Account isolation for application environments offer significant protection for your cloud and enables powerful options for automation. Turbot's new metadata tagging model provides yet another level of capability to enhance those automation's and ease management of your cloud ecosystem.
Turbot Guardrails account tags can be added from any account level resources page, in a new UI control just below the AWS Access Key control:
Add or edit existing tag Keys and Values:
The current tags are displayed in the UI on the account resource page:
Using Tags in Option Lists
We discussed in a previous post how to use the new Turbot Option Arrays to Inherit and Include option lists across Turbot Guardrails clusters and accounts. Extending that model, you can now use Account Tags in option lists as well. Let's look at the syntax for a scenario where you want to set your account's Application > S3 > Trusted Accounts option setting to: inherit from the cluster, add an explicit account exception and include all accounts tagged with Environment=Production.
The administrator can edit the account level Application > S3 > Trusted Accounts option:
- Turbot::Inherited # Pulls in any trusted accounts from the cluster level.- aae # Adds Turbot account aae as an exception.- tags:Environment: Production # Will dynamically pull in all accounts that include this tag.
Account Tagging is currently available in our latest production release, we are very excited about the feature and would love to hear how you will use tags to manage your Turbot Guardrails environment.