Changelog

Bug fixes

• The read-only Compiled Rules policies under Azure > Storage > Storage Account > Firewall > IP Ranges > Approved and Firewall > Virtual Networks > Approved did not recompile when their underlying approval policies changed, so the Approved controls evaluated against stale rules. This has been resolved; the compiled rules now update whenever the approval policies change.

Bug fixes

• The read-only Compiled Rules policy under Azure > Redis > Redis Cache > Firewall > IP Ranges > Approved did not recompile when its underlying approval policies changed, so the Approved control evaluated against stale rules. This has been resolved; the compiled rules now update whenever the approval policies change.

Bug fixes

• The read-only Compiled Rules policies under Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved and Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved did not recompile when their underlying approval policies changed, so the Approved controls evaluated against stale rules. This has been resolved; the compiled rules now update whenever the approval policies change.

Bug fixes

• The read-only Compiled Rules policies under Azure > Network > Network Security Group > Ingress Rules > Approved and Egress Rules > Approved did not recompile when their underlying Rules, CIDR Ranges, Service Tags, Prohibited Ports, Minimum Bitmask, or Maximum Port Range policies changed, so the Approved controls evaluated against stale rules. This has been resolved; the compiled rules now update whenever these policies change.

Bug fixes

• The read-only Compiled Rules and Compiled Items policies under Azure > CosmosDB > Database Account > Firewall > IP Ranges > Approved, Firewall > IP Ranges > Required, and Firewall > Virtual Networks > Approved did not recompile when their underlying approval policies changed, so the controls evaluated against stale rules. This has been resolved; the compiled values now update whenever the approval policies change.

Bug fixes

• The read-only Compiled Rules policy under Azure > Compute > Virtual Machine > Approved Image did not recompile when its underlying approval policies changed, so the Approved Image control evaluated against stale rules. This has been resolved; the compiled rules now update whenever the approval policies change.

What's new?

• You can now configure public network access for bots. To get started, set the Azure > Bot Service > Bot > Public Network Access policy. When the policy is set to an Enforce value, a non-compliant bot is remediated in place by updating its publicNetworkAccess property instead of being deleted.

Control Types

• Azure > Bot Service > Bot > Public Network Access

Policy Types

• Azure > Bot Service > Bot > Public Network Access

Action Types

• Azure > Bot Service > Bot > Set Public Network Access

Bug fixes

• The read-only Compiled Rules policy under AWS > VPC > Security Group > Egress Rules > Approved, AWS > VPC > Security Group > Ingress Rules > Approved, and AWS > VPC > Network ACL > Ingress Rules > Approved did not recompile when its underlying Rules, CIDR Ranges, Prohibited Ports, Minimum Bitmask, or Maximum Port Range policies changed, so the Approved controls evaluated against stale rules. This has been resolved; the compiled rules now update whenever any of these policies change.

Bug fixes

• The read-only Compiled Rules policy under AWS > S3 > Bucket > Policy Statements > Approved did not recompile when its underlying Approved > Rules policy changed, so the Approved control evaluated against stale rules. This has been resolved; the compiled rules now update whenever the approval policies change.

Bug fixes

• The read-only Compiled Rules and Compiled Items policies behind the IAM Approved and Required controls — covering Role, Group, and User policy attachments and inline policy statements, the IAM Policy statements, and Role trust-relationship statements — did not recompile when their underlying Rules or Items policies changed, so those controls evaluated against stale values. This has been resolved; the compiled values now update whenever the underlying policies change.

Bug fixes

• The Security Group, Security Group Rule, and Network ACL routers now honor the CMDB policy when it is set to Skip or Enforce: Disabled. Previously the routers resolved the CMDB policy in the region context, but these policies target the VPC (Security Group, Network ACL) or the security group (Security Group Rule) — resources below the region — so a disabled CMDB policy was never seen and the router continued to create, update, and delete resources in real time. The routers now resolve the CMDB policy against the parent resource the event applies to.

Bug fixes

• Fixed the GCP > Organization Policy > Discovery control erroring on standalone projects (those not under a GCP organization) with Type organization is not a resource parent. The control now resolves credentials from the scope the policy was set at, so it works on standalone projects as well as organization-connected ones.
• Fixed unnecessary reruns of the GCP > Project > Discovery control in workspaces whenever new projects were discovered.

Bug fixes

• Fixed unnecessary reruns of the Azure > Subscription > Discovery control in workspaces whenever new subscriptions were discovered.

What's new?

• Added support for real-time EBS snapshot notifications.

What's new?

• Added a Comparison Mode sub-policy to the EC2 instance and account-attributes Metadata Service hop-limit controls, governing how the configured HTTP Token Hop Limit is compared against the actual value: Exact match (the default, preserving the original behavior where Check requires an exact match and Enforce sets the exact value) or Maximum, treating the value as a security ceiling so a lower, more restrictive hop limit is compliant and Enforce only lowers a limit that exceeds it. Defaulting to Exact match keeps existing installations unchanged.
• The AWS > EC2 > Snapshot > CMDB control is now event-driven: it reacts to the AWS EBS Snapshot Notification completion event (and the multi-volume equivalent) to capture the snapshot pending to available transition, and no longer re-runs every 5 minutes while a snapshot is pending. This sharply reduces redundant control runs for large or long-running snapshots, along with the matching event, worker, and notification cascade. The periodic discovery sweep remains the backstop if a completion event is ever missed. Requires the AWS mod version that forwards these snapshot events.

Policy Types

Added

• AWS > EC2 > Account Attributes > Instance Metadata Service Defaults > HTTP Token Hop Limit > Comparison Mode
• AWS > EC2 > Instance > Metadata Service > HTTP Token Hop Limit > Comparison Mode

Bug fixes

• Fixed the AWS > EC2 > Instance > CMDB control entering an error state when the Guardrails role lacks permission for the enrichment APIs ec2:DescribeInstanceImageMetadata or ec2:DescribeImages. These calls only add supplementary AMI image metadata, so a permission denial (or the metadata API being unavailable in a given region or partition) now degrades gracefully by leaving those fields empty instead of failing the whole control. A permission denial is logged as a warning (naming the missing permission) so the gap is discoverable and fixable.

Warning

• Removed the AWS > Bedrock > Agent > Allowed > Encryption at Rest control and its associated policy types. Encryption at rest is a mutable property of a Bedrock agent, so enforcing it through an Allowed control, whose only enforcement is stop/delete, was the wrong control type. The dedicated AWS > Bedrock > Agent > Encryption at Rest control already governs this property and remains in place.

Control Types

Removed

• AWS > Bedrock > Agent > Allowed > Encryption at Rest

Policy Types

Removed

• AWS > Bedrock > Agent > Allowed > Encryption at Rest
• AWS > Bedrock > Agent > Allowed > Encryption at Rest > Level
• AWS > Bedrock > Agent > Allowed > Encryption at Rest > Level > Customer Managed Key

Bug fixes

• Improved query performance and reliability of the Azure > Subscription > Discovery control on large tenants.

Warning

• Removed the OpenAI > Admin API Key > Rotate action. The action was never wired to a control and the safeguards on OpenAI > Admin API Key > Delete and OpenAI > Admin API Key > Active already prevent Guardrails from stranding its own workspace connection. To rotate the calling admin key, mint a new admin key in the OpenAI Console and update the OpenAI > Config > Admin API Key connection-config policy with the new secret first; once the new key is the calling key, the old key falls through to deletion on the next Active control run.

Bug fixes

• The OpenAI > Admin API Key > Discovery control previously discovered project API keys (sk-proj-...) as admin keys, because the OpenAI organization admin-keys endpoint returns project keys alongside genuine admin keys. This inflated and mixed the OpenAI > Admin API Key inventory in Guardrails. The control now only discovers keys whose redacted value begins with sk-admin-, so project keys are no longer surfaced as admin-key resources.
• Discovery of paginated lists (project users, service accounts, API keys, and similar collections) no longer silently returns a partial list when a transient error interrupts pagination after the first page. Previously, a 404 or empty response received part-way through walking the pages was treated as the end of the list, so the run could quietly drop resources for that cycle with no error logged. The client now raises a retry-eligible error in this case, so the run retries and re-walks the full list instead of dropping resources.
• The OpenAI > Project > Update Rate Limit action previously trusted OpenAI's success response as proof the update persisted. OpenAI silently no-ops the update for some (organization, model) pairs, returning success with the request body echoed but leaving the row at its tier-baseline values. The action now re-reads the project's rate limits immediately after the update and surfaces a fatal action error if the persisted values do not match the requested snapshot. CMDB is always written from the authoritative re-read, so state stays accurate even when the upstream update silently fails.

Action Types

Removed

• OpenAI > Admin API Key > Rotate

Bug fixes

• The GCP > Project > Discovery control could time out on workspaces with a large number of Guardrails folders. This is now fixed.
• Fixed inconsistent matching of the GCP > Organization > CMDB > Exclude policy. Previously, a folder ID entry prevented new folders from being imported but did not remove already-imported folders from the CMDB. This is now fixed.

Bug fixes

• Discovery of paginated lists (workspace members, users, API keys, and similar collections) no longer silently returns a partial list when a transient error interrupts pagination after the first page. Previously, a 404 or empty response received part-way through walking the pages was treated as the end of the list, so the run could quietly drop resources for that cycle with no error logged. The client now raises a retry-eligible error in this case, so the run retries and re-walks the full list instead of dropping resources.