Use resource groups to apply policies across the hierarchy
Resource Groups allow resources from different areas of the resource tree to be grouped together. Policies can be applied to Resource Groups, allowing them to be reused across a collection of resources.
Resource Groups allow resources from different areas of the resource tree (e.g. multiple VPCs in different accounts) to be grouped together. Policies can be applied to Resource Groups, allowing them to be reused across a collection of resources. When attached to a Resource, the Resource Group is effectively injected above it in the resource hierarchy. For example, a Resource Group RG1 is attached to the VPC vpc-abcd1234. The policy hierarchy evaluation will then be AWS account > AWS Region > RG1 > vpc-abcd1234.
Resource Groups are most commonly used to group together like services from different parts of the Turbot Guardrails hierarchy. The traditional hierarchy of clusters and accounts can be utilized to mirror business functions, and Resource Groups provide a mechanism to treat these distributed resources similarly according to policy. For example, regulatory compliance requirements such as PCI or HIPAA policies can be applied to a Resource Group. The Resource Group can then be attached to various resources where the compliance requirements must be implemented, without needing to change the cluster and account hierarchy.
Resource groups are available in Turbot Guardrails release v2.16.0 and beyond. Resource groups are now enabled for all Turbot Guardrails installations by default.
Contact us for more information about Resource Groups, and Software Defined Operations for the enterprise cloud to ensure your cloud infrastructure is secure, compliant, scalable, and cost optimized. Or, schedule a demo to see Turbot Guardrails in action.