Turbot's Cloud Policy Engine is an instrumental component of Turbot's suite of features, and is meticulously designed to provide robust, realtime, and automated policy enforcement across multi-cloud environments. This powerful, expressive and consistent policy language across clouds is the driving force behind Guardrails' continuous compliance, auto-remediation, and managed deployment features, reinforcing your cloud security posture.
With Turbot's Cloud Policy Engine, you can confidently navigate the myriad complexities of cloud governance and ensure that your cloud resources remain compliant and secure.
Here are the key features of Turbot's policy engine.
Resource hierarchy with auto-inheritance
Turbot's Cloud Policy Engine structures resources in a hierarchical manner, enabling policies set at higher levels to automatically flow down and apply to lower levels. This hierarchical approach simplifies policy management, ensures consistent enforcement as resources are introduced into the hierarchy.
Realtime policy calculations
Continuously monitors changes, instantly evaluating them against the defined policies. For instance, when an AWS S3 bucket is created, Turbot immediately assesses the change and decides on the appropriate action based on the defined policy, ensuring that you always stay compliant and secure.
Exceptions at any level
Set policy exceptions at any level within your organization, providing flexibility to enforce specific requirements without compromising overall compliance. For example, you can enforce encryption across your entire infrastructure, but set exceptions for resources in specific accounts, by tag, or any condition.
Time-based policies and exceptions
Supports both permanent and time-limited policy durations, providing flexibility to adapt to changing requirements or specific time-sensitive scenarios. This can be particularly useful during maintenance windows or for one time exceptions.
Dynamic context-based exceptions
Nuanced policy calculations based on context occur as resources change. This feature enables more sophisticated policy enforcement, such as allowing changes from pipelines while preventing resources created by individuals or enforcing encryption only on resources tagged as "production".
Setting precedence to mandate or delegate policy decisions
Allows for setting policy precedence, where mandatory requirements can be enforced, but recommended defaults can be adjusted by teams as they see fit. This flexibility empowers your teams to manage their resources within established guidelines and set their own policies as needed.
Common policies across multi-cloud
Supports a comprehensive set of policy controls across multi-cloud environments to validate that your resources are active, correctly configured, and approved, ensuring that data is protected and encrypted, actions and changes are logged, permissions are appropriate, resources are tagged correctly, trusted entities can access the resources, and resources are within service, usage, and budget limits.
Extensible policy engine
Turbot CLI provides the same tooling our development team uses to build, test, and publish guardrails. In this case you can define your own controls that extend Turbot's built-in capabilities, ensuring that your unique governance requirements are met. Your custom policies will benefit from Turbot's platform features like automated organization, detailed querying, comprehensive reporting, and flexible exception handling. This empowers your organization to maintain its security posture while harnessing the power and efficiency of Turbot's cloud policy engine.
Get Started with Turbot
Turbot provides a robust, real-time, and automated cloud policy engine to manage and enforce cloud governance across AWS, Azure, and GCP. Ready to experience Turbot's magic for yourself? Connect with us to discuss your use cases and learn how Turbot can streamline your cloud governance.