Turbot Guardrails quick actions

Fix compliance and operational issues with a push of a button.

Turbot Team
5 min. read - Aug 22, 2022
Fix compliance and operational issues with a push of a button.

For the last eight years, Turbot Guardrails has focused on remediation of operational and compliance issues at enterprise scale. Our customers love using Turbot Guardrails automation to find and fix problems in real-time across hundreds of cloud service accounts. However, there are many situations where cloud professionals want to quickly take a specific one-time action on a resource while remaining in the context of their multi-cloud compliance dashboard.

Introducing Quick Actions

Now generally available in Turbot Guardrails v5.39.0, Quick Actions enable DevOps engineers to instantly remediate cloud configuration issues (e.g. enable encryption on a resource), snooze compliance alarms, or take operational actions (e.g. tag a resource, start/stop an instance) from the Compliance Dashboard.

Action types are specific to the service and the resource, meaning that S3 Buckets support different actions than EC2 instances. After enabling Quick Actions in your workspace (see below), you can browse a list of available actions for a given resource by clicking on the orange "Actions" button (located in the top right of each resource detail page):

Traditional Workflow

The Turbot Guardrails console is a powerful tool for exploring cloud resources across large multi-account environments. In the past, when cloud teams discovered an issue within their environment using TUrbot Guardrails alarms, they would have to make a choice between leaving the compliance dashboard and addressing the issue in another tool, or configuring policies to remediate the problem via automation.

The choice to fix the issue manually forces the DevOps engineer to switch context from the CMDB and dashboard into other tools to apply the change. By removing that cognitive load, we make that same engineer more productive and effective.

Make it green; with Turbot Guardrails

Now with Quick Actions, the most common functions required by cloud operations teams can be executed immediately, without context switching. The result is increased operator productivity leading to a clean (all green) compliance dashboard with full audit trail. The list of available quick actions is growing weekly, and will continue to do so based on customer feedback., Here is a short list of the currently supported resource types across AWS, GCP & Azure:

Amazon Web Services

  • EC2 Instances
  • EC2 Volumes & Snapshots
  • Auto-Scaling & Target Groups
  • Load Balancers (All types)
  • Load Balancer Listeners
  • Key Pairs
  • Launch Configurations
  • Launch Template & Versions
  • IAM Users, Roles, Groups
  • Access Keys
  • IAM Policies, Inline Policies
  • Server Certificates
  • KMS Keys
  • Lambda Functions
  • Lambda Alias & Versions
  • RDS DB Clusters & Instances
  • DB Snapshots
  • DB Parameter Groups
  • DB Option & Subnet Groups
  • S3 Buckets
  • SNS Topics & Subscriptions
  • SQS Queues

Google Cloud Platform

  • Projects
  • Compute Instances
  • Compute Image
  • Instance Templates
  • Node Groups & Templates
  • Compute Health Check
  • HTTPS Health Check
  • Region Health Check
  • Compute Disk
  • Regional Disks
  • Compute Snapshots

Azure Cloud

  • Virtual Machines
  • Images
  • Snapshots
  • Disk Encryption Sets
  • Compute Availability Sets
  • Compute Disks
  • Virtual Networks
  • Application Security Groups
  • Network Security Groups
  • Network Interface
  • Public IP Addresses
  • Route Tables
  • Subnets

Typical use cases

  1. Start/Stop Instances and Databases - Forgot to turn off that m5.16xlarge you were testing on last week? Oops! Shut it down right now.
  2. Delete Resources - Found 90TB of three year old EC2 snapshots? Clean 'em up as you identify them.
  3. Snooze Alarms - Give that critical app team 90 days of runway to clean up their environment by snoozing their alarms.
  4. Tag resources - Instantly apply your custom tagging template to the untagged resource you just found.
  5. Enable Encryption - Found a rogue bucket without default encryption? Turn it back on without breaking a sweat.

Get started with Quick Actions

The Quick Action feature is available to all Turbot Guardrails SaaS and Enterprise customers on version 5.39.0 or higher. To enable quick actions in your workspace, simply set the policy: Turbot > Quick Actions > Enabled == "Enabled" for a single account or the entire environment.

For details on how to limit access to quick actions and create custom permission sets please see this guide in the Turbot Guardrails docs. If you need any assistance, let us know in our Slack community #guardrails channel. If you are new to Turbot, connect with us to learn more!