Changelog

Subscribe to all changelog posts via RSS or follow #changelog on our Slack community to stay updated on everything we ship.

Bug fixes

  • Guardrails failed to discover system storage containers (e.g. $logs) for storage accounts. This is now fixed.

Bug fixes

  • Added support to process enable and disable real-time events for BigQuery Data Transfer API via Service Usage APIs.

5.0.0 (2024-05-15)

What's new?

Resource Types

  • GCP > BigQuery Data Transfer
  • GCP > BigQuery Data Transfer > Transfer Config

Control Types

  • GCP > BigQuery Data Transfer > API Enabled
  • GCP > BigQuery Data Transfer > CMDB
  • GCP > BigQuery Data Transfer > Discovery
  • GCP > BigQuery Data Transfer > Transfer Config > Active
  • GCP > BigQuery Data Transfer > Transfer Config > Approved
  • GCP > BigQuery Data Transfer > Transfer Config > CMDB
  • GCP > BigQuery Data Transfer > Transfer Config > Discovery
  • GCP > BigQuery Data Transfer > Transfer Config > Usage

Policy Types

  • GCP > BigQuery Data Transfer > API Enabled
  • GCP > BigQuery Data Transfer > Approved Regions [Default]
  • GCP > BigQuery Data Transfer > CMDB
  • GCP > BigQuery Data Transfer > Enabled
  • GCP > BigQuery Data Transfer > Permissions
  • GCP > BigQuery Data Transfer > Permissions > Levels
  • GCP > BigQuery Data Transfer > Permissions > Levels > Modifiers
  • GCP > BigQuery Data Transfer > Regions
  • GCP > BigQuery Data Transfer > Transfer Config > Active
  • GCP > BigQuery Data Transfer > Transfer Config > Active > Age
  • GCP > BigQuery Data Transfer > Transfer Config > Active > Last Modified
  • GCP > BigQuery Data Transfer > Transfer Config > Approved
  • GCP > BigQuery Data Transfer > Transfer Config > Approved > Custom
  • GCP > BigQuery Data Transfer > Transfer Config > Approved > Usage
  • GCP > BigQuery Data Transfer > Transfer Config > CMDB
  • GCP > BigQuery Data Transfer > Transfer Config > Regions
  • GCP > BigQuery Data Transfer > Transfer Config > Usage
  • GCP > BigQuery Data Transfer > Transfer Config > Usage > Limit
  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-bigquerydatatransfer
  • GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-bigquerydatatransfer
  • GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-bigquerydatatransfer

Action Types

  • GCP > BigQuery Data Transfer > Set API Enabled
  • GCP > BigQuery Data Transfer > Transfer Config > Delete
  • GCP > BigQuery Data Transfer > Transfer Config > Router

Bug fixes

  • Fixed control category titles to use osquery instead of Osquery.

Bug fixes

  • Kubernetes > Node resources will no longer include the conditions.lastHeartbeatTime or resource_version properties to avoid unnecessary notifications in the activity tab.

What's new?

Resource Types

  • AWS > EventBridge Scheduler

Policy Types

  • AWS > EventBridge Scheduler > API Enabled
  • AWS > EventBridge Scheduler > Approved Regions [Default]
  • AWS > EventBridge Scheduler > Enabled
  • AWS > EventBridge Scheduler > Permissions
  • AWS > EventBridge Scheduler > Permissions > Levels
  • AWS > EventBridge Scheduler > Permissions > Levels > Modifiers
  • AWS > EventBridge Scheduler > Permissions > Lockdown
  • AWS > EventBridge Scheduler > Permissions > Lockdown > API Boundary
  • AWS > EventBridge Scheduler > Regions
  • AWS > EventBridge Scheduler > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-eventbridgescheduler
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-eventbridgescheduler
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-eventbridgescheduler

What's new?

Resource Types

  • AWS > EventBridge Pipes

Policy Types

  • AWS > EventBridge Pipes > API Enabled
  • AWS > EventBridge Pipes > Approved Regions [Default]
  • AWS > EventBridge Pipes > Enabled
  • AWS > EventBridge Pipes > Permissions
  • AWS > EventBridge Pipes > Permissions > Levels
  • AWS > EventBridge Pipes > Permissions > Levels > Modifiers
  • AWS > EventBridge Pipes > Permissions > Lockdown
  • AWS > EventBridge Pipes > Permissions > Lockdown > API Boundary
  • AWS > EventBridge Pipes > Regions
  • AWS > EventBridge Pipes > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-eventbridgepipes
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-eventbridgepipes
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-eventbridgepipes

What's new?

  • Server

    • Added a new GraphQL resolver for osquery to generate an enrollSecret.
    • Added new REST APIs for osquery management, which includes:
      • api/latest/osquery/enroll
      • api/latest/osquery/config
      • api/latest/osquery/logger
    • Introduced a dedicated worker, along with SQS FIFO queue and SNS topic FIFO, to run osquery operations.
    • Implemented a new serviceNowCredential resolver specifically for Kubernetes clusters.
    • Upgraded our SDK (@turbot/sdk) to version 5.15.0 and our fn toolkit (@turbot/fn) to version 5.22.0, to support FIFO queues.
  • UI

    • Added support for connecting to Kubernetes, facilitating easier integration and management.
    • Added report for AWS CIS v2.0.
    • Added report for AWS CIS v3.0.
    • Added report for Azure CIS v2.0.
    • Added report for GCP CIS v2.0.

Requirements

  • TEF: 1.58.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

Control Types

  • Kubernetes > Cluster > ServiceNow
  • Kubernetes > Cluster > ServiceNow > Configuration Item
  • Kubernetes > Cluster > ServiceNow > Table
  • Kubernetes > ConfigMap > ServiceNow
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item
  • Kubernetes > ConfigMap > ServiceNow > Table
  • Kubernetes > Deployment > ServiceNow
  • Kubernetes > Deployment > ServiceNow > Configuration Item
  • Kubernetes > Deployment > ServiceNow > Table
  • Kubernetes > Namespace > ServiceNow
  • Kubernetes > Namespace > ServiceNow > Configuration Item
  • Kubernetes > Namespace > ServiceNow > Table
  • Kubernetes > Node > ServiceNow
  • Kubernetes > Node > ServiceNow > Configuration Item
  • Kubernetes > Node > ServiceNow > Table
  • Kubernetes > Pod > ServiceNow
  • Kubernetes > Pod > ServiceNow > Configuration Item
  • Kubernetes > Pod > ServiceNow > Table
  • Kubernetes > ReplicaSet > ServiceNow
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item
  • Kubernetes > ReplicaSet > ServiceNow > Table
  • Kubernetes > Service > ServiceNow
  • Kubernetes > Service > ServiceNow > Configuration Item
  • Kubernetes > Service > ServiceNow > Table
  • ServiceNow > Turbot > Watches > Kubernetes

Policy Types

  • Kubernetes > Cluster > ServiceNow
  • Kubernetes > Cluster > ServiceNow > Configuration Item
  • Kubernetes > Cluster > ServiceNow > Configuration Item > Record
  • Kubernetes > Cluster > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Cluster > ServiceNow > Table
  • Kubernetes > Cluster > ServiceNow > Table > Definition
  • Kubernetes > ConfigMap > ServiceNow
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item > Record
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > ConfigMap > ServiceNow > Table
  • Kubernetes > ConfigMap > ServiceNow > Table > Definition
  • Kubernetes > Deployment > ServiceNow
  • Kubernetes > Deployment > ServiceNow > Configuration Item
  • Kubernetes > Deployment > ServiceNow > Configuration Item > Record
  • Kubernetes > Deployment > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Deployment > ServiceNow > Table
  • Kubernetes > Deployment > ServiceNow > Table > Definition
  • Kubernetes > Namespace > ServiceNow
  • Kubernetes > Namespace > ServiceNow > Configuration Item
  • Kubernetes > Namespace > ServiceNow > Configuration Item > Record
  • Kubernetes > Namespace > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Namespace > ServiceNow > Table
  • Kubernetes > Namespace > ServiceNow > Table > Definition
  • Kubernetes > Node > ServiceNow
  • Kubernetes > Node > ServiceNow > Configuration Item
  • Kubernetes > Node > ServiceNow > Configuration Item > Record
  • Kubernetes > Node > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Node > ServiceNow > Table
  • Kubernetes > Node > ServiceNow > Table > Definition
  • Kubernetes > Pod > ServiceNow
  • Kubernetes > Pod > ServiceNow > Configuration Item
  • Kubernetes > Pod > ServiceNow > Configuration Item > Record
  • Kubernetes > Pod > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Pod > ServiceNow > Table
  • Kubernetes > Pod > ServiceNow > Table > Definition
  • Kubernetes > ReplicaSet > ServiceNow
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item > Record
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > ReplicaSet > ServiceNow > Table
  • Kubernetes > ReplicaSet > ServiceNow > Table > Definition
  • Kubernetes > Service > ServiceNow
  • Kubernetes > Service > ServiceNow > Configuration Item
  • Kubernetes > Service > ServiceNow > Configuration Item > Record
  • Kubernetes > Service > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Service > ServiceNow > Table
  • Kubernetes > Service > ServiceNow > Table > Definition
  • ServiceNow > Turbot > Watches > Kubernetes

Action Types

  • ServiceNow > Turbot > Watches > Kubernetes Archive And Delete Record

What's new?

Resource Types

  • osquery

Control Types

  • Turbot > Workspace > osquery
  • Turbot > Workspace > osquery > Secret Rotation

Policy Types

  • Turbot > Workspace > osquery
  • Turbot > Workspace > osquery > Enroll Secret Expiration
  • Turbot > Workspace > osquery > Secrets
  • Turbot > Workspace > osquery > Secrets > Expiration Period
  • Turbot > Workspace > osquery > Secrets > Rotation
  • osquery > Configuration

Action Types

  • Turbot > Rotate osquery Secret
  • osquery > Event Handler

What's new?

Resource Types

  • Kubernetes
  • Kubernetes > Cluster
  • Kubernetes > ConfigMap
  • Kubernetes > Deployment
  • Kubernetes > Namespace
  • Kubernetes > Node
  • Kubernetes > Pod
  • Kubernetes > ReplicaSet
  • Kubernetes > Service

Control Types

  • Kubernetes > Cluster > CMDB
  • Kubernetes > ConfigMap > Annotations
  • Kubernetes > ConfigMap > Approved
  • Kubernetes > ConfigMap > CMDB
  • Kubernetes > ConfigMap > Labels
  • Kubernetes > ConfigMap > Query
  • Kubernetes > Deployment > Annotations
  • Kubernetes > Deployment > Approved
  • Kubernetes > Deployment > CMDB
  • Kubernetes > Deployment > Labels
  • Kubernetes > Deployment > Query
  • Kubernetes > Namespace > Annotations
  • Kubernetes > Namespace > Approved
  • Kubernetes > Namespace > CMDB
  • Kubernetes > Namespace > Labels
  • Kubernetes > Namespace > Query
  • Kubernetes > Node > Annotations
  • Kubernetes > Node > Approved
  • Kubernetes > Node > CMDB
  • Kubernetes > Node > Labels
  • Kubernetes > Node > Query
  • Kubernetes > Pod > Annotations
  • Kubernetes > Pod > Approved
  • Kubernetes > Pod > CMDB
  • Kubernetes > Pod > Labels
  • Kubernetes > Pod > Query
  • Kubernetes > ReplicaSet > Annotations
  • Kubernetes > ReplicaSet > Approved
  • Kubernetes > ReplicaSet > CMDB
  • Kubernetes > ReplicaSet > Labels
  • Kubernetes > ReplicaSet > Query
  • Kubernetes > Service > Annotations
  • Kubernetes > Service > Approved
  • Kubernetes > Service > CMDB
  • Kubernetes > Service > Labels
  • Kubernetes > Service > Query

Policy Types

  • Kubernetes > Cluster > CMDB
  • Kubernetes > ConfigMap > Annotations
  • Kubernetes > ConfigMap > Annotations > Template
  • Kubernetes > ConfigMap > Approved
  • Kubernetes > ConfigMap > Approved > Custom
  • Kubernetes > ConfigMap > CMDB
  • Kubernetes > ConfigMap > Labels
  • Kubernetes > ConfigMap > Labels > Template
  • Kubernetes > ConfigMap > osquery
  • Kubernetes > ConfigMap > osquery > Configuration
  • Kubernetes > ConfigMap > osquery > Configuration > Columns
  • Kubernetes > ConfigMap > osquery > Configuration > Interval
  • Kubernetes > ConfigMap > osquery > Configuration > Name
  • Kubernetes > Deployment > Annotations
  • Kubernetes > Deployment > Annotations > Template
  • Kubernetes > Deployment > Approved
  • Kubernetes > Deployment > Approved > Custom
  • Kubernetes > Deployment > CMDB
  • Kubernetes > Deployment > Labels
  • Kubernetes > Deployment > Labels > Template
  • Kubernetes > Deployment > osquery
  • Kubernetes > Deployment > osquery > Configuration
  • Kubernetes > Deployment > osquery > Configuration > Columns
  • Kubernetes > Deployment > osquery > Configuration > Interval
  • Kubernetes > Deployment > osquery > Configuration > Name
  • Kubernetes > Namespace > Annotations
  • Kubernetes > Namespace > Annotations > Template
  • Kubernetes > Namespace > Approved
  • Kubernetes > Namespace > Approved > Custom
  • Kubernetes > Namespace > CMDB
  • Kubernetes > Namespace > Labels
  • Kubernetes > Namespace > Labels > Template
  • Kubernetes > Namespace > osquery
  • Kubernetes > Namespace > osquery > Configuration
  • Kubernetes > Namespace > osquery > Configuration > Columns
  • Kubernetes > Namespace > osquery > Configuration > Interval
  • Kubernetes > Namespace > osquery > Configuration > Name
  • Kubernetes > Node > Annotations
  • Kubernetes > Node > Annotations > Template
  • Kubernetes > Node > Approved
  • Kubernetes > Node > Approved > Custom
  • Kubernetes > Node > CMDB
  • Kubernetes > Node > Labels
  • Kubernetes > Node > Labels > Template
  • Kubernetes > Node > osquery
  • Kubernetes > Node > osquery > Configuration
  • Kubernetes > Node > osquery > Configuration > Columns
  • Kubernetes > Node > osquery > Configuration > Interval
  • Kubernetes > Node > osquery > Configuration > Name
  • Kubernetes > Pod > Annotations
  • Kubernetes > Pod > Annotations > Template
  • Kubernetes > Pod > Approved
  • Kubernetes > Pod > Approved > Custom
  • Kubernetes > Pod > CMDB
  • Kubernetes > Pod > Labels
  • Kubernetes > Pod > Labels > Template
  • Kubernetes > Pod > osquery
  • Kubernetes > Pod > osquery > Configuration
  • Kubernetes > Pod > osquery > Configuration > Columns
  • Kubernetes > Pod > osquery > Configuration > Interval
  • Kubernetes > Pod > osquery > Configuration > Name
  • Kubernetes > ReplicaSet > Annotations
  • Kubernetes > ReplicaSet > Annotations > Template
  • Kubernetes > ReplicaSet > Approved
  • Kubernetes > ReplicaSet > Approved > Custom
  • Kubernetes > ReplicaSet > CMDB
  • Kubernetes > ReplicaSet > Labels
  • Kubernetes > ReplicaSet > Labels > Template
  • Kubernetes > ReplicaSet > osquery
  • Kubernetes > ReplicaSet > osquery > Configuration
  • Kubernetes > ReplicaSet > osquery > Configuration > Columns
  • Kubernetes > ReplicaSet > osquery > Configuration > Interval
  • Kubernetes > ReplicaSet > osquery > Configuration > Name
  • Kubernetes > Service > Annotations
  • Kubernetes > Service > Annotations > Template
  • Kubernetes > Service > Approved
  • Kubernetes > Service > Approved > Custom
  • Kubernetes > Service > CMDB
  • Kubernetes > Service > Labels
  • Kubernetes > Service > Labels > Template
  • Kubernetes > Service > osquery
  • Kubernetes > Service > osquery > Configuration
  • Kubernetes > Service > osquery > Configuration > Columns
  • Kubernetes > Service > osquery > Configuration > Interval
  • Kubernetes > Service > osquery > Configuration > Name
  • Kubernetes > osquery
  • Kubernetes > osquery > Decorators

Action Types

  • Kubernetes > ConfigMap > Router
  • Kubernetes > Deployment > Router
  • Kubernetes > Namespace > Router
  • Kubernetes > Node > Router
  • Kubernetes > Pod > Router
  • Kubernetes > ReplicaSet > Router
  • Kubernetes > Service > Router

Bug fixes

  • The GCP > IAM > Service Account Key > Active control will no longer attempt to delete a system-managed service account key deemed inactive by the control.

What's new?

  • You can now determine if an IAM access key for a user is latest and deactivate or delete any keys that are not, using Guardrails. To get started, set the AWS > IAM > Access Key > Active > Latest policy.
  • You can now determine if an IAM server certificate is active based on its expiration. To get started, set the AWS > IAM > Server Certificate > Active > Expired policy.

Policy Types

  • AWS > IAM > Access Key > Active > Latest
  • AWS > IAM > Server Certificate > Active > Expired

Bug fixes

  • The GCP > Project > CMDB control would go into an error state if Access Approval API was disabled in GCP. This is now fixed.

What's new?

  • Implemented SNS topic to handle critical alarms notifications.
  • Added Product, Vendor Tags to the IAM Role resources created by the TEF stack.
  • Introduced a new SSM parameter to manage the reserved concurrency settings for the osquery worker lambda function.
  • Updated Log Bucket Lifecycle Policies:
    • Increased Retention Period: Extended the retention period of the lifecycle policy for logs in the log bucket with the /processes prefix from 1 day to 2 days.
    • New Policy Addition: Implemented a new lifecycle policy for managing log retention in the log bucket for logs with the /osquery prefix.

What's new?

  • Implemented critical alarms for RDS DB CPU utilization, DB Max Connections and Redis ElastiCache Memory utilization.
  • Added Product, Vendor Tags to the IAM Role resources created by the TED stack.

Bug fixes

  • The Azure > Compute > Virtual Machine Scale Set > Tags control would sometimes fail to update tags correctly for Scale Sets launched via Azure marketplace. This is fixed and the control will now update tags correctly, as expected.

What's new?

  • Revoke ingress rules that are unapproved for use in Network ACLs. To get started, set the AWS > VPC > Network ACL > Ingress Rules > Approved > * policies.

Bug fixes

  • Minor fixes and improvements.

What's new?

  • You can now delete existing Mount Targets which are unapproved for use in the account. To get started, set the AWS > EFS > Mount Target > Approved policy to Enforce: Delete unapproved.

What's new?

  • Create and manage aws_cloudwatch_metric_alarm resources via Guardrails stacks.

Control Types

  • AWS > CloudWatch > Alarm > Configured

Policy Types

  • AWS > CloudWatch > Alarm > Configured
  • AWS > CloudWatch > Alarm > Configured > Claim Precedence
  • AWS > CloudWatch > Alarm > Configured > Source

Bug fixes

  • Added support for aws_securityhub_account Terraform resource.

What's new?

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

Control Types

  • AWS > CIS v3.0
  • AWS > CIS v3.0 > 1 - Identity and Access Management
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v3.0 > 2 - Storage
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v3.0 > 3 - Logging
  • AWS > CIS v3.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.03 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.04 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.05 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v3.0 > 3 - Logging > 3.06 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.07 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.09 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v3.0 > 4 - Monitoring
  • AWS > CIS v3.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v3.0 > 5 - Networking
  • AWS > CIS v3.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v3.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2

Policy Types

  • AWS > CIS v3.0
  • AWS > CIS v3.0 > 1 - Identity and Access Management
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • AWS > CIS v3.0 > 2 - Storage
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v3.0 > 2 - Storage > Maximum Attestation Duration
  • AWS > CIS v3.0 > 3 - Logging
  • AWS > CIS v3.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.03 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.04 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.05 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v3.0 > 3 - Logging > 3.06 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.07 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.09 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > Maximum Attestation Duration
  • AWS > CIS v3.0 > 4 - Monitoring
  • AWS > CIS v3.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v3.0 > 4 - Monitoring > Maximum Attestation Duration
  • AWS > CIS v3.0 > 5 - Networking
  • AWS > CIS v3.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
  • AWS > CIS v3.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
  • AWS > CIS v3.0 > 5 - Networking > Maximum Attestation Duration
  • AWS > CIS v3.0 > Maximum Attestation Duration

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Resource Types:

    • GCP > DNS > Policy
  • Control Types:

    • GCP > DNS > Policy > Active
    • GCP > DNS > Policy > Approved
    • GCP > DNS > Policy > CMDB
    • GCP > DNS > Policy > Discovery
    • GCP > DNS > Policy > Usage
  • Policy Types:

    • GCP > DNS > Policy > Active
    • GCP > DNS > Policy > Active > Age
    • GCP > DNS > Policy > Active > Last Modified
    • GCP > DNS > Policy > Approved
    • GCP > DNS > Policy > Approved > Custom
    • GCP > DNS > Policy > Approved > Usage
    • GCP > DNS > Policy > CMDB
    • GCP > DNS > Policy > Usage
    • GCP > DNS > Policy > Usage > Limit
  • Action Types:

    • GCP > DNS > Policy > Delete
    • GCP > DNS > Policy > Router

What's new?

Control Types

  • GCP > CIS v2.0
  • GCP > CIS v2.0 > 1 - Identity and Access Management
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
  • GCP > CIS v2.0 > 2 - Logging and Monitoring
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
  • GCP > CIS v2.0 > 3 - Networking
  • GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
  • GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
  • GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
  • GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
  • GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
  • GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
  • GCP > CIS v2.0 > 4 - Virtual Machines
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
  • GCP > CIS v2.0 > 5 - Storage
  • GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
  • GCP > CIS v2.0 > 7 - BigQuery
  • GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
  • GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets

Policy Types

  • GCP > CIS v2.0
  • GCP > CIS v2.0 > 1 - Identity and Access Management
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • GCP > CIS v2.0 > 2 - Logging and Monitoring
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled' > Attestation
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > Maximum Attestation Duration
  • GCP > CIS v2.0 > 3 - Networking
  • GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
  • GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
  • GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
  • GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
  • GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
  • GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
  • GCP > CIS v2.0 > 4 - Virtual Machines
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections > Attestation
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects > Attestation
  • GCP > CIS v2.0 > 4 - Virtual Machines > Maximum Attestation Duration
  • GCP > CIS v2.0 > 5 - Storage
  • GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges > Attestation
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > Maximum Attestation Duration
  • GCP > CIS v2.0 > 7 - BigQuery
  • GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
  • GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
  • GCP > CIS v2.0 > Maximum Attestation Duration

Bug fixes

  • Minor fixes and improvements.

What's new?

  • Access approval setting details for projects is now be available in Project CMDB.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Action Type for Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved control did not render correctly on mod inspect. This is now fixed.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Azure > Storage > Storage Account > Data Protection control would go into an error state when container delete retention policy data was not available in CMDB. This issue is fixed and the control will now work as expected.

What's new?

  • You can now removed unapproved Firewall IP Ranges on PostgreSQL servers and flexi servers. To get started, set the Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > * and Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > * policies respectively.
  • You can now stop unapproved flexi servers. To get started, set the Azure > PostgreSQL > Flexible Server > Approved policy to Enforce: Stop unapproved or Enforce: Stop unapproved if new.

Control Types

  • Azure > PostgreSQL > Flexible Server > Firewall
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Server > Firewall
  • Azure > PostgreSQL > Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved

Policy Types

  • Azure > PostgreSQL > Flexible Server > Firewall
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Rules
  • Azure > PostgreSQL > Server > Firewall
  • Azure > PostgreSQL > Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

  • Azure > PostgreSQL > Flexible Server > Stop
  • Azure > PostgreSQL > Server > Update Firewall IP Ranges

Bug fixes

  • Fixed control category names for v7.2.10, v7.7.10 and v7.14.1.

What's new?

Control Types

  • Azure > CIS v2.0
  • Azure > CIS v2.0 > 01 - Identity and Access Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 Ensure That 'Number of methods required to reset' is set to '2'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
  • Azure > CIS v2.0 > 02 - Microsoft Defender
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
  • Azure > CIS v2.0 > 03 - Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
  • Azure > CIS v2.0 > 04 - Database Services
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
  • Azure > CIS v2.0 > 06 - Networking
  • Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
  • Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
  • Azure > CIS v2.0 > 07 - Virtual Machines
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
  • Azure > CIS v2.0 > 08 - Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
  • Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
  • Azure > CIS v2.0 > 09 - Application Services
  • Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
  • Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
  • Azure > CIS v2.0 > 10 - Miscellaneous
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources

Policy Types

  • Azure > CIS v2.0
  • Azure > CIS v2.0 > 01 - Identity and Access Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > Maximum Attestation Duration
  • Azure > CIS v2.0 > 02 - Microsoft Defender
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
  • Azure > CIS v2.0 > 02 - Microsoft Defender > Maximum Attestation Duration
  • Azure > CIS v2.0 > 03 - Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
  • Azure > CIS v2.0 > 03 - Storage Accounts > Maximum Attestation Duration
  • Azure > CIS v2.0 > 04 - Database Services
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible > Attestation
  • Azure > CIS v2.0 > 04 - Database Services > Maximum Attestation Duration
  • Azure > CIS v2.0 > 05 - Logging and Monitoring
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it > Attestation
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > Maximum Attestation Duration
  • Azure > CIS v2.0 > 06 - Networking
  • Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
  • Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis > Attestation
  • Azure > CIS v2.0 > 06 - Networking > Maximum Attestation Duration
  • Azure > CIS v2.0 > 07 - Virtual Machines
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > Maximum Attestation Duration
  • Azure > CIS v2.0 > 08 - Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
  • Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services > Attestation
  • Azure > CIS v2.0 > 08 - Key Vault > Maximum Attestation Duration
  • Azure > CIS v2.0 > 09 - Application Services
  • Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
  • Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > Maximum Attestation Duration
  • Azure > CIS v2.0 > 10 - Miscellaneous
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources > Attestation
  • Azure > CIS v2.0 > 10 - Miscellaneous > Maximum Attestation Duration
  • Azure > CIS v2.0 > Maximum Attestation Duration

What's new?

  • Server
    • Implemented monitoring for worker_factory in the CloudWatch Dashboard widgets "Events Queue Activity" and "Events Queue Backlog".
    • Established a CloudWatch Alarm for the _worker_factory queue.
    • Product, Vendor Tags to the IAM Role resources created by the TE stack.
    • Adjusted the threshold for the CloudWatch Alarm monitoring the _worker queue.

Bug fixes

  • Server

    • Now, users with only Turbot/User access will no longer see grants or active grants belonging to other users. This ensures that you only view grants that are relevant to your permissions.
    • Control will move to error if it fails to determine the state at precheck.
    • System resilience has been enhanced through extended TTL settings and refined management of suspended processes, aiming to improve stability and reduce backlog issues.
    • Refined management of various processes to improve stability and reduce backlog issues.
  • UI

    • Converted the template_input property of the policy setting in the Terraform plan to YAML format, improving clarity and manageability.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Moved the Turbot > Process Monitor control to operate within the priority queue, ensuring more timely and efficient processing of critical tasks.
  • Updated the Turbot > Workspace > Background Tasks control to modify the next_tick_timestamp for any policy values that previously had incorrect defaults.

Bug fixes

  • Minor fixes and improvements.

What's new?

  • You can now configure rotation reminders for access keys and soft delete for blobs and containers in storage accounts. To get started, set the Azure > Storage > Storage Account > Access Keys > Rotation Reminder > * and Azure > Storage > Storage Account > Data Protection > Soft Delete > * policies respectively.

Control Types

  • Azure > Storage > Storage Account > Access Keys
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder
  • Azure > Storage > Storage Account > Data Protection
  • Azure > Storage > Storage Account > Data Protection > Soft Delete

Policy Types

  • Azure > Storage > Storage Account > Access Keys
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder > Days
  • Azure > Storage > Storage Account > Data Protection
  • Azure > Storage > Storage Account > Data Protection > Soft Delete
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs > Retention Days
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers > Retention Days

Action Types

  • Azure > Storage > Storage Account > Set Data Protection Soft Delete
  • Azure > Storage > Storage Account > Update Rotation Reminder

What's new?

  • You can now removed unapproved Firewall IP Ranges on SQL servers. To get started, set the Azure > SQL > Server > Firewall > IP Ranges > Approved > * policies.

Control Types

  • Azure > SQL > Server > Firewall
  • Azure > SQL > Server > Firewall > IP Ranges
  • Azure > SQL > Server > Firewall > IP Ranges > Approved

Policy Types

  • Azure > SQL > Server > Firewall
  • Azure > SQL > Server > Firewall > IP Ranges
  • Azure > SQL > Server > Firewall > IP Ranges > Approved
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

  • Azure > SQL > Server > Update Firewall IP Ranges

Bug fixes

  • The rotationPeriod and nextRotationTime attributes for Crypto Keys did not update correctly in CMDB when the rotation policy for such keys was removed. This is now fixed.

What's new?

  • You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Encryption in Transit > * policies.
  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Control Types

  • Azure > MySQL > Flexible Server > Encryption in Transit

Policy Types

  • Azure > MySQL > Flexible Server > Encryption in Transit

Action Types

  • Azure > MySQL > Flexible Server > Update Encryption in Transit

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Policy Types

  • Azure > App Service > App Service Plan > Approved > Custom
  • Azure > App Service > Function App > Approved > Custom
  • Azure > App Service > Web App > Approved > Custom

Bug fixes

  • The AWS > VPC > Flow Log > Configured control would sometimes go into an error state for flow logs created via the AWS console, even though they were correctly claimed by a Guardrails stack. This is now fixed.

What's new?

  • You can now configure log checkpoints for Flexi Servers. To get started, set the Azure > PostgreSQL > Flexible Server > Audit Logging > * policies.
  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Control Types

  • Azure > PostgreSQL > Flexible Server > Audit Logging

Policy Types

  • Azure > PostgreSQL > Flexible Server > Audit Logging
  • Azure > PostgreSQL > Flexible Server > Audit Logging > Log Checkpoints

Action Types

  • Azure > PostgreSQL > Flexible Server > Update Audit Logging

What's new?

  • You can now configure expiration for Key Vault Keys and Secrets. To get started, set the Azure > Key Vault > Key > Expiration > * and Azure > Key Vault > Secret > Expiration > * policies respectively.

Control Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Secret > Expiration

Policy Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Key > Expiration > Days [Default]
  • Azure > Key Vault > Secret > Expiration
  • Azure > Key Vault > Secret > Expiration > Days [Default]

Action Types

  • Azure > Key Vault > Key > Set Expiration
  • Azure > Key Vault > Secret > Set Expiration

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

  • The Azure > Storage > Storage Account > Queue > Logging control would go into a skipped state for storage accounts, irrespective of any policy setting for Logging. This issue is fixed and the control will now work as expected.

What's new?

  • You can now delete existing Public IP Addresses which are unapproved for use in the Subscription. To get started, set the Azure > Network > Public IP Address > Approved policy to Enforce: Delete unapproved.

What's new?

  • You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > PostgresSql > Flexible Server > Encryption in Transit > * policies.

Control Types

  • Azure > PostgreSQL > Flexible Server > Encryption in Transit

Policy Types

  • Azure > PostgreSQL > Flexible Server > Encryption in Transit

Action Types

  • Azure > PostgreSQL > Flexible Server > Update Encryption in Transit

What's new?

  • You can now delete existing Entra ID users which are unapproved to be used in the Tenant. To get started, set the Azure > Active Directory > User > Approved policy to Enforce: Delete unapproved.

Policy Types

  • Azure > Active Directory > User > Approved > Custom

What's new?

  • You can now configure TLS version for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Minimum TLS Version > * policies.

What's new?

  • Account CMDB data will now also include alternate security contact details.

What's new?

Control Types

  • AWS > CIS v2.0
  • AWS > CIS v2.0 > 1 - Identity and Access Management
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v2.0 > 2 - Storage
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v2.0 > 3 - Logging
  • AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
  • AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
  • AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v2.0 > 4 - Monitoring
  • AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v2.0 > 5 - Networking
  • AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2

Policy Types

  • AWS > CIS v2.0
  • AWS > CIS v2.0 > 1 - Identity and Access Management
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • AWS > CIS v2.0 > 2 - Storage
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v2.0 > 2 - Storage > Maximum Attestation Duration
  • AWS > CIS v2.0 > 3 - Logging
  • AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
  • AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
  • AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > Maximum Attestation Duration
  • AWS > CIS v2.0 > 4 - Monitoring
  • AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v2.0 > 4 - Monitoring > Maximum Attestation Duration
  • AWS > CIS v2.0 > 5 - Networking
  • AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
  • AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
  • AWS > CIS v2.0 > 5 - Networking > Maximum Attestation Duration
  • AWS > CIS v2.0 > Maximum Attestation Duration

Bug fixes

  • SQL Instances were sometimes not updated/cleaned up correctly via real-time events in Guardrails. This is now fixed.

What's new?

  • You can now manage IMDS defaults for EC2 per region. To get started, set the AWS > EC2 > Account Attributes > Instance Metadata Service Defaults > * policies.

Bug fixes

  • The AWS > EC2 > Instance > Approved control would sometimes fail to stop instances that were discovered in Guardrails via real-time events if the AWS > EC2 > Instance > Approved policy was set to Enforce: Stop unapproved if new. This is now fixed.

What's new?

  • Storage Account CMDB data will now also include details about the account's blob service properties.

What's new?

  • You can now configure connection_throttling parameter for PostgreSQL servers. To get started, set the Azure > PostgreSQL > Server > Audit Logging > Connection Throttling policy.

What's new?

  • TLS version and audit log details will now be available in CMDB for Flexi Servers.

What's new?

  • Users can now disable unapproved Keys in AWS. To get started, set the AWS > KMS > Key > Approved policy to Enforce: Disable unapproved.

Bug fixes

  • In v5.15.1, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > SNS > Subscription > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of real-time events for Subscription from the SNS EventBridge rule created by the Event Handlers. This issue has now been fixed.

Bug fixes

  • In v5.13.0, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > KMS > Key > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of the EventBridge Rule for KMS by the Event Handlers. This issue has now been fixed.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • AWS > ECR > Repository > Policy
    • AWS > ECR > Repository > Policy > Required
  • Policy Types:

    • AWS > ECR > Repository > Policy
    • AWS > ECR > Repository > Policy > Required
    • AWS > ECR > Repository > Policy > Required > Items
  • Action Types:

    • AWS > ECR > Repository > Update Repository policy

Bug fixes

  • Server
    • Account import will be smoother and more consistent than before.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • The AWS > VPC > VPC > Stack control failed to claim security group rules correctly if the protocol for such rules was set to All or TCP in the stack's source policy. This issue has been fixed, and the control will now claim such rules correctly.

Bug fixes

  • We have updated various policy definitions set during account imports to allow for a smoother account import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.

Bug fixes

  • UI
    • Fixed the AWS login dropdown button to accurately display both existing and new grants.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Unsupported US Gov cloud regions were inadvertently included in the AWS > SageMaker > Code Repository > Regions policy, which led to the AWS > SageMaker > Code Repository > Discovery control being in an error state for those regions. We've now removed the unsupported US Gov cloud regions from the Regions policy.

What's new?

  • Policy Types:
    • AWS > SageMaker > Notebook Instance > Approved > Custom

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
  • In the previous version, we fixed an issue with the AWS > VPC > VPC > Stack control that prevented it from recognizing security group rules with the port range set to 0 correctly. However, the control still failed to claim existing security group rules available in Guardrails CMDB, due to an inadvertent bug introduced in v5.9.2. This issue has now been fixed, and the control will correctly claim existing security group rules.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Previously, Guardrails unnecessarily listened to and processed real-time lists events for various storage resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
  • The AWS > EC2 > Snapshot > Active and AWS > EC2 > Snapshot > Approved controls will now not attempt to delete a snapshot if it has one or more AMIs attached to it.
  • In the previous version, although we fixed a bug to prevent upserting volumes and snapshots with incorrect AKAs, there was still a provision for instances to be upserted with incorrect AKAs. We have now addressed this issue as well, ensuring instances are upserted more correctly and consistently than before.
  • The deprecated ec2-reports:* permissions are now removed from the mod.

Bug fixes

  • Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
  • In the previous version, we believed we had resolved an issue with Internet Gateways not being upserted into the CMDB while processing real-time CreateDefaultVpc events. However, we overlooked an edge case in the fix. We have now addressed this issue, ensuring that Internet Gateways will be reliably discovered and upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to version 5.17.1 or higher to enable Guardrails to correctly process real-time CreateDefaultVpc events for Internet Gateways.
  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • The AWS > VPC > VPC > Stack control would sometimes go into an error state after creating security group rules with port range set to 0. This occurred because the control failed to recognize the existing rule in Guardrails CMDB and attempted to create a new rule instead. This issue has been fixed, and the stack control will now work correctly as expected.
  • The AWS > VPC > Security Group > CMDB control would sometimes go into an error state for security groups shared from other AWS accounts. We will now exclude shared security groups and only upsert security groups that belong to the owner account.

What's new?

  • You can now also manage the IAM Permissions model for Guardrails Users via the AWS > Turbot > IAM > Managed control. The AWS > Turbot > IAM > Managed control is faster and more efficient than the existing AWS > Turbot > IAM control because it utilizes Native AWS APIs rather than Terraform to manage IAM resources. Please note that this feature will work as intended only on TE v5.42.19 or higher and turbot-iam mod v5.11.0 or higher.

  • Control Types

    • AWS > Turbot > IAM > Group
    • AWS > Turbot > IAM > Group > Managed
    • AWS > Turbot > IAM > Managed
    • AWS > Turbot > IAM > Policy
    • AWS > Turbot > IAM > Policy > Managed
    • AWS > Turbot > IAM > Role
    • AWS > Turbot > IAM > Role > Managed
    • AWS > Turbot > IAM > User
    • AWS > Turbot > IAM > User > Managed
  • Policy Types

    • AWS > Turbot > IAM > Managed
  • Policy Types Renamed

    • AWS > IAM > Turbot to AWS > Turbot > IAM
  • Action Types

    • AWS > Account > Provision Managed Resources
    • AWS > IAM > Group > Detach and delete
    • AWS > IAM > Group > IAM Group Managed
    • AWS > IAM > Policy > Detach and delete
    • AWS > IAM > Role > IAM Role Managed
    • AWS > IAM > User > IAM User Managed

Bug fixes

The AWS > IAM > Group > CMDB, AWS > IAM > Role > CMDB, and AWS > IAM > User > CMDB controls previously failed to fetch all attachments for groups, roles, and users, respectively, due to the lack of pagination support. This issue has been fixed, and the controls will now correctly fetch all respective attachments.

Bug fixes

  • Server

    • Updated the tier for the SSM parameter /tenant/${workspaceFullId} to Advanced.
    • Delete operations for resources is now faster and more efficient than before.
    • Auto mod update control for mods will now look only for recommended versions instead of available and recommended.
    • Fixed policy value resolution to default to the value of resolvedSchema if not available in the schema.
  • UI

    • Fixed a table typo in the Steampipe query used in the resources developer tab.
    • Display the AWS login button when setting permissions via the AWS > Turbot > IAM > Managed control.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The default value for Turbot > IAM > Permissions > Compiled > Levels > Turbot policy will now be evaluated correctly and consistently.

Bug fixes

  • SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB. This issue has now been fixed.

What's new?

  • The AWS > S3 > Bucket CMDB data will now also include information about Bucket Intelligent Tiering Configuration.

  • A few policy values in the AWS > S3 > Bucket > Encyprion at Rest policy have now been deprecated and will be removed in the next major mod version (v6.0.0) because they are no longer supported by AWS.

    | Deprecated Values
    |- | Check: None
    | Check: None or higher
    | Enforce: None
    | Enforce: None or higher

Bug fixes

  • Previously, Guardrails did not upsert Internet Gateways into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and Internet Gateways will now be more reliably upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to v5.17.1 or higher to allow Guardrails to process the CreateDefaultVpc event for Internet Gateways correctly.

Bug fixes

  • Previously, Guardrails did not upsert DHCP Options into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and DHCP Options will now be more reliably upserted into the Guardrails CMDB.

Bug fixes

  • Previously, Guardrails unnecessarily listened to and processed real-time lists events for various Dataproc resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

Bug fixes

  • The GCP > Turbot > Event Handlers > Pub/Sub stack control previously attempted to create a topic and its IAM member incorrectly when the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy was set to Enforce: Unique Identity, but the project number for the project was not available. This is fixed and the control will transition to an Invalid state until Guardrails can correctly fetch the project number.

What's new?

  • Control Types:

    • GCP > Pub/Sub > Topic > Labels
  • Policy Types:

    • GCP > Pub/Sub > Topic > Labels
    • GCP > Pub/Sub > Topic > Labels > Template
  • Action Types

    • GCP > Pub/Sub > Topic > Set Labels

Bug fixes

  • In a previous version (v5.6.2), we introduced a change in the AWS > S3 > Bucket > Encryption in Transit and AWS > S3 > Bucket > Encryption at Rest control to wait for a few minutes before applying the respective policies to new buckets created via Cloudformation Stacks. We've now extended this feature to all buckets regardless of how they were created, to ensure that IaC changes can be correctly applied to buckets without interference from immediate policy enforcements.

What's new?

  • Added support for Advanced Tier for SSM Parameters.
  • Increased the visibility timeout from 60 seconds to 7200 seconds and decreased the message retention period to 7 days for runnable DLQ.

What's new?

  • Added: Support for Postgres versions 14.9, 14.10, 15.4 and 15.5.
  • Added: Support for Redis 7.1.
  • Added: m6gd.medium to instance type parameter for RDS.
  • Added: Support for Advanced Tier for SSM Parameters.
  • Removed: t4.micro and t4.small from instance type parameter for RDS.

Note

To use the latest RDS certificate in commercial cloud, please upgrade TE to 5.42.3 or higher and update the RDS CA Certificate for Commercial Cloud parameter.

Bug fixes

  • Server

    • Added: Support for AWS Custom Group Levels.
    • Updated: The DLQ lambda timeout has been updated to 2 minutes instead of 1 minute.
    • Updated: The Events DLQ visibility timeout has been increased from 15 minutes to 4 hours.
    • Updated: The Events DLQ MessageRetentionPeriod has been decreased from 14 days to 7 days.
  • UI

    • Added: Action button to run immediate policy value.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Added support for group permission levels.

What's new?

  • Control Types:

    • GCP > Firebase > Android App > ServiceNow
    • GCP > Firebase > Android App > ServiceNow > Configuration Item
    • GCP > Firebase > Android App > ServiceNow > Table
    • GCP > Firebase > Firebase Project > ServiceNow
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
    • GCP > Firebase > Firebase Project > ServiceNow > Table
    • GCP > Firebase > Web App > ServiceNow
    • GCP > Firebase > Web App > ServiceNow > Configuration Item
    • GCP > Firebase > Web App > ServiceNow > Table
    • GCP > Firebase > iOS App > ServiceNow
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item
    • GCP > Firebase > iOS App > ServiceNow > Table
  • Policy Types:

    • GCP > Firebase > Android App > ServiceNow
    • GCP > Firebase > Android App > ServiceNow > Configuration Item
    • GCP > Firebase > Android App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Android App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Android App > ServiceNow > Table
    • GCP > Firebase > Android App > ServiceNow > Table > Definition
    • GCP > Firebase > Firebase Project > ServiceNow
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Firebase Project > ServiceNow > Table
    • GCP > Firebase > Firebase Project > ServiceNow > Table > Definition
    • GCP > Firebase > Web App > ServiceNow
    • GCP > Firebase > Web App > ServiceNow > Configuration Item
    • GCP > Firebase > Web App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Web App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Web App > ServiceNow > Table
    • GCP > Firebase > Web App > ServiceNow > Table > Definition
    • GCP > Firebase > iOS App > ServiceNow
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > iOS App > ServiceNow > Table
    • GCP > Firebase > iOS App > ServiceNow > Table > Definition

What's new?

  • The AWS > Secrets Manager > Secret > CMDB control would go into an error state if Guardrails did not have permissions to describe a secret. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > Secrets Manager > Secret > CMDB policy to Enforce: Enabled but ignore permission errors.

What's new?

  • You can now attach custom IAM Groups to Guardrails users if the AWS > Turbot > Permissions policy is set to Enforce: User Mode. To get started, set the AWS > Turbot > Permissions > Custom Group Levels [Account] policy and then attach the custom group to a user via the Grant Permission button on the Permissions page. Please note that this feature will work as intended only on TE v5.42.18 or higher and turbot-iam mod v5.11.0 or higher.

  • Policy Types:

    • AWS > Turbot > Permissions > Custom Group Levels [Account]
  • Policy Types renamed:

    • AWS > Turbot > Permissions > Custom Levels [Account] to AWS > Turbot > Permissions > Custom Role Levels [Account]
    • AWS > Turbot > Permissions > Custom Levels [Folder] to AWS > Turbot > Permissions > Custom Role Levels [Folder]

What's new?

  • Control Types:

    • GCP > Network > Address > ServiceNow
    • GCP > Network > Address > ServiceNow > Configuration Item
    • GCP > Network > Address > ServiceNow > Table
    • GCP > Network > Backend Bucket > ServiceNow
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
    • GCP > Network > Backend Bucket > ServiceNow > Table
    • GCP > Network > Backend Service > ServiceNow
    • GCP > Network > Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Backend Service > ServiceNow > Table
    • GCP > Network > Firewall > ServiceNow
    • GCP > Network > Firewall > ServiceNow > Configuration Item
    • GCP > Network > Firewall > ServiceNow > Table
    • GCP > Network > Forwarding Rule > ServiceNow
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Forwarding Rule > ServiceNow > Table
    • GCP > Network > Global Address > ServiceNow
    • GCP > Network > Global Address > ServiceNow > Configuration Item
    • GCP > Network > Global Address > ServiceNow > Table
    • GCP > Network > Global Forwarding Rule > ServiceNow
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table
    • GCP > Network > Interconnect > ServiceNow
    • GCP > Network > Interconnect > ServiceNow > Configuration Item
    • GCP > Network > Interconnect > ServiceNow > Table
    • GCP > Network > Packet Mirroring > ServiceNow
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
    • GCP > Network > Packet Mirroring > ServiceNow > Table
    • GCP > Network > Region Backend Service > ServiceNow
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Region Backend Service > ServiceNow > Table
    • GCP > Network > Region SSL Certificate > ServiceNow
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > Region SSL Certificate > ServiceNow > Table
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Region URL Map > ServiceNow
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item
    • GCP > Network > Region URL Map > ServiceNow > Table
    • GCP > Network > Route > ServiceNow
    • GCP > Network > Route > ServiceNow > Configuration Item
    • GCP > Network > Route > ServiceNow > Table
    • GCP > Network > Router > ServiceNow
    • GCP > Network > Router > ServiceNow > Configuration Item
    • GCP > Network > Router > ServiceNow > Table
    • GCP > Network > SSL Certificate > ServiceNow
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > SSL Certificate > ServiceNow > Table
    • GCP > Network > SSL Policy > ServiceNow
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item
    • GCP > Network > SSL Policy > ServiceNow > Table
    • GCP > Network > Target HTTPS Proxy > ServiceNow
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Target Pool > ServiceNow
    • GCP > Network > Target Pool > ServiceNow > Configuration Item
    • GCP > Network > Target Pool > ServiceNow > Table
    • GCP > Network > Target SSL Proxy > ServiceNow
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target SSL Proxy > ServiceNow > Table
    • GCP > Network > Target TCP Proxy > ServiceNow
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target TCP Proxy > ServiceNow > Table
    • GCP > Network > Target VPN Gateway > ServiceNow
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
    • GCP > Network > Target VPN Gateway > ServiceNow > Table
    • GCP > Network > URL Map > ServiceNow
    • GCP > Network > URL Map > ServiceNow > Configuration Item
    • GCP > Network > URL Map > ServiceNow > Table
    • GCP > Network > VPN Tunnel > ServiceNow
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
    • GCP > Network > VPN Tunnel > ServiceNow > Table
  • Policy Types:

    • GCP > Network > Address > ServiceNow
    • GCP > Network > Address > ServiceNow > Configuration Item
    • GCP > Network > Address > ServiceNow > Configuration Item > Record
    • GCP > Network > Address > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Address > ServiceNow > Table
    • GCP > Network > Address > ServiceNow > Table > Definition
    • GCP > Network > Backend Bucket > ServiceNow
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Record
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Backend Bucket > ServiceNow > Table
    • GCP > Network > Backend Bucket > ServiceNow > Table > Definition
    • GCP > Network > Backend Service > ServiceNow
    • GCP > Network > Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Backend Service > ServiceNow > Configuration Item > Record
    • GCP > Network > Backend Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Backend Service > ServiceNow > Table
    • GCP > Network > Backend Service > ServiceNow > Table > Definition
    • GCP > Network > Firewall > ServiceNow
    • GCP > Network > Firewall > ServiceNow > Configuration Item
    • GCP > Network > Firewall > ServiceNow > Configuration Item > Record
    • GCP > Network > Firewall > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Firewall > ServiceNow > Table
    • GCP > Network > Firewall > ServiceNow > Table > Definition
    • GCP > Network > Forwarding Rule > ServiceNow
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Record
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Forwarding Rule > ServiceNow > Table
    • GCP > Network > Forwarding Rule > ServiceNow > Table > Definition
    • GCP > Network > Global Address > ServiceNow
    • GCP > Network > Global Address > ServiceNow > Configuration Item
    • GCP > Network > Global Address > ServiceNow > Configuration Item > Record
    • GCP > Network > Global Address > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Global Address > ServiceNow > Table
    • GCP > Network > Global Address > ServiceNow > Table > Definition
    • GCP > Network > Global Forwarding Rule > ServiceNow
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Record
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table > Definition
    • GCP > Network > Interconnect > ServiceNow
    • GCP > Network > Interconnect > ServiceNow > Configuration Item
    • GCP > Network > Interconnect > ServiceNow > Configuration Item > Record
    • GCP > Network > Interconnect > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Interconnect > ServiceNow > Table
    • GCP > Network > Interconnect > ServiceNow > Table > Definition
    • GCP > Network > Packet Mirroring > ServiceNow
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Record
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Packet Mirroring > ServiceNow > Table
    • GCP > Network > Packet Mirroring > ServiceNow > Table > Definition
    • GCP > Network > Region Backend Service > ServiceNow
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Record
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region Backend Service > ServiceNow > Table
    • GCP > Network > Region Backend Service > ServiceNow > Table > Definition
    • GCP > Network > Region SSL Certificate > ServiceNow
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Record
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region SSL Certificate > ServiceNow > Table
    • GCP > Network > Region SSL Certificate > ServiceNow > Table > Definition
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table > Definition
    • GCP > Network > Region URL Map > ServiceNow
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Record
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region URL Map > ServiceNow > Table
    • GCP > Network > Region URL Map > ServiceNow > Table > Definition
    • GCP > Network > Route > ServiceNow
    • GCP > Network > Route > ServiceNow > Configuration Item
    • GCP > Network > Route > ServiceNow > Configuration Item > Record
    • GCP > Network > Route > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Route > ServiceNow > Table
    • GCP > Network > Route > ServiceNow > Table > Definition
    • GCP > Network > Router > ServiceNow
    • GCP > Network > Router > ServiceNow > Configuration Item
    • GCP > Network > Router > ServiceNow > Configuration Item > Record
    • GCP > Network > Router > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Router > ServiceNow > Table
    • GCP > Network > Router > ServiceNow > Table > Definition
    • GCP > Network > SSL Certificate > ServiceNow
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Record
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > SSL Certificate > ServiceNow > Table
    • GCP > Network > SSL Certificate > ServiceNow > Table > Definition
    • GCP > Network > SSL Policy > ServiceNow
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Record
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > SSL Policy > ServiceNow > Table
    • GCP > Network > SSL Policy > ServiceNow > Table > Definition
    • GCP > Network > Target HTTPS Proxy > ServiceNow
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target Pool > ServiceNow
    • GCP > Network > Target Pool > ServiceNow > Configuration Item
    • GCP > Network > Target Pool > ServiceNow > Configuration Item > Record
    • GCP > Network > Target Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target Pool > ServiceNow > Table
    • GCP > Network > Target Pool > ServiceNow > Table > Definition
    • GCP > Network > Target SSL Proxy > ServiceNow
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target SSL Proxy > ServiceNow > Table
    • GCP > Network > Target SSL Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target TCP Proxy > ServiceNow
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target TCP Proxy > ServiceNow > Table
    • GCP > Network > Target TCP Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target VPN Gateway > ServiceNow
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Record
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target VPN Gateway > ServiceNow > Table
    • GCP > Network > Target VPN Gateway > ServiceNow > Table > Definition
    • GCP > Network > URL Map > ServiceNow
    • GCP > Network > URL Map > ServiceNow > Configuration Item
    • GCP > Network > URL Map > ServiceNow > Configuration Item > Record
    • GCP > Network > URL Map > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > URL Map > ServiceNow > Table
    • GCP > Network > URL Map > ServiceNow > Table > Definition
    • GCP > Network > VPN Tunnel > ServiceNow
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Record
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > VPN Tunnel > ServiceNow > Table
    • GCP > Network > VPN Tunnel > ServiceNow > Table > Definition

Bug fixes

  • The AWS > VPC > VPC > Stack control would sometimes fail to claim existing Flow Logs in Guardrails CMDB. This is now fixed.

What's new?

  • Control Types:

    • GCP > IAM > Project Role > ServiceNow
    • GCP > IAM > Project Role > ServiceNow > Configuration Item
    • GCP > IAM > Project Role > ServiceNow > Table
    • GCP > IAM > Project User > ServiceNow
    • GCP > IAM > Project User > ServiceNow > Configuration Item
    • GCP > IAM > Project User > ServiceNow > Table
    • GCP > IAM > Service Account > ServiceNow
    • GCP > IAM > Service Account > ServiceNow > Configuration Item
    • GCP > IAM > Service Account > ServiceNow > Table
    • GCP > IAM > Service Account Key > ServiceNow
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
    • GCP > IAM > Service Account Key > ServiceNow > Table
    • GCP > Project > Policy > ServiceNow
    • GCP > Project > Policy > ServiceNow > Configuration Item
    • GCP > Project > Policy > ServiceNow > Table
  • Policy Types:

    • GCP > IAM > Project Role > ServiceNow
    • GCP > IAM > Project Role > ServiceNow > Configuration Item
    • GCP > IAM > Project Role > ServiceNow > Configuration Item > Record
    • GCP > IAM > Project Role > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Project Role > ServiceNow > Table
    • GCP > IAM > Project Role > ServiceNow > Table > Definition
    • GCP > IAM > Project User > ServiceNow
    • GCP > IAM > Project User > ServiceNow > Configuration Item
    • GCP > IAM > Project User > ServiceNow > Configuration Item > Record
    • GCP > IAM > Project User > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Project User > ServiceNow > Table
    • GCP > IAM > Project User > ServiceNow > Table > Definition
    • GCP > IAM > Service Account > ServiceNow
    • GCP > IAM > Service Account > ServiceNow > Configuration Item
    • GCP > IAM > Service Account > ServiceNow > Configuration Item > Record
    • GCP > IAM > Service Account > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Service Account > ServiceNow > Table
    • GCP > IAM > Service Account > ServiceNow > Table > Definition
    • GCP > IAM > Service Account Key > ServiceNow
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Record
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Service Account Key > ServiceNow > Table
    • GCP > IAM > Service Account Key > ServiceNow > Table > Definition
    • GCP > Project > Policy > ServiceNow
    • GCP > Project > Policy > ServiceNow > Configuration Item
    • GCP > Project > Policy > ServiceNow > Configuration Item > Record
    • GCP > Project > Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Project > Policy > ServiceNow > Table
    • GCP > Project > Policy > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Functions > Function > ServiceNow
    • GCP > Functions > Function > ServiceNow > Configuration Item
    • GCP > Functions > Function > ServiceNow > Table
  • Policy Types:

    • GCP > Functions > Function > ServiceNow
    • GCP > Functions > Function > ServiceNow > Configuration Item
    • GCP > Functions > Function > ServiceNow > Configuration Item > Record
    • GCP > Functions > Function > ServiceNow > Configuration Item > Table Definition
    • GCP > Functions > Function > ServiceNow > Table
    • GCP > Functions > Function > ServiceNow > Table > Definition

Bug fixes

  • The AWS > SNS > Subscription > CMDB control would go into an error state if Guardrails did not have permissions to describe a subscription. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > SNS > Subscription > CMDB policy to Enforce: Enabled but ignore permission errors.

What's new?

  • Control Types:

    • GCP > Project > ServiceNow
    • GCP > Project > ServiceNow > Configuration Item
    • GCP > Project > ServiceNow > Table
  • Policy Types:

    • GCP > Project > ServiceNow
    • GCP > Project > ServiceNow > Configuration Item
    • GCP > Project > ServiceNow > Configuration Item > Record
    • GCP > Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Project > ServiceNow > Table
    • GCP > Project > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Memorystore > Instance > ServiceNow
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item
    • GCP > Memorystore > Instance > ServiceNow > Table
  • Policy Types:

    • GCP > Memorystore > Instance > ServiceNow
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Record
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Memorystore > Instance > ServiceNow > Table
    • GCP > Memorystore > Instance > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Storage > Object > ServiceNow
    • GCP > Storage > Object > ServiceNow > Configuration Item
    • GCP > Storage > Object > ServiceNow > Table
  • Policy Types:

    • GCP > Storage > Object > ServiceNow
    • GCP > Storage > Object > ServiceNow > Configuration Item
    • GCP > Storage > Object > ServiceNow > Configuration Item > Record
    • GCP > Storage > Object > ServiceNow > Configuration Item > Table Definition
    • GCP > Storage > Object > ServiceNow > Table
    • GCP > Storage > Object > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Secret Manager > Secret > ServiceNow
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
    • GCP > Secret Manager > Secret > ServiceNow > Table
  • Policy Types:

    • GCP > Secret Manager > Secret > ServiceNow
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Record
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Table Definition
    • GCP > Secret Manager > Secret > ServiceNow > Table
    • GCP > Secret Manager > Secret > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Scheduler > Job > ServiceNow
    • GCP > Scheduler > Job > ServiceNow > Configuration Item
    • GCP > Scheduler > Job > ServiceNow > Table
  • Policy Types:

    • GCP > Scheduler > Job > ServiceNow
    • GCP > Scheduler > Job > ServiceNow > Configuration Item
    • GCP > Scheduler > Job > ServiceNow > Configuration Item > Record
    • GCP > Scheduler > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Scheduler > Job > ServiceNow > Table
    • GCP > Scheduler > Job > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Dataproc > Cluster > ServiceNow
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
    • GCP > Dataproc > Cluster > ServiceNow > Table
    • GCP > Dataproc > Job > ServiceNow
    • GCP > Dataproc > Job > ServiceNow > Configuration Item
    • GCP > Dataproc > Job > ServiceNow > Table
    • GCP > Dataproc > Workflow Template > ServiceNow
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
    • GCP > Dataproc > Workflow Template > ServiceNow > Table
  • Policy Types:

    • GCP > Dataproc > Cluster > ServiceNow
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Cluster > ServiceNow > Table
    • GCP > Dataproc > Cluster > ServiceNow > Table > Definition
    • GCP > Dataproc > Job > ServiceNow
    • GCP > Dataproc > Job > ServiceNow > Configuration Item
    • GCP > Dataproc > Job > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Job > ServiceNow > Table
    • GCP > Dataproc > Job > ServiceNow > Table > Definition
    • GCP > Dataproc > Workflow Template > ServiceNow
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Workflow Template > ServiceNow > Table
    • GCP > Dataproc > Workflow Template > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Composer > Environment > ServiceNow
    • GCP > Composer > Environment > ServiceNow > Configuration Item
    • GCP > Composer > Environment > ServiceNow > Table
  • Policy Types:

    • GCP > Composer > Environment > ServiceNow
    • GCP > Composer > Environment > ServiceNow > Configuration Item
    • GCP > Composer > Environment > ServiceNow > Configuration Item > Record
    • GCP > Composer > Environment > ServiceNow > Configuration Item > Table Definition
    • GCP > Composer > Environment > ServiceNow > Table
    • GCP > Composer > Environment > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Monitoring > Alert Policy > ServiceNow
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
    • GCP > Monitoring > Alert Policy > ServiceNow > Table
    • GCP > Monitoring > Group > ServiceNow
    • GCP > Monitoring > Group > ServiceNow > Configuration Item
    • GCP > Monitoring > Group > ServiceNow > Table
    • GCP > Monitoring > Notification Channel > ServiceNow
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
    • GCP > Monitoring > Notification Channel > ServiceNow > Table
  • Policy Types:

    • GCP > Monitoring > Alert Policy > ServiceNow
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Alert Policy > ServiceNow > Table
    • GCP > Monitoring > Alert Policy > ServiceNow > Table > Definition
    • GCP > Monitoring > Group > ServiceNow
    • GCP > Monitoring > Group > ServiceNow > Configuration Item
    • GCP > Monitoring > Group > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Group > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Group > ServiceNow > Table
    • GCP > Monitoring > Group > ServiceNow > Table > Definition
    • GCP > Monitoring > Notification Channel > ServiceNow
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Notification Channel > ServiceNow > Table
    • GCP > Monitoring > Notification Channel > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > DNS > Managed Zone > ServiceNow
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
    • GCP > DNS > Managed Zone > ServiceNow > Table
  • Policy Types:

    • GCP > DNS > Managed Zone > ServiceNow
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Record
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Table Definition
    • GCP > DNS > Managed Zone > ServiceNow > Table
    • GCP > DNS > Managed Zone > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Datapipeline > Pipeline > ServiceNow
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
    • GCP > Datapipeline > Pipeline > ServiceNow > Table
  • Policy Types:

    • GCP > Datapipeline > Pipeline > ServiceNow
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Record
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Table Definition
    • GCP > Datapipeline > Pipeline > ServiceNow > Table
    • GCP > Datapipeline > Pipeline > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Dataflow > Job > ServiceNow
    • GCP > Dataflow > Job > ServiceNow > Configuration Item
    • GCP > Dataflow > Job > ServiceNow > Table
  • Policy Types:

    • GCP > Dataflow > Job > ServiceNow
    • GCP > Dataflow > Job > ServiceNow > Configuration Item
    • GCP > Dataflow > Job > ServiceNow > Configuration Item > Record
    • GCP > Dataflow > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataflow > Job > ServiceNow > Table
    • GCP > Dataflow > Job > ServiceNow > Table > Definition

Bug fixes

  • The GCP > Compute Engine > Instance Template > CMDB control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.

Bug fixes

  • Due to an inadvertently introduced issue with an internal build for Azure > Subscription, importing subscriptions encountered schema validation problems. This issue has been resolved, and you can now successfully import subscriptions as before.

Bug fixes

  • In the previous version, while we improved on the way we discovered missing Snapshots and Volumes while processing their update events, we inadvertently introduced a bug where some resources were upserted with incorrect AKAs. Such resources with malformed AKAs should now be cleaned up automatically from the environment, and Guardrails will now discover resources more correctly and consistently than before.
  • In a previous version (v5.31.4), we implemented a feature to Discover Instances while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

What's new?

  • Added support for ap-northeast-3 in the AWS > Account > Regions policy.

What's new?

  • Added support for af-south-1, ap-northeast-3, ap-south-2, ap-southeast-3, ap-southeast-4, ca-west-1, eu-central-2, eu-south-1, eu-south-2, il-central-1 and me-central-1 regions in the AWS > Logs > Regions policy.

What's new?

  • You can now configure Block Public Access for Snapshots. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for Snapshots policy.

  • You can now also disable Block Public Access for AMIs. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for AMIs policy.

  • AWS/EC2/Admin, AWS/EC2/Metadata and AWS/EC2/Operator now includes permissions for Verified Access Endpoints, Verified Access Groups and Verified Access Trust Providers.

  • Control Types:

    • AWS > EC2 > Account Attributes > Block Public Access for Snapshots
  • Policy Types:

    • AWS > EC2 > Account Attributes > Block Public Access for Snapshots
  • Action Types:

    • AWS > EC2 > Account Attributes > Update Block Public Access for Snapshots

Bug fixes

  • In a previous version (v5.31.4), we implemented a feature to Discover Snapshots and Volumes while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

What's new?

  • Updated: MaxPalyloadSize parameter description.
  • Updated: Turbot Policy Parameter to add back Deny: * for HTTP in SNS Policy.

What's new?

  • Added: Postgres versions 13.12 and 13.13.
  • Updated: CloudWatch Alarms will now use TEF SNS topic.

Bug fixes

  • Server
    • Added the Deny:* policy for HTTP traffic back to the turbot-policy-parameter custom lambda code.
    • Event DLQ should not set the control or policy value to error if there has been a new process started for the control or policy value.
    • Run next should drop the events in case of recursive loop.
    • Add additional retryable throttling codes for actions.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

v1.10.1 of the Terraform Provider for Guardrails is now available.

Bug fixes

  • resource/turbot_file: terraform apply failed to update content of an existing File in Guardrails. This is now fixed.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • GCP > Logging > Exclusion > Approved > Custom
    • GCP > Logging > Metric > Approved > Custom
    • GCP > Logging > Sink > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • GCP > Kubernetes Engine > Region Cluster > Approved > Custom
    • GCP > Kubernetes Engine > Region Node Pool > Approved > Custom
    • GCP > Kubernetes Engine > Zone Cluster > Approved > Custom
    • GCP > Kubernetes Engine > Zone Node Pool > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • GCP > Dataflow > Job > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

  • The AWS > EC2 > Key Pair > Discovery control would sometimes go into an error state if a Key Pair alias included escape characters. This is now fixed.

  • Control Types renamed:

    • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration
  • Policy Types renamed:

    • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration
    • AWS > EC2 > Volume > Configuration > IOPS Capacity to AWS > EC2 > Volume > Performance Configuration > IOPS Capacity
    • AWS > EC2 > Volume > Configuration > Throughput to AWS > EC2 > Volume > Performance Configuration > Throughput
    • AWS > EC2 > Volume > Configuration > Type to AWS > EC2 > Volume > Performance Configuration > Type
  • Action Types renamed:

    • AWS > EC2 > Volume > Update Configuration to AWS > EC2 > Volume > Update Performance Configuration

Bug fixes

  • The Turbot > Policy Setting Expiration control will now run every 12 hours to manage policy setting expirations more consistently than before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

  • The Org policy details in the Project CMDB data will now be properly and consistently sorted.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • GCP > Scheduler > Job > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Control Types:

    • GCP > Cloud Run > Service > ServiceNow
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item
    • GCP > Cloud Run > Service > ServiceNow > Table
  • Policy Types:

    • GCP > Cloud Run > Service > ServiceNow
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Record
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Cloud Run > Service > ServiceNow > Table
    • GCP > Cloud Run > Service > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Spanner > Database > ServiceNow
    • GCP > Spanner > Database > ServiceNow > Configuration Item
    • GCP > Spanner > Database > ServiceNow > Table
    • GCP > Spanner > Instance > ServiceNow
    • GCP > Spanner > Instance > ServiceNow > Configuration Item
    • GCP > Spanner > Instance > ServiceNow > Table
  • Policy Types:

    • GCP > Spanner > Database > ServiceNow
    • GCP > Spanner > Database > ServiceNow > Configuration Item
    • GCP > Spanner > Database > ServiceNow > Configuration Item > Record
    • GCP > Spanner > Database > ServiceNow > Configuration Item > Table Definition
    • GCP > Spanner > Database > ServiceNow > Table
    • GCP > Spanner > Database > ServiceNow > Table > Definition
    • GCP > Spanner > Instance > ServiceNow
    • GCP > Spanner > Instance > ServiceNow > Configuration Item
    • GCP > Spanner > Instance > ServiceNow > Configuration Item > Record
    • GCP > Spanner > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Spanner > Instance > ServiceNow > Table
    • GCP > Spanner > Instance > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > EC2 > Volume > Configuration
  • Policy Types:

    • AWS > EC2 > Volume > Configuration
    • AWS > EC2 > Volume > Configuration > IOPS Capacity
    • AWS > EC2 > Volume > Configuration > Throughput
    • AWS > EC2 > Volume > Configuration > Type
  • Action Types:

    • AWS > EC2 > Volume > Update Configuration

What's new?

  • Server
    • You can now update API size limit via the MAX_PAYLOAD_SIZE parameter.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Resource Types:

    • AWS > Kinesis > Kinesis Video Stream
  • Control Types:

    • AWS > Kinesis > Kinesis Video Stream > Active
    • AWS > Kinesis > Kinesis Video Stream > Approved
    • AWS > Kinesis > Kinesis Video Stream > CMDB
    • AWS > Kinesis > Kinesis Video Stream > Discovery
    • AWS > Kinesis > Kinesis Video Stream > Tags
  • Policy Types:

    • AWS > Kinesis > Kinesis Video Stream > Active
    • AWS > Kinesis > Kinesis Video Stream > Active > Age
    • AWS > Kinesis > Kinesis Video Stream > Active > Budget
    • AWS > Kinesis > Kinesis Video Stream > Active > Last Modified
    • AWS > Kinesis > Kinesis Video Stream > Approved
    • AWS > Kinesis > Kinesis Video Stream > Approved > Budget
    • AWS > Kinesis > Kinesis Video Stream > Approved > Custom
    • AWS > Kinesis > Kinesis Video Stream > Approved > Regions
    • AWS > Kinesis > Kinesis Video Stream > Approved > Usage
    • AWS > Kinesis > Kinesis Video Stream > CMDB
    • AWS > Kinesis > Kinesis Video Stream > Regions
    • AWS > Kinesis > Kinesis Video Stream > Tags
    • AWS > Kinesis > Kinesis Video Stream > Tags > Template
  • Action Types:

    • AWS > Kinesis > Kinesis Video Stream > Delete
    • AWS > Kinesis > Kinesis Video Stream > Delete from AWS
    • AWS > Kinesis > Kinesis Video Stream > Router
    • AWS > Kinesis > Kinesis Video Stream > Set Tags
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Update Tags

What's new?

  • Control Types:

    • GCP > Logging > Exclusion > ServiceNow
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item
    • GCP > Logging > Exclusion > ServiceNow > Table
    • GCP > Logging > Metric > ServiceNow
    • GCP > Logging > Metric > ServiceNow > Configuration Item
    • GCP > Logging > Metric > ServiceNow > Table
    • GCP > Logging > Sink > ServiceNow
    • GCP > Logging > Sink > ServiceNow > Configuration Item
    • GCP > Logging > Sink > ServiceNow > Table
  • Policy Types:

    • GCP > Logging > Exclusion > ServiceNow
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Record
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Exclusion > ServiceNow > Table
    • GCP > Logging > Exclusion > ServiceNow > Table > Definition
    • GCP > Logging > Metric > ServiceNow
    • GCP > Logging > Metric > ServiceNow > Configuration Item
    • GCP > Logging > Metric > ServiceNow > Configuration Item > Record
    • GCP > Logging > Metric > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Metric > ServiceNow > Table
    • GCP > Logging > Metric > ServiceNow > Table > Definition
    • GCP > Logging > Sink > ServiceNow
    • GCP > Logging > Sink > ServiceNow > Configuration Item
    • GCP > Logging > Sink > ServiceNow > Configuration Item > Record
    • GCP > Logging > Sink > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Sink > ServiceNow > Table
    • GCP > Logging > Sink > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Compute Engine > HTTP Health Check > ServiceNow
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
    • GCP > Compute Engine > Health Check > ServiceNow
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Health Check > ServiceNow > Table
    • GCP > Compute Engine > Instance Template > ServiceNow
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance Template > ServiceNow > Table
    • GCP > Compute Engine > Node Group > ServiceNow
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Group > ServiceNow > Table
    • GCP > Compute Engine > Node Template > ServiceNow
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Template > ServiceNow > Table
    • GCP > Compute Engine > Project > ServiceNow
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item
    • GCP > Compute Engine > Project > ServiceNow > Table
    • GCP > Compute Engine > Region Disk > ServiceNow
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Disk > ServiceNow > Table
    • GCP > Compute Engine > Region Health Check > ServiceNow
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table
  • Policy Types:

    • GCP > Compute Engine > HTTP Health Check > ServiceNow
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > Health Check > ServiceNow
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Health Check > ServiceNow > Table
    • GCP > Compute Engine > Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > Instance Template > ServiceNow
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Instance Template > ServiceNow > Table
    • GCP > Compute Engine > Instance Template > ServiceNow > Table > Definition
    • GCP > Compute Engine > Node Group > ServiceNow
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Node Group > ServiceNow > Table
    • GCP > Compute Engine > Node Group > ServiceNow > Table > Definition
    • GCP > Compute Engine > Node Template > ServiceNow
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Node Template > ServiceNow > Table
    • GCP > Compute Engine > Node Template > ServiceNow > Table > Definition
    • GCP > Compute Engine > Project > ServiceNow
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Project > ServiceNow > Table
    • GCP > Compute Engine > Project > ServiceNow > Table > Definition
    • GCP > Compute Engine > Region Disk > ServiceNow
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Region Disk > ServiceNow > Table
    • GCP > Compute Engine > Region Disk > ServiceNow > Table > Definition
    • GCP > Compute Engine > Region Health Check > ServiceNow
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > SQL > Backup > ServiceNow
    • GCP > SQL > Backup > ServiceNow > Configuration Item
    • GCP > SQL > Backup > ServiceNow > Table
    • GCP > SQL > Database > ServiceNow
    • GCP > SQL > Database > ServiceNow > Configuration Item
    • GCP > SQL > Database > ServiceNow > Table
  • Policy Types:

    • GCP > SQL > Backup > ServiceNow
    • GCP > SQL > Backup > ServiceNow > Configuration Item
    • GCP > SQL > Backup > ServiceNow > Configuration Item > Record
    • GCP > SQL > Backup > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Backup > ServiceNow > Table
    • GCP > SQL > Backup > ServiceNow > Table > Definition
    • GCP > SQL > Database > ServiceNow
    • GCP > SQL > Database > ServiceNow > Configuration Item
    • GCP > SQL > Database > ServiceNow > Configuration Item > Record
    • GCP > SQL > Database > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Database > ServiceNow > Table
    • GCP > SQL > Database > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > KMS > Crypto Key > ServiceNow
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
    • GCP > KMS > Crypto Key > ServiceNow > Table
    • GCP > KMS > Key Ring > ServiceNow
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item
    • GCP > KMS > Key Ring > ServiceNow > Table
  • Policy Types:

    • GCP > KMS > Crypto Key > ServiceNow
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Record
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Table Definition
    • GCP > KMS > Crypto Key > ServiceNow > Table
    • GCP > KMS > Crypto Key > ServiceNow > Table > Definition
    • GCP > KMS > Key Ring > ServiceNow
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Record
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Table Definition
    • GCP > KMS > Key Ring > ServiceNow > Table
    • GCP > KMS > Key Ring > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > BigQuery > Dataset > ServiceNow
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
    • GCP > BigQuery > Dataset > ServiceNow > Table
    • GCP > BigQuery > Table > ServiceNow
    • GCP > BigQuery > Table > ServiceNow > Configuration Item
    • GCP > BigQuery > Table > ServiceNow > Table
  • Policy Types:

    • GCP > BigQuery > Dataset > ServiceNow
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Record
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Table Definition
    • GCP > BigQuery > Dataset > ServiceNow > Table
    • GCP > BigQuery > Dataset > ServiceNow > Table > Definition
    • GCP > BigQuery > Table > ServiceNow
    • GCP > BigQuery > Table > ServiceNow > Configuration Item
    • GCP > BigQuery > Table > ServiceNow > Configuration Item > Record
    • GCP > BigQuery > Table > ServiceNow > Configuration Item > Table Definition
    • GCP > BigQuery > Table > ServiceNow > Table
    • GCP > BigQuery > Table > ServiceNow > Table > Definition

Bug fixes

  • Server
    • Updated: Enhanced IAM policy for tighter access around custom Lambda.
    • Fixed: Turbot > Workspace > Health Control should not break if there is no input.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • GCP > Bigtable > Cluster > ServiceNow
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
    • GCP > Bigtable > Cluster > ServiceNow > Table
    • GCP > Bigtable > Instance > ServiceNow
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item
    • GCP > Bigtable > Instance > ServiceNow > Table
    • GCP > Bigtable > Table > ServiceNow
    • GCP > Bigtable > Table > ServiceNow > Configuration Item
    • GCP > Bigtable > Table > ServiceNow > Table
  • Policy Types:

    • GCP > Bigtable > Cluster > ServiceNow
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Cluster > ServiceNow > Table
    • GCP > Bigtable > Cluster > ServiceNow > Table > Definition
    • GCP > Bigtable > Instance > ServiceNow
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Instance > ServiceNow > Table
    • GCP > Bigtable > Instance > ServiceNow > Table > Definition
    • GCP > Bigtable > Table > ServiceNow
    • GCP > Bigtable > Table > ServiceNow > Configuration Item
    • GCP > Bigtable > Table > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Table > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Table > ServiceNow > Table
    • GCP > Bigtable > Table > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > App Engine > Application > ServiceNow
    • GCP > App Engine > Application > ServiceNow > Configuration Item
    • GCP > App Engine > Application > ServiceNow > Table
    • GCP > App Engine > Firewall Rule > ServiceNow
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
    • GCP > App Engine > Firewall Rule > ServiceNow > Table
    • GCP > App Engine > Instance > ServiceNow
    • GCP > App Engine > Instance > ServiceNow > Configuration Item
    • GCP > App Engine > Instance > ServiceNow > Table
    • GCP > App Engine > Service > ServiceNow
    • GCP > App Engine > Service > ServiceNow > Configuration Item
    • GCP > App Engine > Service > ServiceNow > Table
    • GCP > App Engine > Version > ServiceNow
    • GCP > App Engine > Version > ServiceNow > Configuration Item
    • GCP > App Engine > Version > ServiceNow > Table
  • Policy Types:

    • GCP > App Engine > Application > ServiceNow
    • GCP > App Engine > Application > ServiceNow > Configuration Item
    • GCP > App Engine > Application > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Application > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Application > ServiceNow > Table
    • GCP > App Engine > Application > ServiceNow > Table > Definition
    • GCP > App Engine > Firewall Rule > ServiceNow
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Firewall Rule > ServiceNow > Table
    • GCP > App Engine > Firewall Rule > ServiceNow > Table > Definition
    • GCP > App Engine > Instance > ServiceNow
    • GCP > App Engine > Instance > ServiceNow > Configuration Item
    • GCP > App Engine > Instance > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Instance > ServiceNow > Table
    • GCP > App Engine > Instance > ServiceNow > Table > Definition
    • GCP > App Engine > Service > ServiceNow
    • GCP > App Engine > Service > ServiceNow > Configuration Item
    • GCP > App Engine > Service > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Service > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Service > ServiceNow > Table
    • GCP > App Engine > Service > ServiceNow > Table > Definition
    • GCP > App Engine > Version > ServiceNow
    • GCP > App Engine > Version > ServiceNow > Configuration Item
    • GCP > App Engine > Version > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Version > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Version > ServiceNow > Table
    • GCP > App Engine > Version > ServiceNow > Table > Definition

Bug fixes

  • The GCP > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the GCP > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

Bug fixes

  • The Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller controls now include a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller policies are set to Disabled respectively. You won’t notice any difference and the controls should run lighter and quicker than before.

Bug fixes

  • The Azure > Turbot > Directory Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Directory Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

Bug fixes

  • The AWS > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the AWS > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

What's new?

  • Resource Types:

    • AWS > OpenSearch
  • Policy Types:

    • AWS > OpenSearch > API Enabled
    • AWS > OpenSearch > Approved Regions [Default]
    • AWS > OpenSearch > Enabled
    • AWS > OpenSearch > Permissions
    • AWS > OpenSearch > Permissions > Levels
    • AWS > OpenSearch > Permissions > Levels > Modifiers
    • AWS > OpenSearch > Permissions > Lockdown
    • AWS > OpenSearch > Permissions > Lockdown > API Boundary
    • AWS > OpenSearch > Regions
    • AWS > OpenSearch > Tags Template [Default]
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-opensearch
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-opensearch
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-opensearch

What's new?

  • Control Types:

    • Azure > Resource Group > ServiceNow
    • Azure > Resource Group > ServiceNow > Configuration Item
    • Azure > Resource Group > ServiceNow > Table
    • Azure > Subscription > ServiceNow
    • Azure > Subscription > ServiceNow > Configuration Item
    • Azure > Subscription > ServiceNow > Table
    • Azure > Tenant > ServiceNow
    • Azure > Tenant > ServiceNow > Configuration Item
    • Azure > Tenant > ServiceNow > Table
  • Policy Types:

    • Azure > Resource Group > ServiceNow
    • Azure > Resource Group > ServiceNow > Configuration Item
    • Azure > Resource Group > ServiceNow > Configuration Item > Record
    • Azure > Resource Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Resource Group > ServiceNow > Table
    • Azure > Resource Group > ServiceNow > Table > Definition
    • Azure > Subscription > ServiceNow
    • Azure > Subscription > ServiceNow > Configuration Item
    • Azure > Subscription > ServiceNow > Configuration Item > Record
    • Azure > Subscription > ServiceNow > Configuration Item > Table Definition
    • Azure > Subscription > ServiceNow > Table
    • Azure > Subscription > ServiceNow > Table > Definition
    • Azure > Tenant > ServiceNow
    • Azure > Tenant > ServiceNow > Configuration Item
    • Azure > Tenant > ServiceNow > Configuration Item > Record
    • Azure > Tenant > ServiceNow > Configuration Item > Table Definition
    • Azure > Tenant > ServiceNow > Table
    • Azure > Tenant > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Network > Private Endpoints > ServiceNow
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
    • Azure > Network > Private Endpoints > ServiceNow > Table
  • Policy Types:

    • Azure > Network > Private Endpoints > ServiceNow
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Record
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Private Endpoints > ServiceNow > Table
    • Azure > Network > Private Endpoints > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Automation > Automation Account > ServiceNow
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item
    • Azure > Automation > Automation Account > ServiceNow > Table
    • Azure > Automation > Runbook > ServiceNow
    • Azure > Automation > Runbook > ServiceNow > Configuration Item
    • Azure > Automation > Runbook > ServiceNow > Table
  • Policy Types:

    • Azure > Automation > Automation Account > ServiceNow
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Record
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Automation > Automation Account > ServiceNow > Table
    • Azure > Automation > Automation Account > ServiceNow > Table > Definition
    • Azure > Automation > Runbook > ServiceNow
    • Azure > Automation > Runbook > ServiceNow > Configuration Item
    • Azure > Automation > Runbook > ServiceNow > Configuration Item > Record
    • Azure > Automation > Runbook > ServiceNow > Configuration Item > Table Definition
    • Azure > Automation > Runbook > ServiceNow > Table
    • Azure > Automation > Runbook > ServiceNow > Table > Definition

What's new?

  • Added support for aws_network_interface_sg_attachment Terraform resource for AWS > EC2 > Network Interface.

Bug fixes

  • The AWS > EC2 > Instance > CMDB control would sometimes trigger multiple times if EnclaveOptions was not set as part of the AWS > EC2 > Instance > CMDB > Attributes policy. This would result in unnecessary Lambda runs for the control. The EnclaveOptions attribute is now available in the CMDB data by default and the EnclaveOptions policy value in AWS > EC2 > Instance > CMDB > Attributes policy has now been deprecated, and will be removed in the next major version.

What's new?

  • Updated: Launch Template to prevent association of Network Interface with public IPs.

What's new?

  • Control Types:

    • Azure > Storage > Container > ServiceNow
    • Azure > Storage > Container > ServiceNow > Configuration Item
    • Azure > Storage > Container > ServiceNow > Table
    • Azure > Storage > FileShare > ServiceNow
    • Azure > Storage > FileShare > ServiceNow > Configuration Item
    • Azure > Storage > FileShare > ServiceNow > Table
    • Azure > Storage > Queue > ServiceNow
    • Azure > Storage > Queue > ServiceNow > Configuration Item
    • Azure > Storage > Queue > ServiceNow > Table
  • Policy Types:

    • Azure > Storage > Container > ServiceNow
    • Azure > Storage > Container > ServiceNow > Configuration Item
    • Azure > Storage > Container > ServiceNow > Configuration Item > Record
    • Azure > Storage > Container > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Container > ServiceNow > Table
    • Azure > Storage > Container > ServiceNow > Table > Definition
    • Azure > Storage > FileShare > ServiceNow
    • Azure > Storage > FileShare > ServiceNow > Configuration Item
    • Azure > Storage > FileShare > ServiceNow > Configuration Item > Record
    • Azure > Storage > FileShare > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > FileShare > ServiceNow > Table
    • Azure > Storage > FileShare > ServiceNow > Table > Definition
    • Azure > Storage > Queue > ServiceNow
    • Azure > Storage > Queue > ServiceNow > Configuration Item
    • Azure > Storage > Queue > ServiceNow > Configuration Item > Record
    • Azure > Storage > Queue > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Queue > ServiceNow > Table
    • Azure > Storage > Queue > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Recovery Service > Backup > ServiceNow
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
    • Azure > Recovery Service > Backup > ServiceNow > Table
    • Azure > Recovery Service > Vault > ServiceNow
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
    • Azure > Recovery Service > Vault > ServiceNow > Table
  • Policy Types:

    • Azure > Recovery Service > Backup > ServiceNow
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Record
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Table Definition
    • Azure > Recovery Service > Backup > ServiceNow > Table
    • Azure > Recovery Service > Backup > ServiceNow > Table > Definition
    • Azure > Recovery Service > Vault > ServiceNow
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Record
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Table Definition
    • Azure > Recovery Service > Vault > ServiceNow > Table
    • Azure > Recovery Service > Vault > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Monitor > Action Group > ServiceNow
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item
    • Azure > Monitor > Action Group > ServiceNow > Table
    • Azure > Monitor > Alerts > ServiceNow
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item
    • Azure > Monitor > Alerts > ServiceNow > Table
    • Azure > Monitor > Log Profile > ServiceNow
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
    • Azure > Monitor > Log Profile > ServiceNow > Table
  • Policy Types:

    • Azure > Monitor > Action Group > ServiceNow
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Action Group > ServiceNow > Table
    • Azure > Monitor > Action Group > ServiceNow > Table > Definition
    • Azure > Monitor > Alerts > ServiceNow
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Alerts > ServiceNow > Table
    • Azure > Monitor > Alerts > ServiceNow > Table > Definition
    • Azure > Monitor > Log Profile > ServiceNow
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Log Profile > ServiceNow > Table
    • Azure > Monitor > Log Profile > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Kubernetes Engine > Region Cluster > ServiceNow
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
  • Policy Types:

    • GCP > Kubernetes Engine > Region Cluster > ServiceNow
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > IAM > Role Assignment > ServiceNow
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
    • Azure > IAM > Role Assignment > ServiceNow > Table
    • Azure > IAM > Role Definition > ServiceNow
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item
    • Azure > IAM > Role Definition > ServiceNow > Table
  • Policy Types:

    • Azure > IAM > Role Assignment > ServiceNow
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Record
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Table Definition
    • Azure > IAM > Role Assignment > ServiceNow > Table
    • Azure > IAM > Role Assignment > ServiceNow > Table > Definition
    • Azure > IAM > Role Definition > ServiceNow
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Record
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Table Definition
    • Azure > IAM > Role Definition > ServiceNow > Table
    • Azure > IAM > Role Definition > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Data Factory > Dataset > ServiceNow
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
    • Azure > Data Factory > Dataset > ServiceNow > Table
    • Azure > Data Factory > Factory > ServiceNow
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item
    • Azure > Data Factory > Factory > ServiceNow > Table
    • Azure > Data Factory > Pipeline > ServiceNow
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
    • Azure > Data Factory > Pipeline > ServiceNow > Table
  • Policy Types:

    • Azure > Data Factory > Dataset > ServiceNow
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Dataset > ServiceNow > Table
    • Azure > Data Factory > Dataset > ServiceNow > Table > Definition
    • Azure > Data Factory > Factory > ServiceNow
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Factory > ServiceNow > Table
    • Azure > Data Factory > Factory > ServiceNow > Table > Definition
    • Azure > Data Factory > Pipeline > ServiceNow
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Pipeline > ServiceNow > Table
    • Azure > Data Factory > Pipeline > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Databricks > Workspace > ServiceNow
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item
    • Azure > Databricks > Workspace > ServiceNow > Table
  • Policy Types:

    • Azure > Databricks > Workspace > ServiceNow
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Record
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Databricks > Workspace > ServiceNow > Table
    • Azure > Databricks > Workspace > ServiceNow > Table > Definition

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Server
    • The scheduled actions would sometimes fail to work for the firehose-aws-sns mod due an inadvertent bug introduced in TE v5.42.10. This is now fixed.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • Azure > Active Directory > Application > ServiceNow
    • Azure > Active Directory > Application > ServiceNow > Configuration Item
    • Azure > Active Directory > Application > ServiceNow > Table
    • Azure > Active Directory > Client Secret > ServiceNow
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
    • Azure > Active Directory > Client Secret > ServiceNow > Table
    • Azure > Active Directory > Custom Domain > ServiceNow
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
    • Azure > Active Directory > Custom Domain > ServiceNow > Table
    • Azure > Active Directory > Directory > ServiceNow
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item
    • Azure > Active Directory > Directory > ServiceNow > Table
    • Azure > Active Directory > Group > ServiceNow
    • Azure > Active Directory > Group > ServiceNow > Configuration Item
    • Azure > Active Directory > Group > ServiceNow > Table
    • Azure > Active Directory > Service Principal > ServiceNow
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
    • Azure > Active Directory > Service Principal > ServiceNow > Table
    • Azure > Active Directory > User > ServiceNow
    • Azure > Active Directory > User > ServiceNow > Configuration Item
    • Azure > Active Directory > User > ServiceNow > Table
  • Policy Types:

    • Azure > Active Directory > Application > ServiceNow
    • Azure > Active Directory > Application > ServiceNow > Configuration Item
    • Azure > Active Directory > Application > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Application > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Application > ServiceNow > Table
    • Azure > Active Directory > Application > ServiceNow > Table > Definition
    • Azure > Active Directory > Client Secret > ServiceNow
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Client Secret > ServiceNow > Table
    • Azure > Active Directory > Client Secret > ServiceNow > Table > Definition
    • Azure > Active Directory > Custom Domain > ServiceNow
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Custom Domain > ServiceNow > Table
    • Azure > Active Directory > Custom Domain > ServiceNow > Table > Definition
    • Azure > Active Directory > Directory > ServiceNow
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Directory > ServiceNow > Table
    • Azure > Active Directory > Directory > ServiceNow > Table > Definition
    • Azure > Active Directory > Group > ServiceNow
    • Azure > Active Directory > Group > ServiceNow > Configuration Item
    • Azure > Active Directory > Group > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Group > ServiceNow > Table
    • Azure > Active Directory > Group > ServiceNow > Table > Definition
    • Azure > Active Directory > Service Principal > ServiceNow
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Service Principal > ServiceNow > Table
    • Azure > Active Directory > Service Principal > ServiceNow > Table > Definition
    • Azure > Active Directory > User > ServiceNow
    • Azure > Active Directory > User > ServiceNow > Configuration Item
    • Azure > Active Directory > User > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > User > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > User > ServiceNow > Table
    • Azure > Active Directory > User > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Pub/Sub > Snapshot > ServiceNow
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table
    • GCP > Pub/Sub > Subscription > ServiceNow
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Subscription > ServiceNow > Table
    • GCP > Pub/Sub > Topic > ServiceNow
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Topic > ServiceNow > Table
  • Policy Types:

    • GCP > Pub/Sub > Snapshot > ServiceNow
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table > Definition
    • GCP > Pub/Sub > Subscription > ServiceNow
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Subscription > ServiceNow > Table
    • GCP > Pub/Sub > Subscription > ServiceNow > Table > Definition
    • GCP > Pub/Sub > Topic > ServiceNow
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Topic > ServiceNow > Table
    • GCP > Pub/Sub > Topic > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Synapse Analytics > SQL Pool > ServiceNow
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
    • Azure > Synapse Analytics > Workspace > ServiceNow
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table
  • Policy Types:

    • Azure > Synapse Analytics > SQL Pool > ServiceNow
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Record
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Table Definition
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table > Definition
    • Azure > Synapse Analytics > Workspace > ServiceNow
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Record
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Table
  • Policy Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
    • Azure > Search Management > Search Service > ServiceNow > Table
    • Azure > Search Management > Search Service > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Service Bus > Namespace > ServiceNow
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
    • Azure > Service Bus > Namespace > ServiceNow > Table
    • Azure > Service Bus > Queue > ServiceNow
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item
    • Azure > Service Bus > Queue > ServiceNow > Table
    • Azure > Service Bus > Topic > ServiceNow
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item
    • Azure > Service Bus > Topic > ServiceNow > Table
  • Policy Types:

    • Azure > Service Bus > Namespace > ServiceNow
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Namespace > ServiceNow > Table
    • Azure > Service Bus > Namespace > ServiceNow > Table > Definition
    • Azure > Service Bus > Queue > ServiceNow
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Queue > ServiceNow > Table
    • Azure > Service Bus > Queue > ServiceNow > Table > Definition
    • Azure > Service Bus > Topic > ServiceNow
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Topic > ServiceNow > Table
    • Azure > Service Bus > Topic > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Load Balancer > Load Balance > ServiceNow
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
    • Azure > Load Balancer > Load Balance > ServiceNow > Table
  • Policy Types:

    • Azure > Load Balancer > Load Balance > ServiceNow
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Record
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Table Definition
    • Azure > Load Balancer > Load Balance > ServiceNow > Table
    • Azure > Load Balancer > Load Balance > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > DNS > Record Set > ServiceNow
    • Azure > DNS > Record Set > ServiceNow > Configuration Item
    • Azure > DNS > Record Set > ServiceNow > Table
    • Azure > DNS > Zone > ServiceNow
    • Azure > DNS > Zone > ServiceNow > Configuration Item
    • Azure > DNS > Zone > ServiceNow > Table
  • Policy Types:

    • Azure > DNS > Record Set > ServiceNow
    • Azure > DNS > Record Set > ServiceNow > Configuration Item
    • Azure > DNS > Record Set > ServiceNow > Configuration Item > Record
    • Azure > DNS > Record Set > ServiceNow > Configuration Item > Table Definition
    • Azure > DNS > Record Set > ServiceNow > Table
    • Azure > DNS > Record Set > ServiceNow > Table > Definition
    • Azure > DNS > Zone > ServiceNow
    • Azure > DNS > Zone > ServiceNow > Configuration Item
    • Azure > DNS > Zone > ServiceNow > Configuration Item > Record
    • Azure > DNS > Zone > ServiceNow > Configuration Item > Table Definition
    • Azure > DNS > Zone > ServiceNow > Table
    • Azure > DNS > Zone > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Cosmos DB > Database Account > ServiceNow
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
    • Azure > Cosmos DB > Database Account > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Database > ServiceNow
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
    • Azure > Cosmos DB > SQL Container > ServiceNow
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table
    • Azure > Cosmos DB > SQL Database > ServiceNow
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table
  • Policy Types:

    • Azure > Cosmos DB > Database Account > ServiceNow
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > Database Account > ServiceNow > Table
    • Azure > Cosmos DB > Database Account > ServiceNow > Table > Definition
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table > Definition
    • Azure > Cosmos DB > MongoDB Database > ServiceNow
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table > Definition
    • Azure > Cosmos DB > SQL Container > ServiceNow
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table > Definition
    • Azure > Cosmos DB > SQL Database > ServiceNow
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table > Definition

What's new?

  • Server
    • Updated: Enhanced IAM policy for tighter access around Mod Lambda SNS topic.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Table
  • Policy Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
    • Azure > Search Management > Search Service > ServiceNow > Table
    • Azure > Search Management > Search Service > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Network Watcher > Flow Log > ServiceNow
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
    • Azure > Network Watcher > Flow Log > ServiceNow > Table
    • Azure > Network Watcher > Network Watcher > ServiceNow
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table
  • Policy Types:

    • Azure > Network Watcher > Flow Log > ServiceNow
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Record
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Table Definition
    • Azure > Network Watcher > Flow Log > ServiceNow > Table
    • Azure > Network Watcher > Flow Log > ServiceNow > Table > Definition
    • Azure > Network Watcher > Network Watcher > ServiceNow
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Record
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Table Definition
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Front Door > Front Door > ServiceNow
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item
    • Azure > Front Door > Front Door > ServiceNow > Table
  • Policy Types:

    • Azure > Front Door > Front Door > ServiceNow
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Record
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Table Definition
    • Azure > Front Door > Front Door > ServiceNow > Table
    • Azure > Front Door > Front Door > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Application Insights > Application Insight > ServiceNow
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
    • Azure > Application Insights > Application Insight > ServiceNow > Table
  • Policy Types:

    • Azure > Application Insights > Application Insight > ServiceNow
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Record
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Table Definition
    • Azure > Application Insights > Application Insight > ServiceNow > Table
    • Azure > Application Insights > Application Insight > ServiceNow > Table > Definition

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Control Types:

    • Azure > Security Center > Security Center > ServiceNow
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item
    • Azure > Security Center > Security Center > ServiceNow > Table
  • Policy Types:

    • Azure > Security Center > Security Center > ServiceNow
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Record
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Table Definition
    • Azure > Security Center > Security Center > ServiceNow > Table
    • Azure > Security Center > Security Center > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Firewall > Firewall > ServiceNow
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item
    • Azure > Firewall > Firewall > ServiceNow > Table
  • Policy Types:

    • Azure > Firewall > Firewall > ServiceNow
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Record
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Table Definition
    • Azure > Firewall > Firewall > ServiceNow > Table
    • Azure > Firewall > Firewall > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Application Gateway Service > Application Gateway > ServiceNow
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
  • Policy Types:

    • Azure > Application Gateway Service > Application Gateway > ServiceNow
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Record
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Table Definition
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > API Management > API Management Service > ServiceNow
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item
    • Azure > API Management > API Management Service > ServiceNow > Table
  • Policy Types:

    • Azure > API Management > API Management Service > ServiceNow
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Record
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Table Definition
    • Azure > API Management > API Management Service > ServiceNow > Table
    • Azure > API Management > API Management Service > ServiceNow > Table > Definition

What's new?

  • Server

    • Updated: The directory API to support Require Signed Assertion Response.
  • UI:

    • Added: Introduced UI options for Require Signed Assertion Response for enhanced security in SAML authentication.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Enhanced Security and Compatibility Guide for SAML Authentication

Description: The recent update to @node-saml/passport-saml mandates the signing of the assertion response. To ensure backward compatibility, we have introduced a new configuration option in the UI:

  • Require Signed Assertion Response

By default, this option is set to Disabled to maintain compatibility with existing setups.

Recommendations: We recommend enabling this option as it adds an additional layer of security. However, please be aware that enabling this setting might impact the SAML login functionality.

What's new?

  • Control Types:

    • Azure > Relay > Namespace > ServiceNow
    • Azure > Relay > Namespace > ServiceNow > Configuration Item
    • Azure > Relay > Namespace > ServiceNow > Table
  • Policy Types:

    • Azure > Relay > Namespace > ServiceNow
    • Azure > Relay > Namespace > ServiceNow > Configuration Item
    • Azure > Relay > Namespace > ServiceNow > Configuration Item > Record
    • Azure > Relay > Namespace > ServiceNow > Configuration Item > Table Definition
    • Azure > Relay > Namespace > ServiceNow > Table
    • Azure > Relay > Namespace > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
  • Policy Types:

    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Record
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > App Service > App Service Plan > ServiceNow
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
    • Azure > App Service > App Service Plan > ServiceNow > Table
    • Azure > App Service > Function App > ServiceNow
    • Azure > App Service > Function App > ServiceNow > Configuration Item
    • Azure > App Service > Function App > ServiceNow > Table
    • Azure > App Service > Web App > ServiceNow
    • Azure > App Service > Web App > ServiceNow > Configuration Item
    • Azure > App Service > Web App > ServiceNow > Table
  • Policy Types:

    • Azure > App Service > App Service Plan > ServiceNow
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Record
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > App Service Plan > ServiceNow > Table
    • Azure > App Service > App Service Plan > ServiceNow > Table > Definition
    • Azure > App Service > Function App > ServiceNow
    • Azure > App Service > Function App > ServiceNow > Configuration Item
    • Azure > App Service > Function App > ServiceNow > Configuration Item > Record
    • Azure > App Service > Function App > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > Function App > ServiceNow > Table
    • Azure > App Service > Function App > ServiceNow > Table > Definition
    • Azure > App Service > Web App > ServiceNow
    • Azure > App Service > Web App > ServiceNow > Configuration Item
    • Azure > App Service > Web App > ServiceNow > Configuration Item > Record
    • Azure > App Service > Web App > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > Web App > ServiceNow > Table
    • Azure > App Service > Web App > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > SignalR Service > SignalR > ServiceNow
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
    • Azure > SignalR Service > SignalR > ServiceNow > Table
  • Policy Types:

    • Azure > SignalR Service > SignalR > ServiceNow
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Record
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Table Definition
    • Azure > SignalR Service > SignalR > ServiceNow > Table
    • Azure > SignalR Service > SignalR > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > AKS > Managed Cluster > ServiceNow
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
    • Azure > AKS > Managed Cluster > ServiceNow > Table
  • Policy Types:

    • Azure > AKS > Managed Cluster > ServiceNow
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Record
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Table Definition
    • Azure > AKS > Managed Cluster > ServiceNow > Table
    • Azure > AKS > Managed Cluster > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > SQL > Database > ServiceNow
    • Azure > SQL > Database > ServiceNow > Configuration Item
    • Azure > SQL > Database > ServiceNow > Table
    • Azure > SQL > Elastic Pool > ServiceNow
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
    • Azure > SQL > Elastic Pool > ServiceNow > Table
  • Policy Types:

    • Azure > SQL > Database > ServiceNow
    • Azure > SQL > Database > ServiceNow > Configuration Item
    • Azure > SQL > Database > ServiceNow > Configuration Item > Record
    • Azure > SQL > Database > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Database > ServiceNow > Table
    • Azure > SQL > Database > ServiceNow > Table > Definition
    • Azure > SQL > Elastic Pool > ServiceNow
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Record
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Elastic Pool > ServiceNow > Table
    • Azure > SQL > Elastic Pool > ServiceNow > Table > Definition

What's new?

  • Control Types:
    • Azure > Network > Application Security Group > ServiceNow
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item
    • Azure > Network > Application Security Group > ServiceNow > Table
    • Azure > Network > Express Route Circuits > ServiceNow
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
    • Azure > Network > Express Route Circuits > ServiceNow > Table
    • Azure > Network > Network Interface > ServiceNow
    • Azure > Network > Network Interface > ServiceNow > Configuration Item
    • Azure > Network > Network Interface > ServiceNow > Table
    • Azure > Network > Private DNS Zones > ServiceNow
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
    • Azure > Network > Private DNS Zones > ServiceNow > Table
    • Azure > Network > Public IP Address > ServiceNow
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item
    • Azure > Network > Public IP Address > ServiceNow > Table
    • Azure > Network > Route Table > ServiceNow
    • Azure > Network > Route Table > ServiceNow > Configuration Item
    • Azure > Network > Route Table > ServiceNow > Table
    • Azure > Network > Virtual Network Gateway > ServiceNow
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table
  • Policy Types:
    • Azure > Network > Application Security Group > ServiceNow
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Record
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Application Security Group > ServiceNow > Table
    • Azure > Network > Application Security Group > ServiceNow > Table > Definition
    • Azure > Network > Express Route Circuits > ServiceNow
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Record
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Express Route Circuits > ServiceNow > Table
    • Azure > Network > Express Route Circuits > ServiceNow > Table > Definition
    • Azure > Network > Network Interface > ServiceNow
    • Azure > Network > Network Interface > ServiceNow > Configuration Item
    • Azure > Network > Network Interface > ServiceNow > Configuration Item > Record
    • Azure > Network > Network Interface > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Network Interface > ServiceNow > Table
    • Azure > Network > Network Interface > ServiceNow > Table > Definition
    • Azure > Network > Private DNS Zones > ServiceNow
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Record
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Private DNS Zones > ServiceNow > Table
    • Azure > Network > Private DNS Zones > ServiceNow > Table > Definition
    • Azure > Network > Public IP Address > ServiceNow
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Record
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Public IP Address > ServiceNow > Table
    • Azure > Network > Public IP Address > ServiceNow > Table > Definition
    • Azure > Network > Route Table > ServiceNow
    • Azure > Network > Route Table > ServiceNow > Configuration Item
    • Azure > Network > Route Table > ServiceNow > Configuration Item > Record
    • Azure > Network > Route Table > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Route Table > ServiceNow > Table
    • Azure > Network > Route Table > ServiceNow > Table > Definition
    • Azure > Network > Virtual Network Gateway > ServiceNow
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Record
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Key Vault > Key > ServiceNow
    • Azure > Key Vault > Key > ServiceNow > Configuration Item
    • Azure > Key Vault > Key > ServiceNow > Table
    • Azure > Key Vault > Secret > ServiceNow
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item
    • Azure > Key Vault > Secret > ServiceNow > Table
    • Azure > Key Vault > Vault > ServiceNow
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item
    • Azure > Key Vault > Vault > ServiceNow > Table
  • Policy Types:

    • Azure > Key Vault > Key > ServiceNow
    • Azure > Key Vault > Key > ServiceNow > Configuration Item
    • Azure > Key Vault > Key > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Key > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Key > ServiceNow > Table
    • Azure > Key Vault > Key > ServiceNow > Table > Definition
    • Azure > Key Vault > Secret > ServiceNow
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Secret > ServiceNow > Table
    • Azure > Key Vault > Secret > ServiceNow > Table > Definition
    • Azure > Key Vault > Vault > ServiceNow
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Vault > ServiceNow > Table
    • Azure > Key Vault > Vault > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > PostgreSQL > Flexible Server > ServiceNow
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table
  • Policy Types:

    • Azure > PostgreSQL > Flexible Server > ServiceNow
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Record
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > MySQL > Flexible Server > ServiceNow
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > MySQL > Flexible Server > ServiceNow > Table
  • Policy Types:

    • Azure > MySQL > Flexible Server > ServiceNow
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Record
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
    • Azure > MySQL > Flexible Server > ServiceNow > Table
    • Azure > MySQL > Flexible Server > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > KMS > Key > ServiceNow
    • AWS > KMS > Key > ServiceNow > Configuration Item
    • AWS > KMS > Key > ServiceNow > Table
  • Policy Types:

    • AWS > KMS > Key > ServiceNow
    • AWS > KMS > Key > ServiceNow > Configuration Item
    • AWS > KMS > Key > ServiceNow > Configuration Item > Record
    • AWS > KMS > Key > ServiceNow > Configuration Item > Table Definition
    • AWS > KMS > Key > ServiceNow > Table
    • AWS > KMS > Key > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > CloudWatch > Alarm > ServiceNow
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
    • AWS > CloudWatch > Alarm > ServiceNow > Table
  • Policy Types:

    • AWS > CloudWatch > Alarm > ServiceNow
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Record
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Table Definition
    • AWS > CloudWatch > Alarm > ServiceNow > Table
    • AWS > CloudWatch > Alarm > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > CloudTrail > Trail > ServiceNow
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
    • AWS > CloudTrail > Trail > ServiceNow > Table
  • Policy Types:

    • AWS > CloudTrail > Trail > ServiceNow
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Record
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Table Definition
    • AWS > CloudTrail > Trail > ServiceNow > Table
    • AWS > CloudTrail > Trail > ServiceNow > Table > Definition

Bug fixes

  • The AWS > RDS > DB Instance > Discovery control would sometimes upsert DocumentDB Instances as RDS Instances in Guardrails CMDB. This is fixed and the control will now filter out DocumentDB Instances while upserting resources in CMDB.

What's new?

  • Added support for latest lambda runtimes in the AWS > Lambda > Function > Allowed Runtime > Values policy.

What's new?

  • Control Types:

    • AWS > IAM > Root > Approved
  • Policy Types:

    • AWS > IAM > Root > Approved
    • AWS > IAM > Root > Approved > Custom
    • AWS > IAM > Root > Approved > Usage
  • Action Types:

    • AWS > IAM > Root > Skip alarm for Approved control
    • AWS > IAM > Root > Skip alarm for Approved control [90 days]

Bug fixes

  • The AWS > IAM > Account Password Policy > CMDB control would incorrectly go into an Alarm state when Guardrails was denied access to fetch the Account Password Policy data. This is fixed and the control will now move to an Error state instead for such cases.
  • Guardrails stack controls would sometimes fail to update IAM resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

Bug fixes

  • README.md file is now available for users to check details about resource types that the mod covers.

What's new?

  • AWS/CloudFront/Admin and AWS/CloudFront/Metadata will now also include permissions for CloudFront KeyValueStore.

Bug fixes

  • Server
    • Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > GCP
  • Control Types:

    • ServiceNow > Turbot > Watches > GCP
  • Action Types:

    • ServiceNow > Turbot > Watches > GCP Archive And Delete Record

What's new?

  • Policy Types:

    • GCP > Storage > Bucket > ServiceNow
    • GCP > Storage > Bucket > ServiceNow > Configuration Item
    • GCP > Storage > Bucket > ServiceNow > Configuration Item > Record
    • GCP > Storage > Bucket > ServiceNow > Configuration Item > Table Definition
    • GCP > Storage > Bucket > ServiceNow > Table
    • GCP > Storage > Bucket > ServiceNow > Table > Definition
  • Control Types:

    • GCP > Storage > Bucket > ServiceNow
    • GCP > Storage > Bucket > ServiceNow > Configuration Item
    • GCP > Storage > Bucket > ServiceNow > Table

What's new?

  • Policy Types:

    • GCP > SQL > Instance > ServiceNow
    • GCP > SQL > Instance > ServiceNow > Configuration Item
    • GCP > SQL > Instance > ServiceNow > Configuration Item > Record
    • GCP > SQL > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Instance > ServiceNow > Table
    • GCP > SQL > Instance > ServiceNow > Table > Definition
  • Control Types:

    • GCP > SQL > Instance > ServiceNow
    • GCP > SQL > Instance > ServiceNow > Configuration Item
    • GCP > SQL > Instance > ServiceNow > Table

What's new?

  • Policy Types:

    • GCP > Network > Network > ServiceNow
    • GCP > Network > Network > ServiceNow > Configuration Item
    • GCP > Network > Network > ServiceNow > Configuration Item > Record
    • GCP > Network > Network > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Network > ServiceNow > Table
    • GCP > Network > Network > ServiceNow > Table > Definition
    • GCP > Network > Subnetwork > ServiceNow
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Record
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Subnetwork > ServiceNow > Table
    • GCP > Network > Subnetwork > ServiceNow > Table > Definition
  • Control Types:

    • GCP > Network > Network > ServiceNow
    • GCP > Network > Network > ServiceNow > Configuration Item
    • GCP > Network > Network > ServiceNow > Table
    • GCP > Network > Subnetwork > ServiceNow
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item
    • GCP > Network > Subnetwork > ServiceNow > Table

What's new?

  • Policy Types:

    • GCP > Compute Engine > Disk > ServiceNow
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Disk > ServiceNow > Table
    • GCP > Compute Engine > Disk > ServiceNow > Table > Definition
    • GCP > Compute Engine > Image > ServiceNow
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Image > ServiceNow > Table
    • GCP > Compute Engine > Image > ServiceNow > Table > Definition
    • GCP > Compute Engine > Instance > ServiceNow
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Instance > ServiceNow > Table
    • GCP > Compute Engine > Instance > ServiceNow > Table > Definition
    • GCP > Compute Engine > Snapshot > ServiceNow
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Snapshot > ServiceNow > Table
    • GCP > Compute Engine > Snapshot > ServiceNow > Table > Definition
  • Control Types:

    • GCP > Compute Engine > Disk > ServiceNow
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Disk > ServiceNow > Table
    • GCP > Compute Engine > Image > ServiceNow
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item
    • GCP > Compute Engine > Image > ServiceNow > Table
    • GCP > Compute Engine > Instance > ServiceNow
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance > ServiceNow > Table
    • GCP > Compute Engine > Snapshot > ServiceNow
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
    • GCP > Compute Engine > Snapshot > ServiceNow > Table

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > Azure
  • Control Types:

    • ServiceNow > Turbot > Watches > Azure
  • Action Types:

    • ServiceNow > Turbot > Watches > Azure Archive And Delete Record

What's new?

  • Policy Types:

    • Azure > Storage > Storage Account > ServiceNow
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Record
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Storage Account > ServiceNow > Table
    • Azure > Storage > Storage Account > ServiceNow > Table > Definition
  • Control Types:

    • Azure > Storage > Storage Account > ServiceNow
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item
    • Azure > Storage > Storage Account > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > SQL > Server > ServiceNow
    • Azure > SQL > Server > ServiceNow > Configuration Item
    • Azure > SQL > Server > ServiceNow > Configuration Item > Record
    • Azure > SQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Server > ServiceNow > Table
    • Azure > SQL > Server > ServiceNow > Table > Definition
  • Control Types:

    • Azure > SQL > Server > ServiceNow
    • Azure > SQL > Server > ServiceNow > Configuration Item
    • Azure > SQL > Server > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > PostgreSQL > Server > ServiceNow
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Record
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > PostgreSQL > Server > ServiceNow > Table
    • Azure > PostgreSQL > Server > ServiceNow > Table > Definition
  • Control Types:

    • Azure > PostgreSQL > Server > ServiceNow
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Server > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > Network > Network Security Group > ServiceNow
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Record
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Network Security Group > ServiceNow > Table
    • Azure > Network > Network Security Group > ServiceNow > Table > Definition
    • Azure > Network > Subnet > ServiceNow
    • Azure > Network > Subnet > ServiceNow > Configuration Item
    • Azure > Network > Subnet > ServiceNow > Configuration Item > Record
    • Azure > Network > Subnet > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Subnet > ServiceNow > Table
    • Azure > Network > Subnet > ServiceNow > Table > Definition
    • Azure > Network > Virtual Network > ServiceNow
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Record
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Virtual Network > ServiceNow > Table
    • Azure > Network > Virtual Network > ServiceNow > Table > Definition
  • Control Types:

    • Azure > Network > Network Security Group > ServiceNow
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item
    • Azure > Network > Network Security Group > ServiceNow > Table
    • Azure > Network > Subnet > ServiceNow
    • Azure > Network > Subnet > ServiceNow > Configuration Item
    • Azure > Network > Subnet > ServiceNow > Table
    • Azure > Network > Virtual Network > ServiceNow
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > MySQL > Server > ServiceNow
    • Azure > MySQL > Server > ServiceNow > Configuration Item
    • Azure > MySQL > Server > ServiceNow > Configuration Item > Record
    • Azure > MySQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > MySQL > Server > ServiceNow > Table
    • Azure > MySQL > Server > ServiceNow > Table > Definition
  • Control Types:

    • Azure > MySQL > Server > ServiceNow
    • Azure > MySQL > Server > ServiceNow > Configuration Item
    • Azure > MySQL > Server > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > Compute > Availability Set > ServiceNow
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Availability Set > ServiceNow > Table
    • Azure > Compute > Availability Set > ServiceNow > Table > Definition
    • Azure > Compute > Disk > ServiceNow
    • Azure > Compute > Disk > ServiceNow > Configuration Item
    • Azure > Compute > Disk > ServiceNow > Configuration Item > Record
    • Azure > Compute > Disk > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Disk > ServiceNow > Table
    • Azure > Compute > Disk > ServiceNow > Table > Definition
    • Azure > Compute > Disk Encryption Set > ServiceNow
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table > Definition
    • Azure > Compute > Image > ServiceNow
    • Azure > Compute > Image > ServiceNow > Configuration Item
    • Azure > Compute > Image > ServiceNow > Configuration Item > Record
    • Azure > Compute > Image > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Image > ServiceNow > Table
    • Azure > Compute > Image > ServiceNow > Table > Definition
    • Azure > Compute > Snapshot > ServiceNow
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Record
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Snapshot > ServiceNow > Table
    • Azure > Compute > Snapshot > ServiceNow > Table > Definition
    • Azure > Compute > Ssh Public Key > ServiceNow
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Record
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Ssh Public Key > ServiceNow > Table
    • Azure > Compute > Ssh Public Key > ServiceNow > Table > Definition
    • Azure > Compute > Virtual Machine > ServiceNow
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Record
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Virtual Machine > ServiceNow > Table
    • Azure > Compute > Virtual Machine > ServiceNow > Table > Definition
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table > Definition
  • Control Types:

    • Azure > Compute > Availability Set > ServiceNow
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item
    • Azure > Compute > Availability Set > ServiceNow > Table
    • Azure > Compute > Disk > ServiceNow
    • Azure > Compute > Disk > ServiceNow > Configuration Item
    • Azure > Compute > Disk > ServiceNow > Table
    • Azure > Compute > Disk Encryption Set > ServiceNow
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table
    • Azure > Compute > Image > ServiceNow
    • Azure > Compute > Image > ServiceNow > Configuration Item
    • Azure > Compute > Image > ServiceNow > Table
    • Azure > Compute > Snapshot > ServiceNow
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item
    • Azure > Compute > Snapshot > ServiceNow > Table
    • Azure > Compute > Ssh Public Key > ServiceNow
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
    • Azure > Compute > Ssh Public Key > ServiceNow > Table
    • Azure > Compute > Virtual Machine > ServiceNow
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine > ServiceNow > Table
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table

Bug fixes

  • The ServiceNow > Turbot > Watches > AWS control would fail to delete/archive records in ServiceNow. This is now fixed.

Bug fixes

  • Server
    • Updated TE stack to enable propagation of custom tags to ECS tasks.
    • Updated @turbot/aws-sdk to 5.13.0, @turbot/fn to 5.21.0 and aws-sdk to 2.922.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Discovery controls for Application, Cost Center and User would sometimes upsert resources with incorrect AKAs for a freshly imported ServiceNow Instance in Guardrails CMDB. This is fixed and the controls will now work as expected.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The AWS > Turbot > Event Poller policy will now be automatically set to Disabled if any of the AWS > Turbot > Event Handlers or AWS > Turbot > Event Handlers [Global] policies is set to Enforce: Configured.

Bug fixes

  • Server
    • ServiceNow Instance Client Secret and Password were processed incorrectly while fetching credentials for the Instance.

Bug fixes

  • Server
    • Create mutation for ServiceNow instance failed if no instances were available in a Guardrails workspace.

What's new?

  • Resource Types:

    • ServiceNow
    • ServiceNow > Application
    • ServiceNow > Cost Center
    • ServiceNow > Instance
    • ServiceNow > User
  • Policy Types:

    • ServiceNow > Application > Business Rule
    • ServiceNow > Application > Business Rule > Name
    • ServiceNow > Application > CMDB
    • ServiceNow > Config
    • ServiceNow > Config > Application Scope
    • ServiceNow > Config > Client ID
    • ServiceNow > Config > Client Secret
    • ServiceNow > Config > Instance URL
    • ServiceNow > Config > Password
    • ServiceNow > Config > System Properties
    • ServiceNow > Config > System Properties > Template
    • ServiceNow > Config > Username
    • ServiceNow > Cost Center > Business Rule
    • ServiceNow > Cost Center > Business Rule > Name
    • ServiceNow > Cost Center > CMDB
    • ServiceNow > Instance > CMDB
    • ServiceNow > Login Names
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches
    • ServiceNow > User > Business Rule
    • ServiceNow > User > Business Rule > Name
    • ServiceNow > User > CMDB
  • Control Types:

    • ServiceNow > Application > Business Rule
    • ServiceNow > Application > CMDB
    • ServiceNow > Application > Discovery
    • ServiceNow > Config
    • ServiceNow > Config > System Properties
    • ServiceNow > Cost Center > Business Rule
    • ServiceNow > Cost Center > CMDB
    • ServiceNow > Cost Center > Discovery
    • ServiceNow > Instance > CMDB
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches
    • ServiceNow > User > Business Rule
    • ServiceNow > User > CMDB
    • ServiceNow > User > Discovery
  • Action Types:

    • ServiceNow > Instance > Event Handler
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches

What's new?

  • Policy Types:

    • AWS > VPC > Network ACL > ServiceNow
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item > Record
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Network ACL > ServiceNow > Table
    • AWS > VPC > Network ACL > ServiceNow > Table > Definition
    • AWS > VPC > Security Group > ServiceNow
    • AWS > VPC > Security Group > ServiceNow > Configuration Item
    • AWS > VPC > Security Group > ServiceNow > Configuration Item > Record
    • AWS > VPC > Security Group > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Security Group > ServiceNow > Table
    • AWS > VPC > Security Group > ServiceNow > Table > Definition
  • Control Types:

    • AWS > VPC > Network ACL > ServiceNow
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item
    • AWS > VPC > Network ACL > ServiceNow > Table
    • AWS > VPC > Security Group > ServiceNow
    • AWS > VPC > Security Group > ServiceNow > Configuration Item
    • AWS > VPC > Security Group > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > VPC > Elastic IP > ServiceNow
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Record
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Elastic IP > ServiceNow > Table
    • AWS > VPC > Elastic IP > ServiceNow > Table > Definition
  • Control Types:

    • AWS > VPC > Elastic IP > ServiceNow
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item
    • AWS > VPC > Elastic IP > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > VPC > Route Table > ServiceNow
    • AWS > VPC > Route Table > ServiceNow > Configuration Item
    • AWS > VPC > Route Table > ServiceNow > Configuration Item > Record
    • AWS > VPC > Route Table > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Route Table > ServiceNow > Table
    • AWS > VPC > Route Table > ServiceNow > Table > Definition
    • AWS > VPC > Subnet > ServiceNow
    • AWS > VPC > Subnet > ServiceNow > Configuration Item
    • AWS > VPC > Subnet > ServiceNow > Configuration Item > Record
    • AWS > VPC > Subnet > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Subnet > ServiceNow > Table
    • AWS > VPC > Subnet > ServiceNow > Table > Definition
    • AWS > VPC > VPC > ServiceNow
    • AWS > VPC > VPC > ServiceNow > Configuration Item
    • AWS > VPC > VPC > ServiceNow > Configuration Item > Record
    • AWS > VPC > VPC > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > VPC > ServiceNow > Table
    • AWS > VPC > VPC > ServiceNow > Table > Definition
  • Control Types:

    • AWS > VPC > Route Table > ServiceNow
    • AWS > VPC > Route Table > ServiceNow > Configuration Item
    • AWS > VPC > Route Table > ServiceNow > Table
    • AWS > VPC > Subnet > ServiceNow
    • AWS > VPC > Subnet > ServiceNow > Configuration Item
    • AWS > VPC > Subnet > ServiceNow > Table
    • AWS > VPC > VPC > ServiceNow
    • AWS > VPC > VPC > ServiceNow > Configuration Item
    • AWS > VPC > VPC > ServiceNow > Table

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > AWS
  • Control Types:

    • ServiceNow > Turbot > Watches > AWS
  • Action Types:

    • ServiceNow > Turbot > Watches > AWS Archive And Delete Record

What's new?

  • Policy Types:

    • AWS > S3 > Bucket > ServiceNow
    • AWS > S3 > Bucket > ServiceNow > Configuration Item
    • AWS > S3 > Bucket > ServiceNow > Configuration Item > Record
    • AWS > S3 > Bucket > ServiceNow > Configuration Item > Table Definition
    • AWS > S3 > Bucket > ServiceNow > Table
    • AWS > S3 > Bucket > ServiceNow > Table > Definition
  • Control Types:

    • AWS > S3 > Bucket > ServiceNow
    • AWS > S3 > Bucket > ServiceNow > Configuration Item
    • AWS > S3 > Bucket > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > IAM > Group > ServiceNow
    • AWS > IAM > Group > ServiceNow > Configuration Item
    • AWS > IAM > Group > ServiceNow > Configuration Item > Record
    • AWS > IAM > Group > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > Group > ServiceNow > Table
    • AWS > IAM > Group > ServiceNow > Table > Definition
    • AWS > IAM > Role > ServiceNow
    • AWS > IAM > Role > ServiceNow > Configuration Item
    • AWS > IAM > Role > ServiceNow > Configuration Item > Record
    • AWS > IAM > Role > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > Role > ServiceNow > Table
    • AWS > IAM > Role > ServiceNow > Table > Definition
    • AWS > IAM > User > ServiceNow
    • AWS > IAM > User > ServiceNow > Configuration Item
    • AWS > IAM > User > ServiceNow > Configuration Item > Record
    • AWS > IAM > User > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > User > ServiceNow > Table
    • AWS > IAM > User > ServiceNow > Table > Definition
  • Control Types:

    • AWS > IAM > Group > ServiceNow
    • AWS > IAM > Group > ServiceNow > Configuration Item
    • AWS > IAM > Group > ServiceNow > Table
    • AWS > IAM > Role > ServiceNow
    • AWS > IAM > Role > ServiceNow > Configuration Item
    • AWS > IAM > Role > ServiceNow > Table
    • AWS > IAM > User > ServiceNow
    • AWS > IAM > User > ServiceNow > Configuration Item
    • AWS > IAM > User > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > EC2 > Instance > ServiceNow
    • AWS > EC2 > Instance > ServiceNow > Configuration Item
    • AWS > EC2 > Instance > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Instance > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Instance > ServiceNow > Table
    • AWS > EC2 > Instance > ServiceNow > Table > Definition
    • AWS > EC2 > Snapshot > ServiceNow
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Snapshot > ServiceNow > Table
    • AWS > EC2 > Snapshot > ServiceNow > Table > Definition
    • AWS > EC2 > Volume > ServiceNow
    • AWS > EC2 > Volume > ServiceNow > Configuration Item
    • AWS > EC2 > Volume > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Volume > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Volume > ServiceNow > Table
    • AWS > EC2 > Volume > ServiceNow > Table > Definition
  • Control Types:

    • AWS > EC2 > Instance > ServiceNow
    • AWS > EC2 > Instance > ServiceNow > Configuration Item
    • AWS > EC2 > Instance > ServiceNow > Table
    • AWS > EC2 > Snapshot > ServiceNow
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item
    • AWS > EC2 > Snapshot > ServiceNow > Table
    • AWS > EC2 > Volume > ServiceNow
    • AWS > EC2 > Volume > ServiceNow > Configuration Item
    • AWS > EC2 > Volume > ServiceNow > Table

What's new?

  • Server

    • Added: Support for creating and deleting watches using @turbot/sdk.
    • Updated: @turbot/fn, @turbot/aws-sdk, aws-sdk, @turbot/utils, @turbot/errors, @turbot/log, @turbot/responses packages.
    • Added: Support for ServiceNow credentials.
  • UI:

    • Added: Support to import ServiceNow Instance in Guardrails.

What's new?

  • Control Category Types:
    • CMDB > External
    • Cloud > Integration

What's new?

  • Resource Types:

    • AWS > Kendra
  • Policy Types:

    • AWS > Kendra > API Enabled
    • AWS > Kendra > Approved Regions [Default]
    • AWS > Kendra > Enabled
    • AWS > Kendra > Permissions
    • AWS > Kendra > Permissions > Levels
    • AWS > Kendra > Permissions > Levels > Modifiers
    • AWS > Kendra > Permissions > Lockdown
    • AWS > Kendra > Permissions > Lockdown > API Boundary
    • AWS > Kendra > Regions
    • AWS > Kendra > Tags Template [Default]
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-kendra
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-kendra
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-kendra

What's new?

  • Category Types:
    • Turbot > Resource > Category > Business Application
    • Turbot > Resource > Category > Cloud > Api
    • Turbot > Resource > Category > Cloud > Provider
    • Turbot > Resource > Category > Cloud > Resource Group
    • Turbot > Resource > Category > Container
    • Turbot > Resource > Category > Cost Management
    • Turbot > Resource > Category > End User Computing
    • Turbot > Resource > Category > Migration
    • Turbot > Resource > Category > Robotics

What's new?

  • Added support to process enable and disable real-time events for Firebase Management APIs.

What's new?

  • You can now Enable/Disable Firebase Management API via Guardrails. To get started, set the GCP > Firebase > API Enabled policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • GCP > Firebase > API Enabled
  • Policy Types:

    • GCP > Firebase > API Enabled
    • GCP > Firebase > Android App > Approved > Custom
    • GCP > Firebase > Web App > Approved > Custom
    • GCP > Firebase > iOS App > Approved > Custom
  • Action Types:

    • GCP > Firebase > Set API Enabled

What's new?

  • Added support for newer US, Europe, India and US Government regions in the Azure > Synapse Analytics > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Synapse Analytics > SQL Pool > Approved > Custom
    • Azure > Synapse Analytics > SQL Pool > Regions
    • Azure > Synapse Analytics > Workspace > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > API Management > API Management Service > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > AKS > Managed Cluster > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Network Watcher > Flow Log > Approved > Custom
    • Azure > Network Watcher > Network Watcher > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Data Factory > Dataset > Approved > Custom
    • Azure > Data Factory > Factory > Approved > Custom
    • Azure > Data Factory > Pipeline > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Firewall > Firewall > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Front Door > Front Door > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Databricks > Workspace > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Policy Types:
    • GCP > Compute Engine > Image > Policy > Trusted Access > All Authenticated
    • GCP > Compute Engine > Image > Policy > Trusted Access > All Users

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > SignalR Service > SignalR > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Relay > Namespace > Approved > Custom

What's new?

  • Policy Types:
    • GCP > Functions > Function > Policy > Trusted Access > All Authenticated
    • GCP > Functions > Function > Policy > Trusted Access > All Users

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Search Management > Search Service > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Recovery Service > Vault > Approved > Custom

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > SWF > Domain > Approved > Custom
  • Action Types:

    • AWS > SWF > Domain > Set Tags
    • AWS > SWF > Domain > Skip alarm for Active control
    • AWS > SWF > Domain > Skip alarm for Active control [90 days]
    • AWS > SWF > Domain > Skip alarm for Approved control
    • AWS > SWF > Domain > Skip alarm for Approved control [90 days]
    • AWS > SWF > Domain > Skip alarm for Tags control
    • AWS > SWF > Domain > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > QLDB > Ledger > Approved > Custom
  • Action Types:

    • AWS > QLDB > Ledger > Delete from AWS
    • AWS > QLDB > Ledger > Set Tags
    • AWS > QLDB > Ledger > Skip alarm for Active control
    • AWS > QLDB > Ledger > Skip alarm for Active control [90 days]
    • AWS > QLDB > Ledger > Skip alarm for Approved control
    • AWS > QLDB > Ledger > Skip alarm for Approved control [90 days]
    • AWS > QLDB > Ledger > Skip alarm for Tags control
    • AWS > QLDB > Ledger > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Neptune > DB Cluster > Approved > Custom
    • AWS > Neptune > DB Instance > Approved > Custom
  • Action Types:

    • AWS > Neptune > DB Cluster > Delete from AWS
    • AWS > Neptune > DB Cluster > Set Tags
    • AWS > Neptune > DB Cluster > Skip alarm for Active control
    • AWS > Neptune > DB Cluster > Skip alarm for Active control [90 days]
    • AWS > Neptune > DB Cluster > Skip alarm for Approved control
    • AWS > Neptune > DB Cluster > Skip alarm for Approved control [90 days]
    • AWS > Neptune > DB Cluster > Skip alarm for Tags control
    • AWS > Neptune > DB Cluster > Skip alarm for Tags control [90 days]
    • AWS > Neptune > DB Instance > Delete from AWS
    • AWS > Neptune > DB Instance > Set Tags
    • AWS > Neptune > DB Instance > Skip alarm for Active control
    • AWS > Neptune > DB Instance > Skip alarm for Active control [90 days]
    • AWS > Neptune > DB Instance > Skip alarm for Approved control
    • AWS > Neptune > DB Instance > Skip alarm for Approved control [90 days]
    • AWS > Neptune > DB Instance > Skip alarm for Tags control
    • AWS > Neptune > DB Instance > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Inspector > Assessment Target > Approved > Custom
    • AWS > Inspector > Assessment Template > Approved > Custom
  • Action Types:

    • AWS > Inspector > Assessment Target > Delete from AWS
    • AWS > Inspector > Assessment Target > Skip alarm for Active control
    • AWS > Inspector > Assessment Target > Skip alarm for Active control [90 days]
    • AWS > Inspector > Assessment Target > Skip alarm for Approved control
    • AWS > Inspector > Assessment Target > Skip alarm for Approved control [90 days]
    • AWS > Inspector > Assessment Template > Delete from AWS
    • AWS > Inspector > Assessment Template > Set Tags
    • AWS > Inspector > Assessment Template > Skip alarm for Active control
    • AWS > Inspector > Assessment Template > Skip alarm for Active control [90 days]
    • AWS > Inspector > Assessment Template > Skip alarm for Approved control
    • AWS > Inspector > Assessment Template > Skip alarm for Approved control [90 days]
    • AWS > Inspector > Assessment Template > Skip alarm for Tags control
    • AWS > Inspector > Assessment Template > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > DAX > Cluster > Approved > Custom
  • Action Types:

    • AWS > DAX > Cluster > Delete from AWS
    • AWS > DAX > Cluster > Set Tags
    • AWS > DAX > Cluster > Skip alarm for Active control
    • AWS > DAX > Cluster > Skip alarm for Active control [90 days]
    • AWS > DAX > Cluster > Skip alarm for Approved control
    • AWS > DAX > Cluster > Skip alarm for Approved control [90 days]
    • AWS > DAX > Cluster > Skip alarm for Tags control
    • AWS > DAX > Cluster > Skip alarm for Tags control [90 days]

What's new?

  • Server

    • Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4
    • Updated: The directory API to support Require Signed Authentication Response and Strict Audience Validation.
  • UI:

    • Added: Introduced UI options for Require Signed Authentication Response and Strict Audience Validation for enhanced security in SAML authentication.

Enhanced Security and Compatibility Guide for SAML Authentication

Description

The recent package change for @node-saml/passport-saml has made it mandatory to sign the audience response and perform audience validation. To maintain backward compatibility, we have introduced two new options in the UI:

  1. Require Signed Authentication Response
  2. Strict Audience Validation

To make it backward compatible, both of these options are initially set to Disabled by default.

Important Note: This change ensures that the audience response is signed and audience validation is enforced. These checks were not available in earlier versions of the package.

Recommendations

We recommend customers enable both of these properties as they add an additional layer of security. However, it's important to be aware that enabling these properties might potentially break SAML login functionality. Therefore, certain steps need to be taken before enabling them.

Here are specific recommendations for popular Identity Providers (IDPs):

Okta

  • Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience Restriction."

OneLogin

  • Require Signed Authentication Response: This feature should be disabled in OneLogin, as OneLogin does not support it.
  • Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience".

Azure Entra ID (Previously Known as Azure AD)

  • Require Signed Authentication Response: If enabled, make sure you choose the Signing option to be "SIGN SAML response and assertion". The Signing option is available on the Signing Certificate page of Entra ID

Please follow these recommendations carefully to make sure you're able to transition smoothly to the updated SAML package.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > Lightsail > Instance > Approved > Custom
    • AWS > Lightsail > Load Balancer > Approved > Custom
    • AWS > Lightsail > Relational Database > Approved > Custom
  • Action Types:

    • AWS > Lightsail > Instance > Delete from AWS
    • AWS > Lightsail > Instance > Set Tags
    • AWS > Lightsail > Instance > Skip alarm for Active control
    • AWS > Lightsail > Instance > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Instance > Skip alarm for Approved control
    • AWS > Lightsail > Instance > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Instance > Skip alarm for Tags control
    • AWS > Lightsail > Instance > Skip alarm for Tags control [90 days]
    • AWS > Lightsail > Load Balancer > Delete from AWS
    • AWS > Lightsail > Load Balancer > Set Tags
    • AWS > Lightsail > Load Balancer > Skip alarm for Active control
    • AWS > Lightsail > Load Balancer > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Load Balancer > Skip alarm for Approved control
    • AWS > Lightsail > Load Balancer > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Load Balancer > Skip alarm for Tags control
    • AWS > Lightsail > Load Balancer > Skip alarm for Tags control [90 days]
    • AWS > Lightsail > Relational Database > Delete from AWS
    • AWS > Lightsail > Relational Database > Set Tags
    • AWS > Lightsail > Relational Database > Skip alarm for Active control
    • AWS > Lightsail > Relational Database > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Relational Database > Skip alarm for Approved control
    • AWS > Lightsail > Relational Database > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Relational Database > Skip alarm for Tags control
    • AWS > Lightsail > Relational Database > Skip alarm for Tags control [90 days]

What's new?

  • Resource Types:

    • AWS > Bedrock
  • Policy Types:

    • AWS > Bedrock > API Enabled
    • AWS > Bedrock > Approved Regions [Default]
    • AWS > Bedrock > Enabled
    • AWS > Bedrock > Permissions
    • AWS > Bedrock > Permissions > Levels
    • AWS > Bedrock > Permissions > Levels > Modifiers
    • AWS > Bedrock > Permissions > Lockdown
    • AWS > Bedrock > Permissions > Lockdown > API Boundary
    • AWS > Bedrock > Regions
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-bedrock
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-bedrock
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-bedrock

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > App Mesh > Mesh > Approved > Custom
  • Action Types:

    • AWS > App Mesh > Mesh > Delete from AWS
    • AWS > App Mesh > Mesh > Set Tags
    • AWS > App Mesh > Mesh > Skip alarm for Active control
    • AWS > App Mesh > Mesh > Skip alarm for Active control [90 days]
    • AWS > App Mesh > Mesh > Skip alarm for Approved control
    • AWS > App Mesh > Mesh > Skip alarm for Approved control [90 days]
    • AWS > App Mesh > Mesh > Skip alarm for Tags control
    • AWS > App Mesh > Mesh > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

  • The AWS > ElastiCache > Snapshot > CMDB control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Glue > Crawler > Delete from AWS
    • AWS > Glue > Crawler > Set Tags
    • AWS > Glue > Crawler > Skip alarm for Active control
    • AWS > Glue > Crawler > Skip alarm for Active control [90 days]
    • AWS > Glue > Crawler > Skip alarm for Approved control
    • AWS > Glue > Crawler > Skip alarm for Approved control [90 days]
    • AWS > Glue > Crawler > Skip alarm for Tags control
    • AWS > Glue > Crawler > Skip alarm for Tags control [90 days]
    • AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control
    • AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Glue > Database > Delete from AWS
    • AWS > Glue > Database > Skip alarm for Active control
    • AWS > Glue > Database > Skip alarm for Active control [90 days]
    • AWS > Glue > Database > Skip alarm for Approved control
    • AWS > Glue > Database > Skip alarm for Approved control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Delete from AWS
    • AWS > Glue > Development Endpoint [Deprecated] > Set Tags
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control [90 days]
    • AWS > Glue > Job > Delete from AWS
    • AWS > Glue > Job > Set Tags
    • AWS > Glue > Job > Skip alarm for Active control
    • AWS > Glue > Job > Skip alarm for Active control [90 days]
    • AWS > Glue > Job > Skip alarm for Approved control
    • AWS > Glue > Job > Skip alarm for Approved control [90 days]
    • AWS > Glue > Job > Skip alarm for Tags control
    • AWS > Glue > Job > Skip alarm for Tags control [90 days]
    • AWS > Glue > ML Transform > Delete from AWS
    • AWS > Glue > ML Transform > Set Tags
    • AWS > Glue > ML Transform > Skip alarm for Active control
    • AWS > Glue > ML Transform > Skip alarm for Active control [90 days]
    • AWS > Glue > ML Transform > Skip alarm for Approved control
    • AWS > Glue > ML Transform > Skip alarm for Approved control [90 days]
    • AWS > Glue > ML Transform > Skip alarm for Tags control
    • AWS > Glue > ML Transform > Skip alarm for Tags control [90 days]
    • AWS > Glue > Security Configuration > Delete from AWS
    • AWS > Glue > Security Configuration > Skip alarm for Active control
    • AWS > Glue > Security Configuration > Skip alarm for Active control [90 days]
    • AWS > Glue > Security Configuration > Skip alarm for Approved control
    • AWS > Glue > Security Configuration > Skip alarm for Approved control [90 days]
    • AWS > Glue > Table > Delete from AWS
    • AWS > Glue > Table > Skip alarm for Active control
    • AWS > Glue > Table > Skip alarm for Active control [90 days]
    • AWS > Glue > Table > Skip alarm for Approved control
    • AWS > Glue > Table > Skip alarm for Approved control [90 days]
    • AWS > Glue > Trigger > Delete from AWS
    • AWS > Glue > Trigger > Set Tags
    • AWS > Glue > Trigger > Skip alarm for Active control
    • AWS > Glue > Trigger > Skip alarm for Active control [90 days]
    • AWS > Glue > Trigger > Skip alarm for Approved control
    • AWS > Glue > Trigger > Skip alarm for Approved control [90 days]
    • AWS > Glue > Trigger > Skip alarm for Tags control
    • AWS > Glue > Trigger > Skip alarm for Tags control [90 days]
    • AWS > Glue > Workflow > Delete from AWS
    • AWS > Glue > Workflow > Set Tags
    • AWS > Glue > Workflow > Skip alarm for Active control
    • AWS > Glue > Workflow > Skip alarm for Active control [90 days]
    • AWS > Glue > Workflow > Skip alarm for Approved control
    • AWS > Glue > Workflow > Skip alarm for Approved control [90 days]
    • AWS > Glue > Workflow > Skip alarm for Tags control
    • AWS > Glue > Workflow > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CodeCommit > Repository > Approved > Custom
  • Action Types:

    • AWS > CodeCommit > Repository > Delete from AWS
    • AWS > CodeCommit > Repository > Set Tags
    • AWS > CodeCommit > Repository > Skip alarm for Active control
    • AWS > CodeCommit > Repository > Skip alarm for Active control [90 days]
    • AWS > CodeCommit > Repository > Skip alarm for Approved control
    • AWS > CodeCommit > Repository > Skip alarm for Approved control [90 days]
    • AWS > CodeCommit > Repository > Skip alarm for Tags control
    • AWS > CodeCommit > Repository > Skip alarm for Tags control [90 days]

What's new?

  • Users can now set a Unique Writer Identity for Logging Sink created via the GCP > Turbot > Event Handlers stack. To get started, set the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy.

Bug fixes

  • Guardrails stack controls would sometimes fail to update Pub/Sub Topic resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

Bug fixes

  • Guardrails stack controls would sometimes fail to update Logging Sink resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Well-Architected Tool > Workload > Approved > Custom
  • Action Types:

    • AWS > Well-Architected Tool > Workload > Delete from AWS
    • AWS > Well-Architected Tool > Workload > Set Tags
    • AWS > Well-Architected Tool > Workload > Skip alarm for Active control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Active control [90 days]
    • AWS > Well-Architected Tool > Workload > Skip alarm for Approved control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Approved control [90 days]
    • AWS > Well-Architected Tool > Workload > Skip alarm for Tags control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Secrets Manager > Secret > Approved > Custom
  • Action Types:

    • AWS > Secrets Manager > Secret > Delete from AWS
    • AWS > Secrets Manager > Secret > Set Tags
    • AWS > Secrets Manager > Secret > Skip alarm for Active control
    • AWS > Secrets Manager > Secret > Skip alarm for Active control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Approved control
    • AWS > Secrets Manager > Secret > Skip alarm for Approved control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control
    • AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Tags control
    • AWS > Secrets Manager > Secret > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Glacier > Vault > Approved > Custom
  • Action Types:

    • AWS > Glacier > Vault > Delete from AWS
    • AWS > Glacier > Vault > Set Tags
    • AWS > Glacier > Vault > Skip alarm for Active control
    • AWS > Glacier > Vault > Skip alarm for Active control [90 days]
    • AWS > Glacier > Vault > Skip alarm for Approved control
    • AWS > Glacier > Vault > Skip alarm for Approved control [90 days]
    • AWS > Glacier > Vault > Skip alarm for Tags control
    • AWS > Glacier > Vault > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Elastic Beanstalk > Application > Approved > Custom
  • Action Types:

    • AWS > Elastic Beanstalk > Application > Delete from AWS
    • AWS > Elastic Beanstalk > Application > Set Tags
    • AWS > Elastic Beanstalk > Application > Skip alarm for Active control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Active control [90 days]
    • AWS > Elastic Beanstalk > Application > Skip alarm for Approved control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Approved control [90 days]
    • AWS > Elastic Beanstalk > Application > Skip alarm for Tags control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > WAF Regional > Rule > Approved > Custom
  • Action Types:

    • AWS > WAF Regional > Rule > Delete from AWS
    • AWS > WAF Regional > Rule > Skip alarm for Active control
    • AWS > WAF Regional > Rule > Skip alarm for Active control [90 days]
    • AWS > WAF Regional > Rule > Skip alarm for Approved control
    • AWS > WAF Regional > Rule > Skip alarm for Approved control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > VPC > Egress Only Internet Gateway > Delete from AWS
    • AWS > VPC > Egress Only Internet Gateway > Set Tags
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control [90 days]
    • AWS > VPC > Elastic IP > Delete from AWS
    • AWS > VPC > Elastic IP > Set Tags
    • AWS > VPC > Elastic IP > Skip alarm for Active control
    • AWS > VPC > Elastic IP > Skip alarm for Active control [90 days]
    • AWS > VPC > Elastic IP > Skip alarm for Approved control
    • AWS > VPC > Elastic IP > Skip alarm for Approved control [90 days]
    • AWS > VPC > Elastic IP > Skip alarm for Tags control
    • AWS > VPC > Elastic IP > Skip alarm for Tags control [90 days]
    • AWS > VPC > Endpoint > Delete from AWS
    • AWS > VPC > Endpoint > Set Tags
    • AWS > VPC > Endpoint > Skip alarm for Active control
    • AWS > VPC > Endpoint > Skip alarm for Active control [90 days]
    • AWS > VPC > Endpoint > Skip alarm for Approved control
    • AWS > VPC > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > VPC > Endpoint > Skip alarm for Tags control
    • AWS > VPC > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > VPC > Endpoint Service > Delete from AWS
    • AWS > VPC > Endpoint Service > Set Tags
    • AWS > VPC > Endpoint Service > Skip alarm for Active control
    • AWS > VPC > Endpoint Service > Skip alarm for Active control [90 days]
    • AWS > VPC > Endpoint Service > Skip alarm for Approved control
    • AWS > VPC > Endpoint Service > Skip alarm for Approved control [90 days]
    • AWS > VPC > Endpoint Service > Skip alarm for Tags control
    • AWS > VPC > Endpoint Service > Skip alarm for Tags control [90 days]
    • AWS > VPC > Internet Gateway > Delete from AWS
    • AWS > VPC > Internet Gateway > Set Tags
    • AWS > VPC > Internet Gateway > Skip alarm for Active control
    • AWS > VPC > Internet Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > Internet Gateway > Skip alarm for Approved control
    • AWS > VPC > Internet Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > Internet Gateway > Skip alarm for Tags control
    • AWS > VPC > Internet Gateway > Skip alarm for Tags control [90 days]
    • AWS > VPC > NAT Gateway > Delete from AWS
    • AWS > VPC > NAT Gateway > Set Tags
    • AWS > VPC > NAT Gateway > Skip alarm for Active control
    • AWS > VPC > NAT Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > NAT Gateway > Skip alarm for Approved control
    • AWS > VPC > NAT Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > NAT Gateway > Skip alarm for Tags control
    • AWS > VPC > NAT Gateway > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > VPC > DHCP Options > Delete from AWS
    • AWS > VPC > DHCP Options > Set Tags
    • AWS > VPC > DHCP Options > Skip alarm for Active control
    • AWS > VPC > DHCP Options > Skip alarm for Active control [90 days]
    • AWS > VPC > DHCP Options > Skip alarm for Tags control
    • AWS > VPC > DHCP Options > Skip alarm for Tags control [90 days]
    • AWS > VPC > Route Table > Delete from AWS
    • AWS > VPC > Route Table > Set Tags
    • AWS > VPC > Route Table > Skip alarm for Active control
    • AWS > VPC > Route Table > Skip alarm for Active control [90 days]
    • AWS > VPC > Route Table > Skip alarm for Tags control
    • AWS > VPC > Route Table > Skip alarm for Tags control [90 days]
    • AWS > VPC > Subnet > Delete from AWS
    • AWS > VPC > Subnet > Set Tags
    • AWS > VPC > Subnet > Skip alarm for Active control
    • AWS > VPC > Subnet > Skip alarm for Active control [90 days]
    • AWS > VPC > Subnet > Skip alarm for Tags control
    • AWS > VPC > Subnet > Skip alarm for Tags control [90 days]
    • AWS > VPC > VPC > Delete from AWS
    • AWS > VPC > VPC > Set Tags
    • AWS > VPC > VPC > Skip alarm for Active control
    • AWS > VPC > VPC > Skip alarm for Active control [90 days]
    • AWS > VPC > VPC > Skip alarm for Tags control
    • AWS > VPC > VPC > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Elasticsearch > Domain > Approved > Custom
  • Action Types:

    • AWS > Elasticsearch > Domain > Delete from AWS
    • AWS > Elasticsearch > Domain > Set Tags
    • AWS > Elasticsearch > Domain > Skip alarm for Active control
    • AWS > Elasticsearch > Domain > Skip alarm for Active control [90 days]
    • AWS > Elasticsearch > Domain > Skip alarm for Approved control
    • AWS > Elasticsearch > Domain > Skip alarm for Approved control [90 days]
    • AWS > Elasticsearch > Domain > Skip alarm for Tags control
    • AWS > Elasticsearch > Domain > Skip alarm for Tags control [90 days]

Bug fixes

  • The AWS > EC2 > Account Attributes > CMDB control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > ElastiCache > Cache Cluster > Delete from AWS
    • AWS > ElastiCache > Cache Cluster > Set Tags
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Active control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control [90 days]
    • AWS > ElastiCache > Cache Parameter Group > Delete from AWS
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Replication Group > Delete from AWS
    • AWS > ElastiCache > Replication Group > Skip alarm for Active control
    • AWS > ElastiCache > Replication Group > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Snapshot > Delete from AWS
    • AWS > ElastiCache > Snapshot > Set Tags
    • AWS > ElastiCache > Snapshot > Skip alarm for Active control
    • AWS > ElastiCache > Snapshot > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Snapshot > Skip alarm for Tags control
    • AWS > ElastiCache > Snapshot > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Data Pipeline > Pipeline > Approved > Custom
  • Action Types:

    • AWS > Data Pipeline > Pipeline > Delete from AWS
    • AWS > Data Pipeline > Pipeline > Set Tags
    • AWS > Data Pipeline > Pipeline > Skip alarm for Active control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Active control [90 days]
    • AWS > Data Pipeline > Pipeline > Skip alarm for Approved control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Approved control [90 days]
    • AWS > Data Pipeline > Pipeline > Skip alarm for Tags control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Tags control [90 days]

Bug fixes

  • Recovery Points deleted in AWS were not cleaned up automatically via real-time events in Guardrails. This is now fixed.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Added support for ap-northeast-3 and us-gov-east-1 regions in the AWS > SageMaker > Regions policy.

  • Policy Types:

    • AWS > SageMaker > Code Repository > Approved > Custom
    • AWS > SageMaker > Endpoint > Approved > Custom
    • AWS > SageMaker > Endpoint Configuration > Approved > Custom
    • AWS > SageMaker > Lifecycle Configuration > Approved > Custom
    • AWS > SageMaker > Model > Approved > Custom
    • AWS > SageMaker > Training Job > Approved > Custom
  • Action Types:

    • AWS > SageMaker > Code Repository > Delete from AWS
    • AWS > SageMaker > Code Repository > Skip alarm for Active control
    • AWS > SageMaker > Code Repository > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Code Repository > Skip alarm for Approved control
    • AWS > SageMaker > Code Repository > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Domain > Delete from AWS
    • AWS > SageMaker > Endpoint > Delete from AWS
    • AWS > SageMaker > Endpoint > Set Tags
    • AWS > SageMaker > Endpoint > Skip alarm for Active control
    • AWS > SageMaker > Endpoint > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Endpoint > Skip alarm for Approved control
    • AWS > SageMaker > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Endpoint > Skip alarm for Tags control
    • AWS > SageMaker > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Delete from AWS
    • AWS > SageMaker > Endpoint Configuration > Set Tags
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Lifecycle Configuration > Delete from AWS
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Model > Delete from AWS
    • AWS > SageMaker > Model > Set Tags
    • AWS > SageMaker > Model > Skip alarm for Active control
    • AWS > SageMaker > Model > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Model > Skip alarm for Approved control
    • AWS > SageMaker > Model > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Model > Skip alarm for Tags control
    • AWS > SageMaker > Model > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Notebook Instance > Delete from AWS
    • AWS > SageMaker > Notebook Instance > Set Tags
    • AWS > SageMaker > Notebook Instance > Skip alarm for Active control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Notebook Instance > Skip alarm for Approved control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Notebook Instance > Skip alarm for Tags control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Training Job > Set Tags
    • AWS > SageMaker > Training Job > Skip alarm for Active control
    • AWS > SageMaker > Training Job > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Training Job > Skip alarm for Approved control
    • AWS > SageMaker > Training Job > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Training Job > Skip alarm for Tags control
    • AWS > SageMaker > Training Job > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Route 53 Resolver > Resolver Endpoint > Approved > Custom
    • AWS > Route 53 Resolver > Resolver Rule > Approved > Custom
  • Action Types:

    • AWS > Route 53 Resolver > Resolver Endpoint > Delete from AWS
    • AWS > Route 53 Resolver > Resolver Endpoint > Set Tags
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control [90 days]
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control [90 days]
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Delete from AWS
    • AWS > Route 53 Resolver > Resolver Rule > Set Tags
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > Events > Rule > Skip alarm for Approved control
    • AWS > Events > Rule > Skip alarm for Approved control [90 days]
    • AWS > Events > Target > Skip alarm for Active control
    • AWS > Events > Target > Skip alarm for Active control [90 days]
    • AWS > Events > Target > Skip alarm for Approved control
    • AWS > Events > Target > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > WAF > IP Set > Delete from AWS
    • AWS > WAF > IP Set > Skip alarm for Active control
    • AWS > WAF > IP Set > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set > Skip alarm for Approved control
    • AWS > WAF > IP Set > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Global > Delete from AWS
    • AWS > WAF > IP Set v2 Global > Set Tags
    • AWS > WAF > IP Set v2 Global > Skip alarm for Active control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set v2 Global > Skip alarm for Approved control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Global > Skip alarm for Tags control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > IP Set v2 Regional > Delete from AWS
    • AWS > WAF > IP Set v2 Regional > Set Tags
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Active control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rate Based Rule > Delete from AWS
    • AWS > WAF > Rate Based Rule > Skip alarm for Active control
    • AWS > WAF > Rate Based Rule > Skip alarm for Active control [90 days]
    • AWS > WAF > Rate Based Rule > Skip alarm for Approved control
    • AWS > WAF > Rate Based Rule > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Delete from AWS
    • AWS > WAF > Regex Pattern Set v2 Global > Set Tags
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Delete from AWS
    • AWS > WAF > Regex Pattern Set v2 Regional > Set Tags
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rule > Delete from AWS
    • AWS > WAF > Rule > Skip alarm for Active control
    • AWS > WAF > Rule > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule > Skip alarm for Approved control
    • AWS > WAF > Rule > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Global > Delete from AWS
    • AWS > WAF > Rule Group v2 Global > Set Tags
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Active control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Delete from AWS
    • AWS > WAF > Rule Group v2 Regional > Set Tags
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL > Delete from AWS
    • AWS > WAF > Web ACL > Set Tags
    • AWS > WAF > Web ACL > Skip alarm for Active control
    • AWS > WAF > Web ACL > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL > Skip alarm for Approved control
    • AWS > WAF > Web ACL > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL > Skip alarm for Tags control
    • AWS > WAF > Web ACL > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL v2 Global > Delete from AWS
    • AWS > WAF > Web ACL v2 Global > Set Tags
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Active control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Delete from AWS
    • AWS > WAF > Web ACL v2 Regional > Set Tags
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > Backup > Backup Plan > Delete from AWS
    • AWS > Backup > Backup Plan > Set Tags
    • AWS > Backup > Backup Plan > Skip alarm for Active control
    • AWS > Backup > Backup Plan > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Plan > Skip alarm for Tags control
    • AWS > Backup > Backup Plan > Skip alarm for Tags control [90 days]
    • AWS > Backup > Backup Selection > Delete from AWS
    • AWS > Backup > Backup Selection > Skip alarm for Active control
    • AWS > Backup > Backup Selection > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Vault > Delete from AWS
    • AWS > Backup > Backup Vault > Set Tags
    • AWS > Backup > Backup Vault > Skip alarm for Active control
    • AWS > Backup > Backup Vault > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Vault > Skip alarm for Tags control
    • AWS > Backup > Backup Vault > Skip alarm for Tags control [90 days]
    • AWS > Backup > Recovery Point > Delete from AWS
    • AWS > Backup > Recovery Point > Set Tags
    • AWS > Backup > Recovery Point > Skip alarm for Active control
    • AWS > Backup > Recovery Point > Skip alarm for Active control [90 days]
    • AWS > Backup > Recovery Point > Skip alarm for Tags control
    • AWS > Backup > Recovery Point > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for ap-south-1, af-south-1, cn-north-1 and us-gov-east-1 regions in the AWS > WorkSpaces > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > WorkSpaces > WorkSpace > Approved > Custom
  • Action Types:

    • AWS > WorkSpaces > WorkSpace > Delete from AWS
    • AWS > WorkSpaces > WorkSpace > Set Tags
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Active control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Active control [90 days]
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control [90 days]
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for cn-north-1, cn-northwest-1, us-gov-east-1 and us-gov-west-1 regions in the AWS > MQ > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Amazon MQ > Broker > Approved > Custom
  • Action Types:

    • AWS > Amazon MQ > Broker > Delete from AWS
    • AWS > Amazon MQ > Broker > Set Tags
    • AWS > Amazon MQ > Broker > Skip alarm for Active control
    • AWS > Amazon MQ > Broker > Skip alarm for Active control [90 days]
    • AWS > Amazon MQ > Broker > Skip alarm for Approved control
    • AWS > Amazon MQ > Broker > Skip alarm for Approved control [90 days]
    • AWS > Amazon MQ > Broker > Skip alarm for Tags control
    • AWS > Amazon MQ > Broker > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Logs > Log Group > Delete from AWS
    • AWS > Logs > Log Group > Set Tags
    • AWS > Logs > Log Group > Skip alarm for Active control
    • AWS > Logs > Log Group > Skip alarm for Active control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Approved control
    • AWS > Logs > Log Group > Skip alarm for Approved control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Encryption at Rest control
    • AWS > Logs > Log Group > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Tags control
    • AWS > Logs > Log Group > Skip alarm for Tags control [90 days]
    • AWS > Logs > Log Stream > Delete from AWS
    • AWS > Logs > Log Stream > Skip alarm for Active control
    • AWS > Logs > Log Stream > Skip alarm for Active control [90 days]
    • AWS > Logs > Log Stream > Skip alarm for Approved control
    • AWS > Logs > Log Stream > Skip alarm for Approved control [90 days]
    • AWS > Logs > Metric Filter > Delete from AWS
    • AWS > Logs > Metric Filter > Skip alarm for Active control
    • AWS > Logs > Metric Filter > Skip alarm for Active control [90 days]
    • AWS > Logs > Metric Filter > Skip alarm for Approved control
    • AWS > Logs > Metric Filter > Skip alarm for Approved control [90 days]
    • AWS > Logs > Resource Policy > Delete from AWS
    • AWS > Logs > Resource Policy > Skip alarm for Active control
    • AWS > Logs > Resource Policy > Skip alarm for Active control [90 days]
    • AWS > Logs > Resource Policy > Skip alarm for Approved control
    • AWS > Logs > Resource Policy > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for cn-north-1, cn-northwest-1, us-gov-east-1 and us-gov-west-1 regions in the AWS > FSx > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > FSx > Backup > Approved > Custom
    • AWS > FSx > File System > Approved > Custom
  • Action Types:

    • AWS > FSx > Backup > Delete from AWS
    • AWS > FSx > Backup > Set Tags
    • AWS > FSx > Backup > Skip alarm for Active control
    • AWS > FSx > Backup > Skip alarm for Active control [90 days]
    • AWS > FSx > Backup > Skip alarm for Approved control
    • AWS > FSx > Backup > Skip alarm for Approved control [90 days]
    • AWS > FSx > Backup > Skip alarm for Tags control
    • AWS > FSx > Backup > Skip alarm for Tags control [90 days]
    • AWS > FSx > File System > Delete from AWS
    • AWS > FSx > File System > Set Tags
    • AWS > FSx > File System > Skip alarm for Active control
    • AWS > FSx > File System > Skip alarm for Active control [90 days]
    • AWS > FSx > File System > Skip alarm for Approved control
    • AWS > FSx > File System > Skip alarm for Approved control [90 days]
    • AWS > FSx > File System > Skip alarm for Tags control
    • AWS > FSx > File System > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > CloudWatch > Alarm > Delete from AWS
    • AWS > CloudWatch > Alarm > Set Tags
    • AWS > CloudWatch > Alarm > Skip alarm for Active control
    • AWS > CloudWatch > Alarm > Skip alarm for Active control [90 days]
    • AWS > CloudWatch > Alarm > Skip alarm for Approved control
    • AWS > CloudWatch > Alarm > Skip alarm for Approved control [90 days]
    • AWS > CloudWatch > Alarm > Skip alarm for Tags control
    • AWS > CloudWatch > Alarm > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for ca-central-1, eu-west-2, sa-east-1, us-east-2 and us-gov-east-1 regions in the AWS > AppStream > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > AppStream > Fleet > Approved > Custom
    • AWS > AppStream > Image > Approved > Custom
    • AWS > AppStream > Image Builder > Approved > Custom
    • AWS > AppStream > User > Approved > Custom
  • Action Types:

    • AWS > AppStream > Fleet > Delete from AWS
    • AWS > AppStream > Fleet > Set Tags
    • AWS > AppStream > Fleet > Skip alarm for Active control
    • AWS > AppStream > Fleet > Skip alarm for Active control [90 days]
    • AWS > AppStream > Fleet > Skip alarm for Approved control
    • AWS > AppStream > Fleet > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Fleet > Skip alarm for Tags control
    • AWS > AppStream > Fleet > Skip alarm for Tags control [90 days]
    • AWS > AppStream > Image > Delete from AWS
    • AWS > AppStream > Image > Set Tags
    • AWS > AppStream > Image > Skip alarm for Active control
    • AWS > AppStream > Image > Skip alarm for Active control [90 days]
    • AWS > AppStream > Image > Skip alarm for Approved control
    • AWS > AppStream > Image > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Image > Skip alarm for Tags control
    • AWS > AppStream > Image > Skip alarm for Tags control [90 days]
    • AWS > AppStream > Image Builder > Delete from AWS
    • AWS > AppStream > Image Builder > Set Tags
    • AWS > AppStream > Image Builder > Skip alarm for Active control
    • AWS > AppStream > Image Builder > Skip alarm for Active control [90 days]
    • AWS > AppStream > Image Builder > Skip alarm for Approved control
    • AWS > AppStream > Image Builder > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Image Builder > Skip alarm for Tags control
    • AWS > AppStream > Image Builder > Skip alarm for Tags control [90 days]
    • AWS > AppStream > User > Delete from AWS
    • AWS > AppStream > User > Skip alarm for Active control
    • AWS > AppStream > User > Skip alarm for Active control [90 days]
    • AWS > AppStream > User > Skip alarm for Approved control
    • AWS > AppStream > User > Skip alarm for Approved control [90 days]

What's new?

  • Server:
    • Updated: Downgrade passport-saml Node package to 1.3.5.

Bug fixes

  • The AWS > EC2 > Volume > Discovery control would go into an error state because of an unintended GraphQL query bug. This is fixed and the control will now work correctly as expected.

What's new?

  • Updated: Hive manager code to include the new certificate.

What's new?

  • Added: parameter for RDS certificate for commercial cloud.

What's new?

  • Server:

    • Updated: RDS CA Certificate to use the latest bundled certificate.
    • Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4
    • Updated: Steampipe query in developer section now points to the correct table.
  • UI:

    • Added: Option to view Changelogs in the Help dropdown menu.

Bug fixes

  • Server:
    • Fixed: Stack control failed to run when a large number of resources were being managed by a stack control.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > GuardDuty > Detector > Delete from AWS
    • AWS > GuardDuty > Detector > Set Tags
    • AWS > GuardDuty > Detector > Skip alarm for Active control
    • AWS > GuardDuty > Detector > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > Detector > Skip alarm for Approved control
    • AWS > GuardDuty > Detector > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > Detector > Skip alarm for Tags control
    • AWS > GuardDuty > Detector > Skip alarm for Tags control [90 days]
    • AWS > GuardDuty > IPSet > Delete from AWS
    • AWS > GuardDuty > IPSet > Set Tags
    • AWS > GuardDuty > IPSet > Skip alarm for Active control
    • AWS > GuardDuty > IPSet > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > IPSet > Skip alarm for Approved control
    • AWS > GuardDuty > IPSet > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > IPSet > Skip alarm for Tags control
    • AWS > GuardDuty > IPSet > Skip alarm for Tags control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Delete from AWS
    • AWS > GuardDuty > ThreatIntelSet > Set Tags
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > EMR > Cluster > Delete from AWS
    • AWS > EMR > Cluster > Set Tags
    • AWS > EMR > Cluster > Skip alarm for Active control
    • AWS > EMR > Cluster > Skip alarm for Active control [90 days]
    • AWS > EMR > Cluster > Skip alarm for Approved control
    • AWS > EMR > Cluster > Skip alarm for Approved control [90 days]
    • AWS > EMR > Cluster > Skip alarm for Tags control
    • AWS > EMR > Cluster > Skip alarm for Tags control [90 days]
    • AWS > EMR > Security Configuration > Delete from AWS
    • AWS > EMR > Security Configuration > Skip alarm for Active control
    • AWS > EMR > Security Configuration > Skip alarm for Active control [90 days]
    • AWS > EMR > Security Configuration > Skip alarm for Approved control
    • AWS > EMR > Security Configuration > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > ECS > Cluster > Delete from AWS
    • AWS > ECS > Cluster > Set Tags
    • AWS > ECS > Cluster > Skip alarm for Active control
    • AWS > ECS > Cluster > Skip alarm for Active control [90 days]
    • AWS > ECS > Cluster > Skip alarm for Approved control
    • AWS > ECS > Cluster > Skip alarm for Approved control [90 days]
    • AWS > ECS > Cluster > Skip alarm for Tags control
    • AWS > ECS > Cluster > Skip alarm for Tags control [90 days]
    • AWS > ECS > Container Instance > Delete from AWS
    • AWS > ECS > Container Instance > Skip alarm for Active control
    • AWS > ECS > Container Instance > Skip alarm for Active control [90 days]
    • AWS > ECS > Container Instance > Skip alarm for Approved control
    • AWS > ECS > Container Instance > Skip alarm for Approved control [90 days]
    • AWS > ECS > Service > Delete from AWS
    • AWS > ECS > Service > Set Tags
    • AWS > ECS > Service > Skip alarm for Active control
    • AWS > ECS > Service > Skip alarm for Active control [90 days]
    • AWS > ECS > Service > Skip alarm for Approved control
    • AWS > ECS > Service > Skip alarm for Approved control [90 days]
    • AWS > ECS > Service > Skip alarm for Tags control
    • AWS > ECS > Service > Skip alarm for Tags control [90 days]
    • AWS > ECS > Task Definition > Delete from AWS
    • AWS > ECS > Task Definition > Set Tags
    • AWS > ECS > Task Definition > Skip alarm for Active control
    • AWS > ECS > Task Definition > Skip alarm for Active control [90 days]
    • AWS > ECS > Task Definition > Skip alarm for Approved control
    • AWS > ECS > Task Definition > Skip alarm for Approved control [90 days]
    • AWS > ECS > Task Definition > Skip alarm for Tags control
    • AWS > ECS > Task Definition > Skip alarm for Tags control [90 days]

What's new?

  • You can now configure Block Public Access for AMIs. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for AMIs policy to Enforce: Enable Block Public Access for AMIs.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • AWS > EC2 > Account Attributes > Block Public Access for AMIs
  • Policy Types:

    • AWS > EC2 > Account Attributes > Block Public Access for AMIs
  • Action Types:

    • AWS > EC2 > Account Attributes > Update Block Public Access for AMIs

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > DMS > Endpoint > Approved > Custom
    • AWS > DMS > Replication Instance > Approved > Custom
  • Action Types:

    • AWS > DMS > Endpoint > Delete from AWS
    • AWS > DMS > Endpoint > Set Tags
    • AWS > DMS > Endpoint > Skip alarm for Active control
    • AWS > DMS > Endpoint > Skip alarm for Active control [90 days]
    • AWS > DMS > Endpoint > Skip alarm for Approved control
    • AWS > DMS > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > DMS > Endpoint > Skip alarm for Tags control
    • AWS > DMS > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > DMS > Replication Instance > Delete from AWS
    • AWS > DMS > Replication Instance > Set Tags
    • AWS > DMS > Replication Instance > Skip alarm for Active control
    • AWS > DMS > Replication Instance > Skip alarm for Active control [90 days]
    • AWS > DMS > Replication Instance > Skip alarm for Approved control
    • AWS > DMS > Replication Instance > Skip alarm for Approved control [90 days]
    • AWS > DMS > Replication Instance > Skip alarm for Tags control
    • AWS > DMS > Replication Instance > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > SES > Identity > Delete from AWS
    • AWS > SES > Identity > Skip alarm for Active control
    • AWS > SES > Identity > Skip alarm for Active control [90 days]
    • AWS > SES > Identity > Skip alarm for Approved control
    • AWS > SES > Identity > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Security Hub > Hub > Approved > Custom
  • Action Types:

    • AWS > Security Hub > Hub > Delete from AWS
    • AWS > Security Hub > Hub > Set Tags
    • AWS > Security Hub > Hub > Skip alarm for Approved control
    • AWS > Security Hub > Hub > Skip alarm for Approved control [90 days]
    • AWS > Security Hub > Hub > Skip alarm for Tags control
    • AWS > Security Hub > Hub > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Kinesis > Consumer > Delete from AWS
    • AWS > Kinesis > Consumer > Skip alarm for Active control
    • AWS > Kinesis > Consumer > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Consumer > Skip alarm for Approved control
    • AWS > Kinesis > Consumer > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Stream > Delete from AWS
    • AWS > Kinesis > Stream > Set Tags
    • AWS > Kinesis > Stream > Skip alarm for Active control
    • AWS > Kinesis > Stream > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Approved control
    • AWS > Kinesis > Stream > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control
    • AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Tags control
    • AWS > Kinesis > Stream > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > DynamoDB > Backup > Delete from AWS
    • AWS > DynamoDB > Backup > Skip alarm for Active control
    • AWS > DynamoDB > Backup > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Backup > Skip alarm for Approved control
    • AWS > DynamoDB > Backup > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Global Table > Delete from AWS
    • AWS > DynamoDB > Global Table > Skip alarm for Active control
    • AWS > DynamoDB > Global Table > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Global Table > Skip alarm for Approved control
    • AWS > DynamoDB > Global Table > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Table > Delete from AWS
    • AWS > DynamoDB > Table > Set Tags
    • AWS > DynamoDB > Table > Skip alarm for Active control
    • AWS > DynamoDB > Table > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Approved control
    • AWS > DynamoDB > Table > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control
    • AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Tags control
    • AWS > DynamoDB > Table > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Step Functions > State Machine > Approved > Custom
  • Action Types:

    • AWS > Step Functions > State Machine > Delete from AWS
    • AWS > Step Functions > State Machine > Set Tags
    • AWS > Step Functions > State Machine > Skip alarm for Active control
    • AWS > Step Functions > State Machine > Skip alarm for Active control [90 days]
    • AWS > Step Functions > State Machine > Skip alarm for Approved control
    • AWS > Step Functions > State Machine > Skip alarm for Approved control [90 days]
    • AWS > Step Functions > State Machine > Skip alarm for Tags control
    • AWS > Step Functions > State Machine > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Shield > Protection > Approved > Custom
  • Action Types:

    • AWS > Shield > Protection > Delete from AWS
    • AWS > Shield > Protection > Skip alarm for Active control
    • AWS > Shield > Protection > Skip alarm for Active control [90 days]
    • AWS > Shield > Protection > Skip alarm for Approved control
    • AWS > Shield > Protection > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Directory Service > Directory > Approved > Custom
  • Action Types:

    • AWS > Directory Service > Directory > Delete from AWS
    • AWS > Directory Service > Directory > Skip alarm for Active control
    • AWS > Directory Service > Directory > Skip alarm for Active control [90 days]
    • AWS > Directory Service > Directory > Skip alarm for Approved control
    • AWS > Directory Service > Directory > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > CodeBuild > Build > Delete from AWS
    • AWS > CodeBuild > Build > Skip alarm for Active control
    • AWS > CodeBuild > Build > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Build > Skip alarm for Approved control
    • AWS > CodeBuild > Build > Skip alarm for Approved control [90 days]
    • AWS > CodeBuild > Project > Delete from AWS
    • AWS > CodeBuild > Project > Set Tags
    • AWS > CodeBuild > Project > Skip alarm for Active control
    • AWS > CodeBuild > Project > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Project > Skip alarm for Approved control
    • AWS > CodeBuild > Project > Skip alarm for Approved control [90 days]
    • AWS > CodeBuild > Project > Skip alarm for Tags control
    • AWS > CodeBuild > Project > Skip alarm for Tags control [90 days]
    • AWS > CodeBuild > Source Credential > Delete from AWS
    • AWS > CodeBuild > Source Credential > Skip alarm for Active control
    • AWS > CodeBuild > Source Credential > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Source Credential > Skip alarm for Approved control
    • AWS > CodeBuild > Source Credential > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CloudFormation > Stack > Approved > Custom
    • AWS > CloudFormation > StackSet > Approved > Custom
  • Action Types:

    • AWS > CloudFormation > Stack > Delete from AWS
    • AWS > CloudFormation > Stack > Set Tags
    • AWS > CloudFormation > Stack > Skip alarm for Active control
    • AWS > CloudFormation > Stack > Skip alarm for Active control [90 days]
    • AWS > CloudFormation > Stack > Skip alarm for Approved control
    • AWS > CloudFormation > Stack > Skip alarm for Approved control [90 days]
    • AWS > CloudFormation > Stack > Skip alarm for Tags control
    • AWS > CloudFormation > Stack > Skip alarm for Tags control [90 days]
    • AWS > CloudFormation > StackSet > Delete from AWS
    • AWS > CloudFormation > StackSet > Set Tags
    • AWS > CloudFormation > StackSet > Skip alarm for Active control
    • AWS > CloudFormation > StackSet > Skip alarm for Active control [90 days]
    • AWS > CloudFormation > StackSet > Skip alarm for Approved control
    • AWS > CloudFormation > StackSet > Skip alarm for Approved control [90 days]
    • AWS > CloudFormation > StackSet > Skip alarm for Tags control
    • AWS > CloudFormation > StackSet > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Athena > NamedQuery > Approved > Custom
    • AWS > Athena > Workgroup > Approved > Custom
  • Action Types:

    • AWS > Athena > NamedQuery > Delete from AWS
    • AWS > Athena > NamedQuery > Set Tags
    • AWS > Athena > NamedQuery > Skip alarm for Active control
    • AWS > Athena > NamedQuery > Skip alarm for Active control [90 days]
    • AWS > Athena > NamedQuery > Skip alarm for Approved control
    • AWS > Athena > NamedQuery > Skip alarm for Approved control [90 days]
    • AWS > Athena > NamedQuery > Skip alarm for Tags control
    • AWS > Athena > NamedQuery > Skip alarm for Tags control [90 days]
    • AWS > Athena > Workgroup > Delete from AWS
    • AWS > Athena > Workgroup > Set Tags
    • AWS > Athena > Workgroup > Skip alarm for Active control
    • AWS > Athena > Workgroup > Skip alarm for Active control [90 days]
    • AWS > Athena > Workgroup > Skip alarm for Approved control
    • AWS > Athena > Workgroup > Skip alarm for Approved control [90 days]
    • AWS > Athena > Workgroup > Skip alarm for Tags control
    • AWS > Athena > Workgroup > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > CloudSearch > Domain > Skip alarm for Active control
    • AWS > CloudSearch > Domain > Skip alarm for Active control [90 days]
    • AWS > CloudSearch > Domain > Skip alarm for Approved control
    • AWS > CloudSearch > Domain > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CloudFront > CloudFront Origin Access Identity > Approved > Custom
    • AWS > CloudFront > Distribution > Approved > Custom
    • AWS > CloudFront > Streaming Distribution > Approved > Custom
  • Action Types:

    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control [90 days]
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Distribution > Set Tags
    • AWS > CloudFront > Distribution > Skip alarm for Active control
    • AWS > CloudFront > Distribution > Skip alarm for Active control [90 days]
    • AWS > CloudFront > Distribution > Skip alarm for Approved control
    • AWS > CloudFront > Distribution > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Distribution > Skip alarm for Tags control
    • AWS > CloudFront > Distribution > Skip alarm for Tags control [90 days]
    • AWS > CloudFront > Streaming Distribution > Set Tags
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Active control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Active control [90 days]
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > API Gateway > API > Delete from AWS
    • AWS > API Gateway > API > Set Tags
    • AWS > API Gateway > API > Skip alarm for Active control
    • AWS > API Gateway > API > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API > Skip alarm for Approved control
    • AWS > API Gateway > API > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API > Skip alarm for Tags control
    • AWS > API Gateway > API > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > API Key > Delete from AWS
    • AWS > API Gateway > API Key > Set Tags
    • AWS > API Gateway > API Key > Skip alarm for Active control
    • AWS > API Gateway > API Key > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API Key > Skip alarm for Approved control
    • AWS > API Gateway > API Key > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API Key > Skip alarm for Tags control
    • AWS > API Gateway > API Key > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > API V2 > Delete from AWS
    • AWS > API Gateway > API V2 > Set Tags
    • AWS > API Gateway > API V2 > Skip alarm for Active control
    • AWS > API Gateway > API V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API V2 > Skip alarm for Approved control
    • AWS > API Gateway > API V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API V2 > Skip alarm for Tags control
    • AWS > API Gateway > API V2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Authorizer > Delete from AWS
    • AWS > API Gateway > Authorizer > Skip alarm for Active control
    • AWS > API Gateway > Authorizer > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Authorizer > Skip alarm for Approved control
    • AWS > API Gateway > Authorizer > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Authorizer V2 > Delete from AWS
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Active control
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Domain Name V2 > Delete from AWS
    • AWS > API Gateway > Domain Name V2 > Set Tags
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Active control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Integration V2 > Delete from AWS
    • AWS > API Gateway > Integration V2 > Skip alarm for Active control
    • AWS > API Gateway > Integration V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Integration V2 > Skip alarm for Approved control
    • AWS > API Gateway > Integration V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Resource > Delete from AWS
    • AWS > API Gateway > Resource > Skip alarm for Active control
    • AWS > API Gateway > Resource > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Resource > Skip alarm for Approved control
    • AWS > API Gateway > Resource > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage > Delete from AWS
    • AWS > API Gateway > Stage > Set Tags
    • AWS > API Gateway > Stage > Skip alarm for Active control
    • AWS > API Gateway > Stage > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Stage > Skip alarm for Approved control
    • AWS > API Gateway > Stage > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage > Skip alarm for Tags control
    • AWS > API Gateway > Stage > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Stage v2 > Delete from AWS
    • AWS > API Gateway > Stage v2 > Set Tags
    • AWS > API Gateway > Stage v2 > Skip alarm for Active control
    • AWS > API Gateway > Stage v2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Stage v2 > Skip alarm for Approved control
    • AWS > API Gateway > Stage v2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage v2 > Skip alarm for Tags control
    • AWS > API Gateway > Stage v2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Usage Plan > Delete from AWS
    • AWS > API Gateway > Usage Plan > Set Tags
    • AWS > API Gateway > Usage Plan > Skip alarm for Active control
    • AWS > API Gateway > Usage Plan > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Usage Plan > Skip alarm for Approved control
    • AWS > API Gateway > Usage Plan > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Usage Plan > Skip alarm for Tags control
    • AWS > API Gateway > Usage Plan > Skip alarm for Tags control [90 days]

What's new?

  • AWS/Amplify/Admin and AWS/Amplify/Metadata now also include permissions for Deployment, WebHook and Artifacts.

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Amplify > App > Approved > Custom
  • Action Types:

    • AWS > Amplify > App > Delete from AWS
    • AWS > Amplify > App > Set Tags
    • AWS > Amplify > App > Skip alarm for Active control
    • AWS > Amplify > App > Skip alarm for Active control [90 days]
    • AWS > Amplify > App > Skip alarm for Approved control
    • AWS > Amplify > App > Skip alarm for Approved control [90 days]
    • AWS > Amplify > App > Skip alarm for Tags control
    • AWS > Amplify > App > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > ACM > Certificate > Approved > Custom
  • Action Types:

    • AWS > ACM > Certificate > Delete from AWS
    • AWS > ACM > Certificate > Set Tags
    • AWS > ACM > Certificate > Skip alarm for Active control
    • AWS > ACM > Certificate > Skip alarm for Active control [90 days]
    • AWS > ACM > Certificate > Skip alarm for Approved control
    • AWS > ACM > Certificate > Skip alarm for Approved control [90 days]
    • AWS > ACM > Certificate > Skip alarm for Tags control
    • AWS > ACM > Certificate > Skip alarm for Tags control [90 days]

What's new?

  • Added: t4g, m7g, m6gd, r7g, r6gd, c6g and c6gd to instance type parameter for RDS.
  • Added: new hive parameter group for Postgres 14 and 15.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Resource Types:

    • AWS > Route 53 > Record
  • Control Types:

    • AWS > Route 53 > Record > Active
    • AWS > Route 53 > Record > Approved
    • AWS > Route 53 > Record > CMDB
    • AWS > Route 53 > Record > Discovery
  • Policy Types:

    • AWS > Route 53 > Record > Active
    • AWS > Route 53 > Record > Active > Age
    • AWS > Route 53 > Record > Active > Budget
    • AWS > Route 53 > Record > Active > Last Modified
    • AWS > Route 53 > Record > Approved
    • AWS > Route 53 > Record > Approved > Budget
    • AWS > Route 53 > Record > Approved > Custom
    • AWS > Route 53 > Record > Approved > Usage
    • AWS > Route 53 > Record > CMDB
  • Action Types:

    • AWS > Route 53 > Record > Delete
    • AWS > Route 53 > Record > Delete from AWS
    • AWS > Route 53 > Record > Router
    • AWS > Route 53 > Record > Skip alarm for Active control
    • AWS > Route 53 > Record > Skip alarm for Active control [90 days]
    • AWS > Route 53 > Record > Skip alarm for Approved control
    • AWS > Route 53 > Record > Skip alarm for Approved control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • AWS > Organizations > Organization Root > Active
    • AWS > Organizations > Organization Root > Approved
    • AWS > Organizations > Organizational Account > Active
    • AWS > Organizations > Organizational Account > Approved
  • Policy Types:

    • AWS > Organizations > Organization Root > Active
    • AWS > Organizations > Organization Root > Active > Age
    • AWS > Organizations > Organization Root > Active > Last Modified
    • AWS > Organizations > Organization Root > Approved
    • AWS > Organizations > Organization Root > Approved > Custom
    • AWS > Organizations > Organization Root > Approved > Usage
    • AWS > Organizations > Organizational Account > Active
    • AWS > Organizations > Organizational Account > Active > Age
    • AWS > Organizations > Organizational Account > Active > Last Modified
    • AWS > Organizations > Organizational Account > Approved
    • AWS > Organizations > Organizational Account > Approved > Custom
    • AWS > Organizations > Organizational Account > Approved > Usage
  • Action Types:

    • AWS > Organizations > Organization Root > Skip alarm for Active control
    • AWS > Organizations > Organization Root > Skip alarm for Active control [90 days]
    • AWS > Organizations > Organization Root > Skip alarm for Approved control
    • AWS > Organizations > Organization Root > Skip alarm for Approved control [90 days]
    • AWS > Organizations > Organizational Account > Skip alarm for Active control
    • AWS > Organizations > Organizational Account > Skip alarm for Active control [90 days]
    • AWS > Organizations > Organizational Account > Skip alarm for Approved control
    • AWS > Organizations > Organizational Account > Skip alarm for Approved control [90 days]

What's new?

  • AWS/MSK/Admin, AWS/MSK/Metadata and AWS/MSK/Operator now also include permissions for Cluster V2, Scram Secrets and Kafka VPC Connections.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

  • Policy Types:

    • AWS > MSK > Cluster > Approved > Custom
    • AWS > MSK > Cluster > Approved > Instance Types
  • Action Types:

    • AWS > MSK > Cluster > Delete from AWS
    • AWS > MSK > Cluster > Set Tags
    • AWS > MSK > Cluster > Skip alarm for Active control
    • AWS > MSK > Cluster > Skip alarm for Active control [90 days]
    • AWS > MSK > Cluster > Skip alarm for Approved control
    • AWS > MSK > Cluster > Skip alarm for Approved control [90 days]
    • AWS > MSK > Cluster > Skip alarm for Tags control
    • AWS > MSK > Cluster > Skip alarm for Tags control [90 days]

Bug fixes

  • Guardrails would sometimes fail to upsert clusters correctly in CMDB. This is now fixed.

What's new?

  • Control Types:

    • AWS > ElastiCache > Replication Group > Backup
  • Policy Types:

    • AWS > ElastiCache > Replication Group > Backup
    • AWS > ElastiCache > Replication Group > Backup > Retention Period
    • AWS > ElastiCache > Replication Group > Backup > Window
  • Action Types:

    • AWS > ElastiCache > Cache Cluster > Skip alarm for approved control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Replication Group > Skip alarm for approved control
    • AWS > ElastiCache > Replication Group > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Replication Group > Update Backup
    • AWS > ElastiCache > Snapshot > Skip alarm for approved control
    • AWS > ElastiCache > Snapshot > Skip alarm for approved control [90 days]

What's new?

  • Added support for Global Event Handlers. This release contains new Guardrails policies and controls to support deployment of Global Event Handlers for AWS.

  • Control Types:

    • AWS > Turbot > Event Handlers [Global]
  • Policy Types:

    • AWS > Turbot > Event Handlers [Global]
    • AWS > Turbot > Event Handlers [Global] > Events
    • AWS > Turbot > Event Handlers [Global] > Events > Rules
    • AWS > Turbot > Event Handlers [Global] > Events > Rules > Name Prefix
    • AWS > Turbot > Event Handlers [Global] > Events > Rules > Tags
    • AWS > Turbot > Event Handlers [Global] > Events > Target
    • AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN
    • AWS > Turbot > Event Handlers [Global] > Primary Region
    • AWS > Turbot > Event Handlers [Global] > SNS
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Customer Managed Key
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Name Prefix
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Tags
    • AWS > Turbot > Event Handlers [Global] > Source
    • AWS > Turbot > Event Handlers [Global] > Terraform Version
    • AWS > Turbot > Service Roles > Event Handlers [Global]
    • AWS > Turbot > Service Roles > Event Handlers [Global] > Name

What's new?

  • AWS/RDS/Admin, AWS/RDS/Metadata and AWS/RDS/Operator now include permissions for Performance Insights.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Added support for new multi-regions NAM8, NAM9, NAM10, NAM11, NAM12, NAM13, NAM14, NAM15, NAM-EUR-ASIA1, NAM-EUR-ASIA3, IN, EUR5, EUR6, EUROPE and EMEA in the GCP > Project > Regions policy.

  • Policy Types Removed:

    • GCP > Project > Multi-Regions [Deprecated]

Bug fixes

  • The AWS > VPC > Security Group > CMDB control would sometimes go into an error state if the TE version installed on the workspace was 5.42.1 or lower. This is fixed and the control will now work as expected.

What's new?

  • Added: m7g instance types for Elasticache.

Bug fixes

  • User group name for hive names with _ in it.
  • Hive manager code to add access grant to public schema for postgres 15.

Requirements

  • TEF: 1.52.0

What's new?

  • Added support for new europe-west10 region in the GCP > Project > Regions policy.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Added support for new asia-northeast3, asia-south2, asia-southeast2, australia-southeast2, europe-central2, europe-southwest1, europe-west10, europe-west12, europe-west8, europe-west9, me-central1, me-west1, northamerica-northeast2, southamerica-west1, us-east5, us-south1, us-west3 and us-west4 regions in the GCP > Compute Engine > Regions policy.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

Bug fixes

  • The real-time Event Handlers would sometimes fail to upsert data disks attached to instances in Guardrails CMDB. This is now fixed.

Bug fixes

  • Guardrails stack controls would fail to claim any existing Security Group if the Security Group was available in Guardrails CMDB and the stack's Source policy included the Terraform plan for the Security Group. This is fixed and stack control will now be able to claim existing Security Groups correctly. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.
  • Guardrails stack controls would sometimes fail to update Security Groups and Security Group Rules if the Terraform plan in the stack's source policy included changes to attributes which force replaced the resource. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.

What's new?

  • Policy Types:
    • AWS > EC2 > Instance > Schedule Tag > Name

Bug fixes

  • After starting/stopping an instance successfully, the AWS > EC2 > Instance > Schedule control would try and perform the same start/stop action again if the state of the instance was changed outside of the control within 1 hour of the successful start/stop run. This is fixed and the control will now not trigger a start/stop action again for a minimum of 1 hour of the previous successful run.

What's new?

  • Updated: Hive manager code to include access grant for public schema for postgres 15.

What's new?

  • Server:
    • Updated: Now supports creating multiple AKAs starting with arn, azure, and gcp via APIs.
    • Updated: Add mod version check for workspace upgrade.

Bug fixes

  • Server:
    • Fixed: Ensure successful workspace creation on fresh PostgreSQL 15 installations.
    • Fixed: The stack should claim the Security Group (SG) or Security Group Rule (SGR) if the resource already exists.
    • Removed: vm2 node package.

What's new?

  • Resource Types:

    • Azure > Network > Express Route Circuits
  • Control Types:

    • Azure > Network > Express Route Circuits > Active
    • Azure > Network > Express Route Circuits > Approved
    • Azure > Network > Express Route Circuits > CMDB
    • Azure > Network > Express Route Circuits > Discovery
    • Azure > Network > Express Route Circuits > Tags
  • Policy Types:

    • Azure > Network > Express Route Circuits > Active
    • Azure > Network > Express Route Circuits > Active > Age
    • Azure > Network > Express Route Circuits > Active > Last Modified
    • Azure > Network > Express Route Circuits > Approved
    • Azure > Network > Express Route Circuits > Approved > Custom
    • Azure > Network > Express Route Circuits > Approved > Regions
    • Azure > Network > Express Route Circuits > Approved > Usage
    • Azure > Network > Express Route Circuits > CMDB
    • Azure > Network > Express Route Circuits > Regions
    • Azure > Network > Express Route Circuits > Tags
    • Azure > Network > Express Route Circuits > Tags > Template
  • Action Types:

    • Azure > Network > Express Route Circuits > Delete
    • Azure > Network > Express Route Circuits > Router
    • Azure > Network > Express Route Circuits > Set Tags

What's new?

Users can now delete Login Profiles for IAM Users.

  • Control Types:

    • AWS > IAM > User > Login Profile
  • Policy Types:

    • AWS > IAM > User > Login Profile
  • Action Types:

    • AWS > IAM > User > Delete Login Profile

What's new?

  • Resource Types:

    • Azure > Network > Private DNS Zones
    • Azure > Network > Private Endpoints
  • Control Types:

    • Azure > Network > Private DNS Zones > Active
    • Azure > Network > Private DNS Zones > Approved
    • Azure > Network > Private DNS Zones > CMDB
    • Azure > Network > Private DNS Zones > Discovery
    • Azure > Network > Private DNS Zones > Tags
    • Azure > Network > Private Endpoints > Active
    • Azure > Network > Private Endpoints > Approved
    • Azure > Network > Private Endpoints > CMDB
    • Azure > Network > Private Endpoints > Discovery
    • Azure > Network > Private Endpoints > Tags
  • Policy Types:

    • Azure > Network > Private DNS Zones > Active
    • Azure > Network > Private DNS Zones > Active > Age
    • Azure > Network > Private DNS Zones > Active > Last Modified
    • Azure > Network > Private DNS Zones > Approved
    • Azure > Network > Private DNS Zones > Approved > Custom
    • Azure > Network > Private DNS Zones > Approved > Usage
    • Azure > Network > Private DNS Zones > CMDB
    • Azure > Network > Private DNS Zones > Tags
    • Azure > Network > Private DNS Zones > Tags > Template
    • Azure > Network > Private Endpoints > Active
    • Azure > Network > Private Endpoints > Active > Age
    • Azure > Network > Private Endpoints > Active > Last Modified
    • Azure > Network > Private Endpoints > Approved
    • Azure > Network > Private Endpoints > Approved > Custom
    • Azure > Network > Private Endpoints > Approved > Regions
    • Azure > Network > Private Endpoints > Approved > Usage
    • Azure > Network > Private Endpoints > CMDB
    • Azure > Network > Private Endpoints > Regions
    • Azure > Network > Private Endpoints > Tags
    • Azure > Network > Private Endpoints > Tags > Template
  • Action Types:

    • Azure > Network > Private DNS Zones > Delete
    • Azure > Network > Private DNS Zones > Router
    • Azure > Network > Private DNS Zones > Set Tags
    • Azure > Network > Private Endpoints > Delete
    • Azure > Network > Private Endpoints > Router
    • Azure > Network > Private Endpoints > Set Tags

Bug fixes

  • A few policy values would sometimes fail to evaluate correctly if the mod was installed on TE v5.42.1. We've fixed this issue and such policy values will now be evaluated correctly.

Bug fixes

  • The AWS > Turbot > Event Handlers now support real-time events for AWS S3 Multi-Region Access Point.

What's new?

  • Resource Types:

    • AWS > S3 > Multi-Region Access Point
  • Control Types:

    • AWS > S3 > Multi-Region Access Point > Active
    • AWS > S3 > Multi-Region Access Point > Approved
    • AWS > S3 > Multi-Region Access Point > CMDB
    • AWS > S3 > Multi-Region Access Point > Discovery
    • AWS > S3 > Multi-Region Access Point > Usage
  • Policy Types:

    • AWS > S3 > Multi-Region Access Point > Active
    • AWS > S3 > Multi-Region Access Point > Active > Age
    • AWS > S3 > Multi-Region Access Point > Active > Budget
    • AWS > S3 > Multi-Region Access Point > Active > Last Modified
    • AWS > S3 > Multi-Region Access Point > Approved
    • AWS > S3 > Multi-Region Access Point > Approved > Budget
    • AWS > S3 > Multi-Region Access Point > Approved > Custom
    • AWS > S3 > Multi-Region Access Point > Approved > Usage
    • AWS > S3 > Multi-Region Access Point > CMDB
    • AWS > S3 > Multi-Region Access Point > Usage
    • AWS > S3 > Multi-Region Access Point > Usage > Limit
    • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-s3multiregionaccesspoint
  • Action Types:

    • AWS > S3 > Multi-Region Access Point > Delete
    • AWS > S3 > Multi-Region Access Point > Delete from AWS
    • AWS > S3 > Multi-Region Access Point > Router
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Active control
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Active control [90 days]
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control [90 days]

What's new?

  • AWS/S3/Admin and AWS/S3/Metadata now include permissions for Multi-Region Access Point Routes.

What's new?

  • We've updated the runtime for lambda functions in the aws-efs mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • We've updated the runtime for lambda functions in the aws-config mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > Config > Configuration Recorder > Approved > Custom
    • AWS > Config > Delivery Channel > Approved > Custom
    • AWS > Config > Rule > Approved > Custom
  • Action Types

    • AWS > Config > Configuration Recorder > Skip alarm for Active control
    • AWS > Config > Configuration Recorder > Skip alarm for Active control [90 days]
    • AWS > Config > Configuration Recorder > Skip alarm for Approved control
    • AWS > Config > Configuration Recorder > Skip alarm for Approved control [90 days]
    • AWS > Config > Delivery Channel > Skip alarm for Active control
    • AWS > Config > Delivery Channel > Skip alarm for Active control [90 days]
    • AWS > Config > Delivery Channel > Skip alarm for Approved control
    • AWS > Config > Delivery Channel > Skip alarm for Approved control [90 days]
    • AWS > Config > Rule > Skip alarm for Active control
    • AWS > Config > Rule > Skip alarm for Active control [90 days]
    • AWS > Config > Rule > Skip alarm for Approved control
    • AWS > Config > Rule > Skip alarm for Approved control [90 days]

What's new?

  • We've updated the runtime for lambda functions in the aws-cloudtrail mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Resource Types:

    • AWS > Elastic Inference
  • Policy Types:

    • AWS > Elastic Inference > API Enabled
    • AWS > Elastic Inference > Approved Regions [Default]
    • AWS > Elastic Inference > Enabled
    • AWS > Elastic Inference > Permissions
    • AWS > Elastic Inference > Permissions > Levels
    • AWS > Elastic Inference > Permissions > Levels > Modifiers
    • AWS > Elastic Inference > Permissions > Lockdown
    • AWS > Elastic Inference > Permissions > Lockdown > API Boundary
    • AWS > Elastic Inference > Regions
    • AWS > Elastic Inference > Tags Template [Default]
    • AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-elasticinference

What's new?

  • Server:
    • Cloudwatch dashboard query for View AWS External Messages by AWS Account ID and Events to exclude restriction on AWS.
    • Allow sending notifications for same state change.
    • Replaced vm2 with eval for inline and trustedInline execution of policies, controls, and actions.

What's new?

  • GCP/OAuth/Admin and GCP/OAuth/Metadata now also include oauthconfig:* permissions. Click here for more details.

What's new?

  • Added: Parameter for restricting untrusted code upload to Turbot Guardrails.
  • Removed: Alb Waf support.

What's new?

  • Server:
    • Added: worker, sqs queue, sns topic for factory.
    • Updated: Allow upload of mod based on the value of TURBOT_CUSTOM_MOD_UPLOAD.
    • Added: Environment variable for custom mod upload.
    • Removed: Support for ALB WAF.

Bug fixes

  • Server:
    • Stack will not fail to delete and recreate resources.

Requirements

  • TEF: 1.51.0

What's new?

  • Added: Postgres version 11.19, 11.20, 12.14, 12.15, 13.10, 13.11, 14.8, 15.2 and 15.3.

What's new?

  • UI
    • Added: Inactive Users report.

Bug fixes

  • Server:
    • The actor information for attach and detach smart folder.
    • Disable notification feature if Redis is not being used.

What's new?

  • Added: Support for Factory worker.
  • Updated: Descriptions and names to Turbot Guardrails Enterprise Foundation from Turbot Enterprise Foundation.

What's new?

  • Updated: descriptions and names from Turbot Enterprise Database to Turbot Guardrails Enterprise Database.

What's new?

  • Server:

    • Added: Added support for control/action update notifications.
    • Added: Support for interface in control types.
    • Added: Turbot Installation Type environment variable.
    • Added: SES SendEmail permission to Worker Lambda Role.
    • Added: Add notification index to improve performance of notifications.
    • Updated: Improve policy value create/update with a more efficient database design.
    • Updated: Description of TE stack from Turbot Enterprise to Turbot Guardrails Enterprise.
    • Updated: @slack/web-api to 6.8.1. @wry/equality to 0.5.6. anymatch to 3.1.3. archiver to 5.3.1. body-parser to 1.20.2. chai to 4.3.7. chokidar to 3.5.3. classnames to 2.3.2. cli-progress to 3.12.0. copy-to-clipboard to 3.3.3. dataloader to 2.2.2. diff to 5.1.0. express to 4.18.2. generate-password to 1.7.0. graphql-2-json-schema to 0.10.0. http-status-codes to 2.2.0. lodash-match-pattern to 2.3.1. micromatch to 4.0.5. mockserver-client to 5.15.0. moment-timezone to 0.5.43. nconf to 0.12.0. nodemailer to 6.9.2. nunjucks to 3.2.4. passport to 0.6.0. pg to 8.10.0. performant-array-to-tree to 1.11.0. prismjs to 1.29.0. prompt to 1.3.0. prompts to 2.4.2. recursive-readdir to 2.2.3. redux to 4.2.1. resolve to 1.22.2. semver to 7.5.1. simple-git to 3.18.0. unzipper to 0.10.14. uri-js to 4.4.1. vm2 to 3.9.19 and other dev dependencies. Removed aws-appsync and aws-xray-sdk. ioredis to 5.3.1.
  • UI

    • Updated: Updated new login logo and home page logo.
    • Updated: Turbot directory should be created in guardrails.turbot.com.
    • Updated: Turbot directory SSO login should be redirected to there respective guardrails domain.

Note

IAM change in this release:

  • Updated worker lambda to include SES SendEmail permissions.

What's new?

  • Rebrand to Turbot Guardrails CLI. We recommend using the new guardrails registries guardrails.turbot.com, guardrails.turbot-stg.com or guardrails.turbot-dev.com to publish a guardrails mod. To maintain compatibility, none of the existing commands have changed, your existing configuration and commands will continue to work as before.

v1.10.0 of the Terraform Provider for Guardrails is now available.

Documentation

Rebrand to Turbot Guardrails provider. Resource and data source names in this provider have not changed to maintain compatibility. Existing templates will continue to work as-is without need to change anything.

What's new?

  • Fixed: Resource details are now correctly included when doing a csv download of the Resources Deleted by Turbot report.

Requires

Container Info

What's new?

  • Added: Tagging details now included in CSV download for GCP Compute Engine VM Instances, Azure Compute Virtual Machines, Azure Compute Disks and EBS Volumes report.
  • Added: New filters for Turbot Files and Smart Folders in the resource browser.
  • Updated: Editing a Turbot File via the UI no longer requires the resource AKA to be specified.
  • Fixed: Resource deletion will no longer trigger an increase the count of active controls.

Requires

  • TEF v1.49.0

Container Info

What's new?

  • Added: Quick actions are now available for users that only have permission at the account level.
  • Fixed: The resource import page will now function correctly if the AWS mod is not installed.
  • Fixed: Resource deletion will no longer trigger an increase the count of active controls.

Requires

  • TEF v1.49.0

Container Info

What's new?

  • Added: Postgres version 14.6 and 14.7.

What's new?

  • Added: Ability to specify AKA when creating Turbot File.
  • Updated: Turbot explorer search will show results for Smart Folders and Turbot Files.
  • Fixed: Terraform stack control should not end in error if the data size for command is too large.
  • Fixed: Turbot actions will now be visible for users with grants at the cloud account level.

Enterprise

  • Updated: Added debug statements for createGrant mutations.

Requires

  • TEF v1.49.0

Container Info

Enterprise

  • Changed: Removed long debug statements from stack controls to improve performance of large stacks.
  • Added: Additional logging information emmited while preparing stack container.

Requires

  • TEF v1.49.0

Container Info

What's new?

  • Fixed: Smart retention controls are now a bit smarter.

Enterprise

  • Updated: Resource policy of Events SQS queues now require encryption in transit.
  • Updated: Resource policy of Events SNS topics now require encryption in transit.

Requires

  • TEF v1.49.0

Container Info

  • Ubuntu 22.04, jammy-20230425
  • Alpine: 3.18.0

What's new?

  • Added: debug statement for Smart Retention control.

Requires

  • TEF v1.49.0

Server

What's new?

  • Added support for version v5.10.0 of the Turbot IAM mod.
  • Fixed: Adding grants to group profile now works as expected.

Requires

  • TEF v1.49.0

What's new?

  • Added: New parameter that allows selection of the TLS policy for application load balancers.

What's new?

  • Added: Parameter to manage KMS Key for RDS Performance Insights.

What's new?

  • Updated: Accounts Summary Report now includes resource AKA(s) in the CSV output.
  • Updated: The Turbot auth token cookie SameSite configuration to strict.
  • Updated: The policy setting page to now render HTML content as string.

Enterprise

  • Added: Parameter for TLS Policy for ALB HTTPS Listener.
  • Added: Rate limits to the login directories APIs.

Requires

  • TEF v1.49.0

What's new?

  • Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.

What's new?

  • Added: AWS Lambda Functions report.
  • Updated: Turbot will now use AWS Terraform provider version 3.75.0 when Turbot > Stack Terraform Version [Default] is set to 0.15.*

Bug fixes

  • Fixed: Timestamp display in the console now updates correctly for recently deleted mods.
  • Fixed: When an Action fails due to cloud provider throttling, Turbot will now reschedule the control that triggered the action, those actions should now be more consistently applied under heavy loads.

Note AWS IAM permissions change in this release:

  • Updated: Worker Lambda to include Elasticache permissions to support the Turbot > Cache > Health Check control.
  • Updated: Hive Manager no longer manages the authentication configuration for ElastiCache. This responsibility has shifted to Turbot Guardrails Enterprise Database.

What's new?

  • Added: Parameter to modify Lambda trigger concurrency.

What's new?

  • Control Types:
    • Unused Turbot > Type Installed > Background Tasks is now removed

Requirements

  • TE: 5.35.4

What's new?

  • Added: New parameter for attaching a custom security group to each ECS host.
  • Added: New parameter for attaching a custom security group to the TE ALB. Requires TE > v5.40.0.
  • Added: Option added to enable IMDSv2 for ECS hosts.
  • Added: New parameters to specify the size and type of EBS volumes attached to ECS Hosts.
  • Added: New parameter to specify a port for outbound SMTP (if needed).
  • Updated: The db_pair security group now includes Elasticache rules, when Elasticache is enabled.

Deprecation

  • As a result of this change to the db_pair security group, the Elasticache cache_pair security group is no longer required. It will be removed in a future release.

Bug fixes

  • Fixed: Improved handling of HTTP "Too Many Requests" (429) errors.

Enterprise

  • Updated: TE Management Lambdas, and ECS Containers will be deployed with the NodeJS 16.x runtime. This change is independent of Mod Lambda runtime versions.
  • Added: If specified in TEF, a custom security group may be assigned to the TE ALB.

Requires

  • TEF v1.47.0

What's new?

  • Added: Parameter to modify Lambda trigger concurrency

Enterprise

  • Added: Parameter for Lambda trigger concurrency.

Requires TEF: v1.46.0 TED: v1.9.1

What's new?

  • Added: SSM parameter for events DLQ and worker retry reserved concurrency.

Bug fixes

  • Fixed: Issue that could prevent indexes from being recreated after being dropped.
  • Fixed: Issue with safeGet() function that could prevent reports from rendering in the UI.
  • Fixed: Ansible task and service now created correctly created for Ansible version 2.10.7.

Enterprise

  • Added: Support for trigger concurrency in worker and events lamda functions.

Requires TEF: v1.45.0 TED: v1.9.1

What's new?

  • New: Turbot's autoscale group configuration has switched from launch templates to launch configurations.
  • Added: Parameter to select Lambda function runtime version.
  • Added: Encryption in transit policy for SNS topics and SQS queues.
  • Updated: Changed EBS volume storage type to gp3.

What's new?

  • Fixed: Activity page should display alternatePersona in the actor field if available.

Bug fixes

  • Fixed: AWS EC2 Instance report now runs more reliably.
  • Updated: Improved the performance of the Activity page.

Enterprise

  • Added: Encryption in transit policy for SNS topics and SQS queues in the Turbot Master account.
  • Updated: Removed the deleted control historical records from control_usage table.
  • Updated: vm2 package to 3.9.11 in the ECS containers.

What's new?

  • Added: Support to import Azure China Cloud subscriptions.
  • Added: Support for Azure China Cloud endpoints.

Bug fixes

  • Updated: Increased reliability of policy value application when attaching a smartfolder.

Enterprise

  • Updated: Removed Xray configuration from Postgres pool, as it was not being used.
  • Updated: vm2 in main package.json updated to 3.9.11.
  • Updated: Maintenance container base image to node:14-alpine3.17.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: Support for Postgres versions: 13.8, 14.1, 14.2, 14.3, 14.4, 14.5.
  • Added: Support for Redis 7.0.
  • Added: Support for RDS gp3 disk types.

Bug fixes

  • Add role as a valid level to generate temporary credentials for roles.

Bug fixes

  • Updated: Query for resource notifications to improve performance when using the Activity sub-tab on the resource page.
  • Updated: Improved logic used to determine when to run maintenance control for stale policy values.
  • Updated: Mod install controlls will now use the standard worker queue instead of worker_priority queue to allow other actions to take priority during mod installs.

Enterprise

  • Updated: Updated Ubuntu vm2 package to version 3.9.11. to resolve CVE-2022-36067.
  • Updated: Message retetion period of events priority queue changed to 96 hours.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: support for TLS 1.2 for API Gateway

Bug fixes

  • Added: Btree aka index for akas_history and akas table. The Activity Tab should show improved performance.

Requires TEF: v1.42.1 TED: v1.9.1

Bug fixes

  • Fixed: Downloading the csv for EC2 > Instance > Report should not fail.

Enterprise

  • Added: ability to run async/callback in control's inline.
  • Added: Ability to move control to priority queue.
  • Updated: mute noisy log if unable to get process log data from S3.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: Postgres version 13.7 to RDS engine parameter.
  • Added: Tags to elasticache resources.

Bug fixes

  • Updated: Local Profiles and Group Profiles filter now use free text search instead of akas matches.
  • Updated: Installing a mod using the CLI now runs faster, reducing the likelyhood of a timeout.
  • Fixed: Quick actions menu will no longer show actions from child resources.

Enterprise

  • Added: Support for workspace URL in Turbot > Workspace > Workspace URL policy.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: SSM parameter for Process Log Fallback Bucket.

Bug fixes

  • Fixed: Resolved issue where EC2 instance report would fail to run.
  • Fixed: Permissions summary report now works for users without permissions at the root level.

Enterprise

  • Added: allow an alternative process log bucket to be provided to read from an older bucket.
  • Updated: Ansible container base image to Ubuntu 22.10 (Kinetic Kudu)
  • Updated: Ansible version to 2.10.7
  • Updated: Docker base images of API and Factory to ubuntu 22.

Requires TEF: v1.42.1 TED: v1.9.1

Bug fixes

  • Fixed: Apollo UI behaves properly when setting backoff interval of an action.
  • Fixed: Actor display information will now fallback to unidentified if persona and identity are not available.
  • Updated: UI will now use the actor information of the process (if supplied) for Policy Setting CRUD operations.
  • Updated: Action runs now carry the identity of its launcher. This changes the way notifications are presented. Previously notifications from an action showed as Unidentified, now they will carry the identity of the launcher, most of the time this will be the Turbot identity unless the action is launched by a user from Turbot UI.

Enterprise

  • Updated: Linux Environment control to support version 3 of SELinux Python bindings

Enterprise

  • Updated: Improved Ansible container error handling

UI

  • Added: Mutation resolver for quick action and steampipe query in the developer tab.
  • Added: Add support to execute quick action via URL.

Enterprise

  • Fixed: Control type should only trigger the control if there is a change in graphql/inline/function.

What's new?

  • New Feature: Quick Actions
  • Updated: graphiql to 1.4.5

Quick Actions Quick Actions is a new feature that allows Turbot users to initaite specific (one time) control enforcements on their cloud environment via the Turbot UI. Cloud operations teams can use Quick Actions to remediate cloud configuration issues (e.g. enable encryption on a resource) or snooze Turbot alarms for issues that we want to come back to later. More details in the documentation. Quick actions will be rolling out across all supported cloud services in the coming months (based on your feedback); this initial release covers resources in the following AWS mods:

  • cloudtrail
  • ec2
  • kms
  • lambda
  • rds
  • s3
  • sns
  • sqs
  • vpc

Disabling the Quick Actions feature

  • Quick Actions use the permissions granted to the Turbot service user or cross-account role used to import your cloud service account into Turbot. Execution of quick actions will fail if the underlying role prevents those actions from occuring.

  • The Quick Actions feature is disabled by default, but can easily be enabled via the Turbot > Quick Actions > Enabled policy. If you would like to prevent lower level Turbot administrators from enabling Quick Actions for their cloud service accounts, then make sure you set Turbot > Quick Actions > Enabled to Disabled at the Turbot level using the Required option.

  • The policy Turbot > Quick Actions > Permission Levels offers fine-grained control over which Turbot permission levels are required to execute specific quick actions. These permission limits can be set globally and specific exceptions can be managed down to the individual cloud service account level.

Enterprise

  • Split package dependencies between Server and UI so they can use independent versions of GraphQL.

Bug fixes

  • CLI failed to download latest mod versions automatically for mods with version < 5.0.0.
  • turbot completion command was displayed twice on running turbot help.

Bug fixes

  • CLI failed to install dependencies for a mod with more than 26 dependencies.

What's new?

  • Added: new IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
  • Added: parameter for Worker Priority and Events Tick Lambda Reserved Concurrency.
  • Added: EC2 ECS host recycling using parameter.

Bug fixes

  • Fixed: ECS Rolling update.
  • Fixed: Condition of Foundation Key to prevent its creation if TEFKmsKey parameter value is specified.

There are IAM changes in this release:

  • New IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
  • New IAM roles for ECS Rolling Update.

What's new?

  • Updated: GovCloud certificate to rds-ca-rsa4096-g1.

What's new?

  • Added: Parameter to limit the URL where the API Gateway Lambda can forward to. This should be a regular expression of valid workspace URLs.
  • Updated: TEF KMS Key parameter name changed to TEF KMS Key Arn.
  • Updated: Enforce HTTPS access for S3 buckets created by TEF.

What's new?

  • Updated: Enforce HTTPS access for S3 buckets created by TED.
  • Added: Postgres versions 11.12, 11.13, 11.14, 11.15, 12.7, 12.8, 12.9, 12.10, 13.3, 13.4, 13.5 and 13.6.

What's new?

  • Added: Parameter for Alb WAF option. (Default is disabled)
  • Added: Parameter for Mods Cleanup.

What's new?

  • Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.

1.30.0 [2022-03-01]

What's new?

  • Updated: Elasticache now uses the db_pair security group from TEF 1.47.0.
  • Fixed: The Cloudformation Hive custom resource used to depend on Elasticache when it shouldn't have in environments without Elasticache deployed.

Deprecation

  • As a result of this change to the db_pair security group, the Elasticache cache_pair security group is no longer required. It will be removed in a future release.

Requirements

  • TEF v1.47.0

What's new?

  • Added: Parameters for Api and Events Container Scaling metrics, and threshold values for CPU Utilization.
  • Added: Parameter to allow import of Foundation KMS Key.
  • Updated: Set DeletionPolicy of FoundationKey to Retain.

What's new?

  • Added: Parameters for ECS Factory Task hard limit and soft limit on memory.

Warning

  • There are IAM changes in this release.

What's new?

  • Updated: Condition for HiveManagerExecutionRole.
  • Updated: TurbotParameters and TurbotSnsSqsPolicyParameterLambda to include variables for Proxy setting.
  • Removed: MskManagerExecutionRole role from custom iam role template.

What's new?

  • Added: Postgres version 13.5 to RDS engine parameter.
  • Fixed: Replication group setting to enable Data Tiering for r6gd node type.

What's new?

  • Added: Postgres version 12.11 and 12.12.
  • Updated: PerformanceInsights description.
  • Updated: Default storage type to gp3. More info on using gp3
  • Updated: Hive custom resource depends on to include Elasticache cluster and parameter group and add ParameterDeploymentTrigger.

What's new?

  • Added: r6gd node type option for Elasticache.

What's new?

  • Updated: Backup Service Role to include kms Grant permissions for CopyDBSnapshot operation.

What's new?

  • Updated: Backup Service Role to include kms permissions.

What's new?

  • Added: VPC Endpoint for s3 to reduce NAT Gateway cost.
  • Updated: API and Events container scaling by replacing hardcoded values with parameters.
  • Updated: Outbound, Api and Database security groups so that they are created for Predefined VPC if custom security groups are not mentioned.
  • Updated: default value of LogRetentionDays parameter changed to 180.

What's new?

  • Added: Postgres version 13.3, 13.4 to RDS engine parameter.
  • Fixed: Cloudwatch alarms to use correct db identifier when hive name has _ in it.
  • Updated: Default database system backup to 7 days.
  • Updated: AWS Backup Service role to allow copying of RDS snapshots.
  • Updated: Cloudwatch alarms for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage for multi-node architectures.
  • Updated: Dashboard to move read-replica stats to right axis and that of primary to the left.
  • Updated: Dashboard to add Total IOPS metrics.

Warning

  • There are IAM changes in this release for the turbot_policy_parameter.

Bug fixes

  • TE Build ID was misconfigured causing TEF to build unsuccessfully, this has now been corrected and TEF builds as expected.

What's new?

  • Minimum DB size is now 50GB, default size is 200GB.

Requirements

  • TEF v1.31.2

Warning

  • There are IAM changes in this release for the turbot_policy_parameter.

What's new?

  • Turbot Security Group is added and includes rules for Ansible and LDAP. The security group is intended for additional rules to be added under feature flags. Note: the existing LDAP and Ansible security groups will remain for older TE versions.
  • Dashboard for ECS Cluster metrics is now added.
  • Autoscaling parameters were added for the Events Service.
  • ElastiCache Security Groups and Subnet Groups are now added to the overrides template.
  • TEF Workspace Manager now prevents users from changing the workspace name.
  • OSGuardrail parameter location from Advanced - OS Guardrails to Advanced - Deployment Group.
  • turbot_parameters and turbot_policy_parameter lambda functions now include VPC config.
  • turbot_policy_parameter IAM Role now includes EC2 network interfaces policy.
  • Improved input validation to not allow blank values.

What's new?

  • CloudWatch Alarms and Dashboards are added for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage.
  • ElastiCache Instance Type can now be specified in the template.
  • Read replica parameter default is now set to false.

Requirements

  • TEF v1.31.2

What's new?

  • DB parameter group support for 11.10, 11.11, 12.6 and 13.2.
  • Postgres version 13.2 is now the default selection.

Requirements

  • TEF v1.31.2

What's new?

  • Shared_buffers parameter added for DB parameter group.
  • Postgres version 13.1 is now the default selection.
  • Postgres wal_keep_size default size is now 2048 (RDS Postgres default).
  • Turbot database default size is now 250GB.
  • Storage autoscale threshold default is now 1TB. For new TED installations only!

Requirements

  • TEF v1.31.2

Bug fixes

  • Invalid module reference fixed - this was causing turbot template build to fail.

Bug fixes

  • template build was loading the lock-file from the base branch to determine the current template version. When using a work-in-progress (wip) branch, this could lead to identifying an incorrect current version, leading to rebasing errors. Fix by loading the lock file from the wip branch.

What's new?

  • S3 bucket lifecycle rule added to the mods processing log bucket.
  • Optional AWS Security Group added to be used for connecting to LDAP server.
  • S3 inventory reports will no longer generate in the TEF Process Logs bucket.
  • Updated process log bucket lifecycle configurations to remove /debug/ rules.
  • Runtime has been updated to Node 14 for all Turbot Core deployed Lambda functions.

What's new?

  • Postgres version 13.1. For new TED installations only!
  • ElastiCache replication groups now support multi nodes.cluster mode.

Bug fixes

  • Hive Log Bucket lifecycle configurations now delete all objects.

Requirements

  • TEF v1.31.2

Bug fixes

  • Dependency issue with the HiveKey.

Requirements

  • TEF v1.31.2

What's new?

  • OSGuardrails feature flag, adding security groups and SSM parameters as required.
  • HealthCheckProxyLambda runtime updated from 2.7 to 3.8.

What's new?

  • Postgres version 12.5. For new TED installations only!
  • Parameter Group support for both 11.x and 12.x.

Bug fixes

  • Cache cluster parameter passed to Hive Manager should also convert underscore to hyphen.
  • Allow default encryption for ElastiCache for use in GovCloud (which does not support CMK).

Requirements

  • TEF v1.31.2

Bug fixes

  • Fixed CLI packaging error required for proper v1.28.0 installation.

Bug fixes

  • turbot template build now cleans up branches after a rebase failure.

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Fix and republish a corrupt portfolio build artifact.

Bug fixes

  • AWS Backup Vault name format issue.

Requirements

  • TEF v1.31.2

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Hive Manager should convert underscore to hyphen when creating Redis group (from TE).

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Hive Manager should convert underscore to hyphen when creating Redis user (from TE).

Bug fixes

  • ElastiCache Redis cluster name should convert underscores to hyphens.

Requirements

  • TEF v1.31.2

Warning

  • IAM permissions updated.

What's new?

  • ElastiCache Redis is now enabled by default.
  • Parameters - Mod Lambda function limits.
  • Parameters - Worker Lambda configuration, allowing reuse across TE versions.
  • CloudWatch Alarms for SQS ApproximateAgeOfOldestMessage.

What's new?

  • ElastiCache Redis is now enabled by default.

Bug fixes

  • Postgres 11.9 is now available for the read replica as well.
  • ElastiCache Redis cluster should be created with the hive name rather than just resource name prefix.
  • AWS Backup Vault deletion policy is now set to retain.

Requirements

  • TEF v1.31.2

What's new?

  • turbot template build --rebase command now cleans up the work in progress branch if the template render fails.

Bug fixes

  • turbot template build --rebase command was failing to re-apply manual changes.
  • turbot template build --fleet-mode would stop building all branches if a single one failed.

Bug fixes

  • Fixed: Code of s3BucketArnLambda to fix s3 permission.

What's new?

  • Hive Manager and Workspace Manager runtime updated to node 12.

Bug fixes

  • Install Hive Manager in all regions, not just the Alpha region.

What's new?

  • Added latest RDS DB instance types.
  • Experimental ElastiCache: Configure use of Redis 6.x Access Control Lists.
  • Experimental ElastiCache: Also install Hive Manager in the replica region, for Redis management.

Requirements

  • TEF v1.30.0

Warning

  • IAM permissions updated.

What's new?

  • New turbot_transient KMS key specifically used for encryption of transient data (e.g. SNS, SQS).
  • Tightened IAM access policies to Turbot's own S3 buckets.
  • Hive Manager is now permitted IAM access to manage ElastiCache.
  • Added ListBucket permission to WorkspaceManager role so head object calls will return 404 instead of 403.

Bug fixes

  • Event Proxy Lambda must be installed in the subnet where Load Balancers are installed (by TE).

What's new?

  • turbot compose (used by all CLI commands that compose mods) now omits the releaseNotes field from turbot.head.json. It is still included in turbot.dist.json.
  • turbot template has a new --unchanged-issue <issue_id> argument. When a template build operation commits changes to git, if no files have actually changed then the commit message will use this issue instead of the normal --issue <issue_id> field. The commit message will also specify "no changes".

What's new?

  • turbot publish ha