute_vm_tcp_udp_access_restricted_internet query

Nov 08, 2023

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#222)

Bug fixes

  • Fixed the compute_vm_tcp_udp_access_restricted_internet query to ensure internet-facing virtual machines are protected with network security groups. (#224)

AWS Well Architected mod v0.9 - Updated the plugin dependency section of the mod to use min_version instead of version

Nov 08, 2023

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#34)

Bug fixes

  • Fixed the README and index docs to correctly reference the well_architected_framework_security benchmark. (#25)

AWS Thrifty mod v0.26 - Renamed control lambda_function_with_graviton2 to lambda_function_with_graviton

Nov 08, 2023

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#161)
  • Renamed the control lambda_function_with_graviton2 to lambda_function_with_graviton in order to maintain consistency. (#158) (Thanks @bluedoors for the contribution!)

AWS Perimeter mod v0.7 - Updated the plugin dependency section of the mod to use min_version instead of version

Nov 08, 2023

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#45)

Bug fixes

  • Fixed the README to include correct links to the benchmarks. (#47) (Thanks @vil02 for the contribution!)

AWS Compliance mod v0.82 - Added glue_connection_ssl_enabled and vpc_peering_connection_route_table_least_privilege controls to All Controls benchmark

Nov 08, 2023

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#728)

Enhancements

  • Added the following controls to the All Controls benchmark: (#727)
    • glue_connection_ssl_enabled
    • vpc_peering_connection_route_table_least_privilege

aws-rds v5.26.0 - Lambda runtimes now powered by Node 18

Nov 07, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

aws-elasticache v5.9.1 - Bug Squashed - ElastiCache Snapshot CMDB control would go into an error state due to a bad internal build

Nov 07, 2023

Bug fixes

  • The AWS > ElastiCache > Snapshot > CMDB control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.

aws-glue v5.11.0 - Quick Actions now available for all Glue resources; Lambda runtimes now powered by Node 18

Nov 06, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Glue > Crawler > Delete from AWS
    • AWS > Glue > Crawler > Set Tags
    • AWS > Glue > Crawler > Skip alarm for Active control
    • AWS > Glue > Crawler > Skip alarm for Active control [90 days]
    • AWS > Glue > Crawler > Skip alarm for Approved control
    • AWS > Glue > Crawler > Skip alarm for Approved control [90 days]
    • AWS > Glue > Crawler > Skip alarm for Tags control
    • AWS > Glue > Crawler > Skip alarm for Tags control [90 days]
    • AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control
    • AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Glue > Database > Delete from AWS
    • AWS > Glue > Database > Skip alarm for Active control
    • AWS > Glue > Database > Skip alarm for Active control [90 days]
    • AWS > Glue > Database > Skip alarm for Approved control
    • AWS > Glue > Database > Skip alarm for Approved control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Delete from AWS
    • AWS > Glue > Development Endpoint [Deprecated] > Set Tags
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control [90 days]
    • AWS > Glue > Job > Delete from AWS
    • AWS > Glue > Job > Set Tags
    • AWS > Glue > Job > Skip alarm for Active control
    • AWS > Glue > Job > Skip alarm for Active control [90 days]
    • AWS > Glue > Job > Skip alarm for Approved control
    • AWS > Glue > Job > Skip alarm for Approved control [90 days]
    • AWS > Glue > Job > Skip alarm for Tags control
    • AWS > Glue > Job > Skip alarm for Tags control [90 days]
    • AWS > Glue > ML Transform > Delete from AWS
    • AWS > Glue > ML Transform > Set Tags
    • AWS > Glue > ML Transform > Skip alarm for Active control
    • AWS > Glue > ML Transform > Skip alarm for Active control [90 days]
    • AWS > Glue > ML Transform > Skip alarm for Approved control
    • AWS > Glue > ML Transform > Skip alarm for Approved control [90 days]
    • AWS > Glue > ML Transform > Skip alarm for Tags control
    • AWS > Glue > ML Transform > Skip alarm for Tags control [90 days]
    • AWS > Glue > Security Configuration > Delete from AWS
    • AWS > Glue > Security Configuration > Skip alarm for Active control
    • AWS > Glue > Security Configuration > Skip alarm for Active control [90 days]
    • AWS > Glue > Security Configuration > Skip alarm for Approved control
    • AWS > Glue > Security Configuration > Skip alarm for Approved control [90 days]
    • AWS > Glue > Table > Delete from AWS
    • AWS > Glue > Table > Skip alarm for Active control
    • AWS > Glue > Table > Skip alarm for Active control [90 days]
    • AWS > Glue > Table > Skip alarm for Approved control
    • AWS > Glue > Table > Skip alarm for Approved control [90 days]
    • AWS > Glue > Trigger > Delete from AWS
    • AWS > Glue > Trigger > Set Tags
    • AWS > Glue > Trigger > Skip alarm for Active control
    • AWS > Glue > Trigger > Skip alarm for Active control [90 days]
    • AWS > Glue > Trigger > Skip alarm for Approved control
    • AWS > Glue > Trigger > Skip alarm for Approved control [90 days]
    • AWS > Glue > Trigger > Skip alarm for Tags control
    • AWS > Glue > Trigger > Skip alarm for Tags control [90 days]
    • AWS > Glue > Workflow > Delete from AWS
    • AWS > Glue > Workflow > Set Tags
    • AWS > Glue > Workflow > Skip alarm for Active control
    • AWS > Glue > Workflow > Skip alarm for Active control [90 days]
    • AWS > Glue > Workflow > Skip alarm for Approved control
    • AWS > Glue > Workflow > Skip alarm for Approved control [90 days]
    • AWS > Glue > Workflow > Skip alarm for Tags control
    • AWS > Glue > Workflow > Skip alarm for Tags control [90 days]

aws-codecommit v5.5.0 - Quick Actions now available for Repositories; Lambda runtimes now powered by Node 18

Nov 06, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CodeCommit > Repository > Approved > Custom

  • Action Types:

    • AWS > CodeCommit > Repository > Delete from AWS
    • AWS > CodeCommit > Repository > Set Tags
    • AWS > CodeCommit > Repository > Skip alarm for Active control
    • AWS > CodeCommit > Repository > Skip alarm for Active control [90 days]
    • AWS > CodeCommit > Repository > Skip alarm for Approved control
    • AWS > CodeCommit > Repository > Skip alarm for Approved control [90 days]
    • AWS > CodeCommit > Repository > Skip alarm for Tags control
    • AWS > CodeCommit > Repository > Skip alarm for Tags control [90 days]

AWS plugin v0.121.1 - Resolved intermittent retention of expired credentials in connection cache

Nov 06, 2023

Bug fixes

  • Fixed the description of the name column in aws_organizations_account table. (#1947) (Thanks @badideasforsale for the contribution!)

Dependencies

  • Recompiled plugin with steampipe-plugin-sdk v5.6.3 which addresses the issue of expired credentials being intermittently retained in the connection cache. (#1956)

Steampipe Plugin SDK v5.6.3 - Fixed intermittent expired credentials

Nov 06, 2023

Bug fixes

  • Fixed expired credentials sometimes being left in the connection cache. Update connection cache to use a backing store per connection, rather than a shared backing store. (#699)

Pipes Terraform Provider v0.12.0 now available

Nov 03, 2023

v0.12.0 of the Terraform Provider for Pipes is now available.

What's new?

  • Resource pipes_workspace_datatank.
  • Resource pipes_workspace_datatank_table.

Enhancements

  • Resource pipes_workspace now supports instance_type.

Google Workspace plugin now available

Nov 03, 2023

Google Sheets plugin now available

Nov 03, 2023

Google Directory plugin now available

Nov 03, 2023

crt.sh plugin now available

Nov 03, 2023

Query API timeout increased to 2 minutes

Nov 03, 2023

The query API timeout has been increased from 1 minute to 2 minutes, allowing for greater flexibility in how you query your data.

gcp v5.23.0 - You can now set a Unique Writer Identity for Logging Sinks created via Event Handlers stack

Nov 03, 2023

What's new?

  • Users can now set a Unique Writer Identity for Logging Sink created via the GCP > Turbot > Event Handlers stack. To get started, set the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy.

gcp-pubsub v5.7.2 - Guardrails' stack controls will now manage Pub/Sub Topics more reliably than before

Nov 03, 2023

Bug fixes

  • Guardrails stack controls would sometimes fail to update Pub/Sub Topic resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

gcp-logging v5.3.3 - Guardrails' stack controls will now manage Logging Sinks more reliably than before

Nov 03, 2023

Bug fixes

  • Guardrails stack controls would sometimes fail to update Logging Sink resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

aws-wellarchitected v5.7.0 - Quick Actions now available for Workloads; Lambda runtimes now powered by Node 18

Nov 03, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Well-Architected Tool > Workload > Approved > Custom

  • Action Types:

    • AWS > Well-Architected Tool > Workload > Delete from AWS
    • AWS > Well-Architected Tool > Workload > Set Tags
    • AWS > Well-Architected Tool > Workload > Skip alarm for Active control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Active control [90 days]
    • AWS > Well-Architected Tool > Workload > Skip alarm for Approved control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Approved control [90 days]
    • AWS > Well-Architected Tool > Workload > Skip alarm for Tags control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Tags control [90 days]

aws-storagegateway v5.4.0 - Lambda runtimes now powered by Node 18

Nov 03, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

aws-secretsmanager v5.6.0 - Quick Actions now available for Secrets; Lambda runtimes now powered by Node 18

Nov 03, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Secrets Manager > Secret > Approved > Custom

  • Action Types:

    • AWS > Secrets Manager > Secret > Delete from AWS
    • AWS > Secrets Manager > Secret > Set Tags
    • AWS > Secrets Manager > Secret > Skip alarm for Active control
    • AWS > Secrets Manager > Secret > Skip alarm for Active control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Approved control
    • AWS > Secrets Manager > Secret > Skip alarm for Approved control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control
    • AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Tags control
    • AWS > Secrets Manager > Secret > Skip alarm for Tags control [90 days]

aws-glacier v5.6.0 - Quick Actions now available for Vaults; Lambda runtimes now powered by Node 18

Nov 03, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Glacier > Vault > Approved > Custom

  • Action Types:

    • AWS > Glacier > Vault > Delete from AWS
    • AWS > Glacier > Vault > Set Tags
    • AWS > Glacier > Vault > Skip alarm for Active control
    • AWS > Glacier > Vault > Skip alarm for Active control [90 days]
    • AWS > Glacier > Vault > Skip alarm for Approved control
    • AWS > Glacier > Vault > Skip alarm for Approved control [90 days]
    • AWS > Glacier > Vault > Skip alarm for Tags control
    • AWS > Glacier > Vault > Skip alarm for Tags control [90 days]

aws-elasticbeanstalk v5.3.0 - Quick Actions now available for Applications; Lambda runtimes now powered by Node 18

Nov 03, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Elastic Beanstalk > Application > Approved > Custom

  • Action Types:

    • AWS > Elastic Beanstalk > Application > Delete from AWS
    • AWS > Elastic Beanstalk > Application > Set Tags
    • AWS > Elastic Beanstalk > Application > Skip alarm for Active control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Active control [90 days]
    • AWS > Elastic Beanstalk > Application > Skip alarm for Approved control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Approved control [90 days]
    • AWS > Elastic Beanstalk > Application > Skip alarm for Tags control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Tags control [90 days]

aws-batch v5.6.0 - Lambda runtimes now powered by Node 18

Nov 03, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

aws-wafregional v5.4.0 - Quick Actions now available for WAF Regional Rules; Lambda runtimes now powered by Node 18

Nov 02, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > WAF Regional > Rule > Approved > Custom

  • Action Types:

    • AWS > WAF Regional > Rule > Delete from AWS
    • AWS > WAF Regional > Rule > Skip alarm for Active control
    • AWS > WAF Regional > Rule > Skip alarm for Active control [90 days]
    • AWS > WAF Regional > Rule > Skip alarm for Approved control
    • AWS > WAF Regional > Rule > Skip alarm for Approved control [90 days]

aws-vpc-internet v5.11.0 - Quick Actions now available for all VPC Internet resources; Lambda runtimes now powered by Node 18

Nov 02, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > VPC > Egress Only Internet Gateway > Delete from AWS
    • AWS > VPC > Egress Only Internet Gateway > Set Tags
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control [90 days]
    • AWS > VPC > Elastic IP > Delete from AWS
    • AWS > VPC > Elastic IP > Set Tags
    • AWS > VPC > Elastic IP > Skip alarm for Active control
    • AWS > VPC > Elastic IP > Skip alarm for Active control [90 days]
    • AWS > VPC > Elastic IP > Skip alarm for Approved control
    • AWS > VPC > Elastic IP > Skip alarm for Approved control [90 days]
    • AWS > VPC > Elastic IP > Skip alarm for Tags control
    • AWS > VPC > Elastic IP > Skip alarm for Tags control [90 days]
    • AWS > VPC > Endpoint > Delete from AWS
    • AWS > VPC > Endpoint > Set Tags
    • AWS > VPC > Endpoint > Skip alarm for Active control
    • AWS > VPC > Endpoint > Skip alarm for Active control [90 days]
    • AWS > VPC > Endpoint > Skip alarm for Approved control
    • AWS > VPC > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > VPC > Endpoint > Skip alarm for Tags control
    • AWS > VPC > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > VPC > Endpoint Service > Delete from AWS
    • AWS > VPC > Endpoint Service > Set Tags
    • AWS > VPC > Endpoint Service > Skip alarm for Active control
    • AWS > VPC > Endpoint Service > Skip alarm for Active control [90 days]
    • AWS > VPC > Endpoint Service > Skip alarm for Approved control
    • AWS > VPC > Endpoint Service > Skip alarm for Approved control [90 days]
    • AWS > VPC > Endpoint Service > Skip alarm for Tags control
    • AWS > VPC > Endpoint Service > Skip alarm for Tags control [90 days]
    • AWS > VPC > Internet Gateway > Delete from AWS
    • AWS > VPC > Internet Gateway > Set Tags
    • AWS > VPC > Internet Gateway > Skip alarm for Active control
    • AWS > VPC > Internet Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > Internet Gateway > Skip alarm for Approved control
    • AWS > VPC > Internet Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > Internet Gateway > Skip alarm for Tags control
    • AWS > VPC > Internet Gateway > Skip alarm for Tags control [90 days]
    • AWS > VPC > NAT Gateway > Delete from AWS
    • AWS > VPC > NAT Gateway > Set Tags
    • AWS > VPC > NAT Gateway > Skip alarm for Active control
    • AWS > VPC > NAT Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > NAT Gateway > Skip alarm for Approved control
    • AWS > VPC > NAT Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > NAT Gateway > Skip alarm for Tags control
    • AWS > VPC > NAT Gateway > Skip alarm for Tags control [90 days]

aws-vpc-core v5.17.0 - Quick Actions now available for all VPC Core resources; Lambda runtimes now powered by Node 18

Nov 02, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > VPC > DHCP Options > Delete from AWS
    • AWS > VPC > DHCP Options > Set Tags
    • AWS > VPC > DHCP Options > Skip alarm for Active control
    • AWS > VPC > DHCP Options > Skip alarm for Active control [90 days]
    • AWS > VPC > DHCP Options > Skip alarm for Tags control
    • AWS > VPC > DHCP Options > Skip alarm for Tags control [90 days]
    • AWS > VPC > Route Table > Delete from AWS
    • AWS > VPC > Route Table > Set Tags
    • AWS > VPC > Route Table > Skip alarm for Active control
    • AWS > VPC > Route Table > Skip alarm for Active control [90 days]
    • AWS > VPC > Route Table > Skip alarm for Tags control
    • AWS > VPC > Route Table > Skip alarm for Tags control [90 days]
    • AWS > VPC > Subnet > Delete from AWS
    • AWS > VPC > Subnet > Set Tags
    • AWS > VPC > Subnet > Skip alarm for Active control
    • AWS > VPC > Subnet > Skip alarm for Active control [90 days]
    • AWS > VPC > Subnet > Skip alarm for Tags control
    • AWS > VPC > Subnet > Skip alarm for Tags control [90 days]
    • AWS > VPC > VPC > Delete from AWS
    • AWS > VPC > VPC > Set Tags
    • AWS > VPC > VPC > Skip alarm for Active control
    • AWS > VPC > VPC > Skip alarm for Active control [90 days]
    • AWS > VPC > VPC > Skip alarm for Tags control
    • AWS > VPC > VPC > Skip alarm for Tags control [90 days]

aws-sqs v5.14.0 - Lambda runtimes now powered by Node 18

Nov 02, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

aws-sns v5.15.0 - Lambda runtimes now powered by Node 18

Nov 02, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

aws-elasticsearch v5.5.0 - Quick Actions now available for Domains; Lambda runtimes now powered by Node 18

Nov 02, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Elasticsearch > Domain > Approved > Custom

  • Action Types:

    • AWS > Elasticsearch > Domain > Delete from AWS
    • AWS > Elasticsearch > Domain > Set Tags
    • AWS > Elasticsearch > Domain > Skip alarm for Active control
    • AWS > Elasticsearch > Domain > Skip alarm for Active control [90 days]
    • AWS > Elasticsearch > Domain > Skip alarm for Approved control
    • AWS > Elasticsearch > Domain > Skip alarm for Approved control [90 days]
    • AWS > Elasticsearch > Domain > Skip alarm for Tags control
    • AWS > Elasticsearch > Domain > Skip alarm for Tags control [90 days]

aws-ec2 v5.36.2 - Bug Squashed - Account Attributes CMDB control would go into an error state due to a bad internal build

Nov 02, 2023

Bug fixes

  • The AWS > EC2 > Account Attributes > CMDB control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.

Azure plugin v0.51.0 - Added azure_alert_management, azure_databricks_workspace, azure_monitor_activity_log_event, and azure_recovery_services_backup_job tables

Nov 02, 2023

aws v5.29.0 - Lambda runtimes now powered by Node 18

Nov 01, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

aws-ssm v5.15.0 - Lambda runtimes now powered by Node 18

Nov 01, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

aws-elasticache v5.9.0 - Quick Actions now available for all ElasticCache resources; Lambda runtimes now powered by Node 18

Nov 01, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > ElastiCache > Cache Cluster > Delete from AWS
    • AWS > ElastiCache > Cache Cluster > Set Tags
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Active control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control [90 days]
    • AWS > ElastiCache > Cache Parameter Group > Delete from AWS
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Replication Group > Delete from AWS
    • AWS > ElastiCache > Replication Group > Skip alarm for Active control
    • AWS > ElastiCache > Replication Group > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Snapshot > Delete from AWS
    • AWS > ElastiCache > Snapshot > Set Tags
    • AWS > ElastiCache > Snapshot > Skip alarm for Active control
    • AWS > ElastiCache > Snapshot > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Snapshot > Skip alarm for Tags control
    • AWS > ElastiCache > Snapshot > Skip alarm for Tags control [90 days]

aws-datapipeline v5.3.0 - Quick Actions now available for Pipelines; Lambda runtimes now powered by Node 18

Nov 01, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Data Pipeline > Pipeline > Approved > Custom

  • Action Types:

    • AWS > Data Pipeline > Pipeline > Delete from AWS
    • AWS > Data Pipeline > Pipeline > Set Tags
    • AWS > Data Pipeline > Pipeline > Skip alarm for Active control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Active control [90 days]
    • AWS > Data Pipeline > Pipeline > Skip alarm for Approved control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Approved control [90 days]
    • AWS > Data Pipeline > Pipeline > Skip alarm for Tags control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Tags control [90 days]

aws-backup v5.10.1 - Bugs Squashed - Recovery Points deleted in AWS were not cleaned up automatically via real-time events in Guardrails

Nov 01, 2023

Bug fixes

  • Recovery Points deleted in AWS were not cleaned up automatically via real-time events in Guardrails. This is now fixed.

Linkedin plugin v0.3.0 - Added contact_info column to linkedin_profile table

Nov 01, 2023

Enhancements

  • Added the contact_info column to linkedin_profile table. (#5)

aws-vpc-connect v5.9.0 - Lambda runtimes now powered by Node 18

Oct 31, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

aws-sagemaker v5.9.0 - Quick Actions now available for all SageMaker resources; Lambda runtimes now powered by Node 18

Oct 31, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Added support for ap-northeast-3 and us-gov-east-1 regions in the AWS > SageMaker > Regions policy.

  • Policy Types:

    • AWS > SageMaker > Code Repository > Approved > Custom
    • AWS > SageMaker > Endpoint > Approved > Custom
    • AWS > SageMaker > Endpoint Configuration > Approved > Custom
    • AWS > SageMaker > Lifecycle Configuration > Approved > Custom
    • AWS > SageMaker > Model > Approved > Custom
    • AWS > SageMaker > Training Job > Approved > Custom

  • Action Types:

    • AWS > SageMaker > Code Repository > Delete from AWS
    • AWS > SageMaker > Code Repository > Skip alarm for Active control
    • AWS > SageMaker > Code Repository > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Code Repository > Skip alarm for Approved control
    • AWS > SageMaker > Code Repository > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Domain > Delete from AWS
    • AWS > SageMaker > Endpoint > Delete from AWS
    • AWS > SageMaker > Endpoint > Set Tags
    • AWS > SageMaker > Endpoint > Skip alarm for Active control
    • AWS > SageMaker > Endpoint > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Endpoint > Skip alarm for Approved control
    • AWS > SageMaker > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Endpoint > Skip alarm for Tags control
    • AWS > SageMaker > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Delete from AWS
    • AWS > SageMaker > Endpoint Configuration > Set Tags
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Lifecycle Configuration > Delete from AWS
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Model > Delete from AWS
    • AWS > SageMaker > Model > Set Tags
    • AWS > SageMaker > Model > Skip alarm for Active control
    • AWS > SageMaker > Model > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Model > Skip alarm for Approved control
    • AWS > SageMaker > Model > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Model > Skip alarm for Tags control
    • AWS > SageMaker > Model > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Notebook Instance > Delete from AWS
    • AWS > SageMaker > Notebook Instance > Set Tags
    • AWS > SageMaker > Notebook Instance > Skip alarm for Active control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Notebook Instance > Skip alarm for Approved control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Notebook Instance > Skip alarm for Tags control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Training Job > Set Tags
    • AWS > SageMaker > Training Job > Skip alarm for Active control
    • AWS > SageMaker > Training Job > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Training Job > Skip alarm for Approved control
    • AWS > SageMaker > Training Job > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Training Job > Skip alarm for Tags control
    • AWS > SageMaker > Training Job > Skip alarm for Tags control [90 days]

aws-route53resolver v5.4.0 - Quick Actions now available for Resolver Endpoints and Rules; Lambda runtimes now powered by Node 18

Oct 30, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Route 53 Resolver > Resolver Endpoint > Approved > Custom
    • AWS > Route 53 Resolver > Resolver Rule > Approved > Custom

  • Action Types:

    • AWS > Route 53 Resolver > Resolver Endpoint > Delete from AWS
    • AWS > Route 53 Resolver > Resolver Endpoint > Set Tags
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control [90 days]
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control [90 days]
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Delete from AWS
    • AWS > Route 53 Resolver > Resolver Rule > Set Tags
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control [90 days]

aws-route53 v6.6.0 - Lambda runtimes now powered by Node 18

Oct 30, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

aws-kms v5.17.0 - Lambda runtimes now powered by Node 18

Oct 30, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

aws-events v5.12.0 - Quick Actions now available for Rules and Targets; Lambda runtimes now powered by Node 18

Oct 30, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > Events > Rule > Skip alarm for Approved control
    • AWS > Events > Rule > Skip alarm for Approved control [90 days]
    • AWS > Events > Target > Skip alarm for Active control
    • AWS > Events > Target > Skip alarm for Active control [90 days]
    • AWS > Events > Target > Skip alarm for Approved control
    • AWS > Events > Target > Skip alarm for Approved control [90 days]

aws-waf v5.7.0 - Quick Actions now available for all WAF resources; Lambda runtimes now powered by Node 18

Oct 27, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > WAF > IP Set > Delete from AWS
    • AWS > WAF > IP Set > Skip alarm for Active control
    • AWS > WAF > IP Set > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set > Skip alarm for Approved control
    • AWS > WAF > IP Set > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Global > Delete from AWS
    • AWS > WAF > IP Set v2 Global > Set Tags
    • AWS > WAF > IP Set v2 Global > Skip alarm for Active control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set v2 Global > Skip alarm for Approved control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Global > Skip alarm for Tags control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > IP Set v2 Regional > Delete from AWS
    • AWS > WAF > IP Set v2 Regional > Set Tags
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Active control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rate Based Rule > Delete from AWS
    • AWS > WAF > Rate Based Rule > Skip alarm for Active control
    • AWS > WAF > Rate Based Rule > Skip alarm for Active control [90 days]
    • AWS > WAF > Rate Based Rule > Skip alarm for Approved control
    • AWS > WAF > Rate Based Rule > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Delete from AWS
    • AWS > WAF > Regex Pattern Set v2 Global > Set Tags
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Delete from AWS
    • AWS > WAF > Regex Pattern Set v2 Regional > Set Tags
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rule > Delete from AWS
    • AWS > WAF > Rule > Skip alarm for Active control
    • AWS > WAF > Rule > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule > Skip alarm for Approved control
    • AWS > WAF > Rule > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Global > Delete from AWS
    • AWS > WAF > Rule Group v2 Global > Set Tags
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Active control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Delete from AWS
    • AWS > WAF > Rule Group v2 Regional > Set Tags
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL > Delete from AWS
    • AWS > WAF > Web ACL > Set Tags
    • AWS > WAF > Web ACL > Skip alarm for Active control
    • AWS > WAF > Web ACL > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL > Skip alarm for Approved control
    • AWS > WAF > Web ACL > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL > Skip alarm for Tags control
    • AWS > WAF > Web ACL > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL v2 Global > Delete from AWS
    • AWS > WAF > Web ACL v2 Global > Set Tags
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Active control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Delete from AWS
    • AWS > WAF > Web ACL v2 Regional > Set Tags
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control [90 days]

aws-backup v5.10.0 - Quick Actions now available for all Backup resources; Lambda runtimes now powered by Node 18

Oct 27, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > Backup > Backup Plan > Delete from AWS
    • AWS > Backup > Backup Plan > Set Tags
    • AWS > Backup > Backup Plan > Skip alarm for Active control
    • AWS > Backup > Backup Plan > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Plan > Skip alarm for Tags control
    • AWS > Backup > Backup Plan > Skip alarm for Tags control [90 days]
    • AWS > Backup > Backup Selection > Delete from AWS
    • AWS > Backup > Backup Selection > Skip alarm for Active control
    • AWS > Backup > Backup Selection > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Vault > Delete from AWS
    • AWS > Backup > Backup Vault > Set Tags
    • AWS > Backup > Backup Vault > Skip alarm for Active control
    • AWS > Backup > Backup Vault > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Vault > Skip alarm for Tags control
    • AWS > Backup > Backup Vault > Skip alarm for Tags control [90 days]
    • AWS > Backup > Recovery Point > Delete from AWS
    • AWS > Backup > Recovery Point > Set Tags
    • AWS > Backup > Recovery Point > Skip alarm for Active control
    • AWS > Backup > Recovery Point > Skip alarm for Active control [90 days]
    • AWS > Backup > Recovery Point > Skip alarm for Tags control
    • AWS > Backup > Recovery Point > Skip alarm for Tags control [90 days]

GitHub plugin v0.36.1 - Fixed required quals for github_issue and github_pull_request tables

Oct 27, 2023

Bug fixes

  • Fixed the required quals of github_issue and github_pull_request tables to correctly return data instead of an error. (#355)

aws-workspaces v5.3.0 - Quick Actions now available for WorkSpaces; Lambda runtimes now powered by Node 18

Oct 26, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for ap-south-1, af-south-1, cn-north-1 and us-gov-east-1 regions in the AWS > WorkSpaces > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > WorkSpaces > WorkSpace > Approved > Custom

  • Action Types:

    • AWS > WorkSpaces > WorkSpace > Delete from AWS
    • AWS > WorkSpaces > WorkSpace > Set Tags
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Active control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Active control [90 days]
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control [90 days]
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control [90 days]

aws-s3 v5.23.0 - Lambda runtimes now powered by Node 18

Oct 25, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

aws-mq v5.2.0 - Quick Actions now available for Brokers; Lambda runtimes now powered by Node 18

Oct 25, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for cn-north-1, cn-northwest-1, us-gov-east-1 and us-gov-west-1 regions in the AWS > MQ > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Amazon MQ > Broker > Approved > Custom

  • Action Types:

    • AWS > Amazon MQ > Broker > Delete from AWS
    • AWS > Amazon MQ > Broker > Set Tags
    • AWS > Amazon MQ > Broker > Skip alarm for Active control
    • AWS > Amazon MQ > Broker > Skip alarm for Active control [90 days]
    • AWS > Amazon MQ > Broker > Skip alarm for Approved control
    • AWS > Amazon MQ > Broker > Skip alarm for Approved control [90 days]
    • AWS > Amazon MQ > Broker > Skip alarm for Tags control
    • AWS > Amazon MQ > Broker > Skip alarm for Tags control [90 days]

aws-logs v5.12.0 - Quick Actions now available for all Logs resources; Lambda runtimes now powered by Node 18

Oct 25, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Logs > Log Group > Delete from AWS
    • AWS > Logs > Log Group > Set Tags
    • AWS > Logs > Log Group > Skip alarm for Active control
    • AWS > Logs > Log Group > Skip alarm for Active control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Approved control
    • AWS > Logs > Log Group > Skip alarm for Approved control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Encryption at Rest control
    • AWS > Logs > Log Group > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Tags control
    • AWS > Logs > Log Group > Skip alarm for Tags control [90 days]
    • AWS > Logs > Log Stream > Delete from AWS
    • AWS > Logs > Log Stream > Skip alarm for Active control
    • AWS > Logs > Log Stream > Skip alarm for Active control [90 days]
    • AWS > Logs > Log Stream > Skip alarm for Approved control
    • AWS > Logs > Log Stream > Skip alarm for Approved control [90 days]
    • AWS > Logs > Metric Filter > Delete from AWS
    • AWS > Logs > Metric Filter > Skip alarm for Active control
    • AWS > Logs > Metric Filter > Skip alarm for Active control [90 days]
    • AWS > Logs > Metric Filter > Skip alarm for Approved control
    • AWS > Logs > Metric Filter > Skip alarm for Approved control [90 days]
    • AWS > Logs > Resource Policy > Delete from AWS
    • AWS > Logs > Resource Policy > Skip alarm for Active control
    • AWS > Logs > Resource Policy > Skip alarm for Active control [90 days]
    • AWS > Logs > Resource Policy > Skip alarm for Approved control
    • AWS > Logs > Resource Policy > Skip alarm for Approved control [90 days]

aws-fsx v5.3.0 - Quick Actions now available for Backups and File Systems; Lambda runtimes now powered by Node 18

Oct 25, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for cn-north-1, cn-northwest-1, us-gov-east-1 and us-gov-west-1 regions in the AWS > FSx > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > FSx > Backup > Approved > Custom
    • AWS > FSx > File System > Approved > Custom

  • Action Types:

    • AWS > FSx > Backup > Delete from AWS
    • AWS > FSx > Backup > Set Tags
    • AWS > FSx > Backup > Skip alarm for Active control
    • AWS > FSx > Backup > Skip alarm for Active control [90 days]
    • AWS > FSx > Backup > Skip alarm for Approved control
    • AWS > FSx > Backup > Skip alarm for Approved control [90 days]
    • AWS > FSx > Backup > Skip alarm for Tags control
    • AWS > FSx > Backup > Skip alarm for Tags control [90 days]
    • AWS > FSx > File System > Delete from AWS
    • AWS > FSx > File System > Set Tags
    • AWS > FSx > File System > Skip alarm for Active control
    • AWS > FSx > File System > Skip alarm for Active control [90 days]
    • AWS > FSx > File System > Skip alarm for Approved control
    • AWS > FSx > File System > Skip alarm for Approved control [90 days]
    • AWS > FSx > File System > Skip alarm for Tags control
    • AWS > FSx > File System > Skip alarm for Tags control [90 days]

aws-cloudwatch v5.7.0 - Quick Actions now available for Alarms; Lambda runtimes now powered by Node 18

Oct 25, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > CloudWatch > Alarm > Delete from AWS
    • AWS > CloudWatch > Alarm > Set Tags
    • AWS > CloudWatch > Alarm > Skip alarm for Active control
    • AWS > CloudWatch > Alarm > Skip alarm for Active control [90 days]
    • AWS > CloudWatch > Alarm > Skip alarm for Approved control
    • AWS > CloudWatch > Alarm > Skip alarm for Approved control [90 days]
    • AWS > CloudWatch > Alarm > Skip alarm for Tags control
    • AWS > CloudWatch > Alarm > Skip alarm for Tags control [90 days]

aws-appstream v5.3.0 - Quick Actions now available for all AppStream resources; Lambda runtimes now powered by Node 18

Oct 25, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for ca-central-1, eu-west-2, sa-east-1, us-east-2 and us-gov-east-1 regions in the AWS > AppStream > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > AppStream > Fleet > Approved > Custom
    • AWS > AppStream > Image > Approved > Custom
    • AWS > AppStream > Image Builder > Approved > Custom
    • AWS > AppStream > User > Approved > Custom

  • Action Types:

    • AWS > AppStream > Fleet > Delete from AWS
    • AWS > AppStream > Fleet > Set Tags
    • AWS > AppStream > Fleet > Skip alarm for Active control
    • AWS > AppStream > Fleet > Skip alarm for Active control [90 days]
    • AWS > AppStream > Fleet > Skip alarm for Approved control
    • AWS > AppStream > Fleet > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Fleet > Skip alarm for Tags control
    • AWS > AppStream > Fleet > Skip alarm for Tags control [90 days]
    • AWS > AppStream > Image > Delete from AWS
    • AWS > AppStream > Image > Set Tags
    • AWS > AppStream > Image > Skip alarm for Active control
    • AWS > AppStream > Image > Skip alarm for Active control [90 days]
    • AWS > AppStream > Image > Skip alarm for Approved control
    • AWS > AppStream > Image > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Image > Skip alarm for Tags control
    • AWS > AppStream > Image > Skip alarm for Tags control [90 days]
    • AWS > AppStream > Image Builder > Delete from AWS
    • AWS > AppStream > Image Builder > Set Tags
    • AWS > AppStream > Image Builder > Skip alarm for Active control
    • AWS > AppStream > Image Builder > Skip alarm for Active control [90 days]
    • AWS > AppStream > Image Builder > Skip alarm for Approved control
    • AWS > AppStream > Image Builder > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Image Builder > Skip alarm for Tags control
    • AWS > AppStream > Image Builder > Skip alarm for Tags control [90 days]
    • AWS > AppStream > User > Delete from AWS
    • AWS > AppStream > User > Skip alarm for Active control
    • AWS > AppStream > User > Skip alarm for Active control [90 days]
    • AWS > AppStream > User > Skip alarm for Approved control
    • AWS > AppStream > User > Skip alarm for Approved control [90 days]

Turbot Guardrails Enterprise (TE) v5.42.4 - passport-saml Node package downgraded to 1.3.5.

Oct 24, 2023

What's new?

  • Server:
    • Updated: Downgrade passport-saml Node package to 1.3.5.

GitHub plugin v0.36.0 - Optimized GraphQL queries for issue and pull request tables

Oct 24, 2023

What's new

  • Updated github_issue, github_my_issue, github_pull_request, github_search_issue, and github_search_pull_request tables to only include nested and user permission columns in GraphQL request when requested. This should result in faster queries and large scale queries completing more consistently. (#342)

Vanta plugin v0.3.2 - Fixed vanta_computer table queries failing

Oct 20, 2023

Bug fixes

  • Fixed vanta_computer table queries failing due to inclusion of deprecated API field requiresLocationServices in fetchDomainEndpoints query. (#19) (Thanks @eric-glb for the contribution!)

Sentry plugin v0.2.0 - Sentry base URL can now be configured

Oct 20, 2023

What's new?

  • The Sentry base URL can now be set through the base_url config argument or SENTRY_URL environment variable. (#11) (Thanks @beudbeud for the contribution!)

Prometheus plugin v0.5.0 - Added support for PROMETHEUS_URL environment variable

Oct 20, 2023

What's new?

  • The Prometheus address (address) can now be set with the PROMETHEUS_URL environment variable. (#23) (Thanks @beudbeud for the contribution!)

Azure Compliance mod v0.36 - Fixed README to include correct benchmark reference

Oct 20, 2023

Bug fixes

  • Fixed README to include correct reference to the All Controls benchmark. (#218) (Thanks @vil02 for the contribution!)

AWS Compliance mod v0.81 - Added controls for Athena and IAM services

Oct 20, 2023

Enhancements

  • Added the following controls to the All Controls benchmark: (#722)
    • athena_workgroup_enforce_configuration_enabled
    • iam_inline_policy_no_administrative_privileges

Bug fixes

  • Fixed README to include correct reference to the All Controls benchmark. (#721) (Thanks @vil02 for the contribution!)
  • Fixed typos in several compliance control descriptions. (#719) (Thanks @pdecat for the contribution!)

aws-ec2 v5.36.1 - Bug Squashed - Volume Discovery control would go into an error state due to bad GraphQL queries

Oct 17, 2023

Bug fixes

  • The AWS > EC2 > Volume > Discovery control would go into an error state because of an unintended GraphQL query bug. This is fixed and the control will now work correctly as expected.

AWS plugin v0.121.0 - Improved documentation for AWS IAM role table

Oct 13, 2023

Enhancements

  • Improved documentation and descriptions for the aws_iam_role table. (#1940)
  • Replaced uses of rand.Seed with latest rand.NewSource. (#1933)

AWS Insights mod v0.14 - Added new dashboard and query docs

Oct 13, 2023

Enhancements

  • Added additional dashboard and query docs and updated metadata descriptions in docs. (#323)

Turbot Guardrails Enterprise Foundation (TEF) v1.53.0 - Hive manager Updated to Manage New RDS Certificate

Oct 11, 2023

What's new?

  • Updated: Hive manager code to include the new certificate.

Turbot Guardrails Enterprise Database (TED) v1.38.0 - New Parameter for RDS Certificate for Commercial Cloud

Oct 11, 2023

What's new?

  • Added: parameter for RDS certificate for commercial cloud.

Turbot Guardrails Enterprise (TE) v5.42.3 - Bugs Squashed - Stack Control Execution Issue with Large number of Resources; RDS CA Certificate to use the latest bundled certificate

Oct 11, 2023

What's new?

  • Server:

    • Updated: RDS CA Certificate to use the latest bundled certificate.
    • Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4
    • Updated: Steampipe query in developer section now points to the correct table.

  • UI:

    • Added: Option to view Changelogs in the Help dropdown menu.

Bug fixes

  • Server:
    • Fixed: Stack control failed to run when a large number of resources were being managed by a stack control.

Workspaces upgraded to Steampipe v0.21.1

Oct 09, 2023

All Pipes workspaces have now been upgraded to Steampipe v0.21.1.

For more information on this Steampipe release, see the release notes.

aws-guardduty v5.7.0 - Quick Actions now available for all GuardDuty resources; Lambda runtimes now powered by Node 18

Oct 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > GuardDuty > Detector > Delete from AWS
    • AWS > GuardDuty > Detector > Set Tags
    • AWS > GuardDuty > Detector > Skip alarm for Active control
    • AWS > GuardDuty > Detector > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > Detector > Skip alarm for Approved control
    • AWS > GuardDuty > Detector > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > Detector > Skip alarm for Tags control
    • AWS > GuardDuty > Detector > Skip alarm for Tags control [90 days]
    • AWS > GuardDuty > IPSet > Delete from AWS
    • AWS > GuardDuty > IPSet > Set Tags
    • AWS > GuardDuty > IPSet > Skip alarm for Active control
    • AWS > GuardDuty > IPSet > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > IPSet > Skip alarm for Approved control
    • AWS > GuardDuty > IPSet > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > IPSet > Skip alarm for Tags control
    • AWS > GuardDuty > IPSet > Skip alarm for Tags control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Delete from AWS
    • AWS > GuardDuty > ThreatIntelSet > Set Tags
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control [90 days]

aws-emr v5.7.0 - Quick Actions now available for Clusters and Security Configurations; Lambda runtimes now powered by Node 18

Oct 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > EMR > Cluster > Delete from AWS
    • AWS > EMR > Cluster > Set Tags
    • AWS > EMR > Cluster > Skip alarm for Active control
    • AWS > EMR > Cluster > Skip alarm for Active control [90 days]
    • AWS > EMR > Cluster > Skip alarm for Approved control
    • AWS > EMR > Cluster > Skip alarm for Approved control [90 days]
    • AWS > EMR > Cluster > Skip alarm for Tags control
    • AWS > EMR > Cluster > Skip alarm for Tags control [90 days]
    • AWS > EMR > Security Configuration > Delete from AWS
    • AWS > EMR > Security Configuration > Skip alarm for Active control
    • AWS > EMR > Security Configuration > Skip alarm for Active control [90 days]
    • AWS > EMR > Security Configuration > Skip alarm for Approved control
    • AWS > EMR > Security Configuration > Skip alarm for Approved control [90 days]

aws-ecs v5.6.0 - Quick Actions now available for all ECS resources; Lambda runtimes now powered by Node 18

Oct 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > ECS > Cluster > Delete from AWS
    • AWS > ECS > Cluster > Set Tags
    • AWS > ECS > Cluster > Skip alarm for Active control
    • AWS > ECS > Cluster > Skip alarm for Active control [90 days]
    • AWS > ECS > Cluster > Skip alarm for Approved control
    • AWS > ECS > Cluster > Skip alarm for Approved control [90 days]
    • AWS > ECS > Cluster > Skip alarm for Tags control
    • AWS > ECS > Cluster > Skip alarm for Tags control [90 days]
    • AWS > ECS > Container Instance > Delete from AWS
    • AWS > ECS > Container Instance > Skip alarm for Active control
    • AWS > ECS > Container Instance > Skip alarm for Active control [90 days]
    • AWS > ECS > Container Instance > Skip alarm for Approved control
    • AWS > ECS > Container Instance > Skip alarm for Approved control [90 days]
    • AWS > ECS > Service > Delete from AWS
    • AWS > ECS > Service > Set Tags
    • AWS > ECS > Service > Skip alarm for Active control
    • AWS > ECS > Service > Skip alarm for Active control [90 days]
    • AWS > ECS > Service > Skip alarm for Approved control
    • AWS > ECS > Service > Skip alarm for Approved control [90 days]
    • AWS > ECS > Service > Skip alarm for Tags control
    • AWS > ECS > Service > Skip alarm for Tags control [90 days]
    • AWS > ECS > Task Definition > Delete from AWS
    • AWS > ECS > Task Definition > Set Tags
    • AWS > ECS > Task Definition > Skip alarm for Active control
    • AWS > ECS > Task Definition > Skip alarm for Active control [90 days]
    • AWS > ECS > Task Definition > Skip alarm for Approved control
    • AWS > ECS > Task Definition > Skip alarm for Approved control [90 days]
    • AWS > ECS > Task Definition > Skip alarm for Tags control
    • AWS > ECS > Task Definition > Skip alarm for Tags control [90 days]

aws-ec2 v5.36.0 - You can now Block Public Access for AMIs; Lambda runtimes now powered by Node 18

Oct 09, 2023

What's new?

  • You can now configure Block Public Access for AMIs. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for AMIs policy to Enforce: Enable Block Public Access for AMIs.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • AWS > EC2 > Account Attributes > Block Public Access for AMIs

  • Policy Types:

    • AWS > EC2 > Account Attributes > Block Public Access for AMIs

  • Action Types:

    • AWS > EC2 > Account Attributes > Update Block Public Access for AMIs

aws-dms v5.5.0 - Quick Actions now available for Endpoints and Replication Instances; Lambda runtimes now powered by Node 18

Oct 09, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > DMS > Endpoint > Approved > Custom
    • AWS > DMS > Replication Instance > Approved > Custom

  • Action Types:

    • AWS > DMS > Endpoint > Delete from AWS
    • AWS > DMS > Endpoint > Set Tags
    • AWS > DMS > Endpoint > Skip alarm for Active control
    • AWS > DMS > Endpoint > Skip alarm for Active control [90 days]
    • AWS > DMS > Endpoint > Skip alarm for Approved control
    • AWS > DMS > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > DMS > Endpoint > Skip alarm for Tags control
    • AWS > DMS > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > DMS > Replication Instance > Delete from AWS
    • AWS > DMS > Replication Instance > Set Tags
    • AWS > DMS > Replication Instance > Skip alarm for Active control
    • AWS > DMS > Replication Instance > Skip alarm for Active control [90 days]
    • AWS > DMS > Replication Instance > Skip alarm for Approved control
    • AWS > DMS > Replication Instance > Skip alarm for Approved control [90 days]
    • AWS > DMS > Replication Instance > Skip alarm for Tags control
    • AWS > DMS > Replication Instance > Skip alarm for Tags control [90 days]

aws-ses v5.4.0 - Quick Actions now available for Identities; Lambda runtimes now powered by Node 18

Oct 06, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > SES > Identity > Delete from AWS
    • AWS > SES > Identity > Skip alarm for Active control
    • AWS > SES > Identity > Skip alarm for Active control [90 days]
    • AWS > SES > Identity > Skip alarm for Approved control
    • AWS > SES > Identity > Skip alarm for Approved control [90 days]

aws-securityhub v5.3.0 - Quick Actions now available for Security Hub; Lambda runtimes now powered by Node 18

Oct 06, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Security Hub > Hub > Approved > Custom

  • Action Types:

    • AWS > Security Hub > Hub > Delete from AWS
    • AWS > Security Hub > Hub > Set Tags
    • AWS > Security Hub > Hub > Skip alarm for Approved control
    • AWS > Security Hub > Hub > Skip alarm for Approved control [90 days]
    • AWS > Security Hub > Hub > Skip alarm for Tags control
    • AWS > Security Hub > Hub > Skip alarm for Tags control [90 days]

aws-kinesis v5.8.0 - Quick Actions now available for Consumers and Streams; Lambda runtimes now powered by Node 18

Oct 06, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Kinesis > Consumer > Delete from AWS
    • AWS > Kinesis > Consumer > Skip alarm for Active control
    • AWS > Kinesis > Consumer > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Consumer > Skip alarm for Approved control
    • AWS > Kinesis > Consumer > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Stream > Delete from AWS
    • AWS > Kinesis > Stream > Set Tags
    • AWS > Kinesis > Stream > Skip alarm for Active control
    • AWS > Kinesis > Stream > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Approved control
    • AWS > Kinesis > Stream > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control
    • AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Tags control
    • AWS > Kinesis > Stream > Skip alarm for Tags control [90 days]

aws-dynamodb v5.10.0 - Quick Actions now available for Backups, Global Tables and Tables; Lambda runtimes now powered by Node 18

Oct 06, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > DynamoDB > Backup > Delete from AWS
    • AWS > DynamoDB > Backup > Skip alarm for Active control
    • AWS > DynamoDB > Backup > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Backup > Skip alarm for Approved control
    • AWS > DynamoDB > Backup > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Global Table > Delete from AWS
    • AWS > DynamoDB > Global Table > Skip alarm for Active control
    • AWS > DynamoDB > Global Table > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Global Table > Skip alarm for Approved control
    • AWS > DynamoDB > Global Table > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Table > Delete from AWS
    • AWS > DynamoDB > Table > Set Tags
    • AWS > DynamoDB > Table > Skip alarm for Active control
    • AWS > DynamoDB > Table > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Approved control
    • AWS > DynamoDB > Table > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control
    • AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Tags control
    • AWS > DynamoDB > Table > Skip alarm for Tags control [90 days]

Terraform Azure Compliance mod v0.9 - Added 11 new controls

Oct 06, 2023

What's new?

  • Added 11 new controls across the benchmarks for the following services: (#39)
    • Application Gateway
    • Automation
    • Cognitive Search
    • Compute
    • Frontdoor
    • Network
    • PostgreSQL

Turbot Pipes Zapier app now available

Oct 05, 2023

Plans & pricing now available

Oct 05, 2023

Turbot Pipes plans & pricing are now available.

Free for Developers! Free trial & usage-based for Teams. Start immediately & cancel anytime.

For more information, see the launch post.

Datatank now available

Oct 05, 2023

Datatank is now available in Turbot Pipes workspaces. Blow past API speed limits with scheduled data sync.

For more information, see the launch post.

aws-stepfunctions v5.6.0 - Quick Actions now available for State Machines; Lambda runtimes now powered by Node 18

Oct 05, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Step Functions > State Machine > Approved > Custom

  • Action Types:

    • AWS > Step Functions > State Machine > Delete from AWS
    • AWS > Step Functions > State Machine > Set Tags
    • AWS > Step Functions > State Machine > Skip alarm for Active control
    • AWS > Step Functions > State Machine > Skip alarm for Active control [90 days]
    • AWS > Step Functions > State Machine > Skip alarm for Approved control
    • AWS > Step Functions > State Machine > Skip alarm for Approved control [90 days]
    • AWS > Step Functions > State Machine > Skip alarm for Tags control
    • AWS > Step Functions > State Machine > Skip alarm for Tags control [90 days]

aws-shield v5.2.0 - Quick Actions now available for Shield Protection; Lambda runtimes now powered by Node 18; and more

Oct 05, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Shield > Protection > Approved > Custom

  • Action Types:

    • AWS > Shield > Protection > Delete from AWS
    • AWS > Shield > Protection > Skip alarm for Active control
    • AWS > Shield > Protection > Skip alarm for Active control [90 days]
    • AWS > Shield > Protection > Skip alarm for Approved control
    • AWS > Shield > Protection > Skip alarm for Approved control [90 days]

aws-directoryservice v5.4.0 - Quick Actions now available for Directories; Lambda runtimes now powered by Node 18

Oct 05, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Directory Service > Directory > Approved > Custom

  • Action Types:

    • AWS > Directory Service > Directory > Delete from AWS
    • AWS > Directory Service > Directory > Skip alarm for Active control
    • AWS > Directory Service > Directory > Skip alarm for Active control [90 days]
    • AWS > Directory Service > Directory > Skip alarm for Approved control
    • AWS > Directory Service > Directory > Skip alarm for Approved control [90 days]

aws-codebuild v5.5.0 - Quick Actions now available for all CodeBuild resources; Lambda runtimes now powered by Node 18; and more

Oct 05, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > CodeBuild > Build > Delete from AWS
    • AWS > CodeBuild > Build > Skip alarm for Active control
    • AWS > CodeBuild > Build > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Build > Skip alarm for Approved control
    • AWS > CodeBuild > Build > Skip alarm for Approved control [90 days]
    • AWS > CodeBuild > Project > Delete from AWS
    • AWS > CodeBuild > Project > Set Tags
    • AWS > CodeBuild > Project > Skip alarm for Active control
    • AWS > CodeBuild > Project > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Project > Skip alarm for Approved control
    • AWS > CodeBuild > Project > Skip alarm for Approved control [90 days]
    • AWS > CodeBuild > Project > Skip alarm for Tags control
    • AWS > CodeBuild > Project > Skip alarm for Tags control [90 days]
    • AWS > CodeBuild > Source Credential > Delete from AWS
    • AWS > CodeBuild > Source Credential > Skip alarm for Active control
    • AWS > CodeBuild > Source Credential > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Source Credential > Skip alarm for Approved control
    • AWS > CodeBuild > Source Credential > Skip alarm for Approved control [90 days]

aws-cloudformation v5.11.0 - Quick Actions now available for Stacks and Stack Sets; Lambda runtimes now powered by Node 18; and more

Oct 05, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CloudFormation > Stack > Approved > Custom
    • AWS > CloudFormation > StackSet > Approved > Custom

  • Action Types:

    • AWS > CloudFormation > Stack > Delete from AWS
    • AWS > CloudFormation > Stack > Set Tags
    • AWS > CloudFormation > Stack > Skip alarm for Active control
    • AWS > CloudFormation > Stack > Skip alarm for Active control [90 days]
    • AWS > CloudFormation > Stack > Skip alarm for Approved control
    • AWS > CloudFormation > Stack > Skip alarm for Approved control [90 days]
    • AWS > CloudFormation > Stack > Skip alarm for Tags control
    • AWS > CloudFormation > Stack > Skip alarm for Tags control [90 days]
    • AWS > CloudFormation > StackSet > Delete from AWS
    • AWS > CloudFormation > StackSet > Set Tags
    • AWS > CloudFormation > StackSet > Skip alarm for Active control
    • AWS > CloudFormation > StackSet > Skip alarm for Active control [90 days]
    • AWS > CloudFormation > StackSet > Skip alarm for Approved control
    • AWS > CloudFormation > StackSet > Skip alarm for Approved control [90 days]
    • AWS > CloudFormation > StackSet > Skip alarm for Tags control
    • AWS > CloudFormation > StackSet > Skip alarm for Tags control [90 days]

aws-athena v5.4.0 - Quick Actions now available for NamedQuery and Workgroups; Lambda runtimes now powered by Node 18; and more

Oct 05, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Athena > NamedQuery > Approved > Custom
    • AWS > Athena > Workgroup > Approved > Custom

  • Action Types:

    • AWS > Athena > NamedQuery > Delete from AWS
    • AWS > Athena > NamedQuery > Set Tags
    • AWS > Athena > NamedQuery > Skip alarm for Active control
    • AWS > Athena > NamedQuery > Skip alarm for Active control [90 days]
    • AWS > Athena > NamedQuery > Skip alarm for Approved control
    • AWS > Athena > NamedQuery > Skip alarm for Approved control [90 days]
    • AWS > Athena > NamedQuery > Skip alarm for Tags control
    • AWS > Athena > NamedQuery > Skip alarm for Tags control [90 days]
    • AWS > Athena > Workgroup > Delete from AWS
    • AWS > Athena > Workgroup > Set Tags
    • AWS > Athena > Workgroup > Skip alarm for Active control
    • AWS > Athena > Workgroup > Skip alarm for Active control [90 days]
    • AWS > Athena > Workgroup > Skip alarm for Approved control
    • AWS > Athena > Workgroup > Skip alarm for Approved control [90 days]
    • AWS > Athena > Workgroup > Skip alarm for Tags control
    • AWS > Athena > Workgroup > Skip alarm for Tags control [90 days]

AWS plugin v0.120.2 - Removed unnecessary error retry logic and added UnknownError as retryable error

Oct 05, 2023

Bug fixes

  • Removed custom plugin level retryer which was unnecessary as the plugin already uses the AWS SDK retryer. (#1932)
  • The plugin now retries errors with the error code UnknownError. These are often thrown by services like SNS when performing a large number of requests. (#1932)

Resolved nil pointer reference errors related to implicit hydrate configurations across 94 plugins

Oct 05, 2023

aws-cloudsearch v5.4.0 - Quick Actions now available for Domains; Lambda runtimes now powered by Node 18; and more

Oct 04, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > CloudSearch > Domain > Skip alarm for Active control
    • AWS > CloudSearch > Domain > Skip alarm for Active control [90 days]
    • AWS > CloudSearch > Domain > Skip alarm for Approved control
    • AWS > CloudSearch > Domain > Skip alarm for Approved control [90 days]

aws-cloudfront v5.4.0 - Quick Actions now available for all CloudFront resources; Lambda runtimes now powered by Node 18; and more

Oct 04, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CloudFront > CloudFront Origin Access Identity > Approved > Custom
    • AWS > CloudFront > Distribution > Approved > Custom
    • AWS > CloudFront > Streaming Distribution > Approved > Custom

  • Action Types:

    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control [90 days]
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Distribution > Set Tags
    • AWS > CloudFront > Distribution > Skip alarm for Active control
    • AWS > CloudFront > Distribution > Skip alarm for Active control [90 days]
    • AWS > CloudFront > Distribution > Skip alarm for Approved control
    • AWS > CloudFront > Distribution > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Distribution > Skip alarm for Tags control
    • AWS > CloudFront > Distribution > Skip alarm for Tags control [90 days]
    • AWS > CloudFront > Streaming Distribution > Set Tags
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Active control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Active control [90 days]
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control [90 days]

aws-apigateway v5.8.0 - Quick Actions now available for all API Gateway resources; Lambda runtimes now powered by Node 18; and more

Oct 04, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > API Gateway > API > Delete from AWS
    • AWS > API Gateway > API > Set Tags
    • AWS > API Gateway > API > Skip alarm for Active control
    • AWS > API Gateway > API > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API > Skip alarm for Approved control
    • AWS > API Gateway > API > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API > Skip alarm for Tags control
    • AWS > API Gateway > API > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > API Key > Delete from AWS
    • AWS > API Gateway > API Key > Set Tags
    • AWS > API Gateway > API Key > Skip alarm for Active control
    • AWS > API Gateway > API Key > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API Key > Skip alarm for Approved control
    • AWS > API Gateway > API Key > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API Key > Skip alarm for Tags control
    • AWS > API Gateway > API Key > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > API V2 > Delete from AWS
    • AWS > API Gateway > API V2 > Set Tags
    • AWS > API Gateway > API V2 > Skip alarm for Active control
    • AWS > API Gateway > API V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API V2 > Skip alarm for Approved control
    • AWS > API Gateway > API V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API V2 > Skip alarm for Tags control
    • AWS > API Gateway > API V2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Authorizer > Delete from AWS
    • AWS > API Gateway > Authorizer > Skip alarm for Active control
    • AWS > API Gateway > Authorizer > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Authorizer > Skip alarm for Approved control
    • AWS > API Gateway > Authorizer > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Authorizer V2 > Delete from AWS
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Active control
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Domain Name V2 > Delete from AWS
    • AWS > API Gateway > Domain Name V2 > Set Tags
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Active control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Integration V2 > Delete from AWS
    • AWS > API Gateway > Integration V2 > Skip alarm for Active control
    • AWS > API Gateway > Integration V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Integration V2 > Skip alarm for Approved control
    • AWS > API Gateway > Integration V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Resource > Delete from AWS
    • AWS > API Gateway > Resource > Skip alarm for Active control
    • AWS > API Gateway > Resource > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Resource > Skip alarm for Approved control
    • AWS > API Gateway > Resource > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage > Delete from AWS
    • AWS > API Gateway > Stage > Set Tags
    • AWS > API Gateway > Stage > Skip alarm for Active control
    • AWS > API Gateway > Stage > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Stage > Skip alarm for Approved control
    • AWS > API Gateway > Stage > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage > Skip alarm for Tags control
    • AWS > API Gateway > Stage > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Stage v2 > Delete from AWS
    • AWS > API Gateway > Stage v2 > Set Tags
    • AWS > API Gateway > Stage v2 > Skip alarm for Active control
    • AWS > API Gateway > Stage v2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Stage v2 > Skip alarm for Approved control
    • AWS > API Gateway > Stage v2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage v2 > Skip alarm for Tags control
    • AWS > API Gateway > Stage v2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Usage Plan > Delete from AWS
    • AWS > API Gateway > Usage Plan > Set Tags
    • AWS > API Gateway > Usage Plan > Skip alarm for Active control
    • AWS > API Gateway > Usage Plan > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Usage Plan > Skip alarm for Approved control
    • AWS > API Gateway > Usage Plan > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Usage Plan > Skip alarm for Tags control
    • AWS > API Gateway > Usage Plan > Skip alarm for Tags control [90 days]

aws-amplify v5.4.0 - New permissions for Deployment, WebHook and Artifacts; Quick Actions for Amplify Apps; Lambda runtimes now powered by Node 18; and more

Oct 04, 2023

What's new?

  • AWS/Amplify/Admin and AWS/Amplify/Metadata now also include permissions for Deployment, WebHook and Artifacts.

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Amplify > App > Approved > Custom

  • Action Types:

    • AWS > Amplify > App > Delete from AWS
    • AWS > Amplify > App > Set Tags
    • AWS > Amplify > App > Skip alarm for Active control
    • AWS > Amplify > App > Skip alarm for Active control [90 days]
    • AWS > Amplify > App > Skip alarm for Approved control
    • AWS > Amplify > App > Skip alarm for Approved control [90 days]
    • AWS > Amplify > App > Skip alarm for Tags control
    • AWS > Amplify > App > Skip alarm for Tags control [90 days]

aws-acm v5.8.0 - Quick Actions now available for Certificates; Lambda runtimes now powered by Node 18; and more

Oct 04, 2023

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > ACM > Certificate > Approved > Custom

  • Action Types:

    • AWS > ACM > Certificate > Delete from AWS
    • AWS > ACM > Certificate > Set Tags
    • AWS > ACM > Certificate > Skip alarm for Active control
    • AWS > ACM > Certificate > Skip alarm for Active control [90 days]
    • AWS > ACM > Certificate > Skip alarm for Approved control
    • AWS > ACM > Certificate > Skip alarm for Approved control [90 days]
    • AWS > ACM > Certificate > Skip alarm for Tags control
    • AWS > ACM > Certificate > Skip alarm for Tags control [90 days]

Kubernetes Compliance mod v0.16 - Fixed queries to correctly return data for connection_name and tags dimensions

Oct 04, 2023

Bug fixes

  • Fixed queries to correctly return data for connection_name and tags dimensions instead of an error. (#73)

Github Compliance mod v0.5 - Updated 10 queries to use url as the resource column

Oct 04, 2023

Enhancements

  • Updated the following queries to use url as the resource column: (#35)
    • default_branch_all_build_steps_as_code
    • default_branch_pipeline_locks_external_dependencies_for_build_process
    • default_branch_pipeline_must_have_jobs_with_sbom_generation
    • default_branch_pipelines_scan_for_vulnerabilities
    • default_branch_pipelines_scanners_set_to_prevent_sensitive_data
    • org_member_mfa_enabled
    • repo_inactive_members_review
    • repo_deletion_limited_to_trusted_users
    • repo_issue_deletion_limited_to_trusted_users
    • repo_webhook_package_registery_security_settings_enabled

GCP plugin v0.45.0 - Added gcp_artifact_registry_repository and gcp_cloud_run_service tables

Oct 04, 2023

Fixed nil pointer reference errors for implicit hydrate configs for 21 plugins

Oct 04, 2023

The following 21 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs:

  • Alibaba Cloud
  • AWS CloudFormation
  • Azure
  • Azure Active Directory
  • CSV
  • DigitalOcean
  • Docker
  • Docker Hub
  • Exec
  • GCP
  • GitHub
  • IBM Cloud
  • Jira
  • Microsoft 365
  • Net
  • Okta
  • OpenShift
  • Oracle Cloud Infrastructure
  • Salesforce
  • Turbot Pipes
  • Zoom

Steampipe v0.21.1 deploying to workspaces

Oct 03, 2023

All new Pipes workspaces will be running Steampipe v0.21.1 and existing workspaces will be upgraded by Monday 9th October 2023.

For more information on this Steampipe release, see the launch post or release notes.

Pipes changelog in dashboard

Oct 03, 2023

The Pipes dashboard now shows a feed of the most recent changelog entries, allowing you to see what's new at a glance.

Terraform plugin v0.10.0 - Added address, attributes, and attributes_std columns to terraform_resource table

Oct 03, 2023

Breaking changes

  • Removed instances column from terraform_resource table. (#64)
  • All arguments and lifecycle columns now return null instead of {} if empty. (#64)

Enhancements

  • Added address, attributes, and attributes_std columns to terraform_resource table. (#64)

Bug fixes

  • Fixed the start_line, end_line and source column values in the terraform_resource table to return correct values regardless of file indentation. (#64)
  • Fixed the plugin to check all files even if a non-existent file name is provided in any file_paths config arg. (#67)

Terraform OCI Compliance mod v0.6 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files

Oct 03, 2023

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#34)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#34)

Terraform GCP Compliance mod v0.9 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files

Oct 03, 2023

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#42)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#42)

Terraform Azure Compliance mod v0.8 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files

Oct 03, 2023

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#35)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#35)

Terraform AWS Compliance mod v0.20 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files

Oct 03, 2023

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#90)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#90)

Kubernetes plugin v0.25.1 - Fixed plugin crash due to invalid definition of manifest_file_paths config argument

Oct 03, 2023

Bug fixes

  • Fixed the plugin to prevent crashes when source_types config argument contains manifest but manifest_file_paths is not defined. (#177)

Kubernetes Compliance mod v0.15 - Added 39 new controls

Oct 03, 2023

What's new?

  • Added 39 new controls for the ClusterRoleBinding, CronJob, DaemonSet, Ingress, Job, Pod resource types to the all_controls benchmark. (#68)

AWS plugin v0.120.1 - Fixed source_account_id column of aws_securityhub_finding table and members column of aws_rds_db_cluster table to correctly return data

Oct 03, 2023

Bug fixes

  • Fixed the source_account_id column of aws_securityhub_finding table to correctly return data instead of null. (#1927) (Thanks @gabrielsoltz for the contribution!)
  • Fixed the members column of aws_rds_db_cluster table to correctly return data instead of null. (#1926)

Steampipe CLI v0.21.1 - Added support for the missing mod-location flag to the steampipe variable list command

Oct 03, 2023

Bug fixes

  • Added support for the missing mod-location flag to the steampipe variable list command. (#3942)

Steampipe Plugin SDK v5.6.2 - Fixed nil pointer exception if hydrate call fails

Oct 03, 2023

Bug fixes

  • The initialise function is now being called for implicit hydrate configs (i.e. hydrate functions without explicit config), thereby preventing nil pointer reference errors when the hydrate function returns an error. (#683)

Steampipe CLI v0.21.0 - Add support for rate limiting, and memory limits

Oct 02, 2023

Whats new?

  • Define rate and concurrency limits for plugin execution. (#3746)
  • Define multiple instances of a plugin version using a plugin connection config block. (#3807)
  • The maximum memory used by plugins and the CLI can now be specified either in plugin instance definitions or the new plugin options block. (#3807)
  • New introspection tables steampipe_plugin and steampipe_plugin_limiter containing all configured plugin instances and limiters. (#3746)
  • New introspection table steampipe_server_settings populated with server settings data during service startup. (#3462)
  • Running plugin install with no arguments installs all referenced plugins. (#3451)
  • New --output flag for plugin list cmd allows selection between json and table output. (#3368)
  • Each plugin directory ncontains a version.json which can be used to recompose the global plugin versions.json if it is missing or corrupt. (#3492)
  • Typing .cache in interactive prompt shows the current value of cache. (#2439)
  • Steampipe commands bypass plugin requirement check if installed plugin is locally built. (#3643)
  • New skip-config flag disables writing of default plugin config during plugin installation. (#3531, #2206)
  • Logs are now written to file instead of console. (#2916)
  • When plugin startup fails, report useful message in the CLI. (#3732)
  • Users are warned to not have mod.sp files in home directory. (#2321)
  • Updated messaging when service is started on an unavailable port. (#623)
  • Log files are rotated if the process is active across date boundaries. (#125, #3825)
  • Listen hosts may be selected when starting steampipe service. (#3505)
  • Initialisation behaviour for the sample options has been changed: always copy a sample file (default.spc.sample), but only overwrite the default.spc file with the sample content if the existing file has not been modified. (#3431)
  • Validation for the workspace profile cache settings. (#3646)
  • Support OCI registries requiring authentication. (#2819)
  • Compiled with Go 1.21. (#3763)

Bug fixes

  • Plugin manager shutdown stalling intermittently due to deadlocks. (#3818)
  • Temporary tables dropped in interactive prompt when pool connections recycled. (#3781,#3543)
  • service start was not listening on network by default. (#3593)
  • Multi line logs from plugins not rendered correctly in plugin logs. (#3678)
  • .inspect panicking for long column descriptions. (#3709)
  • Interactive prompt crashing when there is a code panic. (#3713)
  • Incorrect zsh completion instructions.
  • Steampipe should not create export files for cancelled control runs. (#3578)
  • BuildFullResourceName not validating non empty arguments. (#3601)
  • Spinner not showing when exporting check results. (#3577)
  • stdin was consumed by query command even if there are arguments. (#1985)
  • When exporting multiple benchmarks, results now merged the results into a single export. (#2380)
  • Raise warning when pseudo-resources are ignored because of named HCL resources. (#1328)
  • Database reinstalled unnecessarily if any FDW files were missing. (#2040)
  • Improved error message when steampipe fails to parse a mod definition file because mod block does not exist. (#1198)
  • Only install-dir and workspace flags should be global flags. All other flags should only apply to specific command. (#3542)
  • Passing an empty list for list variables was not working. (#2094)
  • Show deprecation warning for version field in require block of mod definition.
  • Temporary directories were not always being cleaned up after plugin commands.
  • plugin list returned nothing if no plugins were installed. (#3927)

Deprecations and migrations

  • Table steampipe_connection_state renamed to steampipe_connection
  • Removed migration and backward compatibility of data files from v0.13.0. (#3517)
  • Removed deprecated workspace-chdir flag. (#3925)
  • Migrated from cloud.steampipe.io to pipes.turbot.com. (#3724)
  • Removed support for plugins which do not support multiple connections (i.e. using SDK < v4.0.0).
  • Deprecated terminal options.

Added rate limiter support for 115 plugins

Oct 02, 2023

All 115 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.1, which adds support for rate and concurrency limiters.

Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to:

  • Smooth the request rate from Steampipe to reduce load on the remote API or service
  • Limit the number of parallel requests to reduce contention for client and network resources
  • Avoid hitting server limits and throttling

For more information on getting started, please see Concurrency and Rate Limiting.

Turbot Guardrails Enterprise Database (TED) v1.37.0 - Added support for t4g, m7g, m6gd, r7g, r6gd, c6g and c6gd instance types for RDS; and more

Sep 29, 2023

What's new?

  • Added: t4g, m7g, m6gd, r7g, r6gd, c6g and c6gd to instance type parameter for RDS.
  • Added: new hive parameter group for Postgres 14 and 15.

aws-eks v5.6.0 - Lambda runtimes now powered by Node 18

Sep 29, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

Kubernetes plugin v0.24.0 - Deprecated source_type config argument (replaced by source_types)

Sep 29, 2023

Deprecated

  • The source_type config argument has been deprecated and will be removed in the next major version. Please use the source_types config argument instead. If both config arguments are set, source_types will take precedence. For backward compatibility, please see below for old and new value equivalents: (#167)
    • source_type = 'all': source_types = ["deployed", "helm", "manifest"]
    • source_type = 'deployed': source_types = ["deployed"]
    • source_type = 'helm': source_types = ["helm"]
    • source_type = 'manifest': source_types = ["manifest"]

What's new?

  • Added the source_types config argument, which allows specifying a combination of source types to load per connection. (#167)

Kubernetes Compliance mod v0.14 - Added 350+ new controls

Sep 29, 2023

What's new?

  • Added 350+ new controls across all resource types to the all_controls benchmark. (#64)

Enhancements

  • Added path to default set of common_dimensions, so now any file paths will appear by default in the additional dimensions in control results. (#63)
  • Added iac category to mod definition.

Dependencies

  • Kubernetes plugin v0.23.0 or higher is now required.

Exec plugin v0.0.4 - Added stdout and stderr columns and fixed inconsistent local and remote results

Sep 29, 2023

Breaking changes

  • Removed the output column in the exec_command table. This column has been replaced by the stdout_output and stderr_output columns. (#13)

What's new?

  • Added stdout_output and stderr_output columns to the exec_command table. (#13)
  • Added stream column to the exec_command_line table. (#13)
  • Added plugin limiter exec_global with MaxConcurrency set to 15 in an effort to reduce abuse reports due to large number of concurrent remote connections. (#13)

Bug fixes

  • Results from the exec_command table should now be consistent when using local and remote connections. (#13)

Dependencies

Docker Compliance mod v0.1 - Added CIS v1.6.0 benchmark

Sep 29, 2023

What's new?

  • Added CIS v1.6.0 benchmark (steampipe check docker_compliance.benchmark.cis_v160). (#4)

AWS plugin v0.119.0 - Improved plugin performance on Darwin OS and added configuration_settings column to aws_elastic_beanstalk_environment table

Sep 29, 2023

Enhancements

  • Updated the Makefile to build the netgo package only for Darwin systems. (#1918)
  • Added the configuration_settings column to aws_elastic_beanstalk_environment table. (#1916)

Bug fixes

  • Fixed the table aws_dynamodb_backup to return nil instead of an error when backup does not exist. (#1914)

Steampipe Plugin SDK v5.6.1 - GRPC endpoint to clear connection cache

Sep 29, 2023

What's new?

  • SetConnectionCacheOptions, a new GRPC endpoint to clear connection cache. (#678)

aws-route53 v6.5.0 - Added new Resource Type for Route53 Records

Sep 28, 2023

What's new?

  • Resource Types:

    • AWS > Route 53 > Record

  • Control Types:

    • AWS > Route 53 > Record > Active
    • AWS > Route 53 > Record > Approved
    • AWS > Route 53 > Record > CMDB
    • AWS > Route 53 > Record > Discovery

  • Policy Types:

    • AWS > Route 53 > Record > Active
    • AWS > Route 53 > Record > Active > Age
    • AWS > Route 53 > Record > Active > Budget
    • AWS > Route 53 > Record > Active > Last Modified
    • AWS > Route 53 > Record > Approved
    • AWS > Route 53 > Record > Approved > Budget
    • AWS > Route 53 > Record > Approved > Custom
    • AWS > Route 53 > Record > Approved > Usage
    • AWS > Route 53 > Record > CMDB

  • Action Types:

    • AWS > Route 53 > Record > Delete
    • AWS > Route 53 > Record > Delete from AWS
    • AWS > Route 53 > Record > Router
    • AWS > Route 53 > Record > Skip alarm for Active control
    • AWS > Route 53 > Record > Skip alarm for Active control [90 days]
    • AWS > Route 53 > Record > Skip alarm for Approved control
    • AWS > Route 53 > Record > Skip alarm for Approved control [90 days]

OCI plugin v0.31.0 - Added column last_successful_login_time to oci_identity_user table

Sep 27, 2023

Enhancements

  • Added the last_successful_login_time column to oci_identity_user table. (#547)

Azuread plugin v0.13.0 - Updated azuread_user and azuread_device tables

Sep 27, 2023

Enhancements

  • Added the department column to azuread_user table. (#132)

Bug fixes

  • Fixed the title column in azuread_device and azuread_user tables to correctly return data instead of null. (#134)

Steampipe Plugin SDK v5.6.0 - Add support for rate limiters

Sep 27, 2023

What's new?

  • Define rate and concurrency limits for plugin execution. (#623)
  • Diagnostics property added to _ctx column, containing information on hydrate calls and rate limiting (enabled by setting env var STEAMPIPE_DIAGNOSTIC_LEVEL=all)
  • Support for JSONB operators in List hydrate functions. (#594)
  • Type property added to ConnectionConfig protobuf definition to determine if a connection is an aggregator. (#590)
  • When plugin startup fails, write a specially formatted string to stdout so plugin manager can parse the output and display a useful message. (#619)
  • Support for multi-line log entries. (#612)
  • Added Equals function for QualValue. (#646)

aws-organizations v5.2.0 - New Active and Approved controls and policies for Organizational Root and Organizational Account resource types

Sep 26, 2023

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • AWS > Organizations > Organization Root > Active
    • AWS > Organizations > Organization Root > Approved
    • AWS > Organizations > Organizational Account > Active
    • AWS > Organizations > Organizational Account > Approved

  • Policy Types:

    • AWS > Organizations > Organization Root > Active
    • AWS > Organizations > Organization Root > Active > Age
    • AWS > Organizations > Organization Root > Active > Last Modified
    • AWS > Organizations > Organization Root > Approved
    • AWS > Organizations > Organization Root > Approved > Custom
    • AWS > Organizations > Organization Root > Approved > Usage
    • AWS > Organizations > Organizational Account > Active
    • AWS > Organizations > Organizational Account > Active > Age
    • AWS > Organizations > Organizational Account > Active > Last Modified
    • AWS > Organizations > Organizational Account > Approved
    • AWS > Organizations > Organizational Account > Approved > Custom
    • AWS > Organizations > Organizational Account > Approved > Usage

  • Action Types:

    • AWS > Organizations > Organization Root > Skip alarm for Active control
    • AWS > Organizations > Organization Root > Skip alarm for Active control [90 days]
    • AWS > Organizations > Organization Root > Skip alarm for Approved control
    • AWS > Organizations > Organization Root > Skip alarm for Approved control [90 days]
    • AWS > Organizations > Organizational Account > Skip alarm for Active control
    • AWS > Organizations > Organizational Account > Skip alarm for Active control [90 days]
    • AWS > Organizations > Organizational Account > Skip alarm for Approved control
    • AWS > Organizations > Organizational Account > Skip alarm for Approved control [90 days]

aws-msk v5.4.0 - Added new permissions for Cluster V2, Scram Secrets and Kafka VPC Connections; and more

Sep 26, 2023

What's new?

  • AWS/MSK/Admin, AWS/MSK/Metadata and AWS/MSK/Operator now also include permissions for Cluster V2, Scram Secrets and Kafka VPC Connections.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

  • Policy Types:

    • AWS > MSK > Cluster > Approved > Custom
    • AWS > MSK > Cluster > Approved > Instance Types

  • Action Types:

    • AWS > MSK > Cluster > Delete from AWS
    • AWS > MSK > Cluster > Set Tags
    • AWS > MSK > Cluster > Skip alarm for Active control
    • AWS > MSK > Cluster > Skip alarm for Active control [90 days]
    • AWS > MSK > Cluster > Skip alarm for Approved control
    • AWS > MSK > Cluster > Skip alarm for Approved control [90 days]
    • AWS > MSK > Cluster > Skip alarm for Tags control
    • AWS > MSK > Cluster > Skip alarm for Tags control [90 days]

Bug fixes

  • Guardrails would sometimes fail to upsert clusters correctly in CMDB. This is now fixed.

aws-elasticache v5.8.0 - You can now configure Backups for your Elasticache Replication Groups

Sep 26, 2023

What's new?

  • Control Types:

    • AWS > ElastiCache > Replication Group > Backup

  • Policy Types:

    • AWS > ElastiCache > Replication Group > Backup
    • AWS > ElastiCache > Replication Group > Backup > Retention Period
    • AWS > ElastiCache > Replication Group > Backup > Window

  • Action Types:

    • AWS > ElastiCache > Cache Cluster > Skip alarm for approved control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Replication Group > Skip alarm for approved control
    • AWS > ElastiCache > Replication Group > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Replication Group > Update Backup
    • AWS > ElastiCache > Snapshot > Skip alarm for approved control
    • AWS > ElastiCache > Snapshot > Skip alarm for approved control [90 days]

Kubernetes plugin v0.23.0 - Added kubernetes_pod_template table

Sep 26, 2023

Workspaces upgraded to Steampipe v0.20.12

Sep 25, 2023

All Pipes workspaces have now been upgraded to Steampipe v0.20.12.

For more information on this Steampipe release, see the release notes.

Kubernetes Compliance mod v0.13 - Added 112 new controls

Sep 25, 2023

Enhancements

  • Added 112 new controls to the All Controls benchmark for the following services: (#59)
    • CronJob
    • DaemonSet
    • Deployment
    • Job
    • Pod
    • ReplicaSet
    • ReplicationController
    • StatefulSet

Steampipe v0.20.12 deploying to workspaces

Sep 22, 2023

All new Pipes workspaces will be running Steampipe v0.20.12 and existing workspaces will be upgraded by Monday 25th September 2023.

For more information on this Steampipe release, see the release notes.

ServiceNow plugin now available

Sep 22, 2023

aws v5.28.0 - Added support for Global Event Handlers

Sep 22, 2023

What's new?

  • Added support for Global Event Handlers. This release contains new Guardrails policies and controls to support deployment of Global Event Handlers for AWS.

  • Control Types:

    • AWS > Turbot > Event Handlers [Global]

  • Policy Types:

    • AWS > Turbot > Event Handlers [Global]
    • AWS > Turbot > Event Handlers [Global] > Events
    • AWS > Turbot > Event Handlers [Global] > Events > Rules
    • AWS > Turbot > Event Handlers [Global] > Events > Rules > Name Prefix
    • AWS > Turbot > Event Handlers [Global] > Events > Rules > Tags
    • AWS > Turbot > Event Handlers [Global] > Events > Target
    • AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN
    • AWS > Turbot > Event Handlers [Global] > Primary Region
    • AWS > Turbot > Event Handlers [Global] > SNS
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Customer Managed Key
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Name Prefix
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Tags
    • AWS > Turbot > Event Handlers [Global] > Source
    • AWS > Turbot > Event Handlers [Global] > Terraform Version
    • AWS > Turbot > Service Roles > Event Handlers [Global]
    • AWS > Turbot > Service Roles > Event Handlers [Global] > Name

aws-rds v5.25.0 - New Performance Insights permissions

Sep 21, 2023

What's new?

  • AWS/RDS/Admin, AWS/RDS/Metadata and AWS/RDS/Operator now include permissions for Performance Insights.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

Jira plugin v0.11.0 - Added support for on-premise Jira instances

Sep 21, 2023

What's new?

  • Added support for querying on-premise Jira instances. This can be done by setting the personal_access_token config argument in the jira.spc file. (#86) (Thanks @juandspy for the contribution!)

GitHub plugin v0.34.1 - Fixed caching for repository tables

Sep 21, 2023

Bug fixes

  • Empty values will no longer be cached incorrectly for the github_my_repository, github_repository, and github_search_repository tables. (#340)
  • Fixed github_team_repository table to include support for dynamic GraphQL queries. (#339)

gcp v5.22.0 - Added support for newly supported multi-regions in GCP

Sep 20, 2023

What's new?

  • Added support for new multi-regions NAM8, NAM9, NAM10, NAM11, NAM12, NAM13, NAM14, NAM15, NAM-EUR-ASIA1, NAM-EUR-ASIA3, IN, EUR5, EUR6, EUROPE and EMEA in the GCP > Project > Regions policy.

  • Policy Types Removed:

    • GCP > Project > Multi-Regions [Deprecated]

GitHub plugin v0.34.0 - Optimized GraphQL queries for repository tables

Sep 20, 2023

What's new

  • Update github_my_repository, github_repository, and github_search_repository tables to only include requested columns in GraphQL request. This should result in faster queries and large scale queries completing more consistently. (#338)

Dependencies

  • Recompiled plugin with Go 1.21. (#338)

GitHub plugin v0.33.1 - Fixes for github_search_repository table

Sep 19, 2023

Bug fixes

  • Fixed github_search_repository table queries failing when selecting the has_downloads, has_pages, hooks, network_count, subscribers_count, or topics columns. (#337)

Workspaces upgraded to Steampipe v0.20.11

Sep 18, 2023

All Pipes workspaces have now been upgraded to Steampipe v0.20.11.

For more information on this Steampipe release, see the release notes.

aws-vpc-security v5.9.3 - Fixed issues for Security Group CMDB control on TE v 5.42.1 or lower

Sep 18, 2023

Bug fixes

  • The AWS > VPC > Security Group > CMDB control would sometimes go into an error state if the TE version installed on the workspace was 5.42.1 or lower. This is fixed and the control will now work as expected.

Turbot Guardrails Enterprise Database (TED) v1.36.0 - Added support for m7g instance types for Elasticache; and more

Sep 15, 2023

What's new?

  • Added: m7g instance types for Elasticache.

Bug fixes

  • User group name for hive names with _ in it.
  • Hive manager code to add access grant to public schema for postgres 15.

Requirements

  • TEF: 1.52.0

gcp v5.21.0 - Added support for new `europe-west10` region

Sep 15, 2023

What's new?

  • Added support for new europe-west10 region in the GCP > Project > Regions policy.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

gcp-computeengine v5.16.0 - Added support for newly supported regions in GCP Compute Engine Service, and fixed a bug to upsert data disks correctly in Guardrails

Sep 15, 2023

What's new?

  • Added support for new asia-northeast3, asia-south2, asia-southeast2, australia-southeast2, europe-central2, europe-southwest1, europe-west10, europe-west12, europe-west8, europe-west9, me-central1, me-west1, northamerica-northeast2, southamerica-west1, us-east5, us-south1, us-west3 and us-west4 regions in the GCP > Compute Engine > Regions policy.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

Bug fixes

  • The real-time Event Handlers would sometimes fail to upsert data disks attached to instances in Guardrails CMDB. This is now fixed.

aws-vpc-security v5.9.2 - Fixed issues for Security Groups and Security Group Rules created/claimed via Guardrails stacks

Sep 15, 2023

Bug fixes

  • Guardrails stack controls would fail to claim any existing Security Group if the Security Group was available in Guardrails CMDB and the stack's Source policy included the Terraform plan for the Security Group. This is fixed and stack control will now be able to claim existing Security Groups correctly. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.
  • Guardrails stack controls would sometimes fail to update Security Groups and Security Group Rules if the Terraform plan in the stack's source policy included changes to attributes which force replaced the resource. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.

aws-ec2 v5.35.0 - Fixed Schedule control behavior to not start/stop an instance if it were stopped/started manually outside of the control

Sep 15, 2023

What's new?

  • Policy Types:
    • AWS > EC2 > Instance > Schedule Tag > Name

Bug fixes

  • After starting/stopping an instance successfully, the AWS > EC2 > Instance > Schedule control would try and perform the same start/stop action again if the state of the instance was changed outside of the control within 1 hour of the successful start/stop run. This is fixed and the control will now not trigger a start/stop action again for a minimum of 1 hour of the previous successful run.

Terraform plugin v0.8.1 - Improved handling of null values in arguments

Sep 15, 2023

Bug fixes

  • Fixed the invalid memory address or nil pointer dereference errors when querying Terraform configuration or plan or state files that included null valued arguments. (#56)

Kubernetes Compliance mod v0.12 - Added 90 new controls

Sep 15, 2023

Enhancements

  • Added 90 new controls to the All Controls benchmark for the following services: (#56)
    • CronJob
    • DaemonSet
    • Deployment
    • Job
    • Pod
    • ReplicaSet
    • ReplicationController
    • StatefulSet

Bug fixes

  • Fixed the role_with_wildcards_used control to correctly return data instead of an error. (#54)

Docker plugin v0.9.0 - Fixes for handling missing Dockerfile and Compose files

Sep 15, 2023

Bug fixes

  • Fixed the plugin to return nil instead of an error when the file/path specified in dockerfile_paths or docker_compose_file_paths config arguments does not exist. (#38)

AWS Compliance mod v0.80 - Added missing resource column in Glue queries

Sep 15, 2023

Bug fixes

  • Added the missing resource column in the queries of glue_data_catalog_encryption_settings_metadata_encryption_enabled and glue_data_catalog_encryption_settings_password_encryption_enabled controls. (#715)

Turbot Guardrails Enterprise Foundation (TEF) v1.52.0 - Hive manager now includes access grant for public schema for Postgres 15

Sep 14, 2023

What's new?

  • Updated: Hive manager code to include access grant for public schema for postgres 15.

Turbot Guardrails Enterprise (TE) v5.42.2 - Bugs Squashed - Create workspaces on fresh PostgreSQL 15 installations, removed support for vm2 node package; and more

Sep 14, 2023

What's new?

  • Server:
    • Updated: Now supports creating multiple AKAs starting with arn, azure, and gcp via APIs.
    • Updated: Add mod version check for workspace upgrade.

Bug fixes

  • Server:
    • Fixed: Ensure successful workspace creation on fresh PostgreSQL 15 installations.
    • Fixed: The stack should claim the Security Group (SG) or Security Group Rule (SGR) if the resource already exists.
    • Removed: vm2 node package.

azure-network v5.15.0 - Added new Resource Types for Express Route Circuits

Sep 14, 2023

What's new?

  • Resource Types:

    • Azure > Network > Express Route Circuits

  • Control Types:

    • Azure > Network > Express Route Circuits > Active
    • Azure > Network > Express Route Circuits > Approved
    • Azure > Network > Express Route Circuits > CMDB
    • Azure > Network > Express Route Circuits > Discovery
    • Azure > Network > Express Route Circuits > Tags

  • Policy Types:

    • Azure > Network > Express Route Circuits > Active
    • Azure > Network > Express Route Circuits > Active > Age
    • Azure > Network > Express Route Circuits > Active > Last Modified
    • Azure > Network > Express Route Circuits > Approved
    • Azure > Network > Express Route Circuits > Approved > Custom
    • Azure > Network > Express Route Circuits > Approved > Regions
    • Azure > Network > Express Route Circuits > Approved > Usage
    • Azure > Network > Express Route Circuits > CMDB
    • Azure > Network > Express Route Circuits > Regions
    • Azure > Network > Express Route Circuits > Tags
    • Azure > Network > Express Route Circuits > Tags > Template

  • Action Types:

    • Azure > Network > Express Route Circuits > Delete
    • Azure > Network > Express Route Circuits > Router
    • Azure > Network > Express Route Circuits > Set Tags

Guardrails plugin v0.12.0 - Added columns to guardrails_notification and guardrails_resource tables

Sep 14, 2023

Enhancements

  • Added the resource_object and object columns to guardrails_notification and guardrails_resource tables respectively. (#7)

CSV plugin v0.10.0 - Added missing S3 go-getter examples in docs

Sep 14, 2023

Bug fixes

  • Added the missing S3 go-getter examples in the docs/index.md file.

AWS plugin v0.118.1 - Fixed capacity_reservation_specification column data type in aws_ec2_instance table

Sep 14, 2023

Bug fixes

  • Fixed the data type of capacity_reservation_specification column of aws_ec2_instance table to be of JSON type instead of STRING. (#1903)

Terraform GCP Compliance mod v0.8 - Added new IAM control

Sep 13, 2023

Enhancements

  • Added the iam_workload_identity_restricted control to the IAM benchmark. (#38)

Terraform AWS Compliance mod v0.19 - Updates for DMS and VPC controls

Sep 13, 2023

Breaking changes

  • Removed the dms_s3_endpoint_encryption_in_transit_enabled control from the DMS benchmark. (#84)

Enhancements

  • Added the vpc_transfer_server_allows_only_secure_protocols control to the VPC benchmark. (#84)

Steampipe v0.20.11 deploying to workspaces

Sep 12, 2023

All new Pipes workspaces will be running Steampipe v0.20.11 and existing workspaces will be upgraded by Monday 18th September 2023.

For more information on this Steampipe release, see the release notes.

Net plugin v0.10.0 - Deprecation and addition of columns to the net_certificate table

Sep 12, 2023

Deprecations

  • Deprecated domain column in net_certificate table, which has been replaced by the address column. Please note that the address column requires a port, e.g., github.com:443. This column will be removed in a future version. (#50)

What's new?

  • Added address column to the net_certificate table to allow specifying a port with the domain name. (#50)

aws-iam v5.32.0 - Added support to delete Login Profiles for IAM Users

Sep 11, 2023

What's new?

Users can now delete Login Profiles for IAM Users.

  • Control Types:

    • AWS > IAM > User > Login Profile

  • Policy Types:

    • AWS > IAM > User > Login Profile

  • Action Types:

    • AWS > IAM > User > Delete Login Profile

Bitbucket plugin v0.6.1 - Added environment usage information to docs

Sep 08, 2023

Bug fixes

  • Updated the bitbucket.spc and index.md files to include details of BITBUCKET_USERNAME, BITBUCKET_PASSWORD, and BITBUCKET_API_BASE_URL environment variables. (#77)

azure-network v5.14.0 - Added new Resource Types for Private DNS Zones and Private Endpoints

Sep 06, 2023

What's new?

  • Resource Types:

    • Azure > Network > Private DNS Zones
    • Azure > Network > Private Endpoints

  • Control Types:

    • Azure > Network > Private DNS Zones > Active
    • Azure > Network > Private DNS Zones > Approved
    • Azure > Network > Private DNS Zones > CMDB
    • Azure > Network > Private DNS Zones > Discovery
    • Azure > Network > Private DNS Zones > Tags
    • Azure > Network > Private Endpoints > Active
    • Azure > Network > Private Endpoints > Approved
    • Azure > Network > Private Endpoints > CMDB
    • Azure > Network > Private Endpoints > Discovery
    • Azure > Network > Private Endpoints > Tags

  • Policy Types:

    • Azure > Network > Private DNS Zones > Active
    • Azure > Network > Private DNS Zones > Active > Age
    • Azure > Network > Private DNS Zones > Active > Last Modified
    • Azure > Network > Private DNS Zones > Approved
    • Azure > Network > Private DNS Zones > Approved > Custom
    • Azure > Network > Private DNS Zones > Approved > Usage
    • Azure > Network > Private DNS Zones > CMDB
    • Azure > Network > Private DNS Zones > Tags
    • Azure > Network > Private DNS Zones > Tags > Template
    • Azure > Network > Private Endpoints > Active
    • Azure > Network > Private Endpoints > Active > Age
    • Azure > Network > Private Endpoints > Active > Last Modified
    • Azure > Network > Private Endpoints > Approved
    • Azure > Network > Private Endpoints > Approved > Custom
    • Azure > Network > Private Endpoints > Approved > Regions
    • Azure > Network > Private Endpoints > Approved > Usage
    • Azure > Network > Private Endpoints > CMDB
    • Azure > Network > Private Endpoints > Regions
    • Azure > Network > Private Endpoints > Tags
    • Azure > Network > Private Endpoints > Tags > Template

  • Action Types:

    • Azure > Network > Private DNS Zones > Delete
    • Azure > Network > Private DNS Zones > Router
    • Azure > Network > Private DNS Zones > Set Tags
    • Azure > Network > Private Endpoints > Delete
    • Azure > Network > Private Endpoints > Router
    • Azure > Network > Private Endpoints > Set Tags

aws v5.27.2 - Fine-tuned the internals and smoothed out some wrinkles

Sep 06, 2023

Bug fixes

  • A few policy values would sometimes fail to evaluate correctly if the mod was installed on TE v5.42.1. We've fixed this issue and such policy values will now be evaluated correctly.

aws v5.27.1 - Added support for AWS S3 Multi-Region Access Poin real-time events

Sep 06, 2023

Bug fixes

  • The AWS > Turbot > Event Handlers now support real-time events for AWS S3 Multi-Region Access Point.

aws-multiregionaccesspoint v5.0.0 is now available

Sep 06, 2023

What's new?

  • Resource Types:

    • AWS > S3 > Multi-Region Access Point

  • Control Types:

    • AWS > S3 > Multi-Region Access Point > Active
    • AWS > S3 > Multi-Region Access Point > Approved
    • AWS > S3 > Multi-Region Access Point > CMDB
    • AWS > S3 > Multi-Region Access Point > Discovery
    • AWS > S3 > Multi-Region Access Point > Usage

  • Policy Types:

    • AWS > S3 > Multi-Region Access Point > Active
    • AWS > S3 > Multi-Region Access Point > Active > Age
    • AWS > S3 > Multi-Region Access Point > Active > Budget
    • AWS > S3 > Multi-Region Access Point > Active > Last Modified
    • AWS > S3 > Multi-Region Access Point > Approved
    • AWS > S3 > Multi-Region Access Point > Approved > Budget
    • AWS > S3 > Multi-Region Access Point > Approved > Custom
    • AWS > S3 > Multi-Region Access Point > Approved > Usage
    • AWS > S3 > Multi-Region Access Point > CMDB
    • AWS > S3 > Multi-Region Access Point > Usage
    • AWS > S3 > Multi-Region Access Point > Usage > Limit
    • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-s3multiregionaccesspoint

  • Action Types:

    • AWS > S3 > Multi-Region Access Point > Delete
    • AWS > S3 > Multi-Region Access Point > Delete from AWS
    • AWS > S3 > Multi-Region Access Point > Router
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Active control
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Active control [90 days]
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control [90 days]

aws-s3 v5.22.0 - New Multi Region Access Point Routes permissions

Sep 06, 2023

What's new?

  • AWS/S3/Admin and AWS/S3/Metadata now include permissions for Multi-Region Access Point Routes.

Shopify plugin now available

Sep 01, 2023

Sentry plugin now available

Sep 01, 2023

LaunchDarkly plugin now available

Sep 01, 2023

aws-efs v5.7.0 - Lambda runtimes now powered by Node 18

Sep 01, 2023

What's new?

  • We've updated the runtime for lambda functions in the aws-efs mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

aws-config v5.8.0 - New Approved > Custom policies and Quick Actions for Cofigurations Recorder, Delivery Channel and Rule

Sep 01, 2023

What's new?

  • We've updated the runtime for lambda functions in the aws-config mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > Config > Configuration Recorder > Approved > Custom
    • AWS > Config > Delivery Channel > Approved > Custom
    • AWS > Config > Rule > Approved > Custom

  • Action Types

    • AWS > Config > Configuration Recorder > Skip alarm for Active control
    • AWS > Config > Configuration Recorder > Skip alarm for Active control [90 days]
    • AWS > Config > Configuration Recorder > Skip alarm for Approved control
    • AWS > Config > Configuration Recorder > Skip alarm for Approved control [90 days]
    • AWS > Config > Delivery Channel > Skip alarm for Active control
    • AWS > Config > Delivery Channel > Skip alarm for Active control [90 days]
    • AWS > Config > Delivery Channel > Skip alarm for Approved control
    • AWS > Config > Delivery Channel > Skip alarm for Approved control [90 days]
    • AWS > Config > Rule > Skip alarm for Active control
    • AWS > Config > Rule > Skip alarm for Active control [90 days]
    • AWS > Config > Rule > Skip alarm for Approved control
    • AWS > Config > Rule > Skip alarm for Approved control [90 days]

aws-cloudtrail v5.10.0 - Lambda runtimes now powered by Node 18

Aug 31, 2023

What's new?

  • We've updated the runtime for lambda functions in the aws-cloudtrail mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

WorkOS plugin now available

Aug 25, 2023

UptimeRobot plugin now available

Aug 25, 2023

New Relic plugin now available

Aug 25, 2023

Turbot Guardrails plugin now available

Aug 25, 2023

CohereAI plugin now available

Aug 25, 2023

aws-elasticinference v5.0.0 is now available

Aug 25, 2023

What's new?

  • Resource Types:

    • AWS > Elastic Inference

  • Policy Types:

    • AWS > Elastic Inference > API Enabled
    • AWS > Elastic Inference > Approved Regions [Default]
    • AWS > Elastic Inference > Enabled
    • AWS > Elastic Inference > Permissions
    • AWS > Elastic Inference > Permissions > Levels
    • AWS > Elastic Inference > Permissions > Levels > Modifiers
    • AWS > Elastic Inference > Permissions > Lockdown
    • AWS > Elastic Inference > Permissions > Lockdown > API Boundary
    • AWS > Elastic Inference > Regions
    • AWS > Elastic Inference > Tags Template [Default]
    • AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-elasticinference

Turbot Guardrails Enterprise (TE) v5.42.1 - Replaced vm2 with eval for inline and trustedInline execution of policies, controls, and actions; and more

Aug 24, 2023

What's new?

  • Server:
    • Cloudwatch dashboard query for View AWS External Messages by AWS Account ID and Events to exclude restriction on AWS.
    • Allow sending notifications for same state change.
    • Replaced vm2 with eval for inline and trustedInline execution of policies, controls, and actions.

gcp-oauth v5.1.0 - New oauthconfig:* permissions

Aug 24, 2023

What's new?

  • GCP/OAuth/Admin and GCP/OAuth/Metadata now also include oauthconfig:* permissions. Click here for more details.

Turbot Pipes plugin now available

Aug 23, 2023

GoDaddy plugin now available

Aug 23, 2023

Docker Hub plugin now available

Aug 23, 2023

Workspaces upgraded to Steampipe v0.20.10

Aug 21, 2023

All Pipes workspaces have now been upgraded to Steampipe v0.20.10.

For more information on this Steampipe release, see the release notes.

Steampipe v0.20.10 deploying to workspaces

Aug 18, 2023

All new Pipes workspaces will be running Steampipe v0.20.10 and existing workspaces will be upgraded by Monday 21st August 2023.

For more information on this Steampipe release, see the release notes.

Turbot Guardrails Enterprise Foundation (TEF) v1.51.0 - Restrict untrusted code upload to Guardrails

Aug 14, 2023

What's new?

  • Added: Parameter for restricting untrusted code upload to Turbot Guardrails.
  • Removed: Alb Waf support.

Turbot Guardrails Enterprise (TE) v5.42.0 - Revamping Workflow - Introducing Workers, SQS and SNS for Stack Efficiency

Aug 14, 2023

What's new?

  • Server:
    • Added: worker, sqs queue, sns topic for factory.
    • Updated: Allow upload of mod based on the value of TURBOT_CUSTOM_MOD_UPLOAD.
    • Added: Environment variable for custom mod upload.
    • Removed: Support for ALB WAF.

Bug fixes

  • Server:
    • Stack will not fail to delete and recreate resources.

Requirements

  • TEF: 1.51.0

Turbot Guardrails Enterprise Database (TED) v1.35.0 - Added support for multiple Postgres versions

Aug 10, 2023

What's new?

  • Added: Postgres version 11.19, 11.20, 12.14, 12.15, 13.10, 13.11, 14.8, 15.2 and 15.3.

Turbot Guardrails Enterprise (TE) v5.41.1 - Bugs Squashed - Attach/Detach Actor Info & Redis Dependent Notifications Fix; and more

Aug 02, 2023

What's new?

  • UI
    • Added: Inactive Users report.

Bug fixes

  • Server:
    • The actor information for attach and detach smart folder.
    • Disable notification feature if Redis is not being used.

Turbot Guardrails Enterprise Foundation (TEF) v1.50.0 - Added support for Factory worker

Jul 27, 2023

What's new?

  • Added: Support for Factory worker.
  • Updated: Descriptions and names to Turbot Guardrails Enterprise Foundation from Turbot Enterprise Foundation.

Turbot Guardrails Enterprise Database (TED) v1.34.0

Jul 27, 2023

What's new?

  • Updated: descriptions and names from Turbot Enterprise Database to Turbot Guardrails Enterprise Database.

Turbot Guardrails Enterprise (TE) v5.41.0 - Notifying Made Easy - Control/Action Updates via Slack, Teams, and Email

Jul 27, 2023

What's new?

  • Server:

    • Added: Added support for control/action update notifications.
    • Added: Support for interface in control types.
    • Added: Turbot Installation Type environment variable.
    • Added: SES SendEmail permission to Worker Lambda Role.
    • Added: Add notification index to improve performance of notifications.
    • Updated: Improve policy value create/update with a more efficient database design.
    • Updated: Description of TE stack from Turbot Enterprise to Turbot Guardrails Enterprise.
    • Updated: @slack/web-api to 6.8.1. @wry/equality to 0.5.6. anymatch to 3.1.3. archiver to 5.3.1. body-parser to 1.20.2. chai to 4.3.7. chokidar to 3.5.3. classnames to 2.3.2. cli-progress to 3.12.0. copy-to-clipboard to 3.3.3. dataloader to 2.2.2. diff to 5.1.0. express to 4.18.2. generate-password to 1.7.0. graphql-2-json-schema to 0.10.0. http-status-codes to 2.2.0. lodash-match-pattern to 2.3.1. micromatch to 4.0.5. mockserver-client to 5.15.0. moment-timezone to 0.5.43. nconf to 0.12.0. nodemailer to 6.9.2. nunjucks to 3.2.4. passport to 0.6.0. pg to 8.10.0. performant-array-to-tree to 1.11.0. prismjs to 1.29.0. prompt to 1.3.0. prompts to 2.4.2. recursive-readdir to 2.2.3. redux to 4.2.1. resolve to 1.22.2. semver to 7.5.1. simple-git to 3.18.0. unzipper to 0.10.14. uri-js to 4.4.1. vm2 to 3.9.19 and other dev dependencies. Removed aws-appsync and aws-xray-sdk. ioredis to 5.3.1.

  • UI

    • Updated: Updated new login logo and home page logo.
    • Updated: Turbot directory should be created in guardrails.turbot.com.
    • Updated: Turbot directory SSO login should be redirected to there respective guardrails domain.

Note

IAM change in this release:

  • Updated worker lambda to include SES SendEmail permissions.

Turbot Guardrails CLI v1.29.0

Jul 27, 2023

What's new?

  • Rebrand to Turbot Guardrails CLI. We recommend using the new guardrails registries guardrails.turbot.com, guardrails.turbot-stg.com or guardrails.turbot-dev.com to publish a guardrails mod. To maintain compatibility, none of the existing commands have changed, your existing configuration and commands will continue to work as before.

Terraform Provider v1.10.1 is now available

Jul 07, 2023

v1.10.0 of the Terraform Provider for Guardrails is now available.

Documentation

Rebrand to Turbot Guardrails provider. Resource and data source names in this provider have not changed to maintain compatibility. Existing templates will continue to work as-is without need to change anything.

Turbot Guardrails Enterprise (TE) v5.40.11

Jul 05, 2023

What's new?

  • Fixed: Resource details are now correctly included when doing a csv download of the Resources Deleted by Turbot report.

Requires

Container Info

Turbot Guardrails Enterprise (TE) v5.40.8

Jun 23, 2023

What's new?

  • Added: Tagging details now included in CSV download for GCP Compute Engine VM Instances, Azure Compute Virtual Machines, Azure Compute Disks and EBS Volumes report.
  • Added: New filters for Turbot Files and Smart Folders in the resource browser.
  • Updated: Editing a Turbot File via the UI no longer requires the resource AKA to be specified.
  • Fixed: Resource deletion will no longer trigger an increase the count of active controls.

Requires

  • TEF v1.49.0

Container Info

Turbot Guardrails Enterprise (TE) v5.40.10

Jun 23, 2023

What's new?

  • Added: Quick actions are now available for users that only have permission at the account level.
  • Fixed: The resource import page will now function correctly if the AWS mod is not installed.
  • Fixed: Resource deletion will no longer trigger an increase the count of active controls.

Requires

  • TEF v1.49.0

Container Info

Turbot Guardrails Enterprise Database (TED) v1.33.0

Jun 16, 2023

What's new?

  • Added: Postgres version 14.6 and 14.7.

Turbot Guardrails Enterprise (TE) v5.40.7

May 15, 2023

What's new?

  • Added: Ability to specify AKA when creating Turbot File.
  • Updated: Turbot explorer search will show results for Smart Folders and Turbot Files.
  • Fixed: Terraform stack control should not end in error if the data size for command is too large.
  • Fixed: Turbot actions will now be visible for users with grants at the cloud account level.

Enterprise

  • Updated: Added debug statements for createGrant mutations.

Requires

  • TEF v1.49.0

Container Info

Turbot Guardrails Enterprise (TE) v5.40.6

May 15, 2023

Enterprise

  • Changed: Removed long debug statements from stack controls to improve performance of large stacks.
  • Added: Additional logging information emmited while preparing stack container.

Requires

  • TEF v1.49.0

Container Info

Turbot Guardrails Enterprise (TE) v5.40.5

May 09, 2023

What's new?

  • Fixed: Smart retention controls are now a bit smarter.

Enterprise

  • Updated: Resource policy of Events SQS queues now require encryption in transit.
  • Updated: Resource policy of Events SNS topics now require encryption in transit.

Requires

  • TEF v1.49.0

Container Info

  • Ubuntu 22.04, jammy-20230425
  • Alpine: 3.18.0

Turbot Guardrails Enterprise (TE) v5.40.4

May 04, 2023

What's new?

  • Added: debug statement for Smart Retention control.

Requires

  • TEF v1.49.0

Turbot Guardrails Enterprise (TE) v5.40.3

Apr 13, 2023

Server

What's new?

  • Added support for version v5.10.0 of the Turbot IAM mod.
  • Fixed: Adding grants to group profile now works as expected.

Requires

  • TEF v1.49.0

Turbot Guardrails Enterprise Foundation (TEF) v1.49.0

Mar 30, 2023

What's new?

  • Added: New parameter that allows selection of the TLS policy for application load balancers.

Turbot Guardrails Enterprise Database (TED) v1.32.0

Mar 30, 2023

What's new?

  • Added: Parameter to manage KMS Key for RDS Performance Insights.

Turbot Guardrails Enterprise (TE) v5.40.2

Mar 30, 2023

What's new?

  • Updated: Accounts Summary Report now includes resource AKA(s) in the CSV output.
  • Updated: The Turbot auth token cookie SameSite configuration to strict.
  • Updated: The policy setting page to now render HTML content as string.

Enterprise

  • Added: Parameter for TLS Policy for ALB HTTPS Listener.
  • Added: Rate limits to the login directories APIs.

Requires

  • TEF v1.49.0

Turbot Guardrails Enterprise Database (TED) v1.31.0

Mar 22, 2023

What's new?

  • Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.

Turbot Guardrails Enterprise (TE) v5.40.1

Mar 22, 2023

What's new?

  • Added: AWS Lambda Functions report.
  • Updated: Turbot will now use AWS Terraform provider version 3.75.0 when Turbot > Stack Terraform Version [Default] is set to 0.15.*

Bug fixes

  • Fixed: Timestamp display in the console now updates correctly for recently deleted mods.
  • Fixed: When an Action fails due to cloud provider throttling, Turbot will now reschedule the control that triggered the action, those actions should now be more consistently applied under heavy loads.

Note AWS IAM permissions change in this release:

  • Updated: Worker Lambda to include Elasticache permissions to support the Turbot > Cache > Health Check control.
  • Updated: Hive Manager no longer manages the authentication configuration for ElastiCache. This responsibility has shifted to Turbot Guardrails Enterprise Database.

Turbot Guardrails Enterprise Foundation (TEF) v1.48.0

Mar 21, 2023

What's new?

  • Added: Parameter to modify Lambda trigger concurrency.

turbot v5.43.0 - Unused `Turbot > Type Installed > Background Tasks` is now removed

Mar 05, 2023

What's new?

  • Control Types:
    • Unused Turbot > Type Installed > Background Tasks is now removed

Requirements

  • TE: 5.35.4

Turbot Guardrails Enterprise Foundation (TEF) v1.47.0

Mar 01, 2023

What's new?

  • Added: New parameter for attaching a custom security group to each ECS host.
  • Added: New parameter for attaching a custom security group to the TE ALB. Requires TE > v5.40.0.
  • Added: Option added to enable IMDSv2 for ECS hosts.
  • Added: New parameters to specify the size and type of EBS volumes attached to ECS Hosts.
  • Added: New parameter to specify a port for outbound SMTP (if needed).
  • Updated: The db_pair security group now includes Elasticache rules, when Elasticache is enabled.

Deprecation

  • As a result of this change to the db_pair security group, the Elasticache cache_pair security group is no longer required. It will be removed in a future release.

Turbot Guardrails Enterprise (TE) v5.40.0

Mar 01, 2023

Bug fixes

  • Fixed: Improved handling of HTTP "Too Many Requests" (429) errors.

Enterprise

  • Updated: TE Management Lambdas, and ECS Containers will be deployed with the NodeJS 16.x runtime. This change is independent of Mod Lambda runtime versions.
  • Added: If specified in TEF, a custom security group may be assigned to the TE ALB.

Requires

  • TEF v1.47.0

Turbot Guardrails Enterprise Foundation (TEF) v1.46.0

Feb 09, 2023

What's new?

  • Added: Parameter to modify Lambda trigger concurrency

Turbot Guardrails Enterprise (TE) v5.39.12

Feb 09, 2023

Enterprise

  • Added: Parameter for Lambda trigger concurrency.

Requires TEF: v1.46.0 TED: v1.9.1

Turbot Guardrails Enterprise Foundation (TEF) v1.45.0

Feb 02, 2023

What's new?

  • Added: SSM parameter for events DLQ and worker retry reserved concurrency.

Turbot Guardrails Enterprise (TE) v5.39.11

Feb 02, 2023

Bug fixes

  • Fixed: Issue that could prevent indexes from being recreated after being dropped.
  • Fixed: Issue with safeGet() function that could prevent reports from rendering in the UI.
  • Fixed: Ansible task and service now created correctly created for Ansible version 2.10.7.

Enterprise

  • Added: Support for trigger concurrency in worker and events lamda functions.

Requires TEF: v1.45.0 TED: v1.9.1

Turbot Guardrails Enterprise Foundation (TEF) v1.44.0

Jan 19, 2023

What's new?

  • New: Turbot's autoscale group configuration has switched from launch templates to launch configurations.
  • Added: Parameter to select Lambda function runtime version.
  • Added: Encryption in transit policy for SNS topics and SQS queues.
  • Updated: Changed EBS volume storage type to gp3.

Turbot Guardrails Enterprise (TE) v5.39.10

Jan 17, 2023

What's new?

  • Fixed: Activity page should display alternatePersona in the actor field if available.

Bug fixes

  • Fixed: AWS EC2 Instance report now runs more reliably.
  • Updated: Improved the performance of the Activity page.

Enterprise

  • Added: Encryption in transit policy for SNS topics and SQS queues in the Turbot Master account.
  • Updated: Removed the deleted control historical records from control_usage table.
  • Updated: vm2 package to 3.9.11 in the ECS containers.

Turbot Guardrails Enterprise (TE) v5.39.9

Dec 19, 2022

What's new?

  • Added: Support to import Azure China Cloud subscriptions.
  • Added: Support for Azure China Cloud endpoints.

Bug fixes

  • Updated: Increased reliability of policy value application when attaching a smartfolder.

Enterprise

  • Updated: Removed Xray configuration from Postgres pool, as it was not being used.
  • Updated: vm2 in main package.json updated to 3.9.11.
  • Updated: Maintenance container base image to node:14-alpine3.17.

Requires TEF: v1.42.1 TED: v1.9.1

Turbot Guardrails Enterprise Database (TED) v1.28.0

Dec 09, 2022

What's new?

  • Added: Support for Postgres versions: 13.8, 14.1, 14.2, 14.3, 14.4, 14.5.
  • Added: Support for Redis 7.0.
  • Added: Support for RDS gp3 disk types.

Turbot Guardrails CLI v1.28.6

Nov 29, 2022

Bug fixes

  • Add role as a valid level to generate temporary credentials for roles.

Turbot Guardrails Enterprise (TE) v5.39.8

Nov 23, 2022

Bug fixes

  • Updated: Query for resource notifications to improve performance when using the Activity sub-tab on the resource page.
  • Updated: Improved logic used to determine when to run maintenance control for stale policy values.
  • Updated: Mod install controlls will now use the standard worker queue instead of worker_priority queue to allow other actions to take priority during mod installs.

Enterprise

  • Updated: Updated Ubuntu vm2 package to version 3.9.11. to resolve CVE-2022-36067.
  • Updated: Message retetion period of events priority queue changed to 96 hours.

Requires TEF: v1.42.1 TED: v1.9.1

Turbot Guardrails Enterprise Foundation (TEF) v1.43.0

Nov 16, 2022

What's new?

  • Added: support for TLS 1.2 for API Gateway

Turbot Guardrails Enterprise (TE) v5.39.7

Nov 08, 2022

Bug fixes

  • Added: Btree aka index for akas_history and akas table. The Activity Tab should show improved performance.

Requires TEF: v1.42.1 TED: v1.9.1

Turbot Guardrails Enterprise (TE) v5.39.6

Oct 25, 2022

Bug fixes

  • Fixed: Downloading the csv for EC2 > Instance > Report should not fail.

Enterprise

  • Added: ability to run async/callback in control's inline.
  • Added: Ability to move control to priority queue.
  • Updated: mute noisy log if unable to get process log data from S3.

Requires TEF: v1.42.1 TED: v1.9.1

Turbot Guardrails Enterprise Database (TED) v1.27.0

Oct 06, 2022

What's new?

  • Added: Postgres version 13.7 to RDS engine parameter.
  • Added: Tags to elasticache resources.

Turbot Guardrails Enterprise (TE) v5.39.5

Sep 06, 2022

Bug fixes

  • Updated: Local Profiles and Group Profiles filter now use free text search instead of akas matches.
  • Updated: Installing a mod using the CLI now runs faster, reducing the likelyhood of a timeout.
  • Fixed: Quick actions menu will no longer show actions from child resources.

Enterprise

  • Added: Support for workspace URL in Turbot > Workspace > Workspace URL policy.

Requires TEF: v1.42.1 TED: v1.9.1

Turbot Guardrails Enterprise Foundation (TEF) v1.42.0

Aug 25, 2022

What's new?

  • Added: SSM parameter for Process Log Fallback Bucket.

Turbot Guardrails Enterprise (TE) v5.39.4

Aug 25, 2022

Bug fixes

  • Fixed: Resolved issue where EC2 instance report would fail to run.
  • Fixed: Permissions summary report now works for users without permissions at the root level.

Enterprise

  • Added: allow an alternative process log bucket to be provided to read from an older bucket.
  • Updated: Ansible container base image to Ubuntu 22.10 (Kinetic Kudu)
  • Updated: Ansible version to 2.10.7
  • Updated: Docker base images of API and Factory to ubuntu 22.

Requires TEF: v1.42.1 TED: v1.9.1

Turbot Guardrails Enterprise (TE) v5.39.3

Aug 08, 2022

Bug fixes

  • Fixed: Apollo UI behaves properly when setting backoff interval of an action.
  • Fixed: Actor display information will now fallback to unidentified if persona and identity are not available.
  • Updated: UI will now use the actor information of the process (if supplied) for Policy Setting CRUD operations.
  • Updated: Action runs now carry the identity of its launcher. This changes the way notifications are presented. Previously notifications from an action showed as Unidentified, now they will carry the identity of the launcher, most of the time this will be the Turbot identity unless the action is launched by a user from Turbot UI.

Enterprise

  • Updated: Linux Environment control to support version 3 of SELinux Python bindings

Turbot Guardrails Enterprise (TE) v5.39.2

Jul 27, 2022

Enterprise

  • Updated: Improved Ansible container error handling

UI

  • Added: Mutation resolver for quick action and steampipe query in the developer tab.
  • Added: Add support to execute quick action via URL.

Turbot Guardrails Enterprise (TE) v5.39.1

Jul 13, 2022

Enterprise

  • Fixed: Control type should only trigger the control if there is a change in graphql/inline/function.

Turbot Guardrails Enterprise (TE) v5.39.0

Jul 05, 2022

What's new?

  • New Feature: Quick Actions
  • Updated: graphiql to 1.4.5

Quick Actions Quick Actions is a new feature that allows Turbot users to initaite specific (one time) control enforcements on their cloud environment via the Turbot UI. Cloud operations teams can use Quick Actions to remediate cloud configuration issues (e.g. enable encryption on a resource) or snooze Turbot alarms for issues that we want to come back to later. More details in the documentation. Quick actions will be rolling out across all supported cloud services in the coming months (based on your feedback); this initial release covers resources in the following AWS mods:

  • cloudtrail
  • ec2
  • kms
  • lambda
  • rds
  • s3
  • sns
  • sqs
  • vpc

Disabling the Quick Actions feature

  • Quick Actions use the permissions granted to the Turbot service user or cross-account role used to import your cloud service account into Turbot. Execution of quick actions will fail if the underlying role prevents those actions from occuring.

  • The Quick Actions feature is disabled by default, but can easily be enabled via the Turbot > Quick Actions > Enabled policy. If you would like to prevent lower level Turbot administrators from enabling Quick Actions for their cloud service accounts, then make sure you set Turbot > Quick Actions > Enabled to Disabled at the Turbot level using the Required option.

  • The policy Turbot > Quick Actions > Permission Levels offers fine-grained control over which Turbot permission levels are required to execute specific quick actions. These permission limits can be set globally and specific exceptions can be managed down to the individual cloud service account level.

Enterprise

  • Split package dependencies between Server and UI so they can use independent versions of GraphQL.

Turbot Guardrails CLI v1.28.5

Jun 30, 2022

Bug fixes

  • CLI failed to download latest mod versions automatically for mods with version < 5.0.0.
  • turbot completion command was displayed twice on running turbot help.

Turbot Guardrails CLI v1.28.4

Jun 07, 2022

Bug fixes

  • CLI failed to install dependencies for a mod with more than 26 dependencies.

Turbot Guardrails Enterprise Foundation (TEF) v1.41.0

Jun 06, 2022

What's new?

  • Added: new IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
  • Added: parameter for Worker Priority and Events Tick Lambda Reserved Concurrency.
  • Added: EC2 ECS host recycling using parameter.

Bug fixes

  • Fixed: ECS Rolling update.
  • Fixed: Condition of Foundation Key to prevent its creation if TEFKmsKey parameter value is specified.

There are IAM changes in this release:

  • New IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
  • New IAM roles for ECS Rolling Update.

Turbot Guardrails Enterprise Database (TED) v1.26.0

May 18, 2022

What's new?

  • Updated: GovCloud certificate to rds-ca-rsa4096-g1.

Turbot Guardrails Enterprise Foundation (TEF) v1.40.0

Apr 29, 2022

What's new?

  • Added: Parameter to limit the URL where the API Gateway Lambda can forward to. This should be a regular expression of valid workspace URLs.
  • Updated: TEF KMS Key parameter name changed to TEF KMS Key Arn.
  • Updated: Enforce HTTPS access for S3 buckets created by TEF.

Turbot Guardrails Enterprise Database (TED) v1.25.0

Apr 29, 2022

What's new?

  • Updated: Enforce HTTPS access for S3 buckets created by TED.
  • Added: Postgres versions 11.12, 11.13, 11.14, 11.15, 12.7, 12.8, 12.9, 12.10, 13.3, 13.4, 13.5 and 13.6.

Turbot Guardrails Enterprise Foundation (TEF) v1.39.1

Apr 08, 2022

What's new?

  • Added: Parameter for Alb WAF option. (Default is disabled)
  • Added: Parameter for Mods Cleanup.

Turbot Guardrails Enterprise Database (TED) v1.30.0

Mar 01, 2022

What's new?

  • Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.

1.30.0 [2022-03-01]

What's new?

  • Updated: Elasticache now uses the db_pair security group from TEF 1.47.0.
  • Fixed: The Cloudformation Hive custom resource used to depend on Elasticache when it shouldn't have in environments without Elasticache deployed.

Deprecation

  • As a result of this change to the db_pair security group, the Elasticache cache_pair security group is no longer required. It will be removed in a future release.

Requirements

  • TEF v1.47.0

Turbot Guardrails Enterprise Foundation (TEF) v1.38.0

Feb 28, 2022

What's new?

  • Added: Parameters for Api and Events Container Scaling metrics, and threshold values for CPU Utilization.
  • Added: Parameter to allow import of Foundation KMS Key.
  • Updated: Set DeletionPolicy of FoundationKey to Retain.

Turbot Guardrails Enterprise Foundation (TEF) v1.37.0

Feb 11, 2022

What's new?

  • Added: Parameters for ECS Factory Task hard limit and soft limit on memory.

Turbot Guardrails Enterprise Foundation (TEF) v1.36.0

Feb 07, 2022

Warning

  • There are IAM changes in this release.

What's new?

  • Updated: Condition for HiveManagerExecutionRole.
  • Updated: TurbotParameters and TurbotSnsSqsPolicyParameterLambda to include variables for Proxy setting.
  • Removed: MskManagerExecutionRole role from custom iam role template.

Turbot Guardrails Enterprise Database (TED) v1.24.0

Feb 07, 2022

What's new?

  • Added: Postgres version 13.5 to RDS engine parameter.
  • Fixed: Replication group setting to enable Data Tiering for r6gd node type.

Turbot Guardrails Enterprise Database (TED) v1.29.0

Feb 02, 2022

What's new?

  • Added: Postgres version 12.11 and 12.12.
  • Updated: PerformanceInsights description.
  • Updated: Default storage type to gp3. More info on using gp3
  • Updated: Hive custom resource depends on to include Elasticache cluster and parameter group and add ParameterDeploymentTrigger.

Turbot Guardrails Enterprise Database (TED) v1.23.0

Jan 04, 2022

What's new?

  • Added: r6gd node type option for Elasticache.

Turbot Guardrails Enterprise Database (TED) v1.22.2

Nov 25, 2021

What's new?

  • Updated: Backup Service Role to include kms Grant permissions for CopyDBSnapshot operation.

Turbot Guardrails Enterprise Database (TED) v1.22.1

Nov 03, 2021

What's new?

  • Updated: Backup Service Role to include kms permissions.

Turbot Guardrails Enterprise Foundation (TEF) v1.35.0

Oct 22, 2021

What's new?

  • Added: VPC Endpoint for s3 to reduce NAT Gateway cost.
  • Updated: API and Events container scaling by replacing hardcoded values with parameters.
  • Updated: Outbound, Api and Database security groups so that they are created for Predefined VPC if custom security groups are not mentioned.
  • Updated: default value of LogRetentionDays parameter changed to 180.

Turbot Guardrails Enterprise Database (TED) v1.22.0

Oct 22, 2021

What's new?

  • Added: Postgres version 13.3, 13.4 to RDS engine parameter.
  • Fixed: Cloudwatch alarms to use correct db identifier when hive name has _ in it.
  • Updated: Default database system backup to 7 days.
  • Updated: AWS Backup Service role to allow copying of RDS snapshots.
  • Updated: Cloudwatch alarms for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage for multi-node architectures.
  • Updated: Dashboard to move read-replica stats to right axis and that of primary to the left.
  • Updated: Dashboard to add Total IOPS metrics.

Turbot Guardrails Enterprise Foundation (TEF) v1.34.1

Jul 02, 2021

Warning

  • There are IAM changes in this release for the turbot_policy_parameter.

Bug fixes

  • TE Build ID was misconfigured causing TEF to build unsuccessfully, this has now been corrected and TEF builds as expected.

Turbot Guardrails Enterprise Database (TED) v1.21.1

Jun 25, 2021

What's new?

  • Minimum DB size is now 50GB, default size is 200GB.

Requirements

  • TEF v1.31.2

Turbot Guardrails Enterprise Foundation (TEF) v1.34.0

Jun 16, 2021

Warning

  • There are IAM changes in this release for the turbot_policy_parameter.

What's new?

  • Turbot Security Group is added and includes rules for Ansible and LDAP. The security group is intended for additional rules to be added under feature flags. Note: the existing LDAP and Ansible security groups will remain for older TE versions.
  • Dashboard for ECS Cluster metrics is now added.
  • Autoscaling parameters were added for the Events Service.
  • ElastiCache Security Groups and Subnet Groups are now added to the overrides template.
  • TEF Workspace Manager now prevents users from changing the workspace name.
  • OSGuardrail parameter location from Advanced - OS Guardrails to Advanced - Deployment Group.
  • turbot_parameters and turbot_policy_parameter lambda functions now include VPC config.
  • turbot_policy_parameter IAM Role now includes EC2 network interfaces policy.
  • Improved input validation to not allow blank values.

Turbot Guardrails Enterprise Database (TED) v1.21.0

Jun 16, 2021

What's new?

  • CloudWatch Alarms and Dashboards are added for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage.
  • ElastiCache Instance Type can now be specified in the template.
  • Read replica parameter default is now set to false.

Requirements

  • TEF v1.31.2

Turbot Guardrails Enterprise Database (TED) v1.20.1

May 06, 2021

What's new?

  • DB parameter group support for 11.10, 11.11, 12.6 and 13.2.
  • Postgres version 13.2 is now the default selection.

Requirements

  • TEF v1.31.2

Turbot Guardrails Enterprise Database (TED) v1.20.0

Apr 28, 2021

What's new?

  • Shared_buffers parameter added for DB parameter group.
  • Postgres version 13.1 is now the default selection.
  • Postgres wal_keep_size default size is now 2048 (RDS Postgres default).
  • Turbot database default size is now 250GB.
  • Storage autoscale threshold default is now 1TB. For new TED installations only!

Requirements

  • TEF v1.31.2

Turbot Guardrails CLI v1.28.3

Apr 15, 2021

Bug fixes

  • Invalid module reference fixed - this was causing turbot template build to fail.

Turbot Guardrails CLI v1.28.2

Apr 13, 2021

Bug fixes

  • template build was loading the lock-file from the base branch to determine the current template version. When using a work-in-progress (wip) branch, this could lead to identifying an incorrect current version, leading to rebasing errors. Fix by loading the lock file from the wip branch.

Turbot Guardrails Enterprise Foundation (TEF) v1.33.0

Apr 02, 2021

What's new?

  • S3 bucket lifecycle rule added to the mods processing log bucket.
  • Optional AWS Security Group added to be used for connecting to LDAP server.
  • S3 inventory reports will no longer generate in the TEF Process Logs bucket.
  • Updated process log bucket lifecycle configurations to remove /debug/ rules.
  • Runtime has been updated to Node 14 for all Turbot Core deployed Lambda functions.

Turbot Guardrails Enterprise Database (TED) v1.19.0

Apr 02, 2021

What's new?

  • Postgres version 13.1. For new TED installations only!
  • ElastiCache replication groups now support multi nodes.cluster mode.

Bug fixes

  • Hive Log Bucket lifecycle configurations now delete all objects.

Requirements

  • TEF v1.31.2

Turbot Guardrails Enterprise Database (TED) v1.18.1

Mar 08, 2021

Bug fixes

  • Dependency issue with the HiveKey.

Requirements

  • TEF v1.31.2

Turbot Guardrails Enterprise Foundation (TEF) v1.32.0

Mar 04, 2021

What's new?

  • OSGuardrails feature flag, adding security groups and SSM parameters as required.
  • HealthCheckProxyLambda runtime updated from 2.7 to 3.8.

Turbot Guardrails Enterprise Database (TED) v1.18.0

Mar 04, 2021

What's new?

  • Postgres version 12.5. For new TED installations only!
  • Parameter Group support for both 11.x and 12.x.

Bug fixes

  • Cache cluster parameter passed to Hive Manager should also convert underscore to hyphen.
  • Allow default encryption for ElastiCache for use in GovCloud (which does not support CMK).

Requirements

  • TEF v1.31.2

Turbot Guardrails CLI v1.28.1

Mar 04, 2021

Bug fixes

  • Fixed CLI packaging error required for proper v1.28.0 installation.

Turbot Guardrails CLI v1.28.0

Mar 03, 2021

Bug fixes

  • turbot template build now cleans up branches after a rebase failure.

Turbot Guardrails Enterprise Foundation (TEF) v1.31.3

Jan 28, 2021

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Fix and republish a corrupt portfolio build artifact.

Turbot Guardrails Enterprise Database (TED) v1.17.2

Jan 28, 2021

Bug fixes

  • AWS Backup Vault name format issue.

Requirements

  • TEF v1.31.2

Turbot Guardrails Enterprise Foundation (TEF) v1.31.2

Jan 27, 2021

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Hive Manager should convert underscore to hyphen when creating Redis group (from TE).

Turbot Guardrails Enterprise Foundation (TEF) v1.31.1

Jan 25, 2021

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Hive Manager should convert underscore to hyphen when creating Redis user (from TE).

Turbot Guardrails Enterprise Database (TED) v1.17.1

Jan 25, 2021

Bug fixes

  • ElastiCache Redis cluster name should convert underscores to hyphens.

Requirements

  • TEF v1.31.2

Turbot Guardrails Enterprise Foundation (TEF) v1.31.0

Jan 22, 2021

Warning

  • IAM permissions updated.

What's new?

  • ElastiCache Redis is now enabled by default.
  • Parameters - Mod Lambda function limits.
  • Parameters - Worker Lambda configuration, allowing reuse across TE versions.
  • CloudWatch Alarms for SQS ApproximateAgeOfOldestMessage.

Turbot Guardrails Enterprise Database (TED) v1.17.0

Jan 22, 2021

What's new?

  • ElastiCache Redis is now enabled by default.

Bug fixes

  • Postgres 11.9 is now available for the read replica as well.
  • ElastiCache Redis cluster should be created with the hive name rather than just resource name prefix.
  • AWS Backup Vault deletion policy is now set to retain.

Requirements

  • TEF v1.31.2

Turbot Guardrails CLI v1.27.0

Dec 07, 2020

What's new?

  • turbot template build --rebase command now cleans up the work in progress branch if the template render fails.

Bug fixes

  • turbot template build --rebase command was failing to re-apply manual changes.
  • turbot template build --fleet-mode would stop building all branches if a single one failed.

Turbot Guardrails Enterprise Foundation (TEF) v1.30.1

Nov 26, 2020

Bug fixes

  • Fixed: Code of s3BucketArnLambda to fix s3 permission.

Turbot Guardrails Enterprise Foundation (TEF) v1.30.0

Nov 20, 2020

What's new?

  • Hive Manager and Workspace Manager runtime updated to node 12.

Bug fixes

  • Install Hive Manager in all regions, not just the Alpha region.

Turbot Guardrails Enterprise Database (TED) v1.15.0

Nov 20, 2020

What's new?

  • Added latest RDS DB instance types.
  • Experimental ElastiCache: Configure use of Redis 6.x Access Control Lists.
  • Experimental ElastiCache: Also install Hive Manager in the replica region, for Redis management.

Requirements

  • TEF v1.30.0

Turbot Guardrails Enterprise Foundation (TEF) v1.29.0

Nov 12, 2020

Warning

  • IAM permissions updated.

What's new?

  • New turbot_transient KMS key specifically used for encryption of transient data (e.g. SNS, SQS).
  • Tightened IAM access policies to Turbot's own S3 buckets.
  • Hive Manager is now permitted IAM access to manage ElastiCache.
  • Added ListBucket permission to WorkspaceManager role so head object calls will return 404 instead of 403.

Bug fixes

  • Event Proxy Lambda must be installed in the subnet where Load Balancers are installed (by TE).

Turbot Guardrails CLI v1.26.0

Nov 12, 2020

What's new?

  • turbot compose (used by all CLI commands that compose mods) now omits the releaseNotes field from turbot.head.json. It is still included in turbot.dist.json.
  • turbot template has a new --unchanged-issue <issue_id> argument. When a template build operation commits changes to git, if no files have actually changed then the commit message will use this issue instead of the normal --issue <issue_id> field. The commit message will also specify "no changes".

Turbot Guardrails CLI v1.25.0

Nov 02, 2020

What's new?

  • turbot publish has a new --timeout <secs> argument to customize the publish timeout. The default has been increased to 2 minutes.
  • Use turbot template build --issue 1234 --close-issue will set the commit message to close the issue.

Bug fixes

  • turbot test should not fail with the the error TypeError: tmod.parse is not a function.

Turbot Guardrails Enterprise Foundation (TEF) v1.28.0

Oct 26, 2020

Warning

  • IAM permissions updated.

What's new?

  • Further refined our IAM permissions for S3 bucket access, with a focus on removing more wildcards. It was already good, but now it's better.

Bug fixes

  • Made the ElastiCache network infrastructure optional through Development Mode. It was harmless, but not necessary unless ElastiCache is enabled in TED.
  • Moved policy parameter role into the IAM stacks, where it belongs.

Turbot Guardrails Enterprise Database (TED) v1.14.2

Oct 23, 2020

Bug fixes

  • Databases should never automatically upgrade their minor or major versions. Doing so takes the database out of sync with the CloudFormation stack, leading to upgrade rollbacks. We've deliberately removed these options and set the auto-update to false.

Requirements

  • TEF v1.25.0

Turbot Guardrails CLI v1.24.3

Oct 23, 2020

Bug fixes

  • turbot template build --patch --push-instance-root command failed to push changes to the wip branch.

Turbot Guardrails Enterprise Database (TED) v1.14.1

Oct 21, 2020

What's new?

  • Changes to the Turbot audit trail log group in v1.14.0 forced a name change, which is difficult for customers with integrations. This version removes that requirement, so existing installs keep their original log group name.

Bug fixes

  • Required TEF version dropped back down to TEF v1.25.0. v1.27.0 is only required if you are setting up the experimental ElastiCache features.

Requirements

  • TEF v1.25.0

Turbot Guardrails Enterprise Foundation (TEF) v1.27.0

Oct 14, 2020

What's new?

  • Reclaimed the ECSDesiredInstanceCount parameter, which now defaults to using ECSMinInstanceCount instead. This frees up a precious parameter slot for other options.
  • Added the DevelopmentMode parameter for internal use, which groups options like using the latest container image (instead of cached).
  • For environments with ElastiCache enabled in TED, cache subnet group and security groups have been added.

Turbot Guardrails Enterprise Database (TED) v1.14.0

Oct 14, 2020

What's new?

  • The deletion policy for the DB Parameter Group is now set to Retain.
  • New installations will now add the stack ID to the audit trail log group, making it easier to re-install TED multiple times in testing / setup.
  • New ExperimentalFeatures flag, allowing gradual introduction of new capabilities. The first one is installation of ElastiCache preparing for future use in TE.

Requirements

  • TEF v1.27.0

Turbot Guardrails CLI v1.24.2

Oct 07, 2020

Bug fixes

  • turbot pack and turbot publish were failing to run pre-pack script when --dir arg is used.

Turbot Guardrails CLI v1.24.1

Oct 06, 2020

Bug fixes

  • turbot inspect should give a clear error message for invalid templates.

Turbot Guardrails CLI v1.24.0

Oct 05, 2020

Bug fixes

  • turbot inspect --format changelog should properly escape CSV fields with commas.

Turbot Guardrails Enterprise Foundation (TEF) v1.26.3

Oct 01, 2020

Bug fixes

  • Error handling in workspace pre-install checker.

Turbot Guardrails Enterprise Foundation (TEF) v1.26.2

Oct 01, 2020

Bug fixes

  • Error handling in workspace pre-install checker.

Turbot Guardrails Enterprise Foundation (TEF) v1.26.1

Sep 30, 2020

Bug fixes

  • ECS Agent should attempt to use the locally cached image, which dramatically reduces disk IO and download bandwidth.
  • Upgrade via CloudFormation had a race condition in our custom resource Lambda functions that could be triggered when doing a large number of upgrades or rollbacks in parallel.

Turbot Guardrails Enterprise Foundation (TEF) v1.26.0

Sep 24, 2020

Bug fixes

  • When a custom outbound access security group is specified in the TEF template do not create the {prefix}_outbound_internet_security_group or the {prefix}_{version}_outbound_internet_security_group.

Turbot Guardrails Enterprise Foundation (TEF) v1.25.0

Sep 22, 2020

What's new?

  • Ability to restrict SNS topic and SQS queue access based on Organization Id.

Turbot Guardrails Enterprise Database (TED) v1.13.0

Sep 22, 2020
  • Added: support to restrict access to SNS topic and SQS queue based on the Organization Id.

Requirements

  • TEF v1.25.0

Turbot Guardrails Enterprise Database (TED) v1.12.0

Sep 21, 2020

What's new?

  • Added: Encryption to SNS Topic for Dashboard.
  • Updated: TED Stack - changed R/W IOPS metrics from line to stacked area, changed Transaction ID Wraparound Monitor threshold to 2 billion.
  • Fixed: Description and Typo (Duraction to Duration, Actiond to Action).

Requirements

  • TEF v1.22.1

Turbot Guardrails CLI v1.23.0

Sep 18, 2020

What's new?

  • turbot install - checks if a compatible version of each dependency is already installed. If so, it is does not install from the registry unless there is a newer version available.
  • turbot template build --rebase rebuilds templates while using rebase to better merge and preserve custom changes to the rendered files since the last build.

Turbot Guardrails CLI v1.22.0

Sep 07, 2020

What's new?

  • Show a progress bar during long running operations.

Turbot Guardrails Enterprise Foundation (TEF) v1.24.0

Aug 21, 2020

Warning

  • IAM permissions updated.

Bug fixes

  • The (optional) API Gateway to proxy external events to the internal Turbot load balancer was returning error codes (5xx) all queries even though it worked successfully. This could lead to retries of the message (which were not processed due to our duplicate detection). Errors in both the event handler and the health check have been cleared.

Turbot Guardrails CLI v1.21.0

Aug 20, 2020

What's new?

  • Improved error messages for failed queries like authentication, network connectivity, etc.
  • Update credentials precedence to prioritise specific credentials (key, secretKey and workspace) over profile.

Bug fixes

  • turbot configure fails when no command line credentials arguments are given but they set in environment
  • turbot workspace list should ignore TURBOT_PROFILE env var and only filter profiles if one is given in command line.
  • turbot download should fall back to use the production registry if the user is not logged in.

Turbot Guardrails CLI v1.20.1

Jul 31, 2020

Bug fixes

  • Exceptions from the pre-pack script in turbot pack were not caught and reported correctly.

Turbot Guardrails CLI v1.20.0

Jul 30, 2020

What's new?

  • Improved error messages for turbot pack, turbot up and turbot publish for faster troubleshooting.

Bug fixes

  • turbot graphql queries for control, policy-value, etc were not properly handling the --resource-id and --resource-aka arguments.

Turbot Guardrails CLI v1.19.3

Jul 30, 2020

Bug fixes

  • turbot configure was failing for some Windows users when used in interactive mode.

Turbot Guardrails Enterprise Foundation (TEF) v1.23.0

Jul 22, 2020

What's new?

  • Updated Workspace Manager permissions for SSM policy lookups and reading S3 data for access to the TE workspace manager Lambda results.

Turbot Guardrails CLI v1.19.2

Jul 20, 2020

Bug fixes

  • turbot configure was always failing validation when using interactive mode to enter credentials.

Turbot Guardrails CLI v1.19.1

Jul 20, 2020

Bug fixes

  • turbot install [mod] was not working. You can now install specific mods as expected.

Turbot Guardrails CLI v1.19.0

Jul 16, 2020

What's new?

  • Use turbot install [mod[@version]] to install a specific mod as a local dependency.
  • Credentials passed to turbot workspace configure are now validated before saving, so you can be confident they are good to go.

Turbot Guardrails CLI v1.18.1

Jul 10, 2020

What's new?

  • Use turbot workspace list to see a list of your currently configured workspaces.
  • turbot workspace configure added, with the same behavior as turbot configure.

Bug fixes

  • turbot test was failing for some GCP controls due to an update in the GCP auth library package. This has been fixed.

Turbot Guardrails CLI v1.18.0

Jul 10, 2020

See v1.18.1

Turbot Guardrails Enterprise Foundation (TEF) v1.22.1

Jul 07, 2020

Bug fixes

  • As part of preparing for connection pooling, the hive manager included steps to initialize multiple database roles. These are not yet in use so have been removed.

Turbot Guardrails Enterprise Database (TED) v1.11.0

Jul 07, 2020

What's new?

  • As part of preparing for connection pooling, the hive manager included steps to initialize multiple database roles. These are not yet in use so have been removed.

Requirements

  • TEF v1.22.1

Turbot Guardrails Enterprise Foundation (TEF) v1.22.0

Jul 06, 2020

What's new?

  • The default browser facing security group (used by the load balancer) is now open on port 80, so HTTP traffic can be automatically redirected to HTTPS at the load balancer level.
  • Expanded EC2 instance type options, and changed the default to t3.medium.
  • Changed the default maximum limit for ECS hosts from 64 to a more sensible, but still generous, 8.
  • Further restricted permissions to EC2 hosts, limiting the accessible resources as much as possible.

Turbot Guardrails Enterprise Foundation (TEF) v1.21.0

Jun 19, 2020

What's new?

  • Introducing a new parameter model in TEF, allowing parameter "overrides" to be optionally set in SSM. Turbot creates default parameters, but will automatically detect any overrides you create during the stack run. This allows us to expand beyond the 60 parameter limit of CloudFormation.
  • Each Turbot version installs minimal IAM policies and roles specific to its requirements. Some customers prefer more control over IAM management, so we now support BYO-IAM with parameters for all IAM entities required in the Turbot primary account.
  • Added parameters to optionally set the ALB Log Prefix and ALB Idle Timeout.
  • TEF will now perform a rolling update of the EC2 hosts if required due to launch configuration changes, ensuring no downtime during upgrades.
  • Allow preinstall check Lambda function to use VPC from non-VPC setting.

Turbot Guardrails Enterprise Database (TED) v1.10.0

Jun 19, 2020

What's new?

  • Parameter groups created in GovCloud do not support newer parameters, unless a new parameter group is created (Note: AWS Commerical accounts were not affected by this). This blocks some existing customers from upgrading their TED stack. Because parameter group changes require a reboot (downtime), and most customers do not require this change, we've made it an optional parameter in the stack to force the change as required.
  • Default storage allocation for new installs is now 1TB (up from 100GB).

Requirements

  • TEF v1.19.1

Turbot Guardrails Enterprise Foundation (TEF) v1.20.0

May 29, 2020

What's new?

  • Added 169.254.170.2 to the default NO_PROXY parameter. This is required for stack containers to execute in some proxy environments.

Turbot Guardrails CLI v1.17.3

May 21, 2020

Bug fixes

  • turbot install was attempting to install the latest version, which would fail if that version was not available or recommended. It will now install the latest recommended version, or if none are recommended, the latest available version.

Turbot Guardrails Enterprise Foundation (TEF) v1.19.1

May 20, 2020

Bug fixes

  • Network Interface permissions added in v1.19.0 are low risk, but have been tightened further to only be granted in environments running Lambda inside the VPC.

Turbot Guardrails Enterprise Database (TED) v1.9.1

May 19, 2020

Bug fixes

  • v1.9.0 introduced a mix of names between preinstall and preinstallation which felt messy. This patch release brought to you by our clean up crew.

Requirements

  • TEF v1.19.1

Turbot Guardrails Enterprise Foundation (TEF) v1.19.0

May 18, 2020

What's new?

  • TED and TE are being enhanced to automatically check that their required versions of TEF and TED are installed. The Lambda function they use for that check (custom resource during the CloudFormation stack run) is deployed in TEF, and added in this release.
  • Turbot Guardrails Enterprise uses a lot of Lambda functions to execute mod code. For organizations who prefer more visibility into network traffic, we're adding support to run these functions inside the VPC. This version of TEF expands the IAM permissions granted to Lambda functions with the minimum required to attach Network Interface cards.

Turbot Guardrails Enterprise Database (TED) v1.9.0

May 18, 2020

What's new?

  • TED now automatically checks the required TEF version is installed. If not, the TED stack will automatically rollback allowing you to upgrade TEF first.

Requirements

  • TEF v1.19.1

Turbot Guardrails Enterprise Foundation (TEF) v1.18.1

May 14, 2020

What's new?

  • Flags parameter now has validation rules and defaults to NONE (CloudFormation does not like empty string defaults for SSM parameters).

Turbot Guardrails Enterprise Foundation (TEF) v1.18.0

May 14, 2020

What's new?

  • Flags parameter will allow features to be enabled or disabled at the installation level giving us more flexibility to innovate and gradually deploy features.

Turbot Guardrails Enterprise Database (TED) v1.8.0

May 14, 2020

Warning

  • The default for TrackFunctions in v1.7.0 was pl. Consider changing this to none (the new, more common, default in v1.8.0) if you don't require that tracking.

What's new?

  • Process log data collected by Turbot is being moved into TED level management. This better aligns with our model of data separation and encryption. This version adds S3 buckets with encryption and lifecycle rules to start accepting that (and other future) data.
  • If the master password is an empty string then Turbot will reset it automatically when required. The default was previously blank, requiring the parameter to be set (even if to empty string). This was difficult to understand and implement for those automating TED configuration. We now default to the empty string.
  • Added new DB instance size option of m5.8xlarge.

Bug fixes

  • Resource names related to metric collection, alarms and dashboards have been updated to use the ResourceName prefix. This aligns them with all other TED resources and makes it easier to track or target them with local rules.

Turbot Guardrails Enterprise Foundation (TEF) v1.17.0

May 12, 2020

What's new?

  • Moved to ECS optimized Amazon Linux 2 as our host OS for containers. (Previously we used ECS optimized Amazon Linux 1.)
  • Expanded proxy server support, particularly through the ECS bootstrap sequence. We now support HTTP and HTTPS requests being routed to a http:// proxy for all traffic - no need for endpoints or similar in any case. (We do not yet support custom certificates and https:// proxies.)
  • TEF now publishes an SSM parameter with the currently installed version, which will be used in the future to check version compatibility during TED and TE upgrades.

Turbot Guardrails CLI v1.17.2

May 11, 2020

Bug fixes

  • The build of v1.17.1 was not properly published, leading to confusion and mixed installs. This release is identical, but properly distributed.

Turbot Guardrails CLI v1.17.1

May 07, 2020

Bug fixes

  • Remove the explicit default value for force-recommended as this causes issues when using the yargs conflicts parameter.

Turbot Guardrails CLI v1.17.0

May 07, 2020

What's new?

  • Mod authors often want to set their new version as RECOMMENDED in the registry, telling users it's the best choice. Use turbot publish --force-recommended and turbot modify --force-recommended to mark this version as RECOMMENDED and set all currently recommended versions to AVAILABLE.

Bug fixes

  • turbot test was showing incorrect test data validation errors, due to a graphql schema change that had not been handled by the CLI.

Turbot Guardrails Enterprise Foundation (TEF) v1.16.0

May 05, 2020

What's new?

  • Allow Self-Signed Certificate parameter, instructing Turbot to ignore certificate errors when connecting to external services - for example - enterprise environments with an outbound internet proxy.
  • S3 bucket inventory has been enabled, setting us up for future batch operations on collections of log files.
  • Updated lifecycle rules to clean deleted versions of debug logs and match changes to the prefix of log files.

Turbot Guardrails Enterprise Foundation (TEF) v1.15.0

May 01, 2020

What's new?

  • Added a "connectivity test" lambda function, making it easier to verify that an environment has the necessary network setup. Run ${ResourceNamePrefix}_connectivity_checker manually to test.
  • Improved descriptions for the Installation Domain and Turbot Certificate ARN parameters.

Turbot Guardrails CLI v1.16.0

Apr 30, 2020

What's new?

  • turbot inspect now enforces valid semantic versions in mod version numbers. We admire your creativity, but encourage you to express it elsewhere.

Bug fixes

  • Fixed turbot up --zip, which broke during a dependency update.

Turbot Guardrails Enterprise Foundation (TEF) v1.14.0

Apr 24, 2020

What's new?

  • Turbot License Key has been added as a (currently optional) parameter.

Turbot Guardrails CLI v1.15.1

Apr 24, 2020

Bug fixes

  • turbot login was failing if the ~/.config folder did not exist.
  • turbot template build was always expecting a wip-* instance branch to exist. It's now correctly limited to runs where --use-instance-root-branch is passed.

Turbot Guardrails CLI v1.15.0

Apr 22, 2020

What's new?

  • Proxy support via the HTTPS_PROXY environment variable. Login, install mods and publish to our registry all via your favorite proxy. (Provided it's a http:// proxy, we don't support https:// yet.)

Turbot Guardrails Enterprise Foundation (TEF) v1.13.0

Apr 17, 2020

What's new?

  • Updates Hive Manager, which includes the ability to convert ownership of database schemas. This is part of a longer term effort to move database ownership to specific turbot roles, reducing our use of the master account.

Turbot Guardrails Enterprise Database (TED) v1.7.0

Apr 17, 2020

What's new?

  • Parameters to set rds.force_admin_logging_level and track_functions,
  • Add CloudWatch alarms for DB connections, CPU utilization and free storage alerts.
  • Added t2.medium and t2.large instance class options, useful in test or dev environments.

Turbot Guardrails CLI v1.14.0

Apr 17, 2020

What's new?

  • Manage published mods in the registry from the CLI, including their status and description. For example turbot registry modify --mod "@turbot/aws" --mod-version "5.0.0" --status RECOMMENDED --description "updated description".
  • Usually a newly published version should be the recommended one. So now you can do that automatically during turbot publish using the --status RECOMMENDED flag.
  • turbot template build now supports instance root branch names with a random suffix, following the naming convention: wip/<instance root name>/*. We've found scheme much more effective at scale.
  • We now automatically include RELEASE_NOTES.md as well as CHANGELOG.md when building a mod. Release notes are intended for users while a changelog is intended for developers or others obsessed over details.
  • turbot test validates input query, but only works for a single query (not for the more advanced array of queries syntax). Previously the test would always fail for an array of queries, so we're now skipping the test in these cases until it can be fully supported.

Bug fixes

  • turbot publish --dir <mod folder> did not work if run outside the mod folder - the function zips were not correctly created.

Turbot Guardrails CLI v1.13.0

Apr 06, 2020

What's new?_

  • Registry login using turbot login (and similar) now requires both --username and --password or neither. They just can't live without each other.

Bug fixes

  • turbot template build --patch command was failing without running the git command.

Turbot Guardrails Enterprise Foundation (TEF) v1.12.1

Apr 02, 2020

Bug fixes

  • EC2 instances used for ECS should have AssociatePublicIpAddress set to false. This is a defence improvement since our EC2 instances are run in a private VPC so were not publically accessible anyway.

Turbot Guardrails Enterprise Foundation (TEF) v1.12.0

Apr 01, 2020

What's new?

  • Cleanup IAM roles to use _ consistently in names (instead of mixing _ and - together).

Turbot Guardrails Enterprise Foundation (TEF) v1.11.0

Mar 31, 2020

What's new?

  • Some organizations need to use a self-signed certificate for their ALB. This would fail a certificate check when also using our API Gateway proxy. Use the Self Signed Certificate In ALB parameter to ignore these certificate errors.

Bug fixes

  • The IAM role used for ECS EC2 instances is now named consistently with our other IAM roles.

Turbot Guardrails Enterprise Foundation (TEF) v1.10.0

Mar 27, 2020

Warning

  • Existing TEF installations must install v1.9.0 before upgrading to v1.10.0. This sequence will automatically preserve and transition parameter settings for S3 bucket names as we move from fixed names to randomized names by default for new installations.

What's new?

  • Log and process buckets now use a partly random name by default, making new installations smoother and easier to troubleshoot.

Turbot Guardrails Enterprise Foundation (TEF) v1.9.0

Mar 26, 2020

What's new?

  • Optionally use a random name for log and process log buckets, making repeated install and uninstall easier.
  • Log buckets will now be retained on deletion of the TEF stack.

Turbot Guardrails Enterprise Database (TED) v1.6.1

Mar 24, 2020

Bug fixes

  • The SNS topic name for CPU alarms was not consistent with our other resources. Now it is.

Turbot Guardrails Enterprise Foundation (TEF) v1.8.0

Mar 23, 2020

What's new?

  • Setup an S3 bucket to store process logs, including lifecycle rules to cleanup debug logs.

Turbot Guardrails Enterprise Database (TED) v1.6.0

Mar 23, 2020

What's new?

  • Alarm levels defined in the dashboard for CPU utilization and free storage, making problem levels clearer.
  • Dashboard charts are now zero based, as any statistician will tell you they should be.
  • SNS topic publishing CPU alarms, making it easy to subscribe for alerts.

Turbot Guardrails CLI v1.12.0

Mar 19, 2020

What's new?

  • In turbot compose the +schema directive can now map from openApi format schema to valid JSON schema.

Bug fixes

  • turbot template build fleet operations were failing due to an error displaying the summary. This has been fixed.

Turbot Guardrails Enterprise Foundation (TEF) v1.7.0

Mar 17, 2020

What's new?

  • Turbot Hive Manager lambda now has permission to create encrypted SSM parameters, required by TED v1.5.0.

Turbot Guardrails Enterprise Database (TED) v1.5.0

Mar 17, 2020

Warning

  • Requires TEF v1.7.0 or later.

What's new?

  • Parameter to set the maintenance window.
  • Parameter to set a Customer Managed Key for encryption.
  • Parameter to set the turbot master password. If blank, the master password is automatically reset.

Bug fixes

  • Auto scaling of storage for the read replicas outside the primary region.

Turbot Guardrails CLI v1.11.0

Mar 12, 2020

What's new?

  • Use turbot test to check GraphQL mutations (e.g. updatePolicySetting) are called as expected from controls.
  • turbot compose no longer errors when a glob matches no source files.

Turbot Guardrails Enterprise Foundation (TEF) v1.6.0

Mar 09, 2020

Warning

  • Security access from the load balancer to ECS has changed from requiring port 8443 to requiring the full high port range of 32768-65535. This allows us to run ECS in bridge mode and efficiently reuse IP addresses across Turbot core containers.

  • The outbound security group now allows port 80 outbound by default. This makes cloud-init in the ECS optimized image run much faster than only providing port 443 outbound.

  • If you are upgrading from a previous TEF version, you will need to make the modifications listed below:

    • Add ports 32768-65535 to the Load Balancer Security Group OUTBOUND to the API Security Group

    • Add ports 32768-65535 to the API Security Group INBOUND from the Load Balancer Security Group

    • Add port 80 to the Outbound Internet Security Group OUTBOUND to 0.0.0.0/0

What's new?

  • Use ECS on EC2 (instead of Fargate) to accelerate container startup time (particularly for stacks), increase cost efficiency at scale, and prepare for wider container use at the core level.

Turbot Guardrails Enterprise Foundation (TEF) v1.5.0

Mar 05, 2020

What's new?

  • Workspace manager creation of turbot.com directories updated to use a server name (instead of a phase).

Turbot Guardrails CLI v1.10.0

Mar 04, 2020

What's new?

  • Use turbot test to check GraphQL mutations (e.g. updatePolicySetting) are called as expected from controls.
  • turbot compose no longer errors when a glob matches no source files.

Turbot Guardrails CLI v1.9.0

Feb 26, 2020

What's new?

  • A new directive, +schema has been added for turbot compose. This allows you to include a specific item from a schema file, including all definitions which are referenced.
  • turbot template build will now run even if there are changes on the local branch, if neither the --use-fleet-branch or --use-instance-root-branch arguments are set. This is useful when running building templates for the first time with local config updated but not committed.

Turbot Guardrails CLI v1.8.0

Feb 24, 2020

What's new?

  • turbot inspect --format changelog now includes the uri of each control, policy, resource and action item.

Bug fixes

  • turbot up was broken in 1.7.0. This has been fixed.
  • turbot pack and turbot publish had to be run out of the target mod directory. They can now be run out of any directory by passing the --dir flag

Turbot Guardrails CLI v1.7.0

Feb 23, 2020

What's new?

  • turbot aws credentials now supports --aws-profile <aws_profile>, --profile <turbot_profile> and --access-key <turbot_access_key> --secret-key <turbot_secret_key> combinations.

Bug fixes

  • turbot test was doing type coercion of input data before validation. It now expects correct types to be passed, matching the behavior of the Turbot server.

Turbot Guardrails Enterprise Database (TED) v1.4.1

Feb 21, 2020

Bug fixes

  • Auto scaling of storage for the primary read replica.

Turbot Guardrails CLI v1.6.0

Feb 12, 2020

What's new?

  • Use --no-color to simplify the output of any command. Sometimes less is more.
  • turbot template build --git --branch <branch-name> allows you to specify the branch the build operations will be committed onto.
  • turbot template build no longer supports the --config flag. Use template.yml files instead.

Bug fixes

  • turbot install was not downloading files. Now it does.
  • turbot template build was creating template.yml files for every template instance. This is noisy and defeats the value of template inheritence, so has been stopped.

Turbot Guardrails CLI v1.5.1

Feb 10, 2020

Bug fixes

  • turbot template build --git should checkout the original git branch at the end of the build. Broken in v1.5.0.

Turbot Guardrails CLI v1.5.0

Feb 10, 2020

What's new?

  • turbot template build --git now skips instances without a template-lock file, which cannot be resolved anyway.

Bug fixes

  • turbot up and turbot publish were stalling for large mods.

Turbot Guardrails CLI v1.4.1

Feb 07, 2020

Bug fixes

  • turbot template build --git should checkout the original git branch at the end of the build. Broken in v1.4.0.

Turbot Guardrails CLI v1.4.0

Feb 06, 2020

What’s new?

  • Clearer reporting of errors when running turbot template build.
  • turbot template build --fleet-mode now defaults to update, which is almost always the right choice.
  • When running turbot template build --git it is no longer necessary to specify a base git branch, it sensibly assumes you want to use the current branch.
  • Use turbot pack --zip-file awesome.zip to output mods with any name you prefer.

Turbot Guardrails CLI v1.3.1

Feb 05, 2020

Bug fixes

  • turbot template outdated fixed to work with specific template definition directories.
  • Only save successful template operations to the branch when using turbot template build --git. Previously we were polluting that goodness with failures as well.
  • Limit template-lock.yml to data that is absolutely necessary, removing noise from change logs.
  • Disabled turbot template update. Please use turbot template build instead, as you probably already were.

Turbot Guardrails CLI v1.3.0

Feb 04, 2020

What's new?

  • turbot inspect --output-format will now accept either a file path to the template or the template string directly.
  • Clearer output of the actions taken when running turbot template build.
  • Automatic code merging when doing updates with turbot template build will now merge successful changes onto a single branch and write failed patches to the filesystem for easier review.

Turbot Guardrails Enterprise Database (TED) v1.4.0

Feb 03, 2020

What's new?

  • Support customization of parameters for max_connections, deadlock_timeout, idle_in_transaction_session_timeout and statement_timeout.

Turbot Guardrails Enterprise Foundation (TEF) v1.4.0

Jan 22, 2020

What's new?

  • Added a lifecycle rule to automatically delete temporary data from S3.

Turbot Guardrails Enterprise Foundation (TEF) v1.3.0

Jan 20, 2020

What's new?

  • Reduced scope of permissions granted to custom mod Lambda functions. These add extra levels of protection and take effect as mods are installed or updated in Turbot v5.5.0 or later.

Turbot Guardrails CLI v1.2.1

Jan 20, 2020

Bug fixes

  • turbot template build has a special case "provider" field in the render context. Long term it will be removed. Short term, it should not break for vendor level mods like @turbot/aws or @turbot/linux.

Turbot Guardrails Enterprise Database (TED) v1.3.0

Jan 16, 2020

What's new?

  • Instance Type for Replica DB will now default to Same as Primary DB, which is a lot easier than having to set and maintain it manually when most of the time they are the same anyway.
  • Choose a custom master username during install.

Turbot Guardrails CLI v1.2.0

Jan 16, 2020

What's new?

  • View and confirm turbot template build actions before they happen. (Add --yes to keep the previous behavior.)
  • Easily review success and failure after running turbot template build across many instances.

Bug fixes

  • turbot download will now give up gracefully on failed downloads, relieving it of an eternity of failed retries.

Turbot Guardrails Enterprise Database (TED) v1.16.0

Jan 14, 2020

What's new?

  • Option to configure AWS Backup with daily, weekly and/or monthly snapshots of the primary database.
  • Add Postgres v11.9 to supported versions list.
  • CloudWatch Alarms added for freeable memory, read replica CPU and queue depth.
  • RDS disk burst balance metrics added to TED dashboard.
  • Elasticache metrics added to TED dashboard.
  • Improve text and limit for Transaction ID Wraparound in TED dashboard.

Requirements

  • TEF v1.30.0

Turbot Guardrails Enterprise Foundation (TEF) v1.2.0

Jan 14, 2020

What's new?

  • Publish the alpha region as an SSM parameter so it can be used as a default in other areas - like TED's default location for the primary DB.

Turbot Guardrails Enterprise Database (TED) v1.2.0

Jan 14, 2020

Warning

  • Requires TEF v1.2.0 or later.
  • The parameter Instance Type for Replica DB is new and must be set during upgrade. (Note: Fixed in v1.3.0 to use Same as Primary DB by default.)

What's new?

  • The Turbot Audit Trail is stored in a CloudWatch Log group managed in TED. It will now be retained if the TED stack is deleted, avoiding loss of audit trail data in that rare scenario.
  • Easily configure auto-scaling of the database storage up to a maximum value.
  • Read replicas can now have a different instance class to the primary. Typically they have a lower load level, so we've added flexibility to optimize costs.
  • Default to using the alpha region (as defined in TEF) for primary DB install.

Turbot Guardrails CLI v1.1.1

Jan 13, 2020

Bug fixes

  • Fix turbot template build crash added by v1.1.0.

Turbot Guardrails CLI v1.1.0

Jan 13, 2020

What’s new?

  • Use turbot aws credentials --account 123456789012 --profile my-account to generate and save temporary AWS credentials into your local AWS profile. Easily work across many AWS accounts using your single Turbot profile.
  • Filter turbot template build to target all instances of a specific template, which is great when you are in the process of converting code to use the template (some code in template management, some still custom).

Bug fixes

  • turbot test was broken in v1.0.4 due to a missing dependency. Life is better with friends.

Turbot Guardrails Enterprise Foundation (TEF) v1.1.1

Jan 08, 2020

Bug fixes

  • The Hive Manager and Workspace Manager lambda functions used during the workspace upgrade process were not properly connecting to the database using SSL during initial workspace creation (they were during upgrades). Our change to force SSL on the database in TED revealed this issue, which is now fixed.

Turbot Guardrails Enterprise Database (TED) v1.1.1

Jan 08, 2020

Bug fixes

  • Expanded the list of database instance classes available during install to include older generations (e.g. m3) which are required for AWS us-gov-west-1.
  • Added the AWS RDS 2017 certificate as an option, since it's uniquely used and required in Gov Cloud installs.

Turbot Guardrails Enterprise Foundation (TEF) v1.1.0

Jan 07, 2020

What's new?

  • TEF version is now published as an output parameter in CloudFormation. (We'd rather that Service Catalog showed this automatically, but there is an AWS quirk that breaks that feature when Service Catalog versions are published using CloudFormation.)
  • Workspace upgrades may now take up to 15 minutes before timing out. This allows us to run larger data migration jobs during the upgrade process. (Don't worry, we design these to be background tasks that don't affect availability during the upgrade.)
  • Custom security groups are published as SSM parameters allowing them to be leveraged by the Turbot Guardrails Enterprise CloudFormation stacks to override per-version default security groups.

Bug fixes

  • GovCloud installations require conditions in IAM to match the correct partition arn:aws-us-gov:.

Turbot Guardrails Enterprise Database (TED) v1.1.0

Jan 07, 2020

Warning

  • The AWS RDS certificate change requires a database reboot. This may cause a brief impact on availability. Please schedule this change for a suitable window.

What's new?

  • SSL is now required by default for all connections to the database. We used SSL anyway, but now we enforce it at the DB level as an extra precaution.
  • Upgrade database instances to the AWS RDS 2019 root certificate (their 2015 certificate is expiring soon).

Turbot Guardrails CLI v1.0.4

Jan 07, 2020

Bug fixes

  • turbot template should allow rendering of the filename as well as folder names, e.g. src/{{instance}}/resource/types/{{instance}}.yml.

Turbot Guardrails CLI v1.0.3

Dec 19, 2019

Bug fixes

  • test.options are useful, but not required, so turbot test should not crash if they are not set for a test.

Turbot Guardrails CLI v1.0.2

Dec 19, 2019

Bug fixes

  • Registry name validation should work for valid registries like turbot.com.
  • turbot test has a test.awsProfile field to set the AWS profile to use when running tests locally. This has been moved into the generic, customizable test.options.awsProile location since it's relevant to AWS mods specifically rather than a core feature of Turbot.

Turbot Guardrails Enterprise Foundation (TEF) v1.0.0

Dec 18, 2019

What's new?

  • Initial version.
  • CloudFormation design for deployment via Service Catalog.
  • Foundation components: KMS keys, IAM roles, Log groups & buckets.
  • Network configuration with up to 3 tiers (public, turbot, database) across 3 availability zones in 3 regions.
  • Automated VPC peering setup across regions.
  • Subnet Groups and Security Groups for database and cache services.
  • Optional gateway proxy for external event handling with an internal installation.
  • Optional BYO network parameters for complex or pre-existing environments.

Turbot Guardrails CLI v1.0.1

Dec 18, 2019

Bug fixes

  • The default registry is now turbot.com. Other development registries have been cleaned up to reduce noise.
  • Cleaned up available commands and their descriptions.

Turbot Guardrails CLI v1.0.0

Dec 18, 2019

What's new?

  • Easily manage Turbot credentials and profiles.
  • Run graphql commands in scripts.
  • Install and inspect mods.
  • Build, compose & test Turbot mods.
  • Upload mods to Turbot for internal testing or use.
  • Publish mods to the Turbot registry for public sharing.
  • Use templates to accelerate the development of mods.

Turbot Guardrails Enterprise Database (TED) v1.0.0

Dec 11, 2019

What's new?

  • Initial version.
  • CloudFormation design for deployment via Service Catalog.
  • CloudFormation stack per hive (physical shard).
  • Postgres design with primary, failover and regional read replicas.
  • Encryption at rest for all data.
  • Custom Resource for automatic database hive configuration.