New: Automated cloud configuration management database (Cloud CMDB)
Many organizations face huge legal and technical challenges in arranging for hosting of data and applications in ways that are agreeable to all parties of a collaboration, because the entity hosting the data can exert control by means of network/physical access.
Enterprises are adopting the public cloud to reduce cost and gain the scalability, reliability, and transparency that is enabled by software-defined infrastructure; however, maintaining transparency as the Enterprise scales out across services, multiple accounts, and multiple cloud providers can be a difficult challenge. To assist these Enterprises with managing their cloud configurations at scale, Turbot is pleased to announce availability of our New Cloud CMDB feature.
The latest version of Turbot Guardrails now provides a version controlled, automated cloud configuration management database, that provides complete visibility into the current state and history of all cloud infrastructure through a single, simple web-based search console.
Cloud Configuration Management - Under the Covers
To achieve sub-second search across millions of cloud configuration items, Turbot Guardrails deploys a version controlled system automatically for each Turbot Guardrails managed cloud account. Turbot Guardrails then continuously records configuration state in human-readable YAML files. These files capture the complete configuration detail of your Turbot Guardrails accounts and your cloud services & resources (EC2 Instances, EBS Volumes, Security Groups, IPs, VPCs, Internet/NAT/Virtual Gateways, S3 Buckets, etc.). Changes to those configurations can easily be found by executing diff between versions of the configuration that exist at different points in time.
Turbot Guardrails maintains a constant state of awareness for any configuration changes in your cloud ecosystem. As changes occur, Turbot Guardrails is notified and automatically updates the CMDB to record the latest state of configuration.
Cloud CMDB In Action
When a user creates an S3 bucket, Turbot Guardrails enforces the guardrails specified by the Enterprise, to meet policy objectives regarding encryption standards, accessing logging, versioning, etc.
Turbot Guardrails records the configuration history per guardrail so you can see the complete event, metadata, debugging, information, etc.
(example of configuration history of one particular guardrail per the new bucket)
(example of process details; debugging, event, metadata, and links to raw log files)
(example of CMDB updates per recent changes to new bucket)
(example of all active guardrail health on the bucket)
Search Current and Prior Inventory
As thousands of resources are created, changed, and removed, it becomes difficult to keep track of cloud resources in just one account and is impossible to do across multiple accounts without automation. Turbot Guardrails provides full search functionality across all configuration details so you can easily find one or many resources across all accounts for all time periods. This provides limitless capabilities to interrogate configuration metadata on cloud resources (e.g. search for all buckets in a region, all buckets with server side encryption enforced, any volumes that are unencrypted, where a specific IP address is located, etc.)
(examples of pre-canned search filters for common searches)
Since Turbot Guardrails keeps an active change history of all configurations, a user can immediately see the newly created bucket in their inventory.
(example of current inventory showing the bucket in the account)
Since configurations are version controlled, you can search history of configurations as well:
(example of prior revision history on the same search)
Multi-Account Search
DevOps teams are comfortable using the AWS CLI or API to list and explore cloud resources, but these "describe" functions are limited to a single account, single service, and single resource type. Turbot Guardrails allows everyone (IT, CloudOps, SecOps and DevOps) to use a common search UI and advanced search syntax to perform keyword and metadata constrained searches across multiple accounts, services and resources simultaneously - all with sub-second response.
For DevOps teams that want to integrate CMDB search into their automation workflow: Turbot Guardrails is 100% API Driven, so all cloud CMDB searches can occur over the API as well.
Contact us to learn more and to schedule a demo of all Turbot Guardrails features.