e:["$","div",null,{"children":[["$","div",null,{"className":"border-b border-pspm-background-lightest mb-3 grid grid-cols-1 md:grid-cols-2 items-center mt-10","children":[["$","div",null,{"className":"space-y-4","children":[["$","h2",null,{"className":"text-3xl font-semibold tracking-normal","children":"Changelog"}],["$","p",null,{"children":["Subscribe to Guardrails changelog via"," ",["$","$L16",null,{"href":"/changelog/feed.xml","children":"RSS"}]," or join"," ",["$","strong",null,{"children":"#changelog"}]," on our"," ",["$","$L16",null,{"href":"https://turbot.com/community/join","children":"Slack community"}]," ","to stay updated on everything we ship."]}]]}],["$","div",null,{"className":"justify-center flex items-end text-center","children":["$","$L15",null,{"src":"/changelog/guardrails.png","width":"400","height":"180","alt":"Changelog image"}]}]]}],["$","div",null,{"children":[["$","div",null,{"className":"border-b border-pspm-background-lightest pb-4 md:pb-6 mb-4 md:mb-6","children":["$","div",null,{"className":"flex flex-col space-y-2 md:flex-row md:space-y-0 md:space-x-2 md:justify-start","children":[["$","div",null,{"className":"md:w-1/7 md:mr-1 text-left","children":["$","$L1b",null,{"initialValue":"guardrails"}]}],["$","div",null,{"className":"md:w-1/2 md:ml-1 text-left","children":["$","$1c",null,{"fallback":["$","div",null,{"className":"min-w-[150px] border rounded px-2 py-1.5","children":"Loading..."}],"children":["$","$L1d",null,{"initialValue":"all"}]}]}]]}]}],["$","div",null,{"className":"mt-8","children":["$","$1c",null,{"fallback":["$","div",null,{"children":"Loading changelogs..."}],"children":["$","$L1e",null,{"changelogs":[{"meta":{"title":"aws-quicksight v5.3.0 - Track and manage account settings resources in Guardrails","author":null,"publishedAt":"2025-12-11T09:00:00","permalink":"aws-quicksight-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- AWS > QuickSight > Account Settings\n\n_Control Types_\n\n- AWS > QuickSight > Account Settings > CMDB\n- AWS > QuickSight > Account Settings > Discovery\n\n_Policy Types_\n\n- AWS > QuickSight > Account Settings > CMDB\n- AWS > QuickSight > Connection Region\n- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-quicksight\n\n_Action Types_\n\n- AWS > QuickSight > Account Settings > Router\n\nNote: We recommend updating the `@turbot/aws` mod to `v5.41.0` for proper functionality.\n"},{"meta":{"title":"github v5.5.0 - Fixed SSL certificate validation for GitHub Enterprise Server with self-signed certificates","author":null,"publishedAt":"2025-12-10T09:00:00","permalink":"github-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- GitHub controls previously failed to connect to the GitHub API when using GitHub Enterprise Server instances with self-signed certificates or internal CAs. The `NODE_TLS_REJECT_UNAUTHORIZED=0` environment variable is now correctly respected.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.54.4 - Improved materialization & TLS handling","author":"Turbot Team","publishedAt":"2025-12-09T09:00:00","permalink":"te-v5-54-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"_What's new?_\n\n- Server\n - Propagate NODE_TLS_REJECT_UNAUTHORIZED to the GitHub mod Lambdas for VPC deployments that use self-signed certificates.\n\n_Bug fixes_\n\n- Server\n - In Automatic materialization mode, the calculated policy values were coming through as null, but they are now being computed correctly.\n\n_Requirements_\n\n- Upgrade to `5.54.4` requires your workspace to be on `5.53.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n - @turbot/turbot: 5.56.0\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws v5.41.0 - Added support to process real-time events for AWS QuickSight","author":null,"publishedAt":"2025-12-05T09:00:00","permalink":"aws-v5-41-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > Turbot > Event Handlers` now support real-time events for AWS QuickSight.\n\n_Bug fixes_\n\n- Fixed an issue where controls related to `AWS > Account > Budget > Target` and `AWS > Account > Budget > State` policy types were entering a TBD state because these policy types remained in an Inactive state even after policy settings were configured.\n"},{"meta":{"title":"aws-iam v5.47.1 - Fixed policy mapping in IAM group managed control type","author":null,"publishedAt":"2025-11-28T09:00:00","permalink":"aws-iam-v5-47-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed policy mapping in `AWS > Turbot > IAM > Group > Managed` control type.\n"},{"meta":{"title":"aws-cloudtrail v5.15.0 - CMDB control for shadow trail will no longer transition to an error state when trails are deleted from the management account","author":null,"publishedAt":"2025-11-28T09:00:00","permalink":"aws-cloudtrail-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Action Types_\n\n- AWS > CloudTrail > Shadow Trail > Router\n\n_Bug fixes_\n\n- The `AWS > CloudTrail > Shadow Trail > CMDB` control would enter an error state when trails were deleted from the management account. This issue has now been fixed."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.10 - Version bump to align with deployment requirements","author":"Turbot Team","publishedAt":"2025-11-27T09:00:00","permalink":"te-v5-53-10","image":null,"tags":["TE"],"product":"guardrails"},"content":"\nVersion bump to align with deployment requirements.\n\n_Requirements_\n\n- Upgrade to `5.53.10` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-ec2 v5.49.0 - AMI CMDB control now automatically tracks parent AMI hierarchy","author":null,"publishedAt":"2025-11-26T09:00:00","permalink":"aws-ec2-v5-49-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > EC2 > AMI > CMDB` control now automatically tracks the parent AMI hierarchy for each AMI. Parent lineage details—including AMI ID, creation date, source account ID, and source region—are stored in the parentImageIds metadata array. The system captures up to three levels of ancestry (parent, grandparent, and great-grandparent), providing improved visibility into AMI lineage across accounts and regions.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.9 - Version bump to align with deployment requirements","author":"Turbot Team","publishedAt":"2025-11-25T09:00:00","permalink":"te-v5-53-9","image":null,"tags":["TE"],"product":"guardrails"},"content":"\nVersion bump to align with deployment requirements.\n\n_Requirements_\n\n- Upgrade to `5.53.9` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-eks v5.9.2 - Fixed control mapping in cluster endpoint access policy and action types","author":null,"publishedAt":"2025-11-24T09:00:00","permalink":"aws-eks-v5-9-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed control mapping in `AWS > EKS > Cluster > Endpoint Access` policy and action types.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.8 - Version bump to align with deployment requirements","author":"Turbot Team","publishedAt":"2025-11-20T09:00:00","permalink":"te-v5-53-8","image":null,"tags":["TE"],"product":"guardrails"},"content":"\nVersion bump to align with deployment requirements.\n\n_Requirements_\n\n- Upgrade to `5.53.8` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.54.3 - Improved cleanup of failed DB transactions","author":"Turbot Team","publishedAt":"2025-11-18T09:00:00","permalink":"te-v5-54-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved a problem where notifications weren’t being delivered due to incorrectly handled rule settings.\n - Improved cleanup of failed DB transactions.\n\n_Requirements_\n\n- Upgrade to `5.54.3` requires your workspace to be on `5.53.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n - @turbot/turbot: 5.56.0\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.7 - Fix notification failures caused by rule settings","author":"Turbot Team","publishedAt":"2025-11-18T09:00:00","permalink":"te-v5-53-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved a problem where notifications weren’t being delivered due to incorrectly handled rule settings.\n\n_Requirements_\n\n- Upgrade to `5.53.7` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails CLI v1.29.1 - Restored graphql notifications subcommand","author":"Turbot Team","publishedAt":"2025-11-14T09:00:00","permalink":"turbot-guardrails-cli-v1-29-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"\n_Bug Fixes_\n\n- The `graphql notifications` subcommand, which was inadvertently removed in a previous version, has been restored.\n"},{"meta":{"title":"Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them for 76 mods","author":null,"publishedAt":"2025-11-03T09:00:00","permalink":"policy-control-action-type-mapping-76-mods","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$1f"},{"meta":{"title":"osquery v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-11-03T09:00:00","permalink":"osquery-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"kubernetes v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-11-03T09:00:00","permalink":"kubernetes-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"azure-virtualdesktop v5.0.0 is now available","author":null,"publishedAt":"2025-10-31T09:00:00","permalink":"azure-virtualdesktop-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$20"},{"meta":{"title":"azure-provider v5.20.0 - Track and manage Cognitive Services resource provider in Guardrails","author":null,"publishedAt":"2025-10-31T09:00:00","permalink":"azure-provider-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- Azure > Provider > Cognitive Services\n\n_Control Types_\n\n- Azure > Provider > Cognitive Services > CMDB\n- Azure > Provider > Cognitive Services > Discovery\n- Azure > Provider > Cognitive Services > Registered\n\n_Policy Types_\n\n- Azure > Provider > Cognitive Services > CMDB\n- Azure > Provider > Cognitive Services > Registered\n\n_Action Types_\n\n- Azure > Provider > Cognitive Services > Set Registered\n"},{"meta":{"title":"azure-provider v5.19.1 - Real-time register and unregister events for Virtual Desktop provider will now be processed correctly","author":null,"publishedAt":"2025-10-31T09:00:00","permalink":"azure-provider-v5-19-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails would fail to process real-time register and unregister events for Virtual Desktop provider. This is now fixed.\n"},{"meta":{"title":"azure-cosmosdb v5.13.0 - Configure public network access for database accounts","author":null,"publishedAt":"2025-10-31T09:00:00","permalink":"azure-cosmosdb-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure public network access for database accounts. To get started, set the `Azure > Cosmos DB > Database Account > Public Network Access` policy.\n\n_Control Types_\n\n- Azure > Cosmos DB > Database Account > Public Network Access\n\n_Policy Types_\n\n- Azure > Cosmos DB > Database Account > Public Network Access\n\n_Action Types_\n\n- Azure > Cosmos DB > Database Account > Set Public Network Access\n"},{"meta":{"title":"aws-ec2 v5.48.1 - Fixed policy mappings in various control types","author":null,"publishedAt":"2025-10-31T09:00:00","permalink":"aws-ec2-v5-48-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed policy mappings in various control types.\n"},{"meta":{"title":"azure-synapseanalytics v5.14.0 - Configure advanced data security for workspaces","author":null,"publishedAt":"2025-10-30T09:00:00","permalink":"azure-synapseanalytics-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$21"},{"meta":{"title":"azure-automation v5.5.0 - Configure public network access for automation accounts","author":null,"publishedAt":"2025-10-30T09:00:00","permalink":"azure-automation-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure public network access for automation accounts. To get started, set the `Azure > Automation > Automation Account > Public Network Access` policy.\n\n_Control Types_\n\n- Azure > Automation > Automation Account > Public Network Access\n\n_Policy Types_\n\n- Azure > Automation > Automation Account > Public Network Access\n\n_Action Types_\n\n- Azure > Automation > Automation Account > Set Public Network Access\n"},{"meta":{"title":"gcp v5.33.1 - Added support to process real-time enable and disable events for Vertex AI API","author":null,"publishedAt":"2025-10-29T09:00:00","permalink":"gcp-v5-33-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Added support to process enable and disable real-time events for Vertex AI API via Service Usage APIs.\n"},{"meta":{"title":"aws-bedrock v5.3.1 - Unsupported regions for Bedrock custom model are now removed from the regions policy","author":null,"publishedAt":"2025-10-29T09:00:00","permalink":"aws-bedrock-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Unsupported regions were inadvertently included in the `AWS > Bedrock > Custom Model > Regions` policy, which led to the `AWS > Bedrock > Custom Model > Discovery` control being in an error state for those regions. We've now removed the unsupported regions from the Regions policy.\n"},{"meta":{"title":"github v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-10-28T09:00:00","permalink":"github-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"azure-provider v5.19.0 - Track and manage Virtual Desktop resource provider in Guardrails","author":null,"publishedAt":"2025-10-27T09:00:00","permalink":"azure-provider-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- Azure > Provider > Virtual Desktop\n\n_Control Types_\n\n- Azure > Provider > Virtual Desktop > CMDB\n- Azure > Provider > Virtual Desktop > Discovery\n- Azure > Provider > Virtual Desktop > Registered\n\n_Policy Types_\n\n- Azure > Provider > Virtual Desktop > CMDB\n- Azure > Provider > Virtual Desktop > Registered\n\n_Action Types_\n\n- Azure > Provider > Virtual Desktop > Set Registered\n"},{"meta":{"title":"aws-cognito v5.3.0 - Track and manage identity pool resources in Guardrails","author":null,"publishedAt":"2025-10-27T09:00:00","permalink":"aws-cognito-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$22"},{"meta":{"title":"aws-ec2 v5.48.0 - Migrated lambda functions for AMI to use AWS SDK v3","author":null,"publishedAt":"2025-10-25T09:00:00","permalink":"aws-ec2-v5-48-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `AWS > EC2 > AMI > *` Lambda functions have been migrated to use AWS SDK v3, reducing the mod package size and improving deployment efficiency. You will not notice any differences, and things will continue to work smoothly as before.\n"},{"meta":{"title":"azure v5.34.0 - Regions default value is now available for allowed controls","author":null,"publishedAt":"2025-10-24T09:00:00","permalink":"azure-v5-34-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- Azure > Subscription > Allowed Regions [Default]\n"},{"meta":{"title":"aws-secretsmanager v5.11.1 - Real-time event handlers now process tagging events for secrets correctly","author":null,"publishedAt":"2025-10-24T09:00:00","permalink":"aws-secretsmanager-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The real-time Event Handlers would fail to process tagging events for `AWS > Secrets Manager > Secret` resources. This is now fixed.\n"},{"meta":{"title":"azure-sql v5.21.0 - Virtual network rules details will now be available in CMDB for servers","author":null,"publishedAt":"2025-10-22T09:00:00","permalink":"azure-sql-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Virtual network rules details will now be available in CMDB for servers.\n"},{"meta":{"title":"aws-lambda v5.19.1 - Function URL auth type control will now transition to a skipped state when no function URL is configured","author":null,"publishedAt":"2025-10-22T09:00:00","permalink":"aws-lambda-v5-19-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Lambda > Function > URL Auth Type` control previously entered an invalid state when a Function URL was not configured. This issue has now been resolved and the control will correctly transition to a skipped state in such cases.\n"},{"meta":{"title":"aws-dynamodb v5.17.1 - Encryption at rest control for tables will now transition to an invalid state when encryption was enforced on global table replicas","author":null,"publishedAt":"2025-10-22T09:00:00","permalink":"aws-dynamodb-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > DynamoDB > Table > Encryption at Rest` control previously remained incorrectly in an alarm state when encryption was enforced on Global Table replicas. This issue has been resolved; the control now transitions to an invalid state for replicas, as AWS Global Tables require a single, coordinated cross-region encryption update rather than per-replica changes.\n"},{"meta":{"title":"aws-neptune v5.7.0 - Track and manage cluster snapshot resources in Guardrails","author":null,"publishedAt":"2025-10-17T09:00:00","permalink":"aws-neptune-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$23"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.54.2 - Prevent materialization failures from bad policy type mappings","author":"Turbot Team","publishedAt":"2025-10-16T09:00:00","permalink":"te-v5-54-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server:\n - Materialization now handles invalid policy type mappings gracefully by skipping them instead of failing.\n\n_Requirements_\n\n- Upgrade to `5.54.2` requires your workspace to be on `5.53.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n - @turbot/turbot: 5.56.0\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.6 - Policy pack enhancements and UI fixes","author":"Turbot Team","publishedAt":"2025-10-16T09:00:00","permalink":"te-v5-53-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- UI\n - Added Terraform import block generation to policy pack developer tab alongside existing import commands.\n\n_Bug fixes_\n\n- UI\n - Control page policy lists now show complete trunk names without cutting them off.\n - Resource page alert counts now accurately reflect the actual number of alerts\n\n_Requirements_\n\n- Upgrade to `5.53.6` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-rds v5.32.2 - Updated permissions to support real-time event processing for DB cluster snapshot resources used by Neptune and DocDB services","author":null,"publishedAt":"2025-10-16T09:00:00","permalink":"aws-rds-v5-32-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Updated permissions to support real-time event processing for DB cluster snapshot resources used by Neptune and DocDB services.\n"},{"meta":{"title":"aws-docdb v5.5.0 - Track and manage cluster snapshot resources in Guardrails","author":null,"publishedAt":"2025-10-16T09:00:00","permalink":"aws-docdb-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$24"},{"meta":{"title":"azure-synapseanalytics v5.13.0 - Firewall rules details will now be available in CMDB for workspaces","author":null,"publishedAt":"2025-10-15T09:00:00","permalink":"azure-synapseanalytics-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Firewall rules details will now be available in CMDB for workspaces.\n- Security alert policy and vulnerability assessments details will now be available in CMDB for workspaces.\n"},{"meta":{"title":"azure-redis v5.1.0 - Firewall rules details will now be available in CMDB for redis cache","author":null,"publishedAt":"2025-10-15T09:00:00","permalink":"azure-redis-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Firewall rules details will now be available in CMDB for redis cache.\n"},{"meta":{"title":"azure-mysql v5.19.0 - Firewall rules details will now be available in CMDB for flexible servers","author":null,"publishedAt":"2025-10-15T09:00:00","permalink":"azure-mysql-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Firewall rules details will now be available in CMDB for flexible servers.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.5 - Turbot > Notifications > Rule-Based Routing now supports using Turbot > File resources as notification templates","author":"Turbot Team","publishedAt":"2025-10-13T09:00:00","permalink":"te-v5-53-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - `Turbot > Notifications > Rule-Based Routing` now supports using `Turbot > File` resources as notification templates — update the `@turbot/turbot` mod to `v5.56.1` or later to enable this feature.\n\n_Requirements_\n\n- Upgrade to `5.53.5` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.4 - Infrastructure and maintenance updates","author":"Turbot Team","publishedAt":"2025-10-09T09:00:00","permalink":"te-v5-53-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Redis/Valkey connection management now tracks connection creation times for improved visibility and connection lifecycle tracking.\n - Maintenance container logic refined to avoid errors when attempting to drop unique index constraints.\n\n_Requirements_\n\n- Upgrade to `5.53.4` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-lambda v5.19.0 - Manage trusted access for layers","author":null,"publishedAt":"2025-10-09T09:00:00","permalink":"aws-lambda-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now manage trusted access for layers. To get started, set the `AWS > Lambda > Function > Layer Trusted Access > *` policies.\n\n_Control Types_\n\n- AWS > Lambda > Function > Layer Trusted Access\n\n_Policy Types_\n\n- AWS > Lambda > Function > Layer Trusted Access\n- AWS > Lambda > Function > Layer Trusted Access > Accounts\n\n_Action Types_\n\n- AWS > Lambda > Function > Set Layer Trusted Access\n"},{"meta":{"title":"aws v5.40.0 - Regions default value is now available for allowed controls","author":null,"publishedAt":"2025-10-08T09:00:00","permalink":"aws-v5-40-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- AWS > Account > Allowed Regions [Default]\n"},{"meta":{"title":"aws-iam v5.47.0 - Remove unallowed access keys from the CMDB","author":null,"publishedAt":"2025-10-08T09:00:00","permalink":"aws-iam-v5-47-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now remove unallowed access keys from the CMDB. To get started, set the `AWS > IAM > Access Key > Allowed > *` policies.\n\n_Control Types_\n\n- AWS > IAM > Access Key > Allowed\n- AWS > IAM > Access Key > Allowed > Custom\n\n_Policy Types_\n\n- AWS > IAM > Access Key > Allowed\n- AWS > IAM > Access Key > Allowed > Custom\n- AWS > IAM > Access Key > Allowed > Custom > Rules\n"},{"meta":{"title":"azure-redis v5.0.0 is now available","author":null,"publishedAt":"2025-10-06T09:00:00","permalink":"azure-redis-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$25"},{"meta":{"title":"azure-provider v5.18.0 - Track and manage Redis resource provider in Guardrails","author":null,"publishedAt":"2025-10-06T09:00:00","permalink":"azure-provider-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- Azure > Provider > Redis\n\n_Control Types_\n\n- Azure > Provider > Redis > CMDB\n- Azure > Provider > Redis > Discovery\n- Azure > Provider > Redis > Registered\n\n_Policy Types_\n\n- Azure > Provider > Redis > CMDB\n- Azure > Provider > Redis > Registered\n\n_Action Types_\n\n- Azure > Provider > Redis > Set Registered\n"},{"meta":{"title":"azure-containerregistry v5.7.0 - Configure anonymous pull access for registries","author":null,"publishedAt":"2025-10-06T09:00:00","permalink":"azure-containerregistry-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure anonymous pull access for registries. To get started, set the `Azure > Container Registry > Registry > Anonymous Pull Access` policy.\n\n_Control Types_\n\n- Azure > Container Registry > Registry > Anonymous Pull Access\n\n_Policy Types_\n\n- Azure > Container Registry > Registry > Anonymous Pull Access\n\n_Action Types_\n\n- Azure > Container Registry > Registry > Set Anonymous Pull Access\n"},{"meta":{"title":"aws-pciv3-2-1 v5.1.1 - Controls for Lambda functions now use updated CMDB references in internal GraphQL queries","author":null,"publishedAt":"2025-09-26T09:00:00","permalink":"aws-pciv3-2-1-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Controls for Lambda functions now use updated CMDB references in internal GraphQL queries. You will not notice any differences, and things will continue to work smoothly as before.\n"},{"meta":{"title":"aws-opensearch v5.3.0 - Configure anonymous auth for domains","author":null,"publishedAt":"2025-09-26T09:00:00","permalink":"aws-opensearch-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure anonymous auth for domains. To get started, set the `AWS > OpenSearch > Domain > Anonymous Auth` policy.\n\n_Control Types_\n\n- AWS > OpenSearch > Domain > Anonymous Auth\n\n_Policy Types_\n\n- AWS > OpenSearch > Domain > Anonymous Auth\n\n_Action Types_\n\n- AWS > OpenSearch > Domain > Disable Anonymous Auth\n"},{"meta":{"title":"aws-lambda v5.18.0 - Configure URL auth type for functions","author":null,"publishedAt":"2025-09-26T09:00:00","permalink":"aws-lambda-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure URL auth type for functions. To get started, set the `AWS > Lambda > Function > URL Auth Type` policy.\n\n_Bug fixes_\n\n- Fixed action and control mappings in various control types and policy types.\n- We've removed the redundant `Configuration` details for functions from the CMDB. We recommend updating your existing policy settings to reference the top-level attributes from the CMDB data instead.\n\n **Removed:**\n In AWS > Lambda > Function:\n\n - `Configuration`\n\n_Control Types_\n\n- AWS > Lambda > Function > URL Auth Type\n\n_Policy Types_\n\n- AWS > Lambda > Function > URL Auth Type\n\n_Action Types_\n\n- AWS > Lambda > Function > Update URL Auth Type\n"},{"meta":{"title":"aws-hipaa v5.2.1 - Controls for Lambda functions now use updated CMDB references in internal GraphQL queries","author":null,"publishedAt":"2025-09-26T09:00:00","permalink":"aws-hipaa-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Controls for Lambda functions now use updated CMDB references in internal GraphQL queries. You will not notice any differences, and things will continue to work smoothly as before.\n"},{"meta":{"title":"aws-ec2 v5.47.1 - Real-time events for account attributes will now be processed more reliably","author":null,"publishedAt":"2025-09-26T09:00:00","permalink":"aws-ec2-v5-47-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails would sometimes fail to process the real-time `ec2:DisableSnapshotBlockPublicAccess` event for EC2 Account Attributes correctly. This is now fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.54.1 - Resolved an issue where creating policy values could hang when related policies had no targets","author":"Turbot Team","publishedAt":"2025-09-25T09:00:00","permalink":"te-v5-54-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved an issue where creating policy values could hang when related policies had no targets.\n\n- UI\n - Policy value cards are now better aligned, improving readability and visual consistency.\n - Smoothed out the header experience on the resources page by removing flicker.\n\n_Requirements_\n\n- Upgrade to `5.54.1` requires your workspace to be on `5.53.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n - @turbot/turbot: 5.56.0\n\n_Base images_\n\n- Alpine: 3.17.5\n- Ubuntu: 22.04.3"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.3 - Increased type installation limit from 600 to 1500","author":"Turbot Team","publishedAt":"2025-09-25T09:00:00","permalink":"te-v5-53-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Increased type installation limit from 600 to 1500.\n\n_Bug fixes_\n\n- UI\n - Policy value cards are now better aligned, improving readability and visual consistency.\n - Smoothed out the header experience on the resources page by removing flicker.\n\n_Requirements_\n\n- Upgrade to `5.53.3` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.54.0 - Smarter control and policy value creation","author":"Turbot Team","publishedAt":"2025-09-23T09:00:00","permalink":"te-v5-54-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"$26"},{"meta":{"title":"turbot v5.56.0 - Added the `Turbot > Materialization` policy to control when Guardrails creates controls and policy values","author":"Turbot Team","publishedAt":"2025-09-23T09:00:00","permalink":"turbot-v5-56-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added the `Turbot > Materialization` policy to control when Guardrails creates controls and policy values, with modes for `Always` (legacy behavior) and `Automatic` (create only when explicitly set), reducing noise and improving performance.\n\n_Control Types_\n\n- Turbot > Policy Pack > Materialize\n- Turbot > Guardrail > Materialize\n- Turbot > Materialize\n\n_Policy Types_\n\n- Turbot > Materialization\n\n- Renamed\n - Turbot > Notifications > Email > CC > Tag > Name to Turbot > Notifications > Email > CC > Tag Name.\n\n- Deprecated\n - Turbot > Notifications > Email > CC > Tag\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"azure-cosmosdb v5.12.0 - Configure key based metadata write access for database accounts","author":null,"publishedAt":"2025-09-23T09:00:00","permalink":"azure-cosmosdb-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure key based metadata write access for database accounts. To get started, set the `Azure > Cosmos DB > Database Account > Key Based Metadata Write Access` policy.\n\n_Control Types_\n\n- Azure > Cosmos DB > Database Account > Key Based Metadata Write Access\n\n_Policy Types_\n\n- Azure > Cosmos DB > Database Account > Key Based Metadata Write Access\n\n_Action Types_\n\n- Azure > Cosmos DB > Database Account > Set Key Based Metadata Write Access\n"},{"meta":{"title":"aws-kms v5.21.1 - Migrated all Lambda functions to use AWS SDK v3","author":null,"publishedAt":"2025-09-23T09:00:00","permalink":"aws-kms-v5-21-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- All Lambda functions have been migrated to use AWS SDK v3, reducing the mod package size and improving deployment efficiency. You will not notice any differences, and things will continue to work smoothly as before.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.2 - Added support for importing GitHub Enterprise organizations","author":"Turbot Team","publishedAt":"2025-09-22T09:00:00","permalink":"te-v5-53-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - GitHub integration now supports importing GitHub Enterprise organizations, expanding coverage for enterprise users.\n\n- UI\n - The main dashboard’s resource list is now split into favorites and accounts for easier navigation and prioritization.\n - The GitHub import page now includes support for GitHub Enterprise.\n\n_Bug fixes_\n\n- Server\n - Resolved an issue that could prevent confirmation of SNS subscriptions during event handler setup for accounts.\n - Resolved issues with incorrect index mapping definitions in the maintenance container.\n\n- UI\n - Improved UI consistency and usability across policy value cards, control actions, and resource control lists.\n\n_Requirements_\n\n- Upgrade to `5.53.2` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-opensearch v5.2.0 - Track and manage domain resources in Guardrails","author":null,"publishedAt":"2025-09-22T09:00:00","permalink":"aws-opensearch-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$27"},{"meta":{"title":"Intelligent Assessment controls now also support OpenAI GPT-5 and Anthropic Claude Opus 4.1 models","author":null,"publishedAt":"2025-09-19T09:00:00","permalink":"ia-class-contactable-all-mods","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Intelligent Assessment controls now also support OpenAI GPT-5 and Anthropic Claude Opus 4.1 models.\n- All policy types across AWS, Azure, GCP, GitHub, Kubernetes, and ServiceNow mods now have an associated class. You will not notice any differences, and everything will continue to function smoothly as before.\n\n_Bug fixes_\n\n- Support for the contactable interface has been removed from all resource types except AWS Account, Azure Subscription, and GCP Project. As a result, the `Turbot > Notifications > Email > CC > Tag Name` policy can no longer be explicitly set for the affected resource types.\n"},{"meta":{"title":"azure-containerregistry v5.6.0 - Configure public network access for registries","author":null,"publishedAt":"2025-09-19T09:00:00","permalink":"azure-containerregistry-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure public network access for registries. To get started, set the `Azure > Container Registry > Registry > Public Network Access` policy.\n\n_Control Types_\n\n- Azure > Container Registry > Registry > Public Network Access\n\n_Policy Types_\n\n- Azure > Container Registry > Registry > Public Network Access\n\n_Action Types_\n\n- Azure > Container Registry > Registry > Set Public Network Access\n"},{"meta":{"title":"azure-cisv3-0 v5.0.1 - Various controls will now evaluate their dependent policies correctly","author":null,"publishedAt":"2025-09-19T09:00:00","permalink":"azure-cisv3-0-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Various controls sometimes failed to evaluate their dependent policies correctly, which led to the controls failing without explicitly throwing errors. This issue has been fixed, and such controls will now work as expected.\n"},{"meta":{"title":"azure-apimanagement v5.8.0 - Configure public network access for API management services","author":null,"publishedAt":"2025-09-19T09:00:00","permalink":"azure-apimanagement-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure public network access for API management services. To get started, set the `Azure > API Management > API Management Service > Public Network Access` policy.\n\n_Control Types_\n\n- Azure > API Management > API Management Service > Public Network Access\n\n_Policy Types_\n\n- Azure > API Management > API Management Service > Public Network Access\n\n_Action Types_\n\n- Azure > API Management > API Management Service > Set Public Network Access\n"},{"meta":{"title":"github v5.3.0 - Import GitHub Enterprise organizations in Guardrails","author":null,"publishedAt":"2025-09-18T09:00:00","permalink":"github-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now import GitHub Enterprise organizations in Guardrails. To get started, select GitHub Enterprise Organization from the Connect screen and configure details. We recommend upgrading TE to v5.53.2 for this change to take effect.\n- Added support for `class` attribute for various policy types.\n\n_Policy Types_\n\n- GitHub > Config > Base URL\n"},{"meta":{"title":"aws-iam v5.46.0 - Track and manage service specific credential resources in Guardrails","author":null,"publishedAt":"2025-09-18T09:00:00","permalink":"aws-iam-v5-46-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$28"},{"meta":{"title":"aws-bedrock v5.3.0 - Configure encryption at rest for agents","author":null,"publishedAt":"2025-09-16T09:00:00","permalink":"aws-bedrock-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure Encryption at Rest for agents. To get started, set the `AWS > Bedrock > Agent > Encryption at Rest > *` policies.\n\n_Bug fixes_\n\n- The `promptOverrideConfiguration.promptConfigurations` attribute for agents has now been made dynamic to avoid unnecessary notifications in the activity tab.\n\n_Control Types_\n\n- AWS > Bedrock > Agent > Encryption at Rest\n\n_Policy Types_\n\n- AWS > Bedrock > Agent > Encryption at Rest\n- AWS > Bedrock > Agent > Encryption at Rest > Customer Managed Key\n\n_Action Types_\n\n- AWS > Bedrock > Agent > Update Encryption at Rest\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.1 - Added support for the class property in policy types","author":"Turbot Team","publishedAt":"2025-09-11T09:00:00","permalink":"te-v5-53-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Added support for the class property in policy types.\n\n_Requirements_\n\n- Upgrade to `5.53.1` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-codeartifact v5.0.2 - Fixed service title to `CodeArtifact`","author":null,"publishedAt":"2025-09-11T09:00:00","permalink":"aws-codeartifact-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed service title to `CodeArtifact`.\n\n_Resource Types_\n\n_Renamed_\n\n- AWS > Code Artifact to AWS > CodeArtifact\n\n_Policy Types_\n\n_Renamed_\n\n- AWS > Code Artifact > API Enabled to AWS > CodeArtifact > API Enabled\n- AWS > Code Artifact > Enabled to AWS > CodeArtifact > Enabled\n- AWS > Code Artifact > Permissions to AWS > CodeArtifact > Permissions\n- AWS > Code Artifact > Permissions > Levels to AWS > CodeArtifact > Permissions > Levels\n- AWS > Code Artifact > Permissions > Levels > Modifiers to AWS > CodeArtifact > Permissions > Levels > Modifiers\n- AWS > Code Artifact > Permissions > Lockdown to AWS > CodeArtifact > Permissions > Lockdown\n- AWS > Code Artifact > Permissions > Lockdown > API Boundary to AWS > CodeArtifact > Permissions > Lockdown > API Boundary\n"},{"meta":{"title":"aws-codeartifact v5.0.1 - Removed the unnecessary event sources policy","author":null,"publishedAt":"2025-09-10T09:00:00","permalink":"aws-codeartifact-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Removed the unnecessary `AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-codeartifact` policy.\n\n_Policy Types_\n\n_Removed_\n\n- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-codeartifact\n"},{"meta":{"title":"aws-codeartifact v5.0.0 is now available","author":null,"publishedAt":"2025-09-10T09:00:00","permalink":"aws-codeartifact-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- AWS > Code Artifact\n\n_Policy Types_\n\n- AWS > Code Artifact > API Enabled\n- AWS > Code Artifact > Enabled\n- AWS > Code Artifact > Permissions\n- AWS > Code Artifact > Permissions > Levels\n- AWS > Code Artifact > Permissions > Levels > Modifiers\n- AWS > Code Artifact > Permissions > Lockdown\n- AWS > Code Artifact > Permissions > Lockdown > API Boundary\n- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-codeartifact\n- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-codeartifact\n- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-codeartifact\n- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-codeartifact\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.52.5 - Azure credential resolver now supports storage authentication","author":"Turbot Team","publishedAt":"2025-09-08T09:00:00","permalink":"te-v5-52-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Added support for the Storage token audience in the Azure credential resolver.\n\n_Bug fixes_\n\n- Server\n - Creating a new workspace now correctly adds the missing policy pack (aka) for Smart Folder resource types.\n - Numeric values in wildcard tag filters are now processed correctly.\n\n_Requirements_\n\n- Upgrade to `5.52.5` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-storage v5.29.0 - CMDB control for storage accounts no longer requires the `listkeys` permission on storage accounts to fetch details for blob, queue, and file share services","author":null,"publishedAt":"2025-09-08T09:00:00","permalink":"azure-storage-v5-29-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Azure > Storage > Storage Account > CMDB` no longer requires the `listkeys` permission on storage accounts to fetch details for Blob, Queue, and File Share services. We recommend upgrading TE to `v5.52.5` for this change to take effect.\n"},{"meta":{"title":"aws-s3 v5.32.3 - Encryption in transit control will check only for the relevant encryption in transit condition without explicitly matching on the Sid","author":null,"publishedAt":"2025-09-08T09:00:00","permalink":"aws-s3-v5-32-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > S3 > Bucket > Encryption In Transit` control previously required an Encryption in Transit policy statement with the Sid `MustBeEncryptedInTransit` and the condition `\"aws:SecureTransport\": \"false\"`. This sometimes caused the control to incorrectly enter an alarm state when the bucket had the correct condition but a different Sid. The control has been updated to check only for the relevant Encryption in Transit condition, without explicitly requiring the Sid `MustBeEncryptedInTransit`.\n"},{"meta":{"title":"azure-storage v5.28.1 - Soft Delete control will no longer attempt to apply soft delete settings if Guardrails does not have the required permissions to read or write soft delete data","author":null,"publishedAt":"2025-09-03T09:00:00","permalink":"azure-storage-v5-28-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Storage > Storage Account > Data Protection > Soft Delete` control will no longer attempt to apply soft delete settings if Guardrails does not have the required permissions to read or write soft delete data. Instead, it will transition to an invalid state.\n"},{"meta":{"title":"gcp-bigquery v5.10.0 - Manage trusted access for datasets","author":null,"publishedAt":"2025-08-29T09:00:00","permalink":"gcp-bigquery-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now manage trusted access for datasets. To get started, set the `GCP > BigQuery > Dataset > Policy > Trusted Access > *` policies.\n\n_Control Types_\n\n- GCP > BigQuery > Dataset > Policy\n- GCP > BigQuery > Dataset > Policy > Trusted Access\n\n_Policy Types_\n\n- GCP > BigQuery > Dataset > Policy\n- GCP > BigQuery > Dataset > Policy > Trusted Access\n- GCP > BigQuery > Dataset > Policy > Trusted Access > Domains\n- GCP > BigQuery > Dataset > Policy > Trusted Access > Groups\n- GCP > BigQuery > Dataset > Policy > Trusted Access > Service Accounts\n- GCP > BigQuery > Dataset > Policy > Trusted Access > Users\n\n_Action Types_\n\n- GCP > BigQuery > Dataset > Set Trusted Access\n"},{"meta":{"title":"azure-postgresql v5.20.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-29T09:00:00","permalink":"azure-postgresql-v5-20-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > PostgreSQL > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.52.4 - Simplification of notification tag policy for better consistency","author":"Turbot Team","publishedAt":"2025-08-28T09:00:00","permalink":"te-v5-52-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - The `Turbot > Notifications > CC > Tag` policy is no longer checked; resource tags previously specified in `Turbot > Notifications > CC > Tag > Name` are now associated with the `Account/CC` policy instead of being evaluated independently.\n\n_Bug fixes_\n\n- Server\n - Policy settings now return results correctly for policies inside Policy Packs when you have valid access.\n\n_Requirements_\n\n- Upgrade to `5.52.4` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-iam v5.21.0 - Configure and manage project role bindings for service accounts","author":null,"publishedAt":"2025-08-28T09:00:00","permalink":"gcp-iam-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage project role bindings for service accounts. To get started, set the `GCP > IAM > Service Account > Project Role Bindings > *` policies.\n\n_Control Types_\n\n- GCP > IAM > Service Account > Project Role Bindings\n- GCP > IAM > Service Account > Project Role Bindings > Approved\n\n_Policy Types_\n\n- GCP > IAM > Service Account > Project Role Bindings\n- GCP > IAM > Service Account > Project Role Bindings > Approved\n- GCP > IAM > Service Account > Project Role Bindings > Approved > Rules\n\n_Action Types_\n\n- GCP > IAM > Service Account > Update Project Role Bindings\n"},{"meta":{"title":"azure v5.32.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-28T09:00:00","permalink":"azure-v5-32-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Azure > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-mysql v5.17.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-28T09:00:00","permalink":"azure-mysql-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > MySQL > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-monitor v5.11.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-28T09:00:00","permalink":"azure-monitor-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Monitor > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-datafactory v5.10.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-28T09:00:00","permalink":"azure-datafactory-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Data Factory > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-cosmosdb v5.10.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-28T09:00:00","permalink":"azure-cosmosdb-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Cosmos DB > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-automation v5.3.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-28T09:00:00","permalink":"azure-automation-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Automation > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"aws-cisv3-0 v5.0.6 - Controls will no longer enter invalid or TBD state when corresponding CIS policies are set to `Skip`","author":null,"publishedAt":"2025-08-25T09:00:00","permalink":"aws-cisv3-0-v5-0-6","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- CIS controls previously entered an invalid or TBD state when the CMDB controls for associated resources were in a skipped or TBD state, even if the corresponding CIS policies were set to `Skip`. This issue has been resolved; such controls will now correctly transition to a skipped state.\n"},{"meta":{"title":"aws-cisv2-0 v5.0.5 - Controls will no longer enter invalid or TBD state when corresponding CIS policies are set to `Skip`","author":null,"publishedAt":"2025-08-25T09:00:00","permalink":"aws-cisv2-0-v5-0-5","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- CIS controls previously entered an invalid or TBD state when the CMDB controls for associated resources were in a skipped or TBD state, even if the corresponding CIS policies were set to `Skip`. This issue has been resolved; such controls will now correctly transition to a skipped state.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.53.0 - Smarter control runs based on policy dependencies","author":"Turbot Team","publishedAt":"2025-08-22T09:00:00","permalink":"te-v5-53-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n\t- Controls now wait for dependent policy values to finish processing, preventing redundant runs and duplicate execution attempts.\n\n_Bug fixes_\n\n- Server\n - Restrict smart folder and policy pack to create exception if there is a top level setting available.\n\n\n_Requirements_\n\n- Upgrade to `5.53.0` requires your workspace to be on `5.51.x`\n- TEF: 1.66.0\n- TED: 1.9.1\n- Mods:\n\t-\t@turbot/turbot: 5.55.0\n\n_Base images_\n\n- Alpine: 3.17.5\n- Ubuntu: 22.04.3\n"},{"meta":{"title":"azure-compute v5.26.0 - Configure boot diagnostics for virtual machines","author":null,"publishedAt":"2025-08-22T09:00:00","permalink":"azure-compute-v5-26-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure boot diagnostics for virtual machines. To get started, set the `Azure > Compute > Virtual Machine > Update Boot Diagnostics` policy.\n\n_Control Types_\n\n- Azure > Compute > Virtual Machine > Boot Diagnostics\n\n_Policy Types_\n\n- Azure > Compute > Virtual Machine > Boot Diagnostics\n- Azure > Compute > Virtual Machine > Boot Diagnostics > Custom Storage Account\n\n_Action Types_\n\n- Azure > Compute > Virtual Machine > Update Boot Diagnostics\n"},{"meta":{"title":"azure-appservice v5.15.2 - Web app and function app metadata will now also include `createdBy` details in Guardrails CMDB","author":null,"publishedAt":"2025-08-22T09:00:00","permalink":"azure-appservice-v5-15-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Web App and Function App metadata will now also include `createdBy` details in Guardrails CMDB.\n"},{"meta":{"title":"azure-activedirectory v5.9.1 - Discovery control for directories will run more efficiently and prevent unnecessary resource updates","author":null,"publishedAt":"2025-08-22T09:00:00","permalink":"azure-activedirectory-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Optimized the `Azure > Active Directory > Directory > Discovery` control to run more efficiently and prevent unnecessary resource updates, thereby reducing CMDB churn.\n"},{"meta":{"title":"aws-lambda v5.16.0 - Configure organization restrictions for lambda functions","author":null,"publishedAt":"2025-08-22T09:00:00","permalink":"aws-lambda-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure organization restrictions for AWS Lambda function policies. To get started, configure the AWS > Lambda > Function > Policy > Trusted Access > Organization Restrictions policy accordingly.\n\n_Policy Types_\n\n- AWS > Lambda > Function > Policy > Trusted Access > Organization Restrictions\n- AWS > Lambda > Trusted Organizations [Default]\n"},{"meta":{"title":"turbot v5.55.0 - New guardrail and rollout resources, policies & controls (preview)","author":"Turbot Team","publishedAt":"2025-08-21T09:00:00","permalink":"turbot-v5-55-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$29"},{"meta":{"title":"aws-ec2 v5.46.3 - Discovery controls for target groups will no longer enter an error state when upserting a resource if the parent load balancer isn’t available in the CMDB","author":null,"publishedAt":"2025-08-21T09:00:00","permalink":"aws-ec2-v5-46-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > EC2 > Target Group > Discovery` control could previously enter an error state when upserting a target group whose parent load balancer was not available in CMDB. We have improved this process so that all target groups are now upserted under a region, ensuring better consistency and reliability. Existing target groups under load balancers will also be moved under their respective regions automatically.\n"},{"meta":{"title":"azure-storage v5.28.0 - Configure soft delete for file shares in storage accounts","author":null,"publishedAt":"2025-08-20T09:00:00","permalink":"azure-storage-v5-28-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure soft delete for file shares in storage accounts. To get started, configure the `Azure > Storage > Storage Account > Data Protection > Soft Delete > File Shares > *` policies accordingly.\n- Delete retention policy details for file share will now be available in CMDB for Storage Accounts.\n\n_Policy Types_\n\n- Azure > Storage > Storage Account > Data Protection > Soft Delete > File Shares\n- Azure > Storage > Storage Account > Data Protection > Soft Delete > File Shares > Retention Days\n"},{"meta":{"title":"azure-relay v5.5.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-20T09:00:00","permalink":"azure-relay-v5-5-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Relay > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-recoveryservice v5.9.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-20T09:00:00","permalink":"azure-recoveryservice-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Recovery Service > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-keyvault v5.18.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-20T09:00:00","permalink":"azure-keyvault-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Key Vault > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-dns v5.11.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-20T09:00:00","permalink":"azure-dns-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > DNS > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-databricks v5.7.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-20T09:00:00","permalink":"azure-databricks-v5-7-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Databricks > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-synapseanalytics v5.11.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-18T09:00:00","permalink":"azure-synapseanalytics-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Synapse Analytics > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-sqlvirtualmachine v5.3.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-18T09:00:00","permalink":"azure-sqlvirtualmachine-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > SQL Virtual Machine Service > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-signalr v5.5.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-18T09:00:00","permalink":"azure-signalr-v5-5-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > SignalR Service > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-servicebus v5.5.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-18T09:00:00","permalink":"azure-servicebus-v5-5-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Service Bus > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-network v5.26.1 - Bastion host discovery control now upserts resources reliably and consistently under correct resource groups","author":null,"publishedAt":"2025-08-18T09:00:00","permalink":"azure-network-v5-26-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Network > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n- The `Azure > Network > Bastion Host > Discovery` control previously could inadvertently upsert bastion hosts under incorrect resource groups. This issue has been resolved, and the control now upserts bastion hosts more reliably and consistently.\n"},{"meta":{"title":"azure-loganalytics v5.12.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-18T09:00:00","permalink":"azure-loganalytics-v5-12-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Log Analytics > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"aws-backup v5.13.2 - Recovery point CMDB control no longer re-runs automatically for expired recovery points","author":null,"publishedAt":"2025-08-18T09:00:00","permalink":"aws-backup-v5-13-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Backup > Recovery Point > CMDB` control previously ran every minute if a recovery point’s `CalculatedLifecycle.DeleteAt` timestamp was already in the past. It now deletes expired recovery points and no longer re-runs automatically when the next tick is also in the past.\n"},{"meta":{"title":"Terraform Provider v1.13.0 - Added support for tags in `turbot_policy_pack` resource","author":"Turbot Team","publishedAt":"2025-08-14T09:00:00","permalink":"terraform-provider-v1-13-0","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for `tags` attribute in the `turbot_policy_pack` resource. This will allow users to manage tags on policy packs.\n\nMinimum version requirements:\n\nTE v5.52.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.52.3 - Add tags support for policy pack","author":"Turbot Team","publishedAt":"2025-08-14T09:00:00","permalink":"te-v5-52-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Added support for tags in policy packs, making it easier to organize and filter them.\n\n_Note_\n\nUpgrade to `5.52.3` requires your workspace to be on `5.51.x`; direct upgrades from older versions (e.g., 5.49.x) will fail.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp v5.32.1 - The Event Handlers Pub/Sub Source policy now evaluates reliably on project imports in Guardrails","author":null,"publishedAt":"2025-08-14T09:00:00","permalink":"gcp-v5-32-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Turbot > Event Handlers > Pub/Sub > Source` policy could previously evaluate incorrectly immediately after a GCP Project import if the Project CMDB data was not up to date. The policy now checks the `GCP > Project > CMDB` control and evaluates only when that control has run successfully and is in an OK state, preventing incorrect results and improving clarity.\n- Event Poller controls now display improved help messages when the API used to fetch events returns an error, instead of only logging the errors under Activities.\n\n_Action Types_\n_Removed_\n\n- GCP > Folder > Event Poller\n- GCP > Organization > Event Poller\n- GCP > Project > Event Poller\n"},{"meta":{"title":"azure-compute v5.25.1 - Tags control for various resources no longer includes unnecessary parameters in API calls when updating tags","author":null,"publishedAt":"2025-08-14T09:00:00","permalink":"azure-compute-v5-25-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Compute > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"aws-pciv3-2-1 v5.1.0 - Improved GraphQL queries for `EC2 > 3 Unused EC2 security groups should be removed` control","author":null,"publishedAt":"2025-08-14T09:00:00","permalink":"aws-pciv3-2-1-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated the internal GraphQL queries for the `AWS > PCI v3.2.1 > EC2 > 3 Unused EC2 security groups should be removed` control to improve performance when evaluating the control’s outcome. There are no visible changes, but things will run smoother and faster than before.\n\nNote: We recommend updating the `@turbot/aws-ec2` mod to `v5.46.2` for proper functionality.\n\n_Policy Types_\n\n- AWS > PCI v3.2.1 > EC2\n- AWS > PCI v3.2.1 > EC2 > 3 Unused EC2 security groups should be removed\n"},{"meta":{"title":"aws-ec2 v5.46.2 - Network interfaces CMDB data now includes additional metadata for associated security groups for internal performance improvements","author":null,"publishedAt":"2025-08-14T09:00:00","permalink":"aws-ec2-v5-46-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Added additional metadata for associated security groups to the CMDB data for network interfaces for internal performance improvements.\n"},{"meta":{"title":"aws-logs v5.16.0 - Track and manage delivery, delivery destination, delivery source, and destination resources in Guardrails","author":null,"publishedAt":"2025-08-13T09:00:00","permalink":"aws-logs-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$2a"},{"meta":{"title":"aws-iam v5.44.1 - Stack control will now be able to claim existing OpenID connect providers correctly","author":null,"publishedAt":"2025-08-13T09:00:00","permalink":"aws-iam-v5-44-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails stack controls would fail to claim any existing OpenID Connect provider if the OpenID Connect provider was available in Guardrails CMDB and the stack's Source policy included the Terraform plan for the OpenID Connect provider. This is fixed and stack control will now be able to claim existing OpenID Connect providers correctly.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.52.2 - Fixed server stability issues and improved UI consistency","author":"Turbot Team","publishedAt":"2025-08-12T09:00:00","permalink":"te-v5-52-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"$2b"},{"meta":{"title":"azure-storage v5.27.1 - Storage account CMDB control will no longer attempt to access table services for premium storage accounts","author":null,"publishedAt":"2025-08-12T09:00:00","permalink":"azure-storage-v5-27-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Storage > Storage Account > CMDB` control previously encountered errors with Premium storage accounts when attempting to access unsupported Table services. This has now been resolved.\n"},{"meta":{"title":"turbot v5.54.3 - Prevent background task errors for non existent resources","author":"Turbot Team","publishedAt":"2025-08-08T09:00:00","permalink":"turbot-v5-54-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Turbot > Workspace > Background Tasks will no longer go into an error state if the resource does not exist.\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"azure-storage v5.27.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-08-08T09:00:00","permalink":"azure-storage-v5-27-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$2c"},{"meta":{"title":"azure-keyvault v5.18.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-08-08T09:00:00","permalink":"azure-keyvault-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using Terraform 1.x via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- Azure > Key Vault > Vault > Stack [Native]\n\n_Policy Types_\n\n- Azure > Key Vault > Vault > Stack [Native]\n- Azure > Key Vault > Vault > Stack [Native] > Drift Detection\n- Azure > Key Vault > Vault > Stack [Native] > Drift Detection > Interval\n- Azure > Key Vault > Vault > Stack [Native] > Modifier\n- Azure > Key Vault > Vault > Stack [Native] > Secret Variables\n- Azure > Key Vault > Vault > Stack [Native] > Source\n- Azure > Key Vault > Vault > Stack [Native] > Timeout\n- Azure > Key Vault > Vault > Stack [Native] > Variables\n- Azure > Key Vault > Vault > Stack [Native] > Version\n"},{"meta":{"title":"servicenow-gcp v5.8.1 - Fixed invalid CMDB references for region resource types causing control errors","author":null,"publishedAt":"2025-08-07T09:00:00","permalink":"servicenow-gcp-v5-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed invalid CMDB references for the `Zone`, `Region`, `Multi-Region`, and `Global Region` resource types that caused the `Relationships` and `Import Set` controls to enter an error state. The controls now run reliably without errors.\n"},{"meta":{"title":"aws v5.38.1 - Budget control will no longer run unnecessarily when notifications are enabled in the workspaces","author":null,"publishedAt":"2025-08-07T09:00:00","permalink":"aws-v5-38-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Account > Budget > Budget` control previously reran unnecessarily in workspaces with `Turbot > Notifications` enabled. This issue has been resolved, and the control now runs as expected.\n"},{"meta":{"title":"Terraform Provider v1.12.5 - Improved handling of `turbot_file` updates","author":"Turbot Team","publishedAt":"2025-08-06T09:00:00","permalink":"terraform-provider-v1-12-5","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed an issue in the `turbot_file` resource where removed keys in the content field were incorrectly sent as `\"key\": null` in the update payload. The provider now sends the content exactly as specified in the Terraform configuration, ensuring that only the intended keys appear in the Turbot console.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.51.1 -Added CPU and memory settings for PgBouncer task","author":"Turbot Team","publishedAt":"2025-08-06T09:00:00","permalink":"ted-v1-51-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added CPU and memory settings for the PgBouncer task, giving you more control over resource allocation.\n"},{"meta":{"title":"azure-storage v5.26.0 - Configure cross-tenant replication for storage accounts","author":null,"publishedAt":"2025-08-06T09:00:00","permalink":"azure-storage-v5-26-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure cross-tenant replication for storage accounts. To get started, set the `Azure > Storage > Storage Account > Cross-Tenant Replication` policy.\n\n_Control Types_\n\n- Azure > Storage > Storage Account > Cross-Tenant Replication\n\n_Policy Types_\n\n- Azure > Storage > Storage Account > Cross-Tenant Replication\n\n_Action Types_\n\n- Azure > Storage > Storage Account > Set Cross-Tenant Replication\n"},{"meta":{"title":"azure-sql v5.19.1 - Updated internal Node SDK package to delete SQL resources correctly","author":null,"publishedAt":"2025-08-06T09:00:00","permalink":"azure-sql-v5-19-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails previously failed to delete `Azure > SQL > *` resources due to limitations in the internal Node SDK package version. This issue has now been resolved, and the resources will be deleted as expected.\n- The `Azure > SQL > *` tags controls will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"gcp-iam v5.20.0 - Manage role bindings for service accounts","author":null,"publishedAt":"2025-08-05T09:00:00","permalink":"gcp-iam-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now manage role bindings for service accounts. To get started, set the `GCP > IAM > Service Account > Role Bindings > *` policies.\n\n_Control Types_\n\n- GCP > IAM > Service Account > Role Bindings\n- GCP > IAM > Service Account > Role Bindings > Approved\n\n_Policy Types_\n\n- GCP > IAM > Service Account > Role Bindings\n- GCP > IAM > Service Account > Role Bindings > Approved\n- GCP > IAM > Service Account > Role Bindings > Approved > Rules\n\n_Action Types_\n\n- GCP > IAM > Service Account > Update Role Bindings\n"},{"meta":{"title":"azure-storage v5.25.2 - Diagnostic settings data will now be retrieved accurately for all storage services","author":null,"publishedAt":"2025-08-04T09:00:00","permalink":"azure-storage-v5-25-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In the previous version, an issue was introduced in the CMDB control for `Azure > Storage > Storage Account` that prevented the retrieval of diagnostic settings. This has now been resolved, and the control successfully processes diagnostic settings for all storage services, including Blob, Table, Queue, and the primary account.\n"},{"meta":{"title":"gcp-iam v5.19.0 - Manage role bindings for project users","author":null,"publishedAt":"2025-08-01T09:00:00","permalink":"gcp-iam-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now manage role bindings for project users. To get started, set the `GCP > IAM > Project User > Role Bindings > *` policies.\n\n_Control Types_\n\n- GCP > IAM > Project User > Role Bindings\n- GCP > IAM > Project User > Role Bindings > Approved\n\n_Policy Types_\n\n- GCP > IAM > Project User > Role Bindings\n- GCP > IAM > Project User > Role Bindings > Approved\n- GCP > IAM > Project User > Role Bindings > Approved > Rules\n\n_Action Types_\n\n- GCP > IAM > Project User > Update Role Bindings\n"},{"meta":{"title":"azure-servicebus v5.5.0 - Network rule set details will now be available in CMDB for namespaces","author":null,"publishedAt":"2025-08-01T09:00:00","permalink":"azure-servicebus-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Network rule set details will now be available in CMDB for namespaces.\n"},{"meta":{"title":"azure-cisv3-0 v5.0.0 is now available","author":null,"publishedAt":"2025-08-01T09:00:00","permalink":"azure-cisv3-0-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$2d"},{"meta":{"title":"github v5.2.0 - Added proxy support for GitHub API requests","author":null,"publishedAt":"2025-07-31T09:00:00","permalink":"github-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added proxy support for GitHub API requests.\n"},{"meta":{"title":"azure-storage v5.25.1 - Updated internal Node SDK package to fetch diagnostic settings for storage accounts correctly","author":null,"publishedAt":"2025-07-31T09:00:00","permalink":"azure-storage-v5-25-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails previously failed to fetch all `diagnosticSettings` details for storage accounts control due to limitations in the internal Node SDK package version. This has now been resolved, and the CMDB control will successfully fetch all details as expected.\n\nRenamed:\n\n- `diagnosticSettings.value` to `diagnosticSettings`\n"},{"meta":{"title":"azure-keyvault v5.17.1 - Updated internal Node SDK package to fetch diagnostic settings for key vaults correctly","author":null,"publishedAt":"2025-07-31T09:00:00","permalink":"azure-keyvault-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails previously failed to fetch all `diagnosticSettings` details for vaults control due to limitations in the internal Node SDK package version. This has now been resolved, and the CMDB control will successfully fetch all details as expected.\n"},{"meta":{"title":"azure-appservice v5.15.1 - Updated internal Node SDK package to fetch diagnostic settings for web apps correctly","author":null,"publishedAt":"2025-07-31T09:00:00","permalink":"azure-appservice-v5-15-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails previously failed to fetch all `diagnosticSettings` details for web apps control due to limitations in the internal Node SDK package version. This has now been resolved, and the CMDB control will successfully fetch all details as expected.\n"},{"meta":{"title":"azure-storage v5.25.0 - Diagnostic settings for blob, queue, and table will now be available in CMDB for storage accounts","author":null,"publishedAt":"2025-07-29T09:00:00","permalink":"azure-storage-v5-25-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Diagnostic Settings for blob, queue, and table will now be available in CMDB for storage accounts.\n- Users can now update access tier to `cold` for storage accounts. To get started, set the `Azure > Storage > Storage Account > Access Tier` policy to `Enforce: Cold`.\n\n_Bug fixes_\n\n- The `Azure > Storage > Storage Account > Tags` control will no longer pass unnecessary arguments as parameter to the API call while updating tags for the resource.\n"},{"meta":{"title":"azure-compute v5.25.0 - Configure guest configuration extension for virtual machines","author":null,"publishedAt":"2025-07-29T09:00:00","permalink":"azure-compute-v5-25-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure guest configuration extension for virtual machines. To get started, set the `Azure > Compute > Virtual Machine > Extensions > Guest Configuration` policy.\n\n_Control Types_\n\n- Azure > Compute > Virtual Machine > Extensions\n- Azure > Compute > Virtual Machine > Extensions > Guest Configuration\n\n_Policy Types_\n\n- Azure > Compute > Virtual Machine > Extensions\n- Azure > Compute > Virtual Machine > Extensions > Guest Configuration\n\n_Action Types_\n\n- Azure > Compute > Virtual Machine > Update Guest Configuration\n"},{"meta":{"title":"azure-cisv2-0 v5.2.0 - Added controls for sections 5.01.01, 5.01.02 and 7.01","author":null,"publishedAt":"2025-07-29T09:00:00","permalink":"azure-cisv2-0-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$2e"},{"meta":{"title":"aws-s3 v5.32.2 - CMDB data now automatically refreshes when intelligent tiering configurations are removed from the buckets","author":null,"publishedAt":"2025-07-25T09:00:00","permalink":"aws-s3-v5-32-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB data for buckets did not refresh automatically when intelligent tiering configurations were removed from the buckets. This issue has now been fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.51.0 -\tAdded support for PostgreSQL versions 15.9, 15.10, 15.11, 15.12 and 15.13","author":"Turbot Team","publishedAt":"2025-07-24T09:00:00","permalink":"ted-v1-51-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for PostgreSQL version 15.9, 15.10, 15.11, 15.12 and 15.13.\n"},{"meta":{"title":"Terraform Provider v1.12.4 - Improved handling of policy pack deletions with attachments","author":"Turbot Team","publishedAt":"2025-07-23T09:00:00","permalink":"terraform-provider-v1-12-4","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Resolved a bug where destroying a policy pack via Terraform did not delete the policy pack if it was still attached to resources. The `terraform destroy` command now provides a clear and meaningful error message when such attachments exist.\n\n Minimum version requirements:\n - TE v5.52.1\n"},{"meta":{"title":"azure v5.32.0 - Diagnostic settings details will now be available in CMDB for subscriptions","author":null,"publishedAt":"2025-07-23T09:00:00","permalink":"azure-v5-32-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Diagnostic Settings details will now be available in CMDB for Subscriptions.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.52.1 - Enhancements and fixes to improve core system reliability","author":"Turbot Team","publishedAt":"2025-07-22T09:00:00","permalink":"te-v5-52-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Introduced `LAMBDA_IN_VPC_GITHUB` flag to enable deployment of GitHub mod lambdas inside a VPC.\n\n_Bug Fixes_\n\n- Server\n - Optimized mod type installation to distribute event execution more evenly over time, minimizing the risk of throttling.\n - Fixed an issue where controls or actions could get stuck if their notification templates were empty or failed to render correctly.\n - The Delete Policy Pack API now throws a clear error when attempting to delete a policy pack that still has attached resources.\n - The maintenance container now ensures the index_list table is populated with any missing indexes, improving database reliability.\n - Unused Lambda functions are now correctly deleted when no aliases remain.\n\n_Note_\n\nUpgrade to `5.52.1` requires your workspace to be on `5.51.x`; direct upgrades from older versions (e.g., 5.49.x) will fail.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-network v5.26.0 - Track and manage bastion hosts in CMDB","author":null,"publishedAt":"2025-07-22T09:00:00","permalink":"azure-network-v5-26-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource Types:\n - Azure > Network > Bastion Host\n\n- Control Types:\n - Azure > Network > Bastion Host > Active\n - Azure > Network > Bastion Host > CMDB\n - Azure > Network > Bastion Host > Discovery\n - Azure > Network > Bastion Host > Tags\n\n- Policy Types:\n - Azure > Network > Bastion Host > Active\n - Azure > Network > Bastion Host > Active > Age\n - Azure > Network > Bastion Host > Active > Last Modified\n - Azure > Network > Bastion Host > CMDB\n - Azure > Network > Bastion Host > Regions\n - Azure > Network > Bastion Host > Tags\n - Azure > Network > Bastion Host > Tags > Template\n\n- Action Types:\n - Azure > Network > Bastion Host > Delete\n - Azure > Network > Bastion Host > Router\n - Azure > Network > Bastion Host > Set Tags\n"},{"meta":{"title":"azure-compute v5.24.0 - HyperVGeneration details will now be available in the CMDB for virtual machines","author":null,"publishedAt":"2025-07-22T09:00:00","permalink":"azure-compute-v5-24-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `HyperVGeneration` details will now be available in the CMDB for Virtual Machines.\n"},{"meta":{"title":"azure-activedirectory v5.9.0 - Conditional access policy and directory role details will now be available in CMDB for directories","author":null,"publishedAt":"2025-07-22T09:00:00","permalink":"azure-activedirectory-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `Conditional Access Policy` and `Directory Role` details will now be available in CMDB for Directories.\n\n_Action Types_\n\n- Azure > Active Directory > Directory > Router\n"},{"meta":{"title":"aws-bedrock v5.1.0 - Various new resource types for Bedrock are now available","author":null,"publishedAt":"2025-07-22T09:00:00","permalink":"aws-bedrock-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$2f"},{"meta":{"title":"aws-apigateway v5.12.2 - Real-time events for stage resources will now be processed more reliably","author":null,"publishedAt":"2025-07-21T09:00:00","permalink":"aws-apigateway-v5-12-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In previous versions, `apigateway:CreateDeployment` events were processed without validating the required stageName parameter, which could result in invalid stage resources in the CMDB. This issue is now fixed.\n"},{"meta":{"title":"aws-apigateway v5.12.1 - Enhanced real-time event handling for stage resources to accurately process events when a web ACL is attached","author":null,"publishedAt":"2025-07-18T09:00:00","permalink":"aws-apigateway-v5-12-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Resolved an issue with real-time event handling for `AWS > API Gateway > Stage` resources. Specifically, Guardrails was previously not receiving events when a Web ACL was attached to an API Gateway stage. This has now been fixed, and events for such actions are processed as expected.\n"},{"meta":{"title":"gcp-network v5.16.0 - Configure private google access for subnetworks","author":null,"publishedAt":"2025-07-11T09:00:00","permalink":"gcp-network-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure the private google access settings for subnetworks. To get started, set the `GCP > Network > Subnetwork > Private Google Access` policy.\n\n_Control Types_\n\n- GCP > Network > Subnetwork > Private Google Access\n\n_Policy Types_\n\n- GCP > Network > Subnetwork > Private Google Access\n\n_Action Types_\n\n- GCP > Network > Subnetwork > Set Private Google Access\n"},{"meta":{"title":"gcp-dns v5.9.1 - Managed zone Labels control now correctly applies labels according to the template policy","author":null,"publishedAt":"2025-07-11T09:00:00","permalink":"gcp-dns-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Previously, `GCP > DNS > Managed Zone > Labels` control would fail when attempting to update labels on private DNS zones that were linked to a Service Directory namespace. This was caused by the control attempting to modify the `serviceDirectoryConfig` field, which is not allowed by the Google Cloud DNS API and resulted in an error. This issue has now been resolved.\n"},{"meta":{"title":"aws-dynamodb v5.16.0 - Manage trusted access for tables","author":null,"publishedAt":"2025-07-11T09:00:00","permalink":"aws-dynamodb-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now manage trusted access for tables. To get started, set the `AWS > DynamoDB > Table > Policy > Trusted Access > *` policies.\n- Resource policy details will now be available in CMDB for tables.\n\n_Control Types_\n\n- AWS > DynamoDB > Table > Policy\n- AWS > DynamoDB > Table > Policy > Trusted Access\n\n_Policy Types_\n\n- AWS > DynamoDB > Table > Policy\n- AWS > DynamoDB > Table > Policy > Trusted Access\n- AWS > DynamoDB > Table > Policy > Trusted Access > Accounts\n- AWS > DynamoDB > Table > Policy > Trusted Access > CloudFront Origin Access Identities\n- AWS > DynamoDB > Table > Policy > Trusted Access > Organization Restrictions\n- AWS > DynamoDB > Trusted Accounts [Default]\n- AWS > DynamoDB > Trusted Organizations [Default]\n\n_Action Types_\n\n- AWS > DynamoDB > Table > Set Policy Trusted Access\n"},{"meta":{"title":"gcp-computeengine v5.22.0 - Real time events are now processed for the regional disks","author":null,"publishedAt":"2025-07-07T09:00:00","permalink":"gcp-computeengine-v5-22-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support to process real-time events for `GCP > Compute Engine > Region Disk`.\n\n_Action Types_\n\n- GCP > Compute Engine > Region Disk > Router\n"},{"meta":{"title":"aws-ec2 v5.46.1 - Removed dependency on workspace version policy for custom event patterns","author":null,"publishedAt":"2025-07-07T09:00:00","permalink":"aws-ec2-v5-46-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-ec2` policy previously depended on the `Turbot > Workspace > Workspace Version` policy, causing Event Handlers to run after a TE update. This dependency has been safely removed, improving the overall efficiency of the workspace.\n"},{"meta":{"title":"azure-postgresql v5.20.0 - Configure Intelligent Assessment control for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-03T09:00:00","permalink":"azure-postgresql-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` control, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- Azure > PostgreSQL > Flexible Server > Intelligent Assessment\n\n_Policy Types_\n\n- Azure > PostgreSQL > Flexible Server > Intelligent Assessment\n- Azure > PostgreSQL > Flexible Server > Intelligent Assessment > Context\n- Azure > PostgreSQL > Flexible Server > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"aws-events v5.15.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-07-03T09:00:00","permalink":"aws-events-v5-15-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"gcp v5.32.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"gcp-v5-32-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` controls, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- GCP > Folder > Intelligent Assessment\n- GCP > Organization > Intelligent Assessment\n- GCP > Project > Intelligent Assessment\n\n_Policy Types_\n\n- GCP > Folder > Intelligent Assessment\n- GCP > Folder > Intelligent Assessment > Context\n- GCP > Folder > Intelligent Assessment > User Prompt\n- GCP > Organization > Intelligent Assessment\n- GCP > Organization > Intelligent Assessment > Context\n- GCP > Organization > Intelligent Assessment > User Prompt\n- GCP > Project > Intelligent Assessment\n- GCP > Project > Intelligent Assessment > Context\n- GCP > Project > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"gcp-pubsub v5.11.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"gcp-pubsub-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` controls, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- GCP > Pub/Sub > Snapshot > Intelligent Assessment\n- GCP > Pub/Sub > Subscription > Intelligent Assessment\n- GCP > Pub/Sub > Topic > Intelligent Assessment\n\n_Policy Types_\n\n- GCP > Pub/Sub > Snapshot > Intelligent Assessment\n- GCP > Pub/Sub > Snapshot > Intelligent Assessment > Context\n- GCP > Pub/Sub > Snapshot > Intelligent Assessment > User Prompt\n- GCP > Pub/Sub > Subscription > Intelligent Assessment\n- GCP > Pub/Sub > Subscription > Intelligent Assessment > Context\n- GCP > Pub/Sub > Subscription > Intelligent Assessment > User Prompt\n- GCP > Pub/Sub > Topic > Intelligent Assessment\n- GCP > Pub/Sub > Topic > Intelligent Assessment > Context\n- GCP > Pub/Sub > Topic > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"gcp-logging v5.7.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"gcp-logging-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` controls, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- GCP > Logging > Exclusion > Intelligent Assessment\n- GCP > Logging > Metric > Intelligent Assessment\n- GCP > Logging > Sink > Intelligent Assessment\n\n_Policy Types_\n\n- GCP > Logging > Exclusion > Intelligent Assessment\n- GCP > Logging > Exclusion > Intelligent Assessment > Context\n- GCP > Logging > Exclusion > Intelligent Assessment > User Prompt\n- GCP > Logging > Metric > Intelligent Assessment\n- GCP > Logging > Metric > Intelligent Assessment > Context\n- GCP > Logging > Metric > Intelligent Assessment > User Prompt\n- GCP > Logging > Sink > Intelligent Assessment\n- GCP > Logging > Sink > Intelligent Assessment > Context\n- GCP > Logging > Sink > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"gcp-bigquerydatatransfer v5.2.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment control","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"gcp-bigquerydatatransfer-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` control.\n"},{"meta":{"title":"gcp-bigquery v5.9.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"gcp-bigquery-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"gcp-appengine v5.5.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"gcp-appengine-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$30"},{"meta":{"title":"azure-sql v5.19.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"azure-sql-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$31"},{"meta":{"title":"azure-network v5.25.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"azure-network-v5-25-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$32"},{"meta":{"title":"azure-mysql v5.17.0 - Configure Intelligent Assessment control for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"azure-mysql-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` control, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- Azure > MySQL > Flexible Server > Intelligent Assessment\n\n_Policy Types_\n\n- Azure > MySQL > Flexible Server > Intelligent Assessment\n- Azure > MySQL > Flexible Server > Intelligent Assessment > Context\n- Azure > MySQL > Flexible Server > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"azure-monitor v5.11.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"azure-monitor-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$33"},{"meta":{"title":"aws-route53 v6.8.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-route53-v6-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"aws-redshift v5.22.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-redshift-v5-22-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$34"},{"meta":{"title":"aws-rds v5.32.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-rds-v5-32-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$35"},{"meta":{"title":"aws-organizations v5.5.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-organizations-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$36"},{"meta":{"title":"aws-kms v5.20.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment control","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-kms-v5-20-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` control.\n"},{"meta":{"title":"aws-iam v5.44.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-iam-v5-44-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$37"},{"meta":{"title":"aws-glue v5.13.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-glue-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$38"},{"meta":{"title":"aws-dynamodb v5.15.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-dynamodb-v5-15-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"aws-directconnect v5.6.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-directconnect-v5-6-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"aws-cloudtrail v5.13.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-cloudtrail-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` controls, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- AWS > CloudTrail > Shadow Trail > Intelligent Assessment\n- AWS > CloudTrail > Trail > Intelligent Assessment\n\n_Policy Types_\n\n- AWS > CloudTrail > Shadow Trail > Intelligent Assessment\n- AWS > CloudTrail > Shadow Trail > Intelligent Assessment > Context\n- AWS > CloudTrail > Shadow Trail > Intelligent Assessment > User Prompt\n- AWS > CloudTrail > Trail > Intelligent Assessment\n- AWS > CloudTrail > Trail > Intelligent Assessment > Context\n- AWS > CloudTrail > Trail > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"aws-backup v5.13.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-07-02T09:00:00","permalink":"aws-backup-v5-13-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"gcp-dataproc v5.10.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-01T09:00:00","permalink":"gcp-dataproc-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$39"},{"meta":{"title":"azure v5.31.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-01T09:00:00","permalink":"azure-v5-31-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$3a"},{"meta":{"title":"aws v5.38.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-01T09:00:00","permalink":"aws-v5-38-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$3b"},{"meta":{"title":"aws-cloudwatch v5.11.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment control","author":null,"publishedAt":"2025-07-01T09:00:00","permalink":"aws-cloudwatch-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` control.\n"},{"meta":{"title":"aws-apigateway v5.12.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-07-01T09:00:00","permalink":"aws-apigateway-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$3c"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.68.0 - Added support for PgBouncer","author":"Turbot Team","publishedAt":"2025-06-30T09:00:00","permalink":"tef-v1-68-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Workspace Manager can now access log buckets encrypted with customer-managed KMS keys, improving support for secure logging setups.\n- The initial setup for PgBouncer support is now available. When enabled, the stack automatically creates the networking and discovery components—like Security Groups and CloudMap—needed for PgBouncer to work.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.50.0 -\tSupport for PgBouncer and Valkey now available","author":"Turbot Team","publishedAt":"2025-06-30T09:00:00","permalink":"ted-v1-50-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- PgBouncer support is now available.\n- Support for Valkey has been introduced, offering a simpler and more cost-effective option than Redis.\n\n_PgBouncer_\n\nPgBouncer support has been introduced to improve database connection efficiency through lightweight connection pooling. This enhancement benefits high-throughput environments by reducing the overhead of frequent PostgreSQL connections.\n\nMinimum version requirements:\n\n- TE v5.52.0\n- TEF v1.68.0\n- TED v1.50.0\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.52.0 - Introduced AI-Powered control remediation steps and policy pack summary","author":"Turbot Team","publishedAt":"2025-06-30T09:00:00","permalink":"te-v5-52-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Introduced a new GraphQL resolver that generates AI-driven remediation steps for controls.\n\n- UI\n - Enhanced the UI to display AI-generated remediation steps within the control details view.\n - Added a summary view to the UI for Policy Packs to provide a quick overview of key settings.\n\n_Note_\n\nUpgrade to `5.52.0` requires your workspace to be on `5.51.x`; direct upgrades from older versions (e.g., 5.49.x) will fail.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-storage v5.13.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"gcp-storage-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` controls, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- GCP > Storage > Bucket > Intelligent Assessment\n- GCP > Storage > Object > Intelligent Assessment\n\n_Policy Types_\n\n- GCP > Storage > Bucket > Intelligent Assessment\n- GCP > Storage > Bucket > Intelligent Assessment > Context\n- GCP > Storage > Bucket > Intelligent Assessment > User Prompt\n- GCP > Storage > Object > Intelligent Assessment\n- GCP > Storage > Object > Intelligent Assessment > Context\n- GCP > Storage > Object > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"gcp-iam v5.18.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"gcp-iam-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$3d"},{"meta":{"title":"gcp-functions v5.10.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"gcp-functions-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have improved the internal handling of user prompts to ensure better and more consistent evaluations for the Intelligent Assessment controls.\n"},{"meta":{"title":"gcp-computeengine v5.21.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"gcp-computeengine-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$3e"},{"meta":{"title":"azure-storage v5.24.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"azure-storage-v5-24-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$3f"},{"meta":{"title":"azure-iam v5.15.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"azure-iam-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now use the `Intelligent Assessment` controls, which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts. To get started, set the `Intelligent Assessment > *` policies.\n\n_Control Types_\n\n- Azure > IAM > Role Assignment > Intelligent Assessment\n- Azure > IAM > Role Definition > Intelligent Assessment\n\n_Policy Types_\n\n- Azure > IAM > Role Assignment > Intelligent Assessment\n- Azure > IAM > Role Assignment > Intelligent Assessment > Context\n- Azure > IAM > Role Assignment > Intelligent Assessment > User Prompt\n- Azure > IAM > Role Definition > Intelligent Assessment\n- Azure > IAM > Role Definition > Intelligent Assessment > Context\n- Azure > IAM > Role Definition > Intelligent Assessment > User Prompt\n"},{"meta":{"title":"azure-compute v5.23.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"azure-compute-v5-23-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$40"},{"meta":{"title":"aws-vpc-security v5.14.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-vpc-security-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$41"},{"meta":{"title":"aws-vpc-internet v5.13.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-vpc-internet-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$42"},{"meta":{"title":"aws-vpc-core v5.22.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-vpc-core-v5-22-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"aws-vpc-connect v5.11.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-vpc-connect-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$43"},{"meta":{"title":"aws-sqs v5.18.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment control","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-sqs-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` control.\n"},{"meta":{"title":"aws-sns v5.18.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-sns-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"aws-s3 v5.32.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-s3-v5-32-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"aws-lambda v5.15.1 - Improved handling of user prompts and updated GraphQL dependencies for the Intelligent Assessment controls","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-lambda-v5-15-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved the internal handling of user prompts and updated GraphQL dependencies for the `Intelligent Assessment` controls.\n"},{"meta":{"title":"aws-ec2 v5.46.0 - Configure Intelligent Assessment controls for dynamic, context-aware resource assessments","author":null,"publishedAt":"2025-06-30T09:00:00","permalink":"aws-ec2-v5-46-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$44"},{"meta":{"title":"turbot v5.54.2 - Improved system prompts for Intelligent Assessment, Intelligent Fixes and Policy Pack Summary","author":"Turbot Team","publishedAt":"2025-06-27T09:00:00","permalink":"turbot-v5-54-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Improved system prompts for Intelligent Assessment, Intelligent Fixes and Policy Pack Summary.\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"Terraform Provider v1.12.3 - Terraform SAML directory updates now processed correctly","author":"Turbot Team","publishedAt":"2025-06-25T09:00:00","permalink":"terraform-provider-v1-12-3","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed an issue where SAML directory certificate updates applied via Terraform appeared successful but did not persist in the backend. These updates are now correctly processed and retained.\n- Resolved an issue where the log message for policySetting resources was unclear when attempting to create policy settings for non-existent or uninstalled policy types. The log output is now more informative and precise.\n"},{"meta":{"title":"turbot v5.54.1 - Improved system prompt for Intelligent Assessment control","author":"Turbot Team","publishedAt":"2025-06-24T09:00:00","permalink":"turbot-v5-54-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Improved `Turbot > AI > Control > Intelligent Assessment > System Prompt` policy for better responses from the AI provider.\n- Updated the default value for `Turbot > AI > Configuration > Max Tokens [Default]` policy to 1000.\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"turbot v5.54.0 - AI-generated Policy Pack summaries are now available","author":"Turbot Team","publishedAt":"2025-06-24T09:00:00","permalink":"turbot-v5-54-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- AI-generated Policy Pack summaries are now available. To get started, set the `Turbot > AI > Policy Pack > *` policies.\n\n__Control Types__\n\n- Turbot > Policy Pack > Summary\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"Configure Intelligent Assessment controls for dynamic, context-aware resource assessments for 15 mods","author":null,"publishedAt":"2025-06-24T09:00:00","permalink":"intelligent-assessment-15-mods","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The following 15 mods now have the `Intelligent Assessment` control(s), which enables dynamic, context-aware resource assessments and leverages AI capabilities to evaluate cloud resources based on user prompts.\n\n- aws-backup `v5.13.0`\n- aws-cloudwatch `v5.11.0`\n- aws-directconnect `v5.6.0`\n- aws-dynamodb `v5.15.0`\n- aws-events `v5.15.0`\n- aws-kms `v5.20.0`\n- aws-lambda `v5.15.0`\n- aws-route53 `v6.8.0`\n- aws-s3 `v5.32.0`\n- aws-sns `v5.18.0`\n- aws-sqs `v5.18.0`\n- aws-vpc-core `v5.22.0`\n- gcp-bigquery `v5.9.0`\n- gcp-bigquerydatatransfer `v5.2.0`\n- gcp-functions `v5.10.0`\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.8 - Version bump to align with deployment requirements","author":"Turbot Team","publishedAt":"2025-06-23T09:00:00","permalink":"te-v5-51-8","image":null,"tags":["TE"],"product":"guardrails"},"content":"\nVersion bump to align with deployment requirements.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.67.0 - Enhanced EC2 customization: launch template tags, encrypted AMI support, and dynamic user data via SSM","author":"Turbot Team","publishedAt":"2025-06-20T09:00:00","permalink":"tef-v1-67-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Added support for five optional EC2 Launch Template tags (LaunchTemplateTag1–LaunchTemplateTag5) via SSM parameters. These tags are automatically applied to EC2 instances, EBS volumes, and network interfaces for improved resource classification and automation.\n - Introduced the `AmiKmsKeyArn` parameter to allow specifying a custom AWS KMS Key ARN for encrypting EBS volumes attached to EC2 instances. This enables support for custom encrypted AMIs.\n - Added a new `EC2InstanceCustomUserData` parameter that appends additional UserData from SSM. This allows for dynamic EC2 initialization without needing changes to the CloudFormation template.\n\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.7 - Version bump to align with deployment requirements","author":"Turbot Team","publishedAt":"2025-06-20T09:00:00","permalink":"te-v5-51-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\nVersion bump to align with deployment requirements.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot v5.53.0 - Bring your own AI to Guardrails","author":"Turbot Team","publishedAt":"2025-06-20T09:00:00","permalink":"turbot-v5-53-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$45"},{"meta":{"title":"azure-storage v5.23.0 - Configure shared key access for storage accounts","author":null,"publishedAt":"2025-06-19T09:00:00","permalink":"azure-storage-v5-23-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure shared key access for storage accounts. To get started, set the `Azure > Storage > Storage Account > Shared Key Access` policy.\n\n_Control Types_\n\n- Azure > Storage > Storage Account > Shared Key Access\n\n_Policy Types_\n\n- Azure > Storage > Storage Account > Shared Key Access\n\n_Action Types_\n\n- Azure > Storage > Storage Account > Set Shared Key Access\n"},{"meta":{"title":"aws-cisv3-0 v5.0.5 - Controls 3.08 and 3.09 will now evaluate the outcome correctly","author":null,"publishedAt":"2025-06-18T09:00:00","permalink":"aws-cisv3-0-v5-0-5","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket` control previously failed to evaluate correctly when there were more than one `FieldSelectors` present under `AdvancedEventSelectors`. This issue is now fixed.\n- The `AWS > CIS v3.0 > 3 - Logging > 3.09 - Ensure that Object-level logging for read events is enabled for S3 bucket` control has been enhanced to evaluate both `EventSelectors` and `AdvancedEventSelectors` when determining whether object-level logging is enabled. Previously, the control evaluated only `EventSelectors`, which could result in false alarms when logging was configured using `AdvancedEventSelectors`.\n"},{"meta":{"title":"aws-cisv2-0 v5.0.4 - Controls 3.10 and 3.11 will now evaluate the outcome correctly","author":null,"publishedAt":"2025-06-18T09:00:00","permalink":"aws-cisv2-0-v5-0-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket` control previously failed to evaluate correctly when there were more than one `FieldSelectors` present under `AdvancedEventSelectors`. This issue is now fixed.\n- The `AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket` control has been enhanced to evaluate both `EventSelectors` and `AdvancedEventSelectors` when determining whether object-level logging is enabled. Previously, the control evaluated only `EventSelectors`, which could result in false alarms when logging was configured using `AdvancedEventSelectors`.\n"},{"meta":{"title":"aws-cisv1-4 v5.0.9 - Controls 3.10 and 3.11 will now evaluate the outcome correctly","author":null,"publishedAt":"2025-06-18T09:00:00","permalink":"aws-cisv1-4-v5-0-9","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v1.4 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket (Automated)` control previously failed to evaluate correctly when there were more than one `FieldSelectors` present under `AdvancedEventSelectors`. This issue is now fixed.\n- The `AWS > CIS v1.4 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket (Automated)` control has been enhanced to evaluate both `EventSelectors` and `AdvancedEventSelectors` when determining whether object-level logging is enabled. Previously, the control evaluated only `EventSelectors`, which could result in false alarms when logging was configured using `AdvancedEventSelectors`.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.6 - Version bump to align with deployment requirements","author":"Turbot Team","publishedAt":"2025-06-16T09:00:00","permalink":"te-v5-51-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\nVersion bump to align with deployment requirements.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-kms v5.19.1 - Policy Statements > Approved control will now be skipped for AWS-managed keys","author":null,"publishedAt":"2025-06-13T09:00:00","permalink":"aws-kms-v5-19-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > KMS > Key > Policy Statements > Approved` control will now be skipped for AWS-managed KMS keys.\n"},{"meta":{"title":"aws-cisv3-0 v5.0.4 - `3.08 Ensure that Object-level logging for write events is enabled for S3 bucket` control will now evaluate the outcome correctly","author":null,"publishedAt":"2025-06-13T09:00:00","permalink":"aws-cisv3-0-v5-0-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket` control has been enhanced to evaluate both `EventSelectors` and `AdvancedEventSelectors` when determining whether object-level logging is enabled. Previously, the control evaluated only `EventSelectors`, which could result in false alarms when logging was configured using `AdvancedEventSelectors`.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.5 - Fixed access issue in policy pack management.","author":"Turbot Team","publishedAt":"2025-06-12T09:00:00","permalink":"te-v5-51-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Fixed access issue in policy pack management.\n\n- UI\n - Fixed an issue where importing a GCP Organization via the UI did not automatically create the required `Private Key` setting.\n\n_Security Updates_\n\nFixed access issue in policy pack management\n\nIn version 5.51.3, a security issue was introduced that mistakenly allowed users with any `Turbot/*` permissions — at the `Turbot` level, when using the API — to:\n - Create or update policy associations within a policy pack\n - Delete a policy pack if it was not attached to any resource\n\nThis has now been fixed, and the correct permission model has been restored — only users with `Turbot/Admin` permissions can perform these operations.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-cloudtrail v5.12.1 - CMDB data now accurately refreshes the state of `EventSelectors` and `AdvancedEventSelectors` trail configurations","author":null,"publishedAt":"2025-06-12T09:00:00","permalink":"aws-cloudtrail-v5-12-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CloudTrail > Trail > CMDB` control has been updated to correctly refresh the `EventSelectors` and `AdvancedEventSelectors` details when these settings are removed in AWS. This update ensures that the CMDB data accurately reflects the current state of the trail configuration.\n"},{"meta":{"title":"aws-cisv2-0 v5.0.3 - `3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket` control will now evaluate the outcome correctly","author":null,"publishedAt":"2025-06-12T09:00:00","permalink":"aws-cisv2-0-v5-0-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket` control has been enhanced to evaluate both `EventSelectors` and `AdvancedEventSelectors` when determining whether object-level logging is enabled. Previously, the control evaluated only `EventSelectors`, which could result in false alarms when logging was configured using `AdvancedEventSelectors`.\n"},{"meta":{"title":"aws-cisv1-4 v5.0.8 - `3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket (Automated)` control will now evaluate the outcome correctly","author":null,"publishedAt":"2025-06-12T09:00:00","permalink":"aws-cisv1-4-v5-0-8","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v1.4 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket (Automated)` control has been enhanced to evaluate both `EventSelectors` and `AdvancedEventSelectors` when determining whether object-level logging is enabled. Previously, the control evaluated only `EventSelectors`, which could result in false alarms when logging was configured using `AdvancedEventSelectors`.\n"},{"meta":{"title":"aws-ec2 v5.45.2 - Real-time event handling for load balancer listener has been enhanced to accurately populate `createTimestamp` and `createdBy` details in the metadata","author":null,"publishedAt":"2025-06-10T09:00:00","permalink":"aws-ec2-v5-45-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Load Balancer listeners upserted in Guardrails along with their parent Load Balancers occasionally lacked `createTimestamp` and `createdBy` metadata. This omission caused the `AWS > EC2 > Load Balancer Listener > Approved` control to evaluate incorrectly. We have enhanced our real-time event handling to ensure metadata is accurately populated in such scenarios.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.4 - Added support for custom webhook URLs in notifications","author":"Turbot Team","publishedAt":"2025-06-05T09:00:00","permalink":"te-v5-51-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Added support for custom webhook URLs in notifications, allowing integration with any third-party systems beyond Slack and Microsoft Teams.\n - ECS tasks now include no-new-privileges for enhanced security posture.\n\n_Bug fixes_\n\n- Server\n - Email notifications now list recipients in the To field instead of BCC for improved clarity.\n - Resolved an issue where resource-level policy settings could fail when a large number of policy packs were attached.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot v5.52.0 - Added support for generic webhooks in notifications","author":"Turbot Team","publishedAt":"2025-06-05T09:00:00","permalink":"turbot-v5-52-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Notifications > Webhook\n - Turbot > Notifications > Webhook > Authorization Header\n - Turbot > Notifications > Webhook > Action Template\n - Turbot > Notifications > Webhook > Action Template > Body\n - Turbot > Notifications > Webhook > Control Template\n - Turbot > Notifications > Webhook > Control Template > Body\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"aws-s3table v5.0.0 is now available","author":"Turbot Team","publishedAt":"2025-06-05T09:00:00","permalink":"aws-s3table-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$46"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.49.0 - Added PostgreSQL 17","author":"Turbot Team","publishedAt":"2025-06-04T09:00:00","permalink":"ted-v1-49-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for PostgreSQL 17, including the new hive parameter group.\n"},{"meta":{"title":"aws-sns v5.17.1 - Cross-account subscriptions will no longer be upserted into Guardrails CMDB to prevent the CMDB control from entering an error state","author":null,"publishedAt":"2025-06-04T09:00:00","permalink":"aws-sns-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > SNS > Subscription > CMDB` control previously entered an error state for cross-account subscriptions upserted in Guardrails CMDB. These subscriptions will no longer be upserted into CMDB, preventing the control from entering an error state.\n- The `AWS > SNS > Subscription > CMDB` control did not automatically re-run when a subscription was in the `PendingConfirmation` state. This issue has now been resolved.\n"},{"meta":{"title":"aws-vpc-security v5.13.0 - Configure CMDB policy for flow logs at VPC, subnet, or network interface level","author":null,"publishedAt":"2025-06-02T09:00:00","permalink":"aws-vpc-security-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > VPC > Flow Log > CMDB` policy now also targets the `AWS > VPC > VPC`, `AWS > VPC > Subnet`, and `AWS > EC2 > Network Interface` resource types, enabling more granular policy setting options.\n"},{"meta":{"title":"servicenow-azure-sql v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-sql-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-networkwatcher v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-networkwatcher-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-network v5.5.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-network-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-monitor v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-monitor-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-keyvault v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-keyvault-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-datafactory v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-datafactory-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-cosmosdb v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-cosmosdb-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-compute v5.3.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-compute-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-appservice v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"servicenow-azure-appservice-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"azure-compute v5.21.1 - Discovery control for disks will no longer be triggered unnecessarily by the virtual machine CMDB control","author":null,"publishedAt":"2025-05-27T09:00:00","permalink":"azure-compute-v5-21-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Compute > Virtual Machine > CMDB` control previously triggered the `Azure > Compute > Disk > Discovery` control on the VM's resource group, resulting in unnecessary control re-runs within the workspace. We've now improved the VM's CMDB control to prevent such unnecessary re-runs.\n"},{"meta":{"title":"servicenow-kubernetes v5.6.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-kubernetes-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-azure-synapseanalytics v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-synapseanalytics-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-storage v5.5.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-storage-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-servicebus v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-servicebus-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-recoveryservice v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-recoveryservice-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-postgresql v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-postgresql-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-mysql v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-mysql-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-loganalytics v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-loganalytics-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-iam v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-iam-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-activedirectory v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-26T09:00:00","permalink":"servicenow-azure-activedirectory-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure v5.7.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-23T09:00:00","permalink":"servicenow-azure-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-searchmanagement v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-23T09:00:00","permalink":"servicenow-azure-searchmanagement-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-loadbalancer v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-23T09:00:00","permalink":"servicenow-azure-loadbalancer-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.3 - Resolved a crash in policy setting expiration control","author":"Turbot Team","publishedAt":"2025-05-22T09:00:00","permalink":"te-v5-51-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved a crash in policy setting expiration control.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"osquery v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-22T09:00:00","permalink":"osquery-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.2 - Resolved an issue that was preventing users from creating new workspace","author":"Turbot Team","publishedAt":"2025-05-21T09:00:00","permalink":"te-v5-51-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved an issue that was preventing users from creating new workspace.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-azure-securitycenter v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-21T09:00:00","permalink":"servicenow-azure-securitycenter-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-relay v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-20T09:00:00","permalink":"servicenow-azure-relay-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-dns v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-20T09:00:00","permalink":"servicenow-azure-dns-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.1 - Fixed a permission issue affecting visibility of policy packs","author":"Turbot Team","publishedAt":"2025-05-19T09:00:00","permalink":"te-v5-51-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Fixed a permission issue affecting visibility of policy packs.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-azure-sqlvirtualmachine v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-19T09:00:00","permalink":"servicenow-azure-sqlvirtualmachine-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-signalr v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-19T09:00:00","permalink":"servicenow-azure-signalr-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-applicationgateway v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-19T09:00:00","permalink":"servicenow-azure-applicationgateway-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-apimanagement v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-19T09:00:00","permalink":"servicenow-azure-apimanagement-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-aks v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-19T09:00:00","permalink":"servicenow-azure-aks-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"aws-iam v5.43.0 - Configure active control for virtual MFA devices based on their age","author":null,"publishedAt":"2025-05-19T09:00:00","permalink":"aws-iam-v5-43-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure the `AWS > IAM > MFA Virtual > Active` control for virtual MFA devices based on their age. To get started, set the `AWS > IAM > MFA Virtual > Active > Age` policy. As part of this enhancement, a new value of `45 days` has been applied to all relevant Active policies.\n\n_Policy Types_\n\n- AWS > IAM > MFA Virtual > Active > Age\n\n_Action Types_\n\n- AWS > IAM > MFA Virtual > Delete\n"},{"meta":{"title":"servicenow-azure-frontdoorservice v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-16T09:00:00","permalink":"servicenow-azure-frontdoorservice-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-firewall v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-16T09:00:00","permalink":"servicenow-azure-firewall-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-databricks v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-16T09:00:00","permalink":"servicenow-azure-databricks-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-automation v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-16T09:00:00","permalink":"servicenow-azure-automation-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-azure-applicationinsights v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-16T09:00:00","permalink":"servicenow-azure-applicationinsights-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.51.0 - Users can now see all policy packs defined within the resource hierarchy where they have access","author":"Turbot Team","publishedAt":"2025-05-15T09:00:00","permalink":"te-v5-51-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Introduced support for initializing a new encryption key baseline for workspaces.\n - Users can now see all policy packs defined within the resource hierarchy where they have access, providing clearer insight into inherited policies.\n\n- UI\n - The page title now dynamically includes the workspace name, helping users distinguish tabs when working across multiple environments.\n\n_Bug fixes_\n\n- Server\n - Refined the backup flow for tenant master keys, improving error handling, increasing stability.\n\n_Note_\n\nThis is a checkpoint version. Guardrails must be updated to **v5.51.x** first before continuing. It can be any version in **v5.51.x** series.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-gcp-network v5.3.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-15T09:00:00","permalink":"servicenow-gcp-network-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-dataplex v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-15T09:00:00","permalink":"servicenow-gcp-dataplex-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-computeengine v5.5.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-15T09:00:00","permalink":"servicenow-gcp-computeengine-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-vertexai v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-vertexai-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-gcp v5.8.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-storage v5.6.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-storage-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-gcp-sql v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-sql-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-spanner v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-spanner-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-secretmanager v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-secretmanager-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-scheduler v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-scheduler-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-run v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-run-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-pubsub v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-pubsub-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-monitoring v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-monitoring-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-memorystore v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-memorystore-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-logging v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-logging-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-kubernetesengine v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-kubernetesengine-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-kms v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-kms-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-iam v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-iam-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-functions v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-functions-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-firebase v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-firebase-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-dns v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-dns-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-dataproc v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-dataproc-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-datapipeline v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-datapipeline-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-dataflow v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-dataflow-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-composer v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-composer-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-bigtable v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-bigtable-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-bigquery v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-bigquery-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-gcp-appengine v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"servicenow-gcp-appengine-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"azure v5.30.1 - Improved real-time event processing logic to prevent unnecessary reruns","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"azure-v5-30-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Subscription > Event Poller` control previously processed some real-time events multiple times, resulting in unnecessary Lambda churn. The event processing logic has been improved to ensure each event is handled only once, enhancing overall efficiency.\n- The `Azure > Subscription > CMDB` control previously ran unnecessarily when Guardrails received real-time `Microsoft.Resources/tags/write` events for resources other than subscriptions or resource groups. These events will no longer be processed, preventing unnecessary CMDB control runs.\n"},{"meta":{"title":"aws-apigateway v5.11.0 - Track and manage API Gateway account resources in Guardrails","author":null,"publishedAt":"2025-05-14T09:00:00","permalink":"aws-apigateway-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n _Resource Types_\n\n- AWS > API Gateway > Account\n\n_Control Types_\n\n- AWS > API Gateway > Account > CMDB\n- AWS > API Gateway > Account > Discovery\n\n_Policy Types_\n\n- AWS > API Gateway > Account > CMDB\n- AWS > API Gateway > Account > Regions\n\n_Action Types_\n\n- AWS > API Gateway > Account > Router\n"},{"meta":{"title":"Terraform Provider v1.12.2 - Improved sensitive data masking in log outputs to include additional value types","author":"Turbot Team","publishedAt":"2025-05-12T09:00:00","permalink":"terraform-provider-v1-12-2","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved sensitive data masking in log outputs to include additional value types.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.7 - Improvements to discovery process flow","author":"Turbot Team","publishedAt":"2025-05-09T09:00:00","permalink":"te-v5-50-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n -\tDiscovery controls now run more reliably, reducing interruptions caused by premature termination.\n - Addressed a race condition that could occasionally result in missed priority events during policy value processing.\n\n- UI\n - Resolved an issue where resource type values were hard-coded in a hook, improving flexibility and maintainability.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Terraform Provider v1.12.1 - Updates to the parent attribute in the `resource_turbot_file` resource are now processed correctly","author":"Turbot Team","publishedAt":"2025-05-08T09:00:00","permalink":"terraform-provider-v1-12-1","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Resolved an issue where parent updates in `resource_turbot_file` were silently ignored. These updates are now processed correctly to ensure changes are properly applied.\n"},{"meta":{"title":"aws-waf v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-08T09:00:00","permalink":"aws-waf-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$47"},{"meta":{"title":"aws-secretsmanager v5.10.1 - Stack [Native] control will now correctly import and manage resources outside the `us-east-1` region","author":null,"publishedAt":"2025-05-08T09:00:00","permalink":"aws-secretsmanager-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Secrets Manager > Secret > Stack [Native]` control previously failed to import and manage resources outside the `us-east-1` region. This issue has now been resolved.\n"},{"meta":{"title":"aws-datapipeline v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-08T09:00:00","permalink":"aws-datapipeline-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$48"},{"meta":{"title":"azure v5.30.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"azure-v5-30-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- Azure > Resource Group > Stack [Native]\n\n_Policy Types_\n\n- Azure > Resource Group > Stack [Native]\n- Azure > Resource Group > Stack [Native] > Drift Detection\n- Azure > Resource Group > Stack [Native] > Drift Detection > Interval\n- Azure > Resource Group > Stack [Native] > Modifier\n- Azure > Resource Group > Stack [Native] > Secret Variables\n- Azure > Resource Group > Stack [Native] > Source\n- Azure > Resource Group > Stack [Native] > Timeout\n- Azure > Resource Group > Stack [Native] > Variables\n- Azure > Resource Group > Stack [Native] > Version\n"},{"meta":{"title":"aws-wellarchitected v5.8.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-wellarchitected-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-wellarchitected-framework v5.1.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-wellarchitected-framework-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"aws v5.37.2 - EventBridge rules created via Event Handlers now exclude events containing errors","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-v5-37-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- EventBridge rules configured via Event Handlers have been improved to exclude real-time events containing errors from being sent to the Guardrails endpoint. This prevents Guardrails from processing unnecessary error events.\n- The default value for the `AWS > Region > Connection Region` policy did not evaluate correctly for AWS GovCloud accounts. This issue has been resolved.\n"},{"meta":{"title":"aws-secretsmanager v5.10.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-secretsmanager-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- AWS > Secrets Manager > Secret > Stack [Native]\n\n_Policy Types_\n\n- AWS > Secrets Manager > Secret > Stack [Native]\n- AWS > Secrets Manager > Secret > Stack [Native] > Drift Detection\n- AWS > Secrets Manager > Secret > Stack [Native] > Drift Detection > Interval\n- AWS > Secrets Manager > Secret > Stack [Native] > Modifier\n- AWS > Secrets Manager > Secret > Stack [Native] > Secret Variables\n- AWS > Secrets Manager > Secret > Stack [Native] > Source\n- AWS > Secrets Manager > Secret > Stack [Native] > Timeout\n- AWS > Secrets Manager > Secret > Stack [Native] > Variables\n- AWS > Secrets Manager > Secret > Stack [Native] > Version\n"},{"meta":{"title":"aws-sagemaker v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-sagemaker-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-iam v5.42.0 - Configure default region when logging in to AWS accounts via Guardrails using Role mode","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-iam-v5-42-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now select the default region when logging in to AWS accounts via Guardrails using Role mode. To get started, set the `AWS > Account > Permissions > Default Region` policy.\n\n_Policy Types_\n\n- AWS > Account > Permissions > Default Region\n"},{"meta":{"title":"aws-elasticache v5.11.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-elasticache-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-ecs v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-ecs-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-docdb v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-docdb-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-cloudfront v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-07T09:00:00","permalink":"aws-cloudfront-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"Guardrails MCP v0.1.2 - Initial release","author":null,"publishedAt":"2025-05-06T10:00:00","permalink":"guardrails-mcp-v0-1-2","image":null,"tags":["mcp"],"product":"guardrails"},"content":"\n_What's new_\n\n* Initial version of Turbot Guardrails MCP server\n* Query resources, controls and types\n* Mock and test policy settings and policy packs\n"},{"meta":{"title":"aws-storagegateway v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-06T09:00:00","permalink":"aws-storagegateway-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-outposts v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-06T09:00:00","permalink":"aws-outposts-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-lightsail v5.6.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-06T09:00:00","permalink":"aws-lightsail-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-guardduty v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-06T09:00:00","permalink":"aws-guardduty-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-codecommit v5.6.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-06T09:00:00","permalink":"aws-codecommit-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-codebuild v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-06T09:00:00","permalink":"aws-codebuild-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-acm v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-06T09:00:00","permalink":"aws-acm-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-workspaces v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-workspaces-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-swf v5.6.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-swf-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-securityhub v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-securityhub-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-route53resolver v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-route53resolver-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-kinesis v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-kinesis-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-emr v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-emr-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-elasticsearch v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-elasticsearch-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-eks v5.8.0 - Manage endpoint access for clusters","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-eks-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$49"},{"meta":{"title":"aws-efs v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-efs-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-ecr v5.14.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-ecr-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-dms v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-05-05T09:00:00","permalink":"aws-dms-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-rds v5.31.2 - Identifiers for DB Instances will now be modified more reliably","author":null,"publishedAt":"2025-05-02T09:00:00","permalink":"aws-rds-v5-31-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Previously, modifying instance identifiers to use different casing while retaining the same name caused Guardrails to incorrectly update the `DBInstanceIdentifier` and the AKA for the resource. Guardrails will now be smarter to avoid updating these details in CMDB data in such scenarios.\n"},{"meta":{"title":"aws-ec2 v5.45.1 - Fixed pagination in AMI discovery control to fetch all AMIs correctly","author":null,"publishedAt":"2025-05-02T09:00:00","permalink":"aws-ec2-v5-45-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > EC2 > AMI > Discovery` control previously failed to fetch all resources, due to the lack of pagination support. This issue has been fixed, and the control will now correctly fetch all available AMIs.\n"},{"meta":{"title":"kubernetes v5.2.1 - Removed unnecessary attributes from default value of `Configuration > Columns` policy for pods to prevent unnecessary triggering of CMDB control","author":"Turbot Team","publishedAt":"2025-04-30T09:00:00","permalink":"kubernetes-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Removed unnecessary attributes from the default value of the `Kubernetes > Pod > osquery > Configuration > Columns` policy, which previously caused churn by unnecessarily triggering the `Kubernetes > Pod > CMDB` control.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.6 - Removed stray debug logs","author":"Turbot Team","publishedAt":"2025-04-28T09:00:00","permalink":"te-v5-50-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n -\tRemoved stray debug logs.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.5 - Improved error handling for Runnable Monitor and Event Monitor to catch uncaught exceptions","author":"Turbot Team","publishedAt":"2025-04-28T09:00:00","permalink":"te-v5-50-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n -\tImproved error handling for Runnable Monitor and Event Monitor to catch uncaught exceptions.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot v5.51.2 - Adjusted the sequence of operations for Turbot > Workspace > Background Tasks to ensure a more reliable and consistent execution flow","author":"Turbot Team","publishedAt":"2025-04-28T09:00:00","permalink":"turbot-v5-51-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Control Types:\n - Adjusted the sequence of operations for `Turbot > Workspace > Background Tasks` to ensure a more reliable and consistent execution flow.\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"aws-secretsmanager v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-28T09:00:00","permalink":"aws-secretsmanager-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-ram v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-28T09:00:00","permalink":"aws-ram-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-dax v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-28T09:00:00","permalink":"aws-dax-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-cloudformation v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-28T09:00:00","permalink":"aws-cloudformation-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-athena v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-28T09:00:00","permalink":"aws-athena-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"servicenow-aws-vpc-security v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-vpc-security-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws-vpc-internet v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-vpc-internet-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws-vpc-core v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-vpc-core-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws-vpc-connect v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-vpc-connect-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws v5.4.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws-s3 v5.3.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-s3-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws-rds v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-rds-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-aws-kms v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-kms-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws-iam v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-iam-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-aws-ec2 v5.2.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-ec2-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-aws-cloudwatch v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-cloudwatch-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"servicenow-aws-cloudtrail v5.1.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"servicenow-aws-cloudtrail-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.\n- Improved the GraphQL input query for the `Configuration Item > Record` policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.\n"},{"meta":{"title":"gcp-cisv2-0 v5.1.1 - Controls will no longer enter invalid or TBD state when corresponding CIS policies are set to `Skip`","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"gcp-cisv2-0-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- CIS controls previously entered an invalid or TBD state when the CMDB controls for associated resources were in a skipped or TBD state, even if the corresponding CIS policies were set to `Skip`. This issue has been resolved; such controls will now correctly transition to a skipped state.\n"},{"meta":{"title":"azure-storage v5.22.1 - Tags will now be updated correctly for storage accounts of type `StandardV2_LRS`","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"azure-storage-v5-22-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Storage > Storage Account > Tags` control previously failed to update tags for storage accounts of type `StandardV2_LRS`. This issue has been resolved, and the control now correctly updates tags for this storage account type.\n- The `Azure > Storage > Queue > Discovery` control previously entered an error state for storage accounts of kind `FileStorage`. This issue has been resolved, and the control will now be skipped for such storage accounts.\n"},{"meta":{"title":"aws-ssm v5.16.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"aws-ssm-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-secretsmanager v5.8.0 - Configure and manage rotation for secrets","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"aws-secretsmanager-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage rotation for secrets. To get started, set the `AWS > Secrets Manager > Secret > Rotation > *` policies.\n\n_Control Types_\n\n- AWS > Secrets Manager > Secret > Rotation\n\n_Policy Types_\n\n- AWS > Secrets Manager > Secret > Rotation\n- AWS > Secrets Manager > Secret > Rotation > Schedule Expression\n\n_Action Types_\n\n- AWS > Secrets Manager > Secret > Set Rotation\n"},{"meta":{"title":"aws-s3multiregionaccesspoint v5.1.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-25T09:00:00","permalink":"aws-s3multiregionaccesspoint-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.4 - Improvements to performance, stability, and UI experience","author":"Turbot Team","publishedAt":"2025-04-24T09:00:00","permalink":"te-v5-50-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n -\tReduced the time taken to collect and process data in Account > Statistics, resulting in noticeably faster and a smoother experience.\n - Enhanced the reliability of Turbot > Mod > Runnable Monitor and Turbot > Mod Event Monitor by improving how they handle temporary lock conflicts, ensuring more consistent operation.\n - Fixed an issue where moving a resource between parents could create an incorrect path.\n - Policy packs can now only be attached to resources where it is feasible to attach.\n\n- UI\n - Resolved a layout issue where long resource names could break the detail headers on the Control, Process, and Policy pages.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-kubernetesengine v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"gcp-kubernetesengine-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"aws-xray v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-xray-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-wafregional v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-wafregional-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-stepfunctions v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-stepfunctions-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-rds v5.31.1 - DB parameter groups will now be correctly upserted into the CMDB irrespective of their casing","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-rds-v5-31-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails previously upserted DB parameter groups into the CMDB with incorrect casing when they were created using uppercase letters in AWS. This occasionally caused the `AWS > RDS > DB Parameter Group > CMDB` control to enter an error state due to duplicate AKAs. We have improved the handling of create and copy real-time events for parameter groups to ensure they are now upserted correctly and more reliably.\n"},{"meta":{"title":"aws-qldb v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-qldb-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-neptune v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-neptune-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-msk v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-msk-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-mq v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-mq-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-logs v5.15.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-logs-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-inspector v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-inspector-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-glacier v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-glacier-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-fsx v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-fsx-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-elasticbeanstalk v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-elasticbeanstalk-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-directoryservice v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-directoryservice-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-config v5.11.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-24T09:00:00","permalink":"aws-config-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-shield v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-23T09:00:00","permalink":"aws-shield-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-ses v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-23T09:00:00","permalink":"aws-ses-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-batch v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-23T09:00:00","permalink":"aws-batch-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-appstream v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-23T09:00:00","permalink":"aws-appstream-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-appmesh v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-23T09:00:00","permalink":"aws-appmesh-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-amplify v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-23T09:00:00","permalink":"aws-amplify-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"gcp-scheduler v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-22T09:00:00","permalink":"gcp-scheduler-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-memorystore v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-22T09:00:00","permalink":"gcp-memorystore-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-datapipeline v5.2.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-22T09:00:00","permalink":"gcp-datapipeline-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-bigtable v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-22T09:00:00","permalink":"gcp-bigtable-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"aws-vpc-connect v5.10.1 - CMDB control for transit gateway attachments will no longer enter an error state when `ResourceOwnerId` for resources is not available in the CMDB data","author":null,"publishedAt":"2025-04-22T09:00:00","permalink":"aws-vpc-connect-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > Transit Gateway Attachment > CMDB` control would sometimes go into an error state when `ResourceOwnerId` for the resource was not available in the CMDB data. This is fixed and the control will now work correctly, as expected.\n"},{"meta":{"title":"aws-iam v5.41.1 - Removed conflicting default value for `force_detach_policies` for IAM roles managed via Guardrails stack controls","author":null,"publishedAt":"2025-04-21T09:00:00","permalink":"aws-iam-v5-41-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails stack controls that created or claimed IAM roles would sometimes run unnecessarily due to a mismatch in the default value for `force_detach_policies` in the Terraform mapping for the resource type. We have now removed the conflicting default to prevent such unnecessary executions. You now need to explicitly define `force_detach_policies` to override the existing Terraform default value (if required by your use case).\n"},{"meta":{"title":"aws-logs v5.14.0 - Configure retention period for log groups","author":null,"publishedAt":"2025-04-17T09:00:00","permalink":"aws-logs-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure retention period for log groups. To get started, set the `AWS > Logs > Log Group > Retention > *` policies.\n\n_Control Types_\n\n- AWS > Logs > Log Group > Retention\n\n_Policy Types_\n\n- AWS > Logs > Log Group > Retention\n- AWS > Logs > Log Group > Retention > Period\n\n_Action Types_\n\n- AWS > Logs > Log Group > Update Retention\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.3 - Multiple query support in calculated policy","author":"Turbot Team","publishedAt":"2025-04-16T09:00:00","permalink":"te-v5-50-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"_What's new?_\n\n- UI\n - Added support for multiple input queries (with ability to use Nunjucks template functionality) in the calculated policy editor allowing teams to create complex calculated policies involving a pipeline of GraphQL queries.\n\n_Bug fixes_\n\n- Server\n -\tTurbot/ReadOnly permission is now sufficient to create, delete, and update favorites.\n - Resolved an issue that was blocking users from running quick actions due to incorrect permission checks.\n - Tightened permissions for smart folder attachments and detachments to prevent unauthorized access.\n - Account/ReadOnly users can now successfully manage favorites, including creation, deletion, and updates.\n\n- UI\n - Policy settings can now be created by users with Account/Admin permission, as intended, instead of incorrectly requiring Account/Owner.\n - Quick action runs no longer fail for users with a single grant due to a UI permission check issue.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-sql v5.11.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-15T09:00:00","permalink":"gcp-sql-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-network v5.15.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-15T09:00:00","permalink":"gcp-network-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-firebase v5.2.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-15T09:00:00","permalink":"gcp-firebase-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-cloudfront v5.6.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-04-15T09:00:00","permalink":"aws-cloudfront-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using Terraform 1.x via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- AWS > CloudFront > Distribution > Stack [Native]\n\n_Policy Types_\n\n- AWS > CloudFront > Distribution > Stack [Native]\n- AWS > CloudFront > Distribution > Stack [Native] > Drift Detection\n- AWS > CloudFront > Distribution > Stack [Native] > Drift Detection > Interval\n- AWS > CloudFront > Distribution > Stack [Native] > Modifier\n- AWS > CloudFront > Distribution > Stack [Native] > Secret Variables\n- AWS > CloudFront > Distribution > Stack [Native] > Source\n- AWS > CloudFront > Distribution > Stack [Native] > Timeout\n- AWS > CloudFront > Distribution > Stack [Native] > Variables\n- AWS > CloudFront > Distribution > Stack [Native] > Version\n"},{"meta":{"title":"gcp-iam v5.17.1 - Configured control for Logging sinks created via Event Handlers now work as expected","author":null,"publishedAt":"2025-04-14T09:00:00","permalink":"gcp-iam-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-iam` rendered the real-time events filter for Project User resource type incorrectly, which caused the `GCP > Logging > Sink > Configured` control for Logging sinks created via Event Handlers to go into an error state. This issue is now fixed.\n- The `GCP > IAM > Project User > CMDB` control entered an error state due to incorrect internal references introduced in the previous version of the mod (v5.17.0). This issue has been fixed, and the control now works as expected.\n"},{"meta":{"title":"gcp-secretmanager v5.2.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-14T09:00:00","permalink":"gcp-secretmanager-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-notebook v5.2.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-14T09:00:00","permalink":"gcp-notebook-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-monitoring v5.8.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-14T09:00:00","permalink":"gcp-monitoring-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-kms v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-14T09:00:00","permalink":"gcp-kms-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-dns v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-14T09:00:00","permalink":"gcp-dns-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"turbot v5.51.1 - Updates to quick actions, notifications and GovCloud compatibility","author":"Turbot Team","publishedAt":"2025-04-11T09:00:00","permalink":"turbot-v5-51-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Quick Actions > Permission Levels to allow `account`, `azure` and `gcp` as a permission type.\n - Added `class: ACCOUNT` to Turbot > Notifications > CC > Tag and Turbot > Notifications > CC > Tag > Name.\n\n_Bug fixes_\n\n- Control Types:\n - The `Turbot > Workspace > Usage` control will be skipped in GovCloud deployments.\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"gcp-vertexai v5.1.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-vertexai-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp v5.31.1 - Project labels control now correctly applies labels according to template policy","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-v5-31-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Project > Labels` control failed to apply labels to projects according to the `GCP > Project > Labels > Template` policy. This issue has been fixed.\n"},{"meta":{"title":"gcp-spanner v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-spanner-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-run v5.2.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-run-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-dataplex v5.1.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-dataplex-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-dataflow v5.6.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-dataflow-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-datacatalog v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-datacatalog-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-composer v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-composer-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-build v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"gcp-build-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws v5.37.1 - Updated internal definitions for organization resource type","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"aws-v5-37-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Internal definitions for the `AWS > Organization` resource type have been updated. All functionality will continue to work smoothly as before.\n"},{"meta":{"title":"aws-s3 v5.31.1 - Updated internal definitions for Quick Actions on `Public Access Block` control for buckets","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"aws-s3-v5-31-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We've updated internal definitions for Quick Actions on the `AWS > S3 > Bucket > Public Access Block` control type. All functionality will continue to work smoothly as before.\n"},{"meta":{"title":"aws-ec2 v5.45.0 - Guardrails can now discover and manage target groups for gateway load balancers across all supported regions","author":null,"publishedAt":"2025-04-11T09:00:00","permalink":"aws-ec2-v5-45-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > EC2 > Target Group > Discovery` control sometimes failed to upsert target groups under gateway load balancers that were not present in the CMDB. This occurred because Guardrails was unable to discover those gateway load balancers due to an outdated list of supported regions. The list has been refreshed for the `AWS > EC2 > Gateway Load Balancer` resource type, enabling Guardrails to discover and manage these resources across all supported AWS regions.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.2 - Improved how policy values are selected for the priority queue, resulting in faster and more efficient processing","author":"Turbot Team","publishedAt":"2025-04-10T09:00:00","permalink":"te-v5-50-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Improved how policy values are selected for the priority queue, resulting in faster and more efficient processing.\n\n- UI\n - Pagination and title-based sorting are now supported in policy targets, making navigation smoother.\n - The Permissions modal is more stable and won’t crash if some data is missing.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-custom v5.0.1 - CMDB controls for custom tables and records now update data in the CMDB more consistently","author":null,"publishedAt":"2025-04-10T09:00:00","permalink":"servicenow-custom-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- CMDB controls for custom tables and records occasionally failed to update data in the CMDB correctly. This issue has been resolved.\n"},{"meta":{"title":"gcp-iam v5.17.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-10T09:00:00","permalink":"gcp-iam-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-computeengine v5.20.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-10T09:00:00","permalink":"gcp-computeengine-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.1 - Resolved an issue that was preventing users from logging in via SAML","author":"Turbot Team","publishedAt":"2025-04-09T09:00:00","permalink":"te-v5-50-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved an issue that was preventing users from logging in via SAML.\n\n- UI\n - Action buttons now show up correctly on the process logs page, whether you’re viewing control or policy.\n\n_Requirements_\n\n- TEF: 1.66.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp v5.31.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-v5-31-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-storage v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-storage-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-pubsub v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-pubsub-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-logging v5.6.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-logging-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-functions v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-functions-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-dataproc v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-dataproc-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-bigquerydatatransfer v5.1.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-bigquerydatatransfer-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-bigquery v5.8.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-bigquery-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"gcp-appengine v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-09T09:00:00","permalink":"gcp-appengine-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to `Enforce: Enabled`, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n"},{"meta":{"title":"servicenow v5.4.0 - Added support to process real-time events for ServiceNow custom tables and their records","author":null,"publishedAt":"2025-04-08T09:00:00","permalink":"servicenow-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support to process real-time events for ServiceNow custom tables and their records.\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-custom v5.0.0 is now available","author":null,"publishedAt":"2025-04-08T09:00:00","permalink":"servicenow-custom-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- ServiceNow > Custom\n- ServiceNow > Custom > Record\n- ServiceNow > Custom > Table\n\n_Control Types_\n\n- ServiceNow > Custom > Record > CMDB\n- ServiceNow > Custom > Record > Discovery\n- ServiceNow > Custom > Table > Business Rule\n- ServiceNow > Custom > Table > CMDB\n- ServiceNow > Custom > Table > Discovery\n\n_Policy Types_\n\n- ServiceNow > Custom > Record > CMDB\n- ServiceNow > Custom > Record > CMDB > Query\n- ServiceNow > Custom > Record > CMDB > Title\n- ServiceNow > Custom > Table > Business Rule\n- ServiceNow > Custom > Table > Business Rule > Name\n- ServiceNow > Custom > Table > CMDB\n- ServiceNow > Custom > Table > CMDB > Tables\n\n_Action Types_\n\n- ServiceNow > Custom > Record > Router\n"},{"meta":{"title":"aws v5.37.0 - Configure default connection region to fetch details for global resources in CMDB","author":null,"publishedAt":"2025-04-08T09:00:00","permalink":"aws-v5-37-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$4a"},{"meta":{"title":"aws-s3 v5.31.0 - Configure connection region to fetch details for S3 accounts in CMDB","author":null,"publishedAt":"2025-04-08T09:00:00","permalink":"aws-s3-v5-31-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure a connection region to allow Guardrails to fetch details for S3 accounts in CMDB. To get started, set the `AWS > S3 > Connection Region` policy. This policy defaults to the value of the `AWS > Account > Connection Region [Default]` policy, which can be used to define a default connection region for all global resources in an account.\n\n_Policy Types_\n\n- AWS > S3 > Connection Region\n"},{"meta":{"title":"aws-iam v5.41.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-07T09:00:00","permalink":"aws-iam-v5-41-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-glue v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-07T09:00:00","permalink":"aws-glue-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws v5.36.1 - Real-time event for moving accounts in an organization is now processed correctly, ensuring individually imported management accounts are not deleted from the CMDB","author":null,"publishedAt":"2025-04-04T09:00:00","permalink":"aws-v5-36-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails previously processed the `organizations:MoveAccount` real-time event incorrectly for individually imported management accounts, inadvertently deleting them from the CMDB. We have tightened the validation checks to prevent such deletions in these cases.\n"},{"meta":{"title":"aws-sagemaker v5.11.1 - Discovery controls now use higher API limits to prevent throttling errors when many resources exist in the account","author":null,"publishedAt":"2025-04-04T09:00:00","permalink":"aws-sagemaker-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Discovery controls for various SageMaker resources previously attempted to fetch a maximum of 10 resources per API call, which occasionally led to throttling when a high number of resources existed in the account. This limit has now been increased to 100 (the maximum supported by the APIs) to enable the Discovery controls to retrieve all resources without errors and upsert them into the CMDB.\n"},{"meta":{"title":"aws-rds v5.31.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-03T09:00:00","permalink":"aws-rds-v5-31-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-organizations v5.4.1 - Guardrails will now process only relevant real-time events for Organizations resource types when the CMDB policy is set to `Enforce: Enabled`","author":null,"publishedAt":"2025-04-03T09:00:00","permalink":"aws-organizations-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have improved event handling configuration to filter AWS Organization events that Guardrails listens for, based on the CMDB policies for resource types. If the CMDB policy for a resource type is not set to `Enforce: Enabled`, the EventBridge rule for Organizations will exclude events for that resource type.\n"},{"meta":{"title":"aws-ec2 v5.44.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-03T09:00:00","permalink":"aws-ec2-v5-44-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.50.0 - Introducing scoped Account/* permissions to help application teams manage their own accounts","author":"Turbot Team","publishedAt":"2025-04-02T09:00:00","permalink":"te-v5-50-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"$4b"},{"meta":{"title":"aws-vpc-security v5.12.1 - Cleaned up unnecessary help messages from VPC Security Group Rule CMDB control","author":null,"publishedAt":"2025-04-02T09:00:00","permalink":"aws-vpc-security-v5-12-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Cleaned up unnecessary help messages from `AWS > VPC > Security Group Rule > CMDB` control.\n"},{"meta":{"title":"gcp-iam v5.16.4 - CMDB control for Service Account will now wait for the IAM service's CMDB data to be correctly updated before attempting to fetch details for service accounts in newly imported projects","author":null,"publishedAt":"2025-04-01T09:00:00","permalink":"gcp-iam-v5-16-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > IAM > Service Account > CMDB` control would sometimes enter a skipped state for newly imported projects if certain required attributes were missing from the IAM service's CMDB data. The control will now go into a TBD state instead and rerun after five minutes to allow the IAM service's CMDB data to populate correctly for newly imported projects.\n"},{"meta":{"title":"aws-vpc-security v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-01T09:00:00","permalink":"aws-vpc-security-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-vpc-internet v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-01T09:00:00","permalink":"aws-vpc-internet-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-apigateway v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-04-01T09:00:00","permalink":"aws-apigateway-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"gcp-bigquery v5.7.2 - Table resources will no longer be upserted in CMDB via real-time events when CMDB policy is set to `Enforce: Disabled`","author":null,"publishedAt":"2025-03-31T09:00:00","permalink":"gcp-bigquery-v5-7-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails would sometimes ignore the `GCP > BigQuery > Table > CMDB` policy set to `Enforce: Disabled` and still upsert table resources via real-time events in CMDB. These resources were subsequently cleaned up by the CMDB control. This issue has been resolved, and the CMDB policy will now be correctly respected before upserting resources.\n"},{"meta":{"title":"aws-vpc-connect v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-31T09:00:00","permalink":"aws-vpc-connect-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-route53 v6.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-31T09:00:00","permalink":"aws-route53-v6-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-backup v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-31T09:00:00","permalink":"aws-backup-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"turbot v5.51.0 - Updated Turbot > Workspace > Retention > Activity Retention to 90 days","author":"Turbot Team","publishedAt":"2025-03-27T09:00:00","permalink":"turbot-v5-51-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$4c"},{"meta":{"title":"aws-vpc-core v5.21.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-27T09:00:00","permalink":"aws-vpc-core-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws v5.36.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-27T09:00:00","permalink":"aws-v5-36-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-sns v5.17.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-27T09:00:00","permalink":"aws-sns-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-redshift v5.21.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-27T09:00:00","permalink":"aws-redshift-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-directconnect v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-27T09:00:00","permalink":"aws-directconnect-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-sqs v5.17.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-26T09:00:00","permalink":"aws-sqs-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-s3 v5.30.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-26T09:00:00","permalink":"aws-s3-v5-30-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-lambda v5.14.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-26T09:00:00","permalink":"aws-lambda-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$4d"},{"meta":{"title":"aws-events v5.14.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-26T09:00:00","permalink":"aws-events-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-dynamodb v5.14.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-26T09:00:00","permalink":"aws-dynamodb-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-cloudwatch v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-26T09:00:00","permalink":"aws-cloudwatch-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-cloudtrail v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-26T09:00:00","permalink":"aws-cloudtrail-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"azure-securitycenter v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Security Center resources in Guardrails","author":null,"publishedAt":"2025-03-25T09:00:00","permalink":"azure-securitycenter-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use newer Azure SDK versions to discover and manage Security Center resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing settings to refer to the updated attributes as mentioned below:\n\nAdded:\n\n- `policy.enforcementMode`\n- `policy.nonComplianceMessages`\n- `policy.systemData`\n\nRemoved:\n\n- `policy.sku`\n\nRenamed:\n\n- `settings[*].properties.enabled` to `settings[*].enabled`\n"},{"meta":{"title":"aws-organizations v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-25T09:00:00","permalink":"aws-organizations-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"aws-kms v5.19.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-25T09:00:00","permalink":"aws-kms-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the `AWS > Account > Partition` policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.\n"},{"meta":{"title":"gcp-pubsub v5.9.2 - Real-time delete events for topics will no longer delete subscriptions under a different topic in the CMDB","author":null,"publishedAt":"2025-03-21T09:00:00","permalink":"gcp-pubsub-v5-9-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Real-time delete events for topics would sometimes result in the deletion of subscriptions under a different topic in the CMDB. This issue has been fixed, and subscriptions are now cleaned up more reliably than before.\n"},{"meta":{"title":"azure-mysql v5.16.0 - Single server resource type is now deprecated and will be removed in the next major version","author":null,"publishedAt":"2025-03-21T09:00:00","permalink":"azure-mysql-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$4e"},{"meta":{"title":"azure-sql v5.18.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-20T09:00:00","permalink":"azure-sql-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-provider v5.16.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-20T09:00:00","permalink":"azure-provider-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"azure-network v5.24.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-20T09:00:00","permalink":"azure-network-v5-24-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-cosmosdb v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-20T09:00:00","permalink":"azure-cosmosdb-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-activedirectory v5.8.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-20T09:00:00","permalink":"azure-activedirectory-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them."},{"meta":{"title":"azure-recoveryservice v5.9.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-19T09:00:00","permalink":"azure-recoveryservice-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-monitor v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-19T09:00:00","permalink":"azure-monitor-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-loadbalancer v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-19T09:00:00","permalink":"azure-loadbalancer-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-iam v5.14.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-19T09:00:00","permalink":"azure-iam-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"azure-appservice v5.15.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-19T09:00:00","permalink":"azure-appservice-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-apimanagement v5.6.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-19T09:00:00","permalink":"azure-apimanagement-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"aws-sqs v5.16.0 - Guardrails will now process only relevant real-time events for queues when the CMDB policy is set to `Enforce: Enabled`","author":null,"publishedAt":"2025-03-19T09:00:00","permalink":"aws-sqs-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We have improved our event handling configuration to filter AWS SQS events that Guardrails listens for based on the `AWS > SQS > Queue > CMDB` policy. If the CMDB policy is not set to `Enforce: Enabled`, the EventBridge rule for SQS will not be configured, preventing events for that resource type. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.\n\n_Policy Types_\n\n- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-sqs\n\n_Removed_\n\n- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-sqs\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.48.0 - Added S3 Lifecycle rules for Hive bucket.","author":"Turbot Team","publishedAt":"2025-03-18T09:00:00","permalink":"ted-v1-48-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added S3 Lifecycle rules for Hive bucket.\n"},{"meta":{"title":"azure-synapseanalytics v5.11.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-18T09:00:00","permalink":"azure-synapseanalytics-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-storage v5.22.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-18T09:00:00","permalink":"azure-storage-v5-22-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-signalr v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-18T09:00:00","permalink":"azure-signalr-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-servicebus v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-18T09:00:00","permalink":"azure-servicebus-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-mysql v5.15.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-18T09:00:00","permalink":"azure-mysql-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-keyvault v5.17.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-18T09:00:00","permalink":"azure-keyvault-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-automation v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-18T09:00:00","permalink":"azure-automation-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-sqlvirtualmachine v5.3.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-17T09:00:00","permalink":"azure-sqlvirtualmachine-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-relay v5.5.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-17T09:00:00","permalink":"azure-relay-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-networkwatcher v5.13.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-17T09:00:00","permalink":"azure-networkwatcher-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-datafactory v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-17T09:00:00","permalink":"azure-datafactory-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-applicationgateway v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-17T09:00:00","permalink":"azure-applicationgateway-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"aws-iam v5.40.2 - Guardrails-managed IAM stack control can now attach tags with special characters to Guardrails-managed users and roles","author":null,"publishedAt":"2025-03-17T09:00:00","permalink":"aws-iam-v5-40-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Turbot > IAM` stack control occasionally encountered an error while attaching tags with special characters to Guardrails-managed users and roles. This issue is now fixed.\n"},{"meta":{"title":"azure v5.29.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-v5-29-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-securitycenter v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-securitycenter-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"azure-searchmanagement v5.11.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-searchmanagement-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-postgresql v5.19.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-postgresql-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-managedidentity v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-managedidentity-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-loganalytics v5.12.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-loganalytics-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-frontdoorservice v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-frontdoorservice-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n"},{"meta":{"title":"azure-firewall v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-firewall-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-dns v5.11.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-dns-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-databricks v5.7.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-databricks-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-containerregistry v5.4.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-containerregistry-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-applicationinsights v5.11.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-applicationinsights-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-aks v5.10.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-13T09:00:00","permalink":"azure-aks-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Added support for Contactable interface in various resource types.\n"},{"meta":{"title":"azure-compute v5.21.0 - Expand relationship mappings in Policy Type, Control Type, and Action Type definitions","author":null,"publishedAt":"2025-03-12T09:00:00","permalink":"azure-compute-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.\n- Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.\n- Added support for Contactable interface in various resource types.\n\n_Bug fixes_\n\n- The `Azure > Compute > Disk > Discovery` control occasionally encountered an error while upserting attached disks under VMs that were not available in Guardrails CMDB. Now, all disks will be upserted under their respective resource groups, ensuring the Discovery control functions more smoothly and reliably than before.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.47.0 - Database & cache configuration updates","author":"Turbot Team","publishedAt":"2025-03-12T09:00:00","permalink":"ted-v1-47-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added a new SSM parameter to forward the DB logs to CloudWatch log group.\n- Added support for postgres version 16.5, 16.6, 16.7 and 16.8.\n- Updated defaults for database and cache instances\n\t- Database instance type: Default updated to db.m6g.large.\n\t- Allocated database storage: Default increased to 400 GB.\n\t- Storage throughput: Default set to 500 MB/s.\n\t- Database engine parameter group family: Now defaults to postgres16.\n\t- Database engine version: Updated to 16.4.\n\t- Cache node type: Default updated to cache.r6g.large.\n\t- Allocated IOPS: Default increased to 12,000.\n\t- DB parameter group: Now defaults to HiveParamGroup16.\n\t- Shared buffer: Default set to {DBInstanceClassMemory/20480} for optimized performance.\n\t- Maximum statement duration: Default updated to 600,000 ms (10 minutes) to improve query execution limits.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.66.0 - Enhancements and new configuration parameters","author":"Turbot Team","publishedAt":"2025-03-10T09:00:00","permalink":"tef-v1-66-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Added parameter to manage ALB timeout, allowing better control over request handling.\n - Added parameter to customize API Gateway domain name. For backward compatibility, the default value remains `gateway`.\n - Added parameter to control message rate in the queue, enabling better queue message management.\n - S3 Lifecycle Rules now automatically enable ‘Expired Object Delete Markers’ for cleanup and remove incomplete multipart uploads after 7 days to prevent storage waste.\n - HOP limit increased to 2 for improved request forwarding.\n - Route53 Record for API Gateway now includes the GatewayPrefix to enhance routing accuracy.\n"},{"meta":{"title":"azure v5.28.1 - Real-time delete events for subscriptions will now be processed correctly","author":null,"publishedAt":"2025-03-04T09:00:00","permalink":"azure-v5-28-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails would fail to process real-time delete events for subscriptions. This is now fixed.\n- Fixed pagination for `Azure > Turbot > Event Poller` control.\n- Real-time `Microsoft.Resources` tagging events will now be processed only for subscriptions and resource groups, and will be ignored for other resource types. This will avoid unnecessary triggers for subscription & resource group router actions.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.49.0 - Added multi region KMS encryption for Tenant Master Key","author":"Turbot Team","publishedAt":"2025-02-27T09:00:00","permalink":"te-v5-49-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Added multi region KMS encryption for Tenant Master Key.\n - Guardrails now provides an override parameter at the TE level to configure API and Event container memory reservations, improving ECS task scaling and resource flexibility.\n\n_Multi Region KMS Key_\n\nStarting from TEF v1.65.0 and TE v5.49.0, a new multi-region KMS key is created at the TEF level.\n\nWhen workspaces are upgraded to TE v5.49.0, Guardrails use this new key to re-encrypt the existing *Tenant Master Key* within the workspaces. The *Tenant Master Key* itself remains unchanged-only its encryption is updated. The previous version, encrypted with a regional KMS key, remains available.\n\nIf a workspace is downgraded to TE v5.48.0, the multi-region encryption persists. Upon re-upgrading to TE v5.49.0, re-encryption does not occur again.\n\nThis process works seamlessly unless TEF is downgraded to a version earlier than v1.65.0.\n\n_Requirements_\n\n- TEF: 1.65.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot v5.50.0 - Added contactable interface","author":"Turbot Team","publishedAt":"2025-02-27T09:00:00","permalink":"turbot-v5-50-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added contactable interface.\n- New policy type classes GUARDRAIL, SETTING, and ACCOUNT have been introduced to define the scope of policies.\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.10 - Update controls trend graph to use the latest counts","author":"Turbot Team","publishedAt":"2025-02-25T09:00:00","permalink":"te-v5-48-10","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- UI\n - Update controls trend graph to use the latest counts.\n\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-servicebus v5.3.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-servicebus-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-recoveryservice v5.8.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-recoveryservice-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-frontdoorservice v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-frontdoorservice-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-firewall v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-firewall-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-datafactory v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-datafactory-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-containerregistry v5.3.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-containerregistry-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-applicationgateway v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-applicationgateway-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-aks v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-aks-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-activedirectory v5.7.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-25T09:00:00","permalink":"azure-activedirectory-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"servicenow v5.3.0 - Filter ServiceNow records using encoded query strings and discover them in Guardrails","author":"Turbot Team","publishedAt":"2025-02-24T09:00:00","permalink":"servicenow-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now filter ServiceNow records using encoded query strings and discover them in Guardrails. To get started, set the `CMDB > Query` policy for various resource types. For more details, refer to the [ServiceNow documentation on encoded query strings](https://www.servicenow.com/docs/bundle/yokohama-platform-user-interface/page/use/using-lists/concept/c_EncodedQueryStrings.html).\n\n_Policy Types_\n\n- ServiceNow > Application > CMDB > Query\n- ServiceNow > Cost Center > CMDB > Query\n- ServiceNow > User > CMDB > Query\n"},{"meta":{"title":"azure-securitycenter v5.6.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-24T09:00:00","permalink":"azure-securitycenter-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-relay v5.4.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-24T09:00:00","permalink":"azure-relay-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-databricks v5.6.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-24T09:00:00","permalink":"azure-databricks-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-applicationinsights v5.10.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-24T09:00:00","permalink":"azure-applicationinsights-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"gcp v5.30.2 - Filter policies for real-time events will now evaluate correctly if CMDB policies for resource types are set to `Skip` or `Enforce: Disabled`","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"gcp-v5-30-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Filter policies for real-time events will now evaluate correctly if CMDB policies for resource types are set to `Skip` or `Enforce: Disabled`.\n"},{"meta":{"title":"gcp-storage v5.11.5 - Real-time storage events filter will now filters out resource specific events if their CMDB policy is set to `Skip` or `Enforce: Disabled`","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"gcp-storage-v5-11-5","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-storage` policy now respects CMDB policy settings for resource types and filters out real-time events when the policies are set to `Skip` or `Enforce: Disabled`. We recommend upgrading the `gcp` mod to v5.30.2 or higher in order to process real-time events correctly.\n"},{"meta":{"title":"azure-provider v5.15.0 - Lambda runtimes now powered by Node 22","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-provider-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-loganalytics v5.11.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-loganalytics-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-keyvault v5.16.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-keyvault-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-dns v5.10.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-dns-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-cosmosdb v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-cosmosdb-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-automation v5.2.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-automation-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-appservice v5.14.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-appservice-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-apimanagement v5.5.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-21T09:00:00","permalink":"azure-apimanagement-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure v5.28.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-v5-28-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-synapseanalytics v5.10.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-synapseanalytics-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-sqlvirtualmachine v5.2.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-sqlvirtualmachine-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-sql v5.17.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-sql-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-signalr v5.4.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-signalr-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-searchmanagement v5.10.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-searchmanagement-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-postgresql v5.18.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-postgresql-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-mysql v5.14.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-mysql-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-monitor v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-monitor-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-managedidentity v5.3.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-managedidentity-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-loadbalancer v5.9.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-loadbalancer-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-iam v5.13.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-20T09:00:00","permalink":"azure-iam-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"Terraform Provider v1.12.0 - Added support for `turbot_control_mute` resource","author":"Turbot Team","publishedAt":"2025-02-19T09:00:00","permalink":"terraform-provider-v1-12-0","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Mute controls if you want to ignore them. The `turbot_control_mute` allows muting a control to help streamline operations without compromising security policies.\n\n_Bug fixes_\n\n- Fixed typo in an error message while calling Guardrails APIs.\n\n_Documentation_\n\n- Updated example for `turbot_policy_pack` resource.\n- Fixed spacing in `turbot_turbot_directory` documentation.\n"},{"meta":{"title":"azure-storage v5.21.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-19T09:00:00","permalink":"azure-storage-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-networkwatcher v5.12.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-18T09:00:00","permalink":"azure-networkwatcher-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.9 - Improvements and bug fixes","author":"Turbot Team","publishedAt":"2025-02-18T09:00:00","permalink":"te-v5-48-9","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- UI\n - Users can now select permissions (ReadOnly + Global Event Handlers or Full Remediation) to apply to the IAM role in the CFN template when importing an AWS Organization or Account.\n\n_Bug fixes_\n\n- UI\n - Fixed an issue where the terminate process call sometimes received an empty input when terminating a queued process.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-network v5.23.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-18T09:00:00","permalink":"azure-network-v5-23-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- `Stack [Native]` controls now run faster when in `skipped` state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"azure-compute v5.20.0 - Real-time update events for resources will now be processed more reliably","author":null,"publishedAt":"2025-02-18T09:00:00","permalink":"azure-compute-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Bug fixes_\n\n- Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.\n- Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.8 - Improvements and bug fixes","author":"Turbot Team","publishedAt":"2025-02-17T09:00:00","permalink":"te-v5-48-8","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Updated Workspace Manager Lambda to automatically populate the Turbot > Workspace > Guardrails Master Account policy for improved management.\n\n_Bug fixes_\n\n- UI\n - Adjusted stats limit to 30 days, ensuring a full month of data visibility.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-vpc-connect v5.9.3 - Cross-Account Discovery control for Transit Gateway Attachments would no longer upsert resources in a `deleted` or `deleting` state","author":null,"publishedAt":"2025-02-17T09:00:00","permalink":"aws-vpc-connect-v5-9-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > Transit Gateway Attachment > Discovery [Cross-Account]` control would sometimes upsert transit gateway attachments in a `deleted` or `deleting` state. This issue is now fixed.\n"},{"meta":{"title":"aws-vpc-connect v5.9.2 - Cross-account Transit Gateway Attachments will no longer be deleted from the CMDB","author":null,"publishedAt":"2025-02-17T09:00:00","permalink":"aws-vpc-connect-v5-9-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > Transit Gateway Attachment > CMDB` control previously, in some cases, inadvertently deleted cross-account transit gateway attachments from Guardrails CMDB. This issue has now been fixed.\n"},{"meta":{"title":"aws-rds v5.30.0 - Configure a custom tag name to start/stop DB clusters via the Schedule control","author":null,"publishedAt":"2025-02-17T09:00:00","permalink":"aws-rds-v5-30-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure a custom tag name to start/stop DB clusters via the `AWS > RDS > DB Cluster > Schedule` control. To get started, set the `AWS > RDS > DB Cluster > Schedule Tag > Name` policy.\n\n_Policy Types_\n\n- AWS > RDS > DB Cluster > Schedule Tag > Name\n"},{"meta":{"title":"azure v5.27.0 - Guardrails would fail to process real-time tagging events for subscriptions","author":null,"publishedAt":"2025-02-14T09:00:00","permalink":"azure-v5-27-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Action Types_\n\n- Azure > Subscription > Router\n\n_Bug fixes_\n\n- Guardrails would fail to process real-time tagging events for subscriptions. This is now fixed.\n- The default template input in `Azure > Subscription > Tags > Template` policy referred to an incorrect policy for its value. This is now fixed.\n"},{"meta":{"title":"turbot v5.49.1 - Resolved a race condition in Turbot > Smart Retention to ensure smoother execution","author":"Turbot Team","publishedAt":"2025-02-13T09:00:00","permalink":"turbot-v5-49-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Resolved a race condition in Turbot > Smart Retention to ensure smoother execution.\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"aws v5.35.6 - Fixed the naming convention for EventBridge rule for organization level events","author":null,"publishedAt":"2025-02-13T09:00:00","permalink":"aws-v5-35-6","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed the naming convention for EventBridge rule for organization level events.\n"},{"meta":{"title":"aws v5.35.5 - Real-time events for the aws-organizations mod will now be processed correctly","author":null,"publishedAt":"2025-02-12T09:00:00","permalink":"aws-v5-35-5","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In version 5.35.0, we added support for importing an AWS organization into Guardrails but inadvertently introduced a bug that prevented real-time events for the aws-organizations mod from being processed correctly. This issue has now been fixed.\n\n_Policy Types_\n\n_Renamed_\n\n- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-organizations to AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws\n"},{"meta":{"title":"aws-organizations v5.3.0 - Guardrails failed to handle real-time creation and tagging events for organizational account resources","author":null,"publishedAt":"2025-02-12T09:00:00","permalink":"aws-organizations-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to handle real-time creation and tagging events for organizational account resources. This is now fixed.\n\n_Policy Types_\n\n- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-organizations\n\n_Removed_\n\n- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-organizations\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.7 - Rolled back dynamic queueing adjustments to restore previous behavior","author":"Turbot Team","publishedAt":"2025-02-10T09:00:00","permalink":"te-v5-48-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Rolled back dynamic queueing adjustments to restore previous behavior.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.6 - Version bump to align with deployment requirements","author":"Turbot Team","publishedAt":"2025-02-10T09:00:00","permalink":"te-v5-48-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\nVersion bump to align with deployment requirements.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.5 - Improvements and bug fixes","author":"Turbot Team","publishedAt":"2025-02-10T09:00:00","permalink":"te-v5-48-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- UI\n - Addressed an issue where resource card links on the Resources dashboard were not working as expected.\n\n- Server\n - Prevented the runnable monitor from entering an infinite loop.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.4 - UI enhancements and bug fixes for better usability","author":"Turbot Team","publishedAt":"2025-02-07T09:00:00","permalink":"te-v5-48-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- UI\n - Policy pack descriptions are now visible in the list view and detail page header for better clarity.\n\n_Bug fixes_\n\n- UI\n - Run and Terminate buttons now appear properly on the process detail page, ensuring a smoother experience.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-storage v5.11.4 - Bucket Policy Trusted Access control failed to evaluate correctly when IAM policy binding details were not available in CMDB","author":null,"publishedAt":"2025-02-07T09:00:00","permalink":"gcp-storage-v5-11-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Storage > Bucket > Policy > Trusted Access` control previously failed to evaluate results correctly and caused internal process timeouts when Guardrails was denied access to fetch IAM policy bindings for buckets. This issue has been resolved, ensuring that the control now evaluates results and terminates correctly as expected.\n"},{"meta":{"title":"azure-compute v5.19.2 - Virtual Machine tags control sometimes failed to update tags on spot instances","author":null,"publishedAt":"2025-02-07T09:00:00","permalink":"azure-compute-v5-19-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Compute > Virtual Machine > Tags` control would sometimes failed to update tags on spot instances. This is now fixed.\n"},{"meta":{"title":"aws-s3 v5.29.2 - Bucket CMDB control would go into an error state if CMDB policy was set to ignore permission errors","author":null,"publishedAt":"2025-02-07T09:00:00","permalink":"aws-s3-v5-29-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > S3 > Bucket > Discovery` control incorrectly went into a skipped state when the `AWS > S3 > Bucket > CMDB` policy was set to `Enforce: Enabled but ignore permission errors`. This is fixed and control will now work as expected.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.3 - Optimize message queue dispatch based on DB CPU usage, connections, and queue load","author":"Turbot Team","publishedAt":"2025-02-06T09:00:00","permalink":"te-v5-48-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- UI\n - Added 'Resource Type' column to activity ledger CSV exports.\n - Improved usability of the Resource trend graph.\n\n_Bug fixes_\n\n- Server\n - Recursive loops in Lambda are now handled seamlessly without termination.\n - Optimize message queue dispatch based on DB CPU usage, connections, and queue load.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot v5.49.0 - Added policy for Guardrails master account","author":"Turbot Team","publishedAt":"2025-02-06T09:00:00","permalink":"turbot-v5-49-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Workspace > Guardrails Master Account\n\n_Requirements_\n\n- TE: 5.35.4\n"},{"meta":{"title":"azure-sql v5.16.2 - Server CMDB control sometimes failed to fetch data for the associated firewall rules","author":null,"publishedAt":"2025-02-04T09:00:00","permalink":"azure-sql-v5-16-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > SQL > Server > CMDB` control sometimes failed to fetch data for the associated firewall rules. This issue has now been fixed.\n"},{"meta":{"title":"azure-cisv2-0 v5.1.1 - Control for benchmark 4.01.02 sometimes failed to evaluate the outcome correctly","author":null,"publishedAt":"2025-02-04T09:00:00","permalink":"azure-cisv2-0-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)` control sometimes failed to evaluate the control state correctly. This issue is now fixed.\n"},{"meta":{"title":"aws-rds v5.29.0 - Configure a custom tag name to start/stop DB instances","author":null,"publishedAt":"2025-02-03T09:00:00","permalink":"aws-rds-v5-29-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure a custom tag name to start/stop DB instances via the `AWS > RDS > DB Instance > Schedule` control. To get started, set the `AWS > RDS > DB Instance > Schedule Tag > Name` policy.\n\n_Policy Types_\n\n- AWS > RDS > DB Instance > Schedule Tag > Name\n"},{"meta":{"title":"aws-cloudsearch v5.4.1 - CMDB policy will now default to Skip","author":null,"publishedAt":"2025-02-03T09:00:00","permalink":"aws-cloudsearch-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CloudSearch > Domain > CMDB` policy will now be set to `Skip` by default because the resource type has been deprecated and will be removed in the next major version. Please check [end of support](https://docs.aws.amazon.com/cloudsearch/latest/developerguide/what-is-cloudsearch.html) for more information.\n"},{"meta":{"title":"gcp v5.30.1 - Stack [Native] controls will now run lighter and quicker than before","author":null,"publishedAt":"2025-01-31T09:00:00","permalink":"gcp-v5-30-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Stack [Native]` controls now run faster when in `skipped` state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.\n"},{"meta":{"title":"azure v5.26.1 - Stack [Native] controls will now run lighter and quicker than before","author":null,"publishedAt":"2025-01-31T09:00:00","permalink":"azure-v5-26-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Stack [Native]` controls now run faster when in `skipped` state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.\n"},{"meta":{"title":"aws-vpc-core v5.20.1 - Stack [Native] controls will now run lighter and quicker than before","author":null,"publishedAt":"2025-01-31T09:00:00","permalink":"aws-vpc-core-v5-20-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Stack [Native]` controls now run faster when in `skipped` state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.\n"},{"meta":{"title":"aws v5.35.4 - Stack [Native] controls will now run lighter and quicker than before","author":null,"publishedAt":"2025-01-31T09:00:00","permalink":"aws-v5-35-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Stack [Native]` controls now run faster when in `skipped` state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.\n"},{"meta":{"title":"aws-s3 v5.29.1 - Stack [Native] controls will now run lighter and quicker than before","author":null,"publishedAt":"2025-01-31T09:00:00","permalink":"aws-s3-v5-29-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Stack [Native]` controls now run faster when in `skipped` state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.\n"},{"meta":{"title":"aws-iam v5.40.1 - Stack [Native] controls will now run lighter and quicker than before","author":null,"publishedAt":"2025-01-31T09:00:00","permalink":"aws-iam-v5-40-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Stack [Native]` controls now run faster when in `skipped` state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.2 - Enhanced visibility with summary cards on Resources and Controls tab.","author":"Turbot Team","publishedAt":"2025-01-30T09:00:00","permalink":"te-v5-48-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- UI\n - Resources and Controls tab now features summary cards for better visibility.\n\n_Bug fixes_\n\n- UI\n - No more NaN values in summary cards; they now display correctly.\n - Mute and Run Control buttons now respect proper permission checks in the Control Detail page.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws v5.35.3 - Account CMDB control would sometimes go into an error state while fetching tagging details for accounts","author":null,"publishedAt":"2025-01-29T09:00:00","permalink":"aws-v5-35-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Account > CMDB` control occasionally encountered an error state while fetching tagging details for accounts. This issue has now been fixed.\n"},{"meta":{"title":"aws v5.35.2 - Tags added to account resources in Guardrails were removed on CMDB control reruns","author":null,"publishedAt":"2025-01-29T09:00:00","permalink":"aws-v5-35-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In the previous version, we introduced support for fetching AWS tags on accounts imported as part of an organization. However, this inadvertently caused a bug that removed tags added via the Guardrails API or Terraform on existing account resources. This issue has now been fixed, ensuring that tags added via Guardrails are preserved for individual accounts that are not part of any organization.\n- Fixed pattern validation for `AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN` policy.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.64.1 - Minor internal improvements","author":"Turbot Team","publishedAt":"2025-01-28T09:00:00","permalink":"tef-v1-64-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n - Minor internal improvements.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.1 - The role name was not updating correctly in the CFN template for AWS Org import and has now been fixed.","author":"Turbot Team","publishedAt":"2025-01-28T09:00:00","permalink":"te-v5-48-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- UI\n - The role name was not updating correctly in the CFN template for AWS Org import and has now been fixed.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws v5.35.1 - Real-time event handlers did not process account level events for organizations imported via delegated accounts","author":null,"publishedAt":"2025-01-28T09:00:00","permalink":"aws-v5-35-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The real-time event handlers did not process account level events if the associated organization was imported using a delegated account. This is now fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.65.0 - Added support for Node.js 22 in the Lambda runtime","author":"Turbot Team","publishedAt":"2025-01-27T09:00:00","permalink":"tef-v1-65-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Guardrails now supports configurable soft limits for API and Event container memory reservations in TEF, improving ECS task scaling and resource flexibility.\n - Added Guardrails KMS key, a multi-region KMS key for encrypting internal Turbot Guardrails data.\n - Added support for Node.js 22 in the Lambda runtime.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.64.0 - Support for IAM based authentication in Redis","author":"Turbot Team","publishedAt":"2025-01-27T09:00:00","permalink":"tef-v1-64-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Support for IAM based authentication in Redis.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.46.0 - Introduced Redis-based IAM authentication support","author":"Turbot Team","publishedAt":"2025-01-27T09:00:00","permalink":"ted-v1-46-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added a new SSM parameter to enable GCP organization import.\n- Introduced Redis-based IAM authentication support.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.48.0 - Enhanced policy pack management, control muting and improved visibility with insightful stats","author":"Turbot Team","publishedAt":"2025-01-27T09:00:00","permalink":"te-v5-48-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"$4f"},{"meta":{"title":"turbot v5.48.0 - Added control to collect stats for accountable resources","author":"Turbot Team","publishedAt":"2025-01-27T09:00:00","permalink":"turbot-v5-48-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Workspace > Retention > Account Statistics Retention\n - Turbot > Workspace > Retention > Account Statistics Retention > Purge Limit\n - Turbot > Workspace > Policy Pack Attachment Levels\n - Turbot > Workspace > Policy Setting Levels\n\n- Control Types:\n - Turbot > Statistics > Accounts\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"gcp v5.30.0 - Discover folders, projects and resources under your organization","author":null,"publishedAt":"2025-01-27T09:00:00","permalink":"gcp-v5-30-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$50"},{"meta":{"title":"azure v5.26.0 - Exclude subscriptions while importing a tenant in Guardrails","author":null,"publishedAt":"2025-01-27T09:00:00","permalink":"azure-v5-26-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now exclude subscriptions that they do not wish to import while importing a tenant in Guardrails. To get started, set the `Azure > Tenant > CMDB > Exclude` policy.\n\n- Users can now create and manage tags for subscriptions. To get started, set the` Azure > Subscription > Tags > *` policies.\n\n_Control Types_\n\n- Azure > Subscription > Tags\n\n_Policy Types_\n\n- Azure > Subscription > Tags\n- Azure > Subscription > Tags > Template\n- Azure > Tenant > CMDB > Exclude\n\n_Action Types_\n\n- Azure > Subscription > Set Tags\n"},{"meta":{"title":"aws v5.35.0 - Discover OUs, accounts and resources under your organization","author":null,"publishedAt":"2025-01-27T09:00:00","permalink":"aws-v5-35-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$51"},{"meta":{"title":"github v5.1.0 - Added support for new secret value for Event Handlers webhook","author":"Turbot Team","publishedAt":"2025-01-27T09:00:00","permalink":"github-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GitHub > Organization > Event Handlers` control will now use `Turbot > Workspace > GitHub > Secrets` policy to set the webhook secret.\n"},{"meta":{"title":"github v5.0.0 is now available","author":"Turbot Team","publishedAt":"2025-01-24T09:00:00","permalink":"github-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$52"},{"meta":{"title":"azure-sql v5.16.1 - SQL servers using SQL authentication method will not be deleted from Guardrails CMDB","author":null,"publishedAt":"2025-01-16T09:00:00","permalink":"azure-sql-v5-16-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > SQL > Server > CMDB` control occasionally deleted servers from Guardrails CMDB when they used the SQL authentication method. This issue has been fixed, and such resources will no longer be removed from the CMDB.\n"},{"meta":{"title":"azure-network v5.22.0 - Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls","author":null,"publishedAt":"2025-01-16T09:00:00","permalink":"azure-network-v5-22-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls.\n\n_Policy Types_\n\n- Azure > Network > Virtual Network > Stack [Native] > Drift Detection\n- Azure > Network > Virtual Network > Stack [Native] > Drift Detection > Interval\n- Azure > Network > Virtual Network > Stack [Native] > Timeout\n- Azure > Network > Virtual Network > Stack [Native] > Version\n"},{"meta":{"title":"aws-vpc-core v5.20.0 - Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls","author":null,"publishedAt":"2025-01-16T09:00:00","permalink":"aws-vpc-core-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls.\n\n_Policy Types_\n\n- AWS > VPC > Stack [Native] > Drift Detection\n- AWS > VPC > Stack [Native] > Drift Detection > Interval\n- AWS > VPC > Stack [Native] > Timeout\n- AWS > VPC > Stack [Native] > Version\n- AWS > VPC > VPC > Stack [Native] > Drift Detection\n- AWS > VPC > VPC > Stack [Native] > Drift Detection > Interval\n- AWS > VPC > VPC > Stack [Native] > Timeout\n- AWS > VPC > VPC > Stack [Native] > Version\n"},{"meta":{"title":"aws-s3 v5.29.0 - Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls","author":null,"publishedAt":"2025-01-16T09:00:00","permalink":"aws-s3-v5-29-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls.\n\n_Policy Types_\n\n- AWS > S3 > Bucket > Stack [Native] > Drift Detection\n- AWS > S3 > Bucket > Stack [Native] > Drift Detection > Interval\n- AWS > S3 > Bucket > Stack [Native] > Timeout\n- AWS > S3 > Bucket > Stack [Native] > Version\n"},{"meta":{"title":"aws-iam v5.39.0 - Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls","author":null,"publishedAt":"2025-01-16T09:00:00","permalink":"aws-iam-v5-39-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls.\n\n_Policy Types_\n\n- AWS > IAM > Stack [Native] > Drift Detection\n- AWS > IAM > Stack [Native] > Drift Detection > Interval\n- AWS > IAM > Stack [Native] > Timeout\n- AWS > IAM > Stack [Native] > Version\n"},{"meta":{"title":"gcp v5.29.0 - Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls","author":null,"publishedAt":"2025-01-15T09:00:00","permalink":"gcp-v5-29-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls.\n\n_Policy Types_\n\n- GCP > Project > Stack [Native] > Drift Detection\n- GCP > Project > Stack [Native] > Drift Detection > Interval\n- GCP > Project > Stack [Native] > Timeout\n- GCP > Project > Stack [Native] > Version\n"},{"meta":{"title":"azure v5.25.0 - Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls","author":null,"publishedAt":"2025-01-15T09:00:00","permalink":"azure-v5-25-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls.\n\n_Policy Types_\n\n- Azure > Subscription > Stack [Native] > Drift Detection\n- Azure > Subscription > Stack [Native] > Drift Detection > Interval\n- Azure > Subscription > Stack [Native] > Timeout\n- Azure > Subscription > Stack [Native] > Version\n"},{"meta":{"title":"aws v5.33.0 - Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls","author":null,"publishedAt":"2025-01-15T09:00:00","permalink":"aws-v5-33-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Drift Detection, Version and Timeout policies for the `Stack [Native]` controls.\n\n_Policy Types_\n\n- AWS > Account > Stack [Native] > Drift Detection\n- AWS > Account > Stack [Native] > Drift Detection > Interval\n- AWS > Account > Stack [Native] > Timeout\n- AWS > Account > Stack [Native] > Version\n- AWS > Region > Stack [Native] > Drift Detection\n- AWS > Region > Stack [Native] > Drift Detection > Interval\n- AWS > Region > Stack [Native] > Timeout\n- AWS > Region > Stack [Native] > Version\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.8 - Added support for drift detection in OpenTofu 1.x (open-source Terraform) integration via Guardrail.","author":"Turbot Team","publishedAt":"2025-01-13T09:00:00","permalink":"te-v5-47-8","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Added support for drift detection in OpenTofu 1.x (open-source Terraform) integration via Guardrail.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.7 - Added container support for Stack [Native] controls","author":"Turbot Team","publishedAt":"2025-01-10T09:00:00","permalink":"te-v5-47-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Added support for OpenTofu v1.8.3 (open source Terraform) container to run Stack [Native] controls.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp v5.28.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-01-10T09:00:00","permalink":"gcp-v5-28-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- GCP > Project > Stack [Native]\n\n_Policy Types_\n\n- GCP > Project > Stack [Native]\n- GCP > Project > Stack [Native] > Modifier\n- GCP > Project > Stack [Native] > Secret Variables\n- GCP > Project > Stack [Native] > Source\n- GCP > Project > Stack [Native] > Variables\n"},{"meta":{"title":"azure v5.24.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-01-10T09:00:00","permalink":"azure-v5-24-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- Azure > Subscription > Stack [Native]\n\n_Policy Types_\n\n- Azure > Subscription > Stack [Native]\n- Azure > Subscription > Stack [Native] > Modifier\n- Azure > Subscription > Stack [Native] > Secret Variables\n- Azure > Subscription > Stack [Native] > Source\n- Azure > Subscription > Stack [Native] > Variables\n"},{"meta":{"title":"azure-network v5.21.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-01-10T09:00:00","permalink":"azure-network-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- Azure > Network > Virtual Network > Stack [Native]\n\n_Policy Types_\n\n- Azure > Network > Virtual Network > Stack [Native]\n- Azure > Network > Virtual Network > Stack [Native] > Modifier\n- Azure > Network > Virtual Network > Stack [Native] > Secret Variables\n- Azure > Network > Virtual Network > Stack [Native] > Source\n- Azure > Network > Virtual Network > Stack [Native] > Variables\n"},{"meta":{"title":"aws-vpc-core v5.19.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-01-10T09:00:00","permalink":"aws-vpc-core-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- AWS > VPC > Stack [Native]\n- AWS > VPC > VPC > Stack [Native]\n\n_Policy Types_\n\n- AWS > VPC > Stack [Native]\n- AWS > VPC > Stack [Native] > Modifier\n- AWS > VPC > Stack [Native] > Secret Variables\n- AWS > VPC > Stack [Native] > Source\n- AWS > VPC > Stack [Native] > Variables\n- AWS > VPC > VPC > Stack [Native]\n- AWS > VPC > VPC > Stack [Native] > Modifier\n- AWS > VPC > VPC > Stack [Native] > Secret Variables\n- AWS > VPC > VPC > Stack [Native] > Source\n- AWS > VPC > VPC > Stack [Native] > Variables\n"},{"meta":{"title":"aws v5.32.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-01-10T09:00:00","permalink":"aws-v5-32-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- AWS > Account > Stack [Native]\n- AWS > Region > Stack [Native]\n\n_Policy Types_\n\n- AWS > Account > Stack [Native]\n- AWS > Account > Stack [Native] > Modifier\n- AWS > Account > Stack [Native] > Secret Variables\n- AWS > Account > Stack [Native] > Source\n- AWS > Account > Stack [Native] > Variables\n- AWS > Region > Stack [Native]\n- AWS > Region > Stack [Native] > Modifier\n- AWS > Region > Stack [Native] > Secret Variables\n- AWS > Region > Stack [Native] > Source\n- AWS > Region > Stack [Native] > Variables\n"},{"meta":{"title":"aws-s3 v5.28.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-01-10T09:00:00","permalink":"aws-s3-v5-28-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- AWS > S3 > Bucket > Stack [Native]\n\n_Policy Types_\n\n- AWS > S3 > Bucket [Native]\n- AWS > S3 > Bucket [Native] > Modifier\n- AWS > S3 > Bucket [Native] > Secret Variables\n- AWS > S3 > Bucket [Native] > Source\n- AWS > S3 > Bucket [Native] > Variables\n"},{"meta":{"title":"aws-iam v5.38.0 - Create and manage cloud resources via Stack [Native] controls","author":null,"publishedAt":"2025-01-10T09:00:00","permalink":"aws-iam-v5-38-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the `Stack [Native] > *` policies.\n\n_Control Types_\n\n- AWS > IAM > Stack [Native]\n\n_Policy Types_\n\n- AWS > IAM > Stack [Native]\n- AWS > IAM > Stack [Native] > Modifier\n- AWS > IAM > Stack [Native] > Secret Variables\n- AWS > IAM > Stack [Native] > Source\n- AWS > IAM > Stack [Native] > Variables\n"},{"meta":{"title":"azure-networkwatcher v5.11.1 - The real-time Event Handlers would fail to update details for Flow Logs attached to Virtual Networks","author":null,"publishedAt":"2024-12-20T09:00:00","permalink":"azure-networkwatcher-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The real-time Event Handlers would fail to update details for Flow Logs attached to Virtual Networks. This is now fixed.\n"},{"meta":{"title":"azure-network v5.20.1 - Guardrails would fail to update CMDB for virtual networks when flow logs were created or removed from such resources","author":null,"publishedAt":"2024-12-20T09:00:00","permalink":"azure-network-v5-20-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails would fail to update CMDB for virtual networks when flow logs were created or removed from such resources. This is now fixed.\n"},{"meta":{"title":"aws-vpc-core v5.18.2 - Flow Logging control would destroy and recreate flow logs unnecessarily","author":null,"publishedAt":"2024-12-16T09:00:00","permalink":"aws-vpc-core-v5-18-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > VPC > Flow Logging` control previously attempted to destroy and recreate flow logs with CloudWatch log groups as the destination on successive runs due to an incorrect ARN reference to the log destination. This issue is now fixed, and the control will no longer unnecessarily destroy and recreate flow logs in such cases.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.6 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-12-13T09:00:00","permalink":"te-v5-47-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n\n"},{"meta":{"title":"gcp v5.27.1 - Updated Terraform Version policy to prevent unnecessary stack control reruns","author":null,"publishedAt":"2024-12-13T09:00:00","permalink":"gcp-v5-27-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.\n"},{"meta":{"title":"gcp-iam v5.16.3 - Updated Terraform Version policy to prevent unnecessary stack control reruns","author":null,"publishedAt":"2024-12-13T09:00:00","permalink":"gcp-iam-v5-16-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.\n"},{"meta":{"title":"azure-iam v5.12.1 - Updated Terraform Version policy to prevent unnecessary stack control reruns","author":null,"publishedAt":"2024-12-13T09:00:00","permalink":"azure-iam-v5-12-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.\n"},{"meta":{"title":"azure-compute v5.19.1 - The Virtual Machine Scale Set Tags control will now update tags correctly for Scale Sets launched via the Azure Marketplace","author":null,"publishedAt":"2024-12-13T09:00:00","permalink":"azure-compute-v5-19-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we resolved an issue in the `Azure > Compute > Virtual Machine Scale Set > Tags` control to ensure tags were updated correctly for Scale Sets launched via the Azure Marketplace. However, the control occasionally failed to update tags for Scale Sets on certain purchase plans. This issue has now been addressed, and the control will update tags correctly and reliably for all types of Scale Sets.\n"},{"meta":{"title":"aws v5.31.1 - Updated Terraform Version policy to prevent unnecessary stack control reruns","author":null,"publishedAt":"2024-12-13T09:00:00","permalink":"aws-v5-31-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.\n"},{"meta":{"title":"aws-kms v5.18.1 - Updated Terraform Version policy to prevent unnecessary stack control reruns","author":null,"publishedAt":"2024-12-13T09:00:00","permalink":"aws-kms-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.\n"},{"meta":{"title":"aws-iam v5.37.1 - Updated Terraform Version policy to prevent unnecessary stack control reruns","author":null,"publishedAt":"2024-12-13T09:00:00","permalink":"aws-iam-v5-37-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.5 - UI bug fixes and enhancements","author":"Turbot Team","publishedAt":"2024-12-11T09:00:00","permalink":"te-v5-47-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- UI\n - Updated the filter logic on the Reports page for more accurate results.\n - Resolved an issue where resource links in the Permissions section redirected to the profile page instead of the resource page when grouped by resources.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure v5.23.0 - Filter out specific real-time events while polling using the Azure Event Poller","author":null,"publishedAt":"2024-12-11T09:00:00","permalink":"azure-v5-23-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now define a list of events to filter out while polling for events using the `Azure > Turbot > Event Poller`. To get started, set the `Azure > Turbot > Event Poller > Excluded Events` policy.\n\n_Policy Types_\n\n- Azure > Turbot > Event Poller > Excluded Events\n"},{"meta":{"title":"aws-sqs v5.15.0 - Check and enforce SQS SSE for queue encryption","author":null,"publishedAt":"2024-12-11T09:00:00","permalink":"aws-sqs-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now check and enforce SQS SSE for queue encryption. To get started, configure the `AWS > SQS > Queue > Encryption at Rest` policy to one of the following values: `Check: SQS SSE`, `Check: SQS SSE or higher`, `Enforce: SQS SSE` or `Enforce: SQS SSE or higher`.\n"},{"meta":{"title":"kubernetes v5.2.0 - Check if Kubernetes clusters are approved for use via Guardrails","author":null,"publishedAt":"2024-12-10T09:00:00","permalink":"kubernetes-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Check if Kubernetes clusters are approved for use via Guardrails. To get started, set the `Kubernetes > Cluster > Approved > *` policies.\n\n_Control Types_\n\n- Kubernetes > Cluster > Approved\n\n_Policy Types_\n\n- Kubernetes > Cluster > Approved\n- Kubernetes > Cluster > Approved > Custom\n"},{"meta":{"title":"azure-appservice v5.13.1 - The `HTTPS Only` control would sometime fail to enable the setting in Azure","author":null,"publishedAt":"2024-12-06T09:00:00","permalink":"azure-appservice-v5-13-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > App Service > Function App > HTTPS Only` control would sometime fail to enable the setting in Azure. This is now fixed.\n"},{"meta":{"title":"gcp-computeengine v5.19.2 - The `Serial Port Access` and `Block Project Wide SSH Keys` controls for Compute Engine Instances would sometimes go into an error state due to incorrect references to CMDB attributes","author":null,"publishedAt":"2024-12-05T09:00:00","permalink":"gcp-computeengine-v5-19-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Compute Engine > Instance > Serial Port Access` and `GCP > Compute Engine > Instance > Block Project Wide SSH Keys` controls would sometimes go into an error state due to incorrect references to CMDB attributes. This is fixed and the controls will now work as expected.\n"},{"meta":{"title":"azure-network v5.20.0 - Guardrails can now discover and manage Network resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-04T09:00:00","permalink":"azure-network-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n\n_Bug fixes_\n\n- Guardrails would fail to delete unapproved ingress rules when the `Azure > Network > Network Security Group > Ingress Rules > Approved` policy was set to `Enforce: Delete unapproved`. This is now fixed.\n"},{"meta":{"title":"azure-cosmosdb v5.8.0 - Guardrails can now discover and manage Cosmos DB resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-04T09:00:00","permalink":"azure-cosmosdb-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-appservice v5.13.0 - Guardrails can now discover and manage App Service resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-04T09:00:00","permalink":"azure-appservice-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n\n_Bug fixes_\n\n- Guardrails would sometimes update the `createTimestamp` for Web Apps and Function Apps incorrectly when processing update events for these resources. We have updated the internal logic to ensure the `createTimestamp` is now updated correctly and more reliably than before.\n"},{"meta":{"title":"azure-synapseanalytics v5.9.0 - Guardrails can now discover and manage Synapse Analytics resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-03T09:00:00","permalink":"azure-synapseanalytics-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-recoveryservice v5.7.0 - Guardrails can now discover and manage Recovery Service resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-03T09:00:00","permalink":"azure-recoveryservice-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-keyvault v5.15.0 - Guardrails can now discover and manage Key Vault resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-03T09:00:00","permalink":"azure-keyvault-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-firewall v5.8.0 - Guardrails can now discover and manage Firewall resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-03T09:00:00","permalink":"azure-firewall-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-datafactory v5.8.0 - Guardrails can now discover and manage Data Factory resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-03T09:00:00","permalink":"azure-datafactory-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-compute v5.19.0 - Guardrails can now discover and manage Compute resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-03T09:00:00","permalink":"azure-compute-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n\n_Bug fixes_\n\n- Disks created alongside VMs sometimes lacked `createdBy` details in their metadata. The internal logic has been updated to ensure `createdBy` details are added more reliably for these disks.\n"},{"meta":{"title":"azure-signalr v5.3.0 - Guardrails can now discover and manage signalR resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-signalr-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-searchmanagement v5.9.0 - Guardrails can now discover and manage Search Management resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-searchmanagement-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-relay v5.3.0 - Guardrails can now discover and manage Relay resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-relay-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-postgresql v5.17.0 - Guardrails can now discover and manage PostgreSql resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-postgresql-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-networkwatcher v5.11.0 - Guardrails can now discover and manage Network Watcher resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-networkwatcher-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-mysql v5.13.0 - Guardrails can now discover and manage MySql resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-mysql-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-managedidentity v5.2.0 - Guardrails can now discover and manage Managed Identity resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-managedidentity-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-loganalytics v5.10.0 - Guardrails can now discover and manage Log Analytics resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-loganalytics-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-databricks v5.5.0 - Guardrails can now discover and manage Databricks resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-databricks-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-containerregistry v5.2.0 - Guardrails can now discover and manage Container Registry resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-containerregistry-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"azure-aks v5.8.0 - Guardrails can now discover and manage Kubernetes resources across all supported regions in Azure","author":null,"publishedAt":"2024-12-02T09:00:00","permalink":"azure-aks-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"gcp-iam v5.16.2 - The service account key active control has been updated to use `validAfterTime` instead of `metadata.createTimestamp` to accurately evaluate the age of the resource","author":null,"publishedAt":"2024-11-28T09:00:00","permalink":"gcp-iam-v5-16-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > IAM > Service Account Key > Active` control has been updated to use `validAfterTime` instead of `metadata.createTimestamp` to accurately evaluate the age of the resource.\n"},{"meta":{"title":"azure-applicationinsights v5.9.0 - Guardrails can now discover and manage Application Insights resources across all supported regions in Azure","author":null,"publishedAt":"2024-11-28T09:00:00","permalink":"azure-applicationinsights-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.\n"},{"meta":{"title":"aws-rds v5.28.0 - Users can now check and delete DB clusters that are not approved for use if they lack encryption at rest","author":null,"publishedAt":"2024-11-28T09:00:00","permalink":"aws-rds-v5-28-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now check and delete DB clusters that are not approved for use if they lack encryption at rest. To get started, set the `AWS > RDS > DB Cluster > Approved > Encryption at Rest > *` policies.\n\n_Policy Types_\n\n- AWS > RDS > DB Cluster > Approved > Encryption at Rest\n- AWS > RDS > DB Cluster > Approved > Encryption at Rest > Customer Managed Key\n"},{"meta":{"title":"aws v5.31.0 - Users can now check if their account spend is `On Target` per Budget","author":null,"publishedAt":"2024-11-26T09:00:00","permalink":"aws-v5-31-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now check if their account spend is `On Target` per Budget. To get started, set the `AWS > Account > Budget > Enabled` policy to `Check: Budget > State is On Target`.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.4 - Resolved an issue where reports pages could crash if certain information was null","author":"Turbot Team","publishedAt":"2024-11-26T09:00:00","permalink":"te-v5-47-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- UI\n - Resolved an issue where reports pages could crash if certain information was null\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.3 - Resolved issue with actor information handling","author":"Turbot Team","publishedAt":"2024-11-25T09:00:00","permalink":"te-v5-47-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved an issue where actor information was not being passed correctly during the process execution, ensuring accurate tracking and processing of actor-related data.\n\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-vpc-core v5.18.1 - The VPC Route CMDB control would go into an error state due to an incorrect use of a function from an internal node package","author":null,"publishedAt":"2024-11-25T09:00:00","permalink":"aws-vpc-core-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > Route > CMDB` control would go into an error state due to an incorrect use of a function from an internal node package. This is now fixed.\n"},{"meta":{"title":"azure-storage v5.20.3 - The `createdBy` and `createTimestamp` details will now be stored correctly and consistently for storage accounts","author":null,"publishedAt":"2024-11-22T09:00:00","permalink":"azure-storage-v5-20-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails would sometimes update the `createdBy` details for storage accounts due to mishandled real-time update events. This issue has been fixed, and `createdBy` details will now be stored more reliably and consistently than before.\n- In a previous version, we inadvertently introduced a bug that prevented the `createTimestamp` details from being stored in the metadata of new storage accounts upserted in Guardrails CMDB. This issue has now been resolved, and `createTimestamp` details are now stored correctly and reliably.\n"},{"meta":{"title":"azure v5.22.0 - Resource's metadata will now also include `createdBy` details in Guardrails CMDB","author":null,"publishedAt":"2024-11-20T09:00:00","permalink":"azure-v5-22-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource's metadata will now also include `createdBy` details in Guardrails CMDB.\n"},{"meta":{"title":"aws-vpc-security v5.11.1 - Updated internal Terraform mapping for Flow Log resource type to update flow logs correctly corresponding to updates in stacks","author":null,"publishedAt":"2024-11-20T09:00:00","permalink":"aws-vpc-security-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > VPC > Flow Logging` control would sometimes fail to update flow logs if the Max Aggregation Interval in the stack's source policy was updated. This is fixed and the stack control will now update such resources correctly, as expected.\n"},{"meta":{"title":"aws-vpc-core v5.18.0 - Users can now configure the maximum aggregation interval in the Flow Logging control","author":null,"publishedAt":"2024-11-20T09:00:00","permalink":"aws-vpc-core-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure the maximum aggregation interval in the `AWS > VPC > VPC > Flow Logging` control. To get started, set the `AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval` policy and/or `AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval` policy.\n\n_Policy Types_\n\n- AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval\n- AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval\n"},{"meta":{"title":"azure-sql v5.16.0 - Track and manage Managed Instance resources in Guardrails","author":null,"publishedAt":"2024-10-31T09:00:00","permalink":"azure-sql-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Resource Types_\n\n- Azure > SQL > Managed Instance\n\n_Control Types_\n\n- Azure > SQL > Managed Instance > Active\n- Azure > SQL > Managed Instance > Approved\n- Azure > SQL > Managed Instance > CMDB\n- Azure > SQL > Managed Instance > Discovery\n- Azure > SQL > Managed Instance > Tags\n\n_Policy Types_\n\n- Azure > SQL > Managed Instance > Active\n- Azure > SQL > Managed Instance > Active > Age\n- Azure > SQL > Managed Instance > Active > Last Modified\n- Azure > SQL > Managed Instance > Approved\n- Azure > SQL > Managed Instance > Approved > Custom\n- Azure > SQL > Managed Instance > Approved > Regions\n- Azure > SQL > Managed Instance > Approved > Usage\n- Azure > SQL > Managed Instance > CMDB\n- Azure > SQL > Managed Instance > Regions\n- Azure > SQL > Managed Instance > Tags\n- Azure > SQL > Managed Instance > Tags > Template\n\n_Action Types_\n\n- Azure > SQL > Managed Instance > Delete\n- Azure > SQL > Managed Instance > Router\n- Azure > SQL > Managed Instance > Set Tags\n"},{"meta":{"title":"aws-cisv3-0 v5.0.2 - Section 1 controls now correctly target a User/Root instead of Credentials Report","author":"Turbot Team","publishedAt":"2024-10-31T09:00:00","permalink":"aws-cisv3-0-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Controls previously targeting the `AWS > IAM > Credential Report` resource type have now been updated to target either the `AWS > IAM > Root` or `AWS > IAM > User` resource types, depending on the specific control requirements. This adjustment more accurately aligns each control with the relevant resources, enabling more precise and targeted checks.\n"},{"meta":{"title":"azure-securitycenter v5.5.2 - Auto Provisioning control is now deprecated and will move to an Invalid state if enforcements are applied","author":null,"publishedAt":"2024-10-30T09:00:00","permalink":"azure-securitycenter-v5-5-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Security Center > Security Center > Auto Provisioning` control is now deprecated and will now move to an Invalid state if enforcements are applied. This follows the [deprecation plan announcement](https://learn.microsoft.com/en-us/azure/defender-for-cloud/prepare-deprecation-log-analytics-mma-agent#log-analytics-agent-autoprovisioning-experience---deprecation-plan) from Azure. The control will be removed in a future mod version.\n\n_Control Types_\n\n_Renamed_\n\n- Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]\n\n_Policy Types_\n\n_Renamed_\n\n- Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]\n\n_Action Types_\n\n_Removed_\n\n- Azure > Security Center > Security Center > Update Auto Provisioning\n"},{"meta":{"title":"servicenow-kubernetes v5.5.0 - Added support for Import Set controls for various Kubernetes resource types","author":null,"publishedAt":"2024-10-25T09:00:00","permalink":"servicenow-kubernetes-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$53"},{"meta":{"title":"servicenow-aws-s3 v5.2.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-25T09:00:00","permalink":"servicenow-aws-s3-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"azure v5.21.1 - Removed unused Node package dependencies for Tenant lambda functions","author":null,"publishedAt":"2024-10-25T09:00:00","permalink":"azure-v5-21-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Removed unused node package dependencies for tenant lambda functions.\n"},{"meta":{"title":"servicenow-gcp-vertexai v5.0.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-gcp-vertexai-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"servicenow-gcp v5.7.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-gcp-v5-7-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"servicenow-gcp-storage v5.5.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-gcp-storage-v5-5-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"servicenow-gcp-kubernetesengine v5.1.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-gcp-kubernetesengine-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"servicenow-gcp-dataplex v5.0.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-gcp-dataplex-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"servicenow-gcp-computeengine v5.4.0 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-gcp-computeengine-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$54"},{"meta":{"title":"servicenow-azure-network v5.4.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-azure-network-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"servicenow-azure-compute v5.2.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-azure-compute-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format."},{"meta":{"title":"servicenow-azure-aks v5.1.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"servicenow-azure-aks-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format."},{"meta":{"title":"azure-securitycenter v5.5.1 - Fixed internal dependencies to allow Security Center controls to work for US Gov subscriptions","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"azure-securitycenter-v5-5-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In version 5.5.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Security Center resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.\n- The `Azure > Security Center > Security Center > CMDB` control would go into an error state if it was not able to fetch policy assignment details correctly. This issue has now been fixed.\n"},{"meta":{"title":"azure-monitor v5.8.1 - Fixed internal dependencies to allow various Monitor controls to work for US Gov subscriptions","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"azure-monitor-v5-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In version 5.8.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Monitor resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.\n"},{"meta":{"title":"azure-dns v5.9.1 - Fixed incorrect endpoints used to make API calls for various DNS resources","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"azure-dns-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In version 5.9.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing DNS resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.\n"},{"meta":{"title":"azure-compute v5.18.1 - Fixed incorrect endpoints used to make API calls for various Compute resources","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"azure-compute-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In version 5.18.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Compute resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.\n"},{"meta":{"title":"azure-apimanagement v5.4.1 - Fixed incorrect endpoints used to make API calls for API Management resources","author":null,"publishedAt":"2024-10-24T09:00:00","permalink":"azure-apimanagement-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In version 5.4.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing API Management resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.\n"},{"meta":{"title":"azure-automation v5.1.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Automation resources in Guardrails","author":null,"publishedAt":"2024-10-23T09:00:00","permalink":"azure-automation-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the new authentication method to discover and manage Automation resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"servicenow-azure-storage v5.4.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-22T09:00:00","permalink":"servicenow-azure-storage-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"servicenow-azure v5.6.1 - Import Set control will not transform JSON objects to strings while syncing data to ServiceNow","author":null,"publishedAt":"2024-10-21T09:00:00","permalink":"servicenow-azure-v5-6-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In v5.3.1, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.\n"},{"meta":{"title":"azure-keyvault v5.14.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Key Vault resources in Guardrails","author":null,"publishedAt":"2024-10-21T09:00:00","permalink":"azure-keyvault-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Key Vault resources in Guardrails. This release includes breaking changes in the CMDB data for key, and secret. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below:\n\nKeyVault > Vault\n\nAdded :\n\n- `enableSoftDelete`\n- `publicNetworkAccess`\n- `enableRbacAuthorization`\n\nKeyVault > Key\n\nAdded :\n\n- `hsmPlatform`\n\nRemoved:\n\n- `key.e`\n- `key.n`\n\nKeyVault > Secret\n\nModified :\n\n- `ID` property does not contain the secret version.\n\nRemoved:\n\n- `expires`\n- `updated`\n- `created`\n\n_Bug fixes_\n\n- The `Azure > Key Vault > Key > CMDB` control would go into an error state while fetching key rotation policy details for managed keys. The control will no longer attempt to fetch the key rotation policy details for such keys and will work as expected.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.45.0 - Added support for PostgresSQL 16","author":"Turbot Team","publishedAt":"2024-10-18T09:00:00","permalink":"ted-v1-45-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for PostgresSQL 16.\n- Added support for custom hive key.\n- Default database engine version changed to 15.7.\n- Default cache engine version set to 7.1.\n- M4 and R4 instance types removed from the supported database instance list due to deprecation.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.2 - Feature enhancements and bug fixes","author":"Turbot Team","publishedAt":"2024-10-18T09:00:00","permalink":"te-v5-47-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Introduced `Activity Retention` feature for Smart Retention control to enhance version and data management.\n\n- UI\n - Support for downloading AWS CloudFormation templates directly from the AWS import page.\n\n_Bug fixes_\n\n- Server\n - Resolved controls getting stuck when `Notify` or `Ignore` keywords were missing in the notification rules.\n\n- UI\n - The `+` button for adding permissions now correctly applies the appropriate attributes.\n\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot v5.46.0 - Added policy to set Activity Retention","author":"Turbot Team","publishedAt":"2024-10-18T09:00:00","permalink":"turbot-v5-46-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Workspace > Retention > Activity Purge Limit.\n - Turbot > Workspace > Retention > Activity Retention.\n\n- Control Types:\n - Add support to `Turbot > Smart Retention` control to enhance version and data management.\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"azure-mysql v5.12.0 - Check if flexible servers have TLS version set to 1.2 or higher","author":null,"publishedAt":"2024-10-18T09:00:00","permalink":"azure-mysql-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now check if flexible servers have a TLS version setting of 1.2 or higher enabled. To get started, set the `Azure > MySQL > Flexible Server > Set Minimum TLS Version` policy to `Check: TLS 1.2 or higher`.\n"},{"meta":{"title":"azure v5.21.0 - Controls and Actions now use latest Azure SDK versions to discover and manage resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage resources in Guardrails. This release includes breaking changes in the CMDB data for Azure. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.\n\nAzure > Management Group\n\nModified :\n\n- The value of `type` property is updated as `type: Microsoft.Management/managementGroups`, earlier it was `/providers/Microsoft.Management/managementGroups`\n"},{"meta":{"title":"azure-sqlvirtualmachine v5.1.0 - Controls and Actions now use latest Azure SDK versions to discover and manage SQL Virtual Machine resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-sqlvirtualmachine-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the new authentication method to discover and manage SQL Virtual Machine resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-sql v5.15.0 - Controls and Actions now use latest Azure SDK versions to discover and manage SQL resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-sql-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$55"},{"meta":{"title":"azure-provider v5.13.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Resource Providers in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-provider-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Resource Providers in Guardrails.\n"},{"meta":{"title":"azure-network v5.19.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Network resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-network-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Network resources in Guardrails.\n\nNetwork > NetworkInterface\n\nAdded :\n\n- `auxiliaryMode`\n- `auxiliarySku`\n- `kind`\n- `disableTcpStateTracking`\n\nNetwork > PrivateDNSZone\n\nAdded :\n\n- `internalId`\n\nNetwork > VirtualNetworkGateway\n\nAdded :\n\n- `allowVirtualWanTraffic`\n- `allowRemoteVnetTraffic`\n\nModified :\n\n- `activeActive` property updated as `active`\n"},{"meta":{"title":"azure-monitor v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Monitor resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-monitor-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$56"},{"meta":{"title":"azure-managedidentity v5.1.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Managed Identity resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-managedidentity-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Managed Identity resources in Guardrails. This release includes changes in the CMDB data as below.\n\nRemoved:\n\n- `clientSecretUrl`\n"},{"meta":{"title":"azure-loganalytics v5.9.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Log Analytics resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-loganalytics-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Log Analytics resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-iam v5.12.0 - Controls and Actions now use latest Azure SDK versions to discover and manage IAM resources in Guardrails","author":null,"publishedAt":"2024-10-17T09:00:00","permalink":"azure-iam-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage IAM resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-firewall v5.7.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Firewall resources in Guardrails","author":null,"publishedAt":"2024-10-16T09:00:00","permalink":"azure-firewall-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Firewall resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-cosmosdb v5.7.0 - Controls and Actions now use latest Azure SDK versions to discover and manage CosmosDB resources in Guardrails","author":null,"publishedAt":"2024-10-16T09:00:00","permalink":"azure-cosmosdb-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage CosmosDB resources in Guardrails.\n\nAdded:\n\n`createMode`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"aws v5.30.5 - Budget control will now avoid making API calls for US Gov Cloud Accounts and rely on State policy being updated periodically","author":null,"publishedAt":"2024-10-16T09:00:00","permalink":"aws-v5-30-5","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Account > Budget > Budget` control would enter an error state for US Gov cloud accounts because the budget APIs are not supported for these accounts. We have updated the control to avoid making these API calls and instead rely on the `AWS > Account > Budget > State` policy being updated periodically, allowing the control to evaluate the outcome correctly.\n"},{"meta":{"title":"servicenow-kubernetes v5.4.0 - Configure CI Relationships for Various Kubernetes Resources in ServiceNow","author":null,"publishedAt":"2024-10-15T09:00:00","permalink":"servicenow-kubernetes-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$57"},{"meta":{"title":"azure-loadbalancer v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Load Balancer resources in Guardrails","author":null,"publishedAt":"2024-10-15T09:00:00","permalink":"azure-loadbalancer-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Load Balancer resources in Guardrails.\n"},{"meta":{"title":"servicenow-gcp v5.7.0 - Configure CI Relationships for Projects in ServiceNow","author":null,"publishedAt":"2024-10-14T09:00:00","permalink":"servicenow-gcp-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage CI Relationships for projects in ServiceNow. To get started, set the `GCP > Project > ServiceNow > Relationships > *` policies.\n\n_Control Types_\n\n- GCP > Project > ServiceNow > Relationships\n\n_Policy Types_\n\n- GCP > Project > ServiceNow > Relationships\n- GCP > Project > ServiceNow > Relationships > Template\n"},{"meta":{"title":"servicenow-azure v5.6.0 - Configure CI Relationships for Subscriptions in ServiceNow","author":null,"publishedAt":"2024-10-14T09:00:00","permalink":"servicenow-azure-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage CI Relationships for subscriptions in ServiceNow. To get started, set the `Azure > Subscription > ServiceNow > Relationships > *` policies.\n\n_Control Types_\n\n- Azure > Subscription > ServiceNow > Relationships\n\n_Policy Types_\n\n- Azure > Subscription > ServiceNow > Relationships\n- Azure > Subscription > ServiceNow > Relationships > Template\n"},{"meta":{"title":"servicenow-aws v5.3.0 - Configure CI Relationships for Accounts in ServiceNow","author":null,"publishedAt":"2024-10-14T09:00:00","permalink":"servicenow-aws-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage CI Relationships for accounts in ServiceNow. To get started, set the `AWS > Account > ServiceNow > Relationships > *` policies.\n\n_Control Types_\n\n- AWS > Account > ServiceNow > Relationships\n\n_Policy Types_\n\n- AWS > Account > ServiceNow > Relationships\n- AWS > Account > ServiceNow > Relationships > Template\n"},{"meta":{"title":"azure-dns v5.9.0 - Controls and Actions now use latest Azure SDK versions to discover and manage DNS resources in Guardrails","author":null,"publishedAt":"2024-10-14T09:00:00","permalink":"azure-dns-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage DNS resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.\n\nRemoved:\n\n- `tTL`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-databricks v5.4.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Databricks resources in Guardrails","author":null,"publishedAt":"2024-10-14T09:00:00","permalink":"azure-databricks-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Databricks resources in Guardrails.\n\nAdded:\n\n- `createdBy`\n- `updatedBy`\n- `systemData`\n- `createdDateTime`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-containerregistry v5.1.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Container Registry resources in Guardrails","author":null,"publishedAt":"2024-10-14T09:00:00","permalink":"azure-containerregistry-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Container Registry resources in Guardrails.\n\nAdded:\n\n- `softDeletePolicy`\n- `azureADAuthenticationAsArmPolicy`\n"},{"meta":{"title":"servicenow-gcp-network v5.2.0 - Configure CI Relationships for Various Network Resources in ServiceNow","author":null,"publishedAt":"2024-10-09T09:00:00","permalink":"servicenow-gcp-network-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$58"},{"meta":{"title":"servicenow-gcp-computeengine v5.3.0 - Configure CI Relationships for Various Compute Engine Resources in ServiceNow","author":null,"publishedAt":"2024-10-09T09:00:00","permalink":"servicenow-gcp-computeengine-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$59"},{"meta":{"title":"servicenow-azure-network v5.4.0 - Configure CI Relationships for Various Network Resources in ServiceNow","author":null,"publishedAt":"2024-10-09T09:00:00","permalink":"servicenow-azure-network-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$5a"},{"meta":{"title":"servicenow-azure-compute v5.2.0 - Configure CI Relationships for Various Compute Resources in ServiceNow","author":null,"publishedAt":"2024-10-09T09:00:00","permalink":"servicenow-azure-compute-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$5b"},{"meta":{"title":"servicenow-gcp v5.6.0 - Configure CI Relationships for Global Regions, Multi-Regions, Regions and Zones in ServiceNow","author":null,"publishedAt":"2024-10-08T09:00:00","permalink":"servicenow-gcp-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$5c"},{"meta":{"title":"servicenow-gcp-storage v5.5.0 - Configure CI Relationships for Buckets and Objects in ServiceNow","author":null,"publishedAt":"2024-10-08T09:00:00","permalink":"servicenow-gcp-storage-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage CI Relationships for buckets and objects in ServiceNow. To get started, set the `GCP > Storage > Bucket > ServiceNow > Relationships > *` and `GCP > Storage > Object > ServiceNow > Relationships > *` policies respectively.\n\n_Control Types_\n\n- GCP > Storage > Bucket > ServiceNow > Relationships\n- GCP > Storage > Object > ServiceNow > Relationships\n\n_Policy Types_\n\n- GCP > Storage > Bucket > ServiceNow > Relationships\n- GCP > Storage > Bucket > ServiceNow > Relationships > Template\n- GCP > Storage > Object > ServiceNow > Relationships\n- GCP > Storage > Object > ServiceNow > Relationships > Template\n"},{"meta":{"title":"servicenow-azure v5.5.0 - Configure CI Relationships for Resource Groups in ServiceNow","author":null,"publishedAt":"2024-10-08T09:00:00","permalink":"servicenow-azure-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage CI Relationships for resource groups in ServiceNow. To get started, set the `Azure > Resource Group > ServiceNow > Relationships > *` policies.\n\n_Control Types_\n\n- Azure > Resource Group > ServiceNow > Relationships\n\n_Policy Types_\n\n- Azure > Resource Group > ServiceNow > Relationships\n- Azure > Resource Group > ServiceNow > Relationships > Template\n"},{"meta":{"title":"servicenow-azure-storage v5.4.0 - Configure CI Relationships for Containers, File Shares, Queues and Storage Accounts in ServiceNow","author":null,"publishedAt":"2024-10-08T09:00:00","permalink":"servicenow-azure-storage-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$5d"},{"meta":{"title":"servicenow-aws-vpc-internet v5.1.0 - Configure CI Relationships for Elastic IPs, Internet Gateways and NAT Gateways in ServiceNow","author":null,"publishedAt":"2024-10-08T09:00:00","permalink":"servicenow-aws-vpc-internet-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$5e"},{"meta":{"title":"servicenow-aws-vpc-connect v5.0.0 is now available","author":null,"publishedAt":"2024-10-08T09:00:00","permalink":"servicenow-aws-vpc-connect-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$5f"},{"meta":{"title":"servicenow-aws-ec2 v5.1.0 - Configure CI Relationships for AMIs, Instances, Key Pairs, Network Interfaces, Snapshots and Volumes in ServiceNow","author":null,"publishedAt":"2024-10-08T09:00:00","permalink":"servicenow-aws-ec2-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$60"},{"meta":{"title":"servicenow-gcp-vertexai v5.0.0 is now available","author":null,"publishedAt":"2024-10-07T09:00:00","permalink":"servicenow-gcp-vertexai-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$61"},{"meta":{"title":"servicenow-gcp-dataplex v5.0.0 is now available","author":null,"publishedAt":"2024-10-07T09:00:00","permalink":"servicenow-gcp-dataplex-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$62"},{"meta":{"title":"servicenow-aws-vpc-security v5.1.0 - Configure CI Relationships for Flow Logs, Network ACLs, Security Groups and Security Group Rules in ServiceNow","author":null,"publishedAt":"2024-10-07T09:00:00","permalink":"servicenow-aws-vpc-security-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$63"},{"meta":{"title":"servicenow-aws-vpc-core v5.1.0 - Configure CI Relationships for Route Tables, Subnets and VPCs in ServiceNow","author":null,"publishedAt":"2024-10-07T09:00:00","permalink":"servicenow-aws-vpc-core-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage CI Relationships for route tables, subnets and VPCs in ServiceNow. To get started, set the `AWS > VPC > Route Table > ServiceNow > Relationships > *`, `AWS > VPC > Subnet > ServiceNow > Relationships > *` and `AWS > VPC > VPC > ServiceNow > Relationships > *` policies respectively.\n\n_Control Types_\n\n- AWS > VPC > Route Table > ServiceNow > Relationships\n- AWS > VPC > Subnet > ServiceNow > Relationships\n- AWS > VPC > VPC > ServiceNow > Relationships\n\n_Policy Types_\n\n- AWS > VPC > Route Table > ServiceNow > Relationships\n- AWS > VPC > Route Table > ServiceNow > Relationships > Template\n- AWS > VPC > Subnet > ServiceNow > Relationships\n- AWS > VPC > Subnet > ServiceNow > Relationships > Template\n- AWS > VPC > VPC > ServiceNow > Relationships\n- AWS > VPC > VPC > ServiceNow > Relationships > Template\n"},{"meta":{"title":"servicenow-aws v5.2.0 - Configure Table, Configuration Item and Relationships for Accounts and Regions in ServiceNow","author":null,"publishedAt":"2024-10-07T09:00:00","permalink":"servicenow-aws-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Control Types_\n\n- AWS > Account > ServiceNow\n- AWS > Account > ServiceNow > Configuration Item\n- AWS > Account > ServiceNow > Table\n- AWS > Region > ServiceNow\n- AWS > Region > ServiceNow > Configuration Item\n- AWS > Region > ServiceNow > Relationships\n- AWS > Region > ServiceNow > Table\n\n_Policy Types_\n\n- AWS > Account > ServiceNow\n- AWS > Account > ServiceNow > Configuration Item\n- AWS > Account > ServiceNow > Configuration Item > Record\n- AWS > Account > ServiceNow > Configuration Item > Table Definition\n- AWS > Account > ServiceNow > Table\n- AWS > Account > ServiceNow > Table > Definition\n- AWS > Region > ServiceNow\n- AWS > Region > ServiceNow > Configuration Item\n- AWS > Region > ServiceNow > Configuration Item > Record\n- AWS > Region > ServiceNow > Configuration Item > Table Definition\n- AWS > Region > ServiceNow > Relationships\n- AWS > Region > ServiceNow > Relationships > Template\n- AWS > Region > ServiceNow > Table\n- AWS > Region > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-aws-s3 v5.2.0 - Configure CI Relationships for Buckets in ServiceNow","author":null,"publishedAt":"2024-10-07T09:00:00","permalink":"servicenow-aws-s3-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure and manage CI Relationships for buckets in ServiceNow. To get started, set the `AWS > S3 > Bucket > ServiceNow > Relationships > *` policies.\n\n_Control Types_\n\n- AWS > S3 > Bucket > ServiceNow > Relationships\n\n_Policy Types_\n\n- AWS > S3 > Bucket > ServiceNow > Import Set > Insert Mode\n- AWS > S3 > Bucket > ServiceNow > Relationships\n- AWS > S3 > Bucket > ServiceNow > Relationships > Template\n"},{"meta":{"title":"aws-billing v5.4.0 - `AWS/Billing/Admin`, `AWS/Billing/Metadata` and `AWS/Billing/Operator` now also include purchase orders permissions","author":null,"publishedAt":"2024-10-07T09:00:00","permalink":"aws-billing-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `AWS/Billing/Admin`, `AWS/Billing/Metadata` and `AWS/Billing/Operator` now also include purchase orders permissions.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.1 - Removed recursive loop detection logic, as this is now managed effectively by Lambda.","author":"Turbot Team","publishedAt":"2024-10-04T09:00:00","permalink":"te-v5-47-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Removed recursive loop detection logic, as this is now managed effectively by Lambda.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.63.0 - Support for AWS Graviton instance with ARM64 architecture","author":"Turbot Team","publishedAt":"2024-10-01T09:00:00","permalink":"tef-v1-63-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Support for AWS Graviton instance with ARM64 architecture.\n"},{"meta":{"title":"gcp v5.27.0 - Added support to process real-time enable and disable events for Dataplex API","author":null,"publishedAt":"2024-09-30T09:00:00","permalink":"gcp-v5-27-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support to process enable and disable real-time events for Dataplex.\n"},{"meta":{"title":"gcp-dataplex v5.0.0 is now available","author":null,"publishedAt":"2024-09-30T09:00:00","permalink":"gcp-dataplex-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$64"},{"meta":{"title":"azure-compute v5.18.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Compute resources in Guardrails","author":null,"publishedAt":"2024-09-30T09:00:00","permalink":"azure-compute-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage compute resources in Guardrails. This release includes breaking changes in the CMDB data for virtual machine. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below\n\n**Added:**\n\nIn Azure > Compute > Disk:\n\n- `supportedCapabilities.diskControllerTypes`\n- `diskIopsReadWrite`\n- `lastOwnershipUpdateTime`\n\nIn Azure > Compute > Virtual Machine:\n\n- `resources`\n- `timeCreated`\n- `etag`\n\nIn Azure > Compute > Virtual Machine Scale Set:\n\n- `constrainedMaximumCapacity`\n- `etag`\n- `scaleInPolicy`\n- `timeCreated`\n- `upgradePolicy`\n- `storageProfile. diskControllerType`\n\nIn Azure > Compute > Snapshot:\n\n- `dataAccessAuthMode`\n- `incrementalSnapshotFamilyId`\n\n**Removed:**\n\nIn Azure > Compute > Virtual Machine:\n\n- `statuses.time`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-appservice v5.4.0 - Controls and Actions now use latest Azure SDK versions to discover and manage App Service resources in Guardrails","author":null,"publishedAt":"2024-09-30T09:00:00","permalink":"azure-appservice-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$65"},{"meta":{"title":"azure-apimanagement v5.4.0 - Controls and Actions now use latest Azure SDK versions to discover and manage API Management resources in Guardrails","author":null,"publishedAt":"2024-09-30T09:00:00","permalink":"azure-apimanagement-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage API Management resources in Guardrails.\n"},{"meta":{"title":"azure-securitycenter v5.5.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Security Center resources in Guardrails","author":null,"publishedAt":"2024-09-27T09:00:00","permalink":"azure-securitycenter-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Security Center resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below\n\n**Renamed:**\n\n- `JitNetworkAccessPolicies` to `jitNetworkAccessPolicies`\n- `Pricing` to `pricing`\n- `Locations` to `locations`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-mysql v5.11.0 - Controls and Actions now use latest Azure SDK versions to discover and manage MySql resources in Guardrails","author":null,"publishedAt":"2024-09-27T09:00:00","permalink":"azure-mysql-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage MySQL resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-frontdoorservice v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Front Door Service resources in Guardrails","author":null,"publishedAt":"2024-09-27T09:00:00","permalink":"azure-frontdoorservice-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$66"},{"meta":{"title":"azure-datafactory v5.7.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Data Factory resources in Guardrails","author":null,"publishedAt":"2024-09-27T09:00:00","permalink":"azure-datafactory-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Data Factory resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-aks v5.7.0 - Controls and Actions now use latest Azure SDK versions to discover and manage AKS resources in Guardrails","author":null,"publishedAt":"2024-09-27T09:00:00","permalink":"azure-aks-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$67"},{"meta":{"title":"azure-signalr v5.2.0 - Controls and Actions now use latest Azure SDK versions to discover and manage SignalR resources in Guardrails","author":null,"publishedAt":"2024-09-26T09:00:00","permalink":"azure-signalr-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage SignalR resources in Guardrails.\n\nAdded:\n\n- `hostNamePrefix`\n- `serverless. connectionTimeoutInSeconds`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-servicebus v5.2.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Service Bus resources in Guardrails","author":null,"publishedAt":"2024-09-26T09:00:00","permalink":"azure-servicebus-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Service Bus resources in Guardrails.\n\nAdded:\n\nAzure > Service Bus > Namespace\n\n- `disableLocalAuth`\n- `status`\n- `zoneRedundant`\n\nAzure > Service Bus > Queue\n\n- `maxMessageSizeInKilobytes`\n\nAzure > Service Bus > Topic\n\n- `maxMessageSizeInKilobytes`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-relay v5.2.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Relay resources in Guardrails","author":null,"publishedAt":"2024-09-26T09:00:00","permalink":"azure-relay-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Relay resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-recoveryservice v5.6.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Recovery Service resources in Guardrails","author":null,"publishedAt":"2024-09-26T09:00:00","permalink":"azure-recoveryservice-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Recovery Service resources in Guardrails.\n\nAdded:\nAzure > Recovery Service > Vault\n\n- `properties.backupStorageVersion`\n- `properties.bcdrSecurityLevel`\n- `properties.publicNetworkAccess`\n- `properties.restoreSettings`\n- `properties.secureScore`\n- `properties.securitySettings`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"aws-robomaker v5.4.1 - CMDB policies for various resource types will now default to Skip","author":null,"publishedAt":"2024-09-26T09:00:00","permalink":"aws-robomaker-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > RoboMaker > Robot Application > CMDB`, `AWS > RoboMaker > Fleet > CMDB` and `AWS > RoboMaker > Robot > CMDB` policies will now be set to `Skip` by default because the resource types have been deprecated and will be removed in the next major version. Please check [end of support](https://docs.aws.amazon.com/robomaker/latest/dg/chapter-support-policy.html) for more information.\n"},{"meta":{"title":"aws-ecs v5.7.0 - Track and manage Fargate FIPS Mode for Gov cloud accounts via Guardrails","author":null,"publishedAt":"2024-09-26T09:00:00","permalink":"aws-ecs-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Track and manage Fargate FIPS Mode for Gov cloud accounts via Guardrails. To get started, set the `AWS > ECS > Account Settings > Fargate FIPS Mode` policy.\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Resource Types_\n\n- AWS > ECS > Account Settings\n\n_Control Types_\n\n- AWS > ECS > Account Settings > CMDB\n- AWS > ECS > Account Settings > Discovery\n- AWS > ECS > Account Settings > Fargate FIPS Mode\n\n_Policy Types_\n\n- AWS > ECS > Account Settings > CMDB\n- AWS > ECS > Account Settings > Fargate FIPS Mode\n- AWS > ECS > Account Settings > Regions\n\n_Action Types_\n\n- AWS > ECS > Account Settings > Router\n- AWS > ECS > Account Settings > Update Fargate FIPS Mode\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.47.0 - Introduced support for multi-architecture images, now compatible with both ARM64 and x86_64","author":"Turbot Team","publishedAt":"2024-09-25T09:00:00","permalink":"te-v5-47-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Introduced support for multi-architecture images, now compatible with both ARM64 and x86_64.\n - Added a default resource query to the context of calculated policies.\n - Updated several node packages to newer versions for improved functionality and security.\n - Updated Lambda to support recursive loops.\n\n- UI\n - Now you can use the `+` sign to grant permissions in the context of both the identity and resource.\n - Updated several node packages to newer versions for improved functionality and security.\n\n_Bug fixes_\n\n- Server\n - Azure Credential Resolver now respects proxy settings, adding full proxy support.\n\n- UI\n - Updated policy pack Terraform to correctly reference turbot_policy_pack.\n - Adjusted the Admin page layout for improved usability.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Terraform Provider v1.11.2 - `terraform apply` failed to detect existing Policy Pack attachments","author":"Turbot Team","publishedAt":"2024-09-20T09:00:00","permalink":"terraform-provider-v1-11-2","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n* `resource/turbot_policy_pack_attachment`: `terraform apply` failed to detect existing Policy Pack attachments. ([#181](https://github.com/turbot/terraform-provider-turbot/issues/181))\n"},{"meta":{"title":"azure-applicationinsights v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Application Insights resources in Guardrails","author":null,"publishedAt":"2024-09-20T09:00:00","permalink":"azure-applicationinsights-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Application Insights resources in Guardrails. This release includes changes in the CMDB data as below.\n\nAdded:\n\n- `flowType`\n- `requestSource`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-applicationgateway v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Application Gateway resources in Guardrails","author":null,"publishedAt":"2024-09-20T09:00:00","permalink":"azure-applicationgateway-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Application Gateway resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"aws-support v5.0.0 is now available","author":null,"publishedAt":"2024-09-20T09:00:00","permalink":"aws-support-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Resource Types_\n\n- AWS > Support\n\n_Policy Types_\n\n- AWS > Support > API Enabled\n- AWS > Support > Enabled\n- AWS > Support > Permissions\n- AWS > Support > Permissions > Levels\n- AWS > Support > Permissions > Levels > Modifiers\n- AWS > Support > Permissions > Lockdown\n- AWS > Support > Permissions > Lockdown > API Boundary\n- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-support\n- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-support\n- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-support\n"},{"meta":{"title":"aws-iam v5.37.0 - Users can now manage whether `AWS/User` should grant include `support:*` permissions","author":null,"publishedAt":"2024-09-20T09:00:00","permalink":"aws-iam-v5-37-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now manage whether `AWS/User` grant should include `support:*` permissions. To get started, set the `AWS > Account > Permissions > Support Level` policy.\n\n_Policy Types_\n\n- AWS > Account > Permissions > Support Level\n\n_Bug fixes_\n\n- The `AWS > Turbot > IAM` stack control did not correctly evaluate user memberships in custom IAM groups when the `AWS > Turbot > Permissions > Custom Group Levels [Account]` policy was set, and users were granted permissions for those custom IAM groups. This issue has now been fixed.\n"},{"meta":{"title":"aws-ec2 v5.42.1 - Volume CMDB control sometimes ran unnecessarily due to a bad internal GraphQL dependency","author":null,"publishedAt":"2024-09-20T09:00:00","permalink":"aws-ec2-v5-42-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > EC2 > Volume > CMDB` control would sometimes run unnecessarily due to a bad internal GraphQL dependency. This is now fixed.\n"},{"meta":{"title":"kubernetes v5.1.2 - Cluster CMDB control will now not depend on the CMDB > Expiration policy","author":null,"publishedAt":"2024-09-17T09:00:00","permalink":"kubernetes-v5-1-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- A precheck dependency on the `Kubernetes > Cluster > CMDB > Expiration` policy was inadvertently added to the `Kubernetes > Cluster > CMDB` control. This precheck condition has now been removed.\n"},{"meta":{"title":"gcp-vertexai v5.0.0 is now available","author":null,"publishedAt":"2024-09-17T09:00:00","permalink":"gcp-vertexai-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$68"},{"meta":{"title":"gcp v5.26.0 - Added support to process real-time enable and disable events for Vertex AI API","author":null,"publishedAt":"2024-09-17T09:00:00","permalink":"gcp-v5-26-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support to process real-time enable and disable events for Vertex AI API via Service Usage APIs.\n"},{"meta":{"title":"gcp-kubernetesengine v5.6.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-16T09:00:00","permalink":"gcp-kubernetesengine-v5-6-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n"},{"meta":{"title":"azure-searchmanagement v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Search Management resources in Guardrails","author":null,"publishedAt":"2024-09-16T09:00:00","permalink":"azure-searchmanagement-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Search Management resources in Guardrails.\n\nAdded:\n\n- `authOptions`\n- `disableLocalAuth`\n- `encryptionWithCmk`\n- `networkRuleSet`\n- `privateEndpointConnections`\n- `publicNetworkAccess`\n- `semanticSearch`\n- `sharedPrivateLinkResources`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-storage v5.11.3 - Added Quick Actions for setting Fine-grained and Uniform access controls for buckets","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-storage-v5-11-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Action Types_\n\n- GCP > Storage > Bucket > Set Fine-grained Access Control\n- GCP > Storage > Bucket > Set Uniform Access Control\n"},{"meta":{"title":"gcp-sql v5.10.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-sql-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-secretmanager v5.1.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-secretmanager-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-network v5.14.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-network-v5-14-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-monitoring v5.7.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-monitoring-v5-7-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-logging v5.5.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-logging-v5-5-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-kms v5.8.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-kms-v5-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n"},{"meta":{"title":"gcp-iam v5.16.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-iam-v5-16-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n"},{"meta":{"title":"gcp-functions v5.8.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-functions-v5-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-dns v5.8.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-dns-v5-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n"},{"meta":{"title":"gcp-dataproc v5.8.2 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-dataproc-v5-8-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-appengine v5.3.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"gcp-appengine-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n"},{"meta":{"title":"azure-synapseanalytics v5.8.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Synapse Analytics resources in Guardrails","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"azure-synapseanalytics-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Synapse Analytics resources in Guardrails.\n\nAdded:\nAzure > Synapse Analytics > Workspace\n\n- `azureADOnlyAuthentication`\n- `createManagedPrivateEndpoint `\n- `encryption`\n- `extraProperties`\n- `publicNetworkAccess`\n- `settings`\n- `trustedServiceBypassEnabled`\n- `workspaceUID`\n\nAzure > Synapse Analytics > SQL Pool\n\n- `storageAccountType`\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-storage v5.20.2 - Added Quick Action to set Minimum TLS Version for buckets","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"azure-storage-v5-20-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Action Types_\n\n- Azure > Storage > Storage Account > Set Minimum TLS Version\n"},{"meta":{"title":"azure-postgresql v5.16.0 - Controls and Actions now use latest Azure SDK versions to discover and manage PostgreSQL resources in Guardrails","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"azure-postgresql-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage PostgreSQL resources in Guardrails. This release includes breaking changes in the CMDB data for server and flexible server. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below\n\nAdded:\n\n- `authConfig`\n- `dataEncryption`\n- `standbyAvailabilityZone`\n- `network. delegatedSubnetResourceId`\n- `network. privateDnsZoneArmResourceId`\n- `replicaCapacity`\n- `replicationRole`\n- `systemData`\n\n- `configurations.documentationLink`\n- `configurations.isConfigPendingRestart`\n- `configurations.isDynamicConfig`\n- `configurations.isReadOnly`\n- `configurations.unit`\n\nModified:\n\n- The data type of the attribute `firewallRules` has been changed from array (`[]`) to object (`{}`).\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-networkwatcher v5.10.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Network Watcher resources in Guardrails","author":null,"publishedAt":"2024-09-13T09:00:00","permalink":"azure-networkwatcher-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Network Watcher resources in Guardrails.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-storage v5.20.1 - Updated few attributes to be `dynamic` for storage accounts to avoid unnecessary notifications in the activity tab","author":null,"publishedAt":"2024-09-05T09:00:00","permalink":"azure-storage-v5-20-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `serviceProperties.table.clientRequestId` and `serviceProperties.table.requestId` properties for storage accounts have now been made `dynamic` to avoid unnecessary notifications in the activity tab.\n"},{"meta":{"title":"aws-ssm v5.15.2 - Fixed incorrect references to various Quick Actions","author":null,"publishedAt":"2024-09-05T09:00:00","permalink":"aws-ssm-v5-15-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"servicenow-kubernetes v5.3.0 - Added Import Set > Insert Mode policy for various resource types","author":null,"publishedAt":"2024-09-03T09:00:00","permalink":"servicenow-kubernetes-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- Kubernetes > Cluster > ServiceNow > Import Set > Insert Mode\n- Kubernetes > ConfigMap > ServiceNow > Import Set > Insert Mode\n- Kubernetes > Deployment > ServiceNow > Import Set > Insert Mode\n- Kubernetes > Namespace > ServiceNow > Import Set > Insert Mode\n- Kubernetes > Node > ServiceNow > Import Set > Insert Mode\n- Kubernetes > Pod > ServiceNow > Import Set > Insert Mode\n- Kubernetes > ReplicaSet > ServiceNow > Import Set > Insert Mode\n- Kubernetes > Service > ServiceNow > Import Set > Insert Mode\n"},{"meta":{"title":"osquery v5.0.3 - Improved error handling for osquery error events","author":null,"publishedAt":"2024-09-03T09:00:00","permalink":"osquery-v5-0-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved error handling for `osquery` error events.\n"},{"meta":{"title":"kubernetes v5.1.1 - Query controls will now go into an invalid state on encountering osquery agent errors","author":null,"publishedAt":"2024-09-03T09:00:00","permalink":"kubernetes-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Query controls for various resource types will now go into an invalid state if we receive an error from the `osquery` agent.\n"},{"meta":{"title":"servicenow-gcp-storage v5.4.0 - Added Import Set > Insert Mode policy for various resource types","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"servicenow-gcp-storage-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- GCP > Storage > Bucket > ServiceNow > Import Set > Insert Mode\n- GCP > Storage > Object > ServiceNow > Import Set > Insert Mode\n"},{"meta":{"title":"servicenow-gcp-kubernetesengine v5.1.0 - Added Import Set controls and policies for various resource types","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"servicenow-gcp-kubernetesengine-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$69"},{"meta":{"title":"servicenow-gcp v5.5.0 - Added Import Set > Insert Mode policy for various resource types","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"servicenow-gcp-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- GCP > Global Region > ServiceNow > Import Set > Insert Mode\n- GCP > Multi-Region > ServiceNow > Import Set > Insert Mode\n- GCP > Project > ServiceNow > Import Set > Insert Mode\n- GCP > Region > ServiceNow > Import Set > Insert Mode\n- GCP > Zone > ServiceNow > Import Set > Insert Mode\n"},{"meta":{"title":"servicenow-azure-aks v5.1.0 - Added Import Set controls and policies for various resource types","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"servicenow-azure-aks-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Control Types_\n\n- Azure > AKS > Managed Cluster > ServiceNow > Import Set\n\n_Policy Types_\n\n- Azure > AKS > Managed Cluster > ServiceNow > Import Set\n- Azure > AKS > Managed Cluster > ServiceNow > Import Set > Archive Columns\n- Azure > AKS > Managed Cluster > ServiceNow > Import Set > Insert Mode\n- Azure > AKS > Managed Cluster > ServiceNow > Import Set > Record\n- Azure > AKS > Managed Cluster > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-azure v5.4.0 - Added Import Set > Insert Mode policy for Subscription resource type","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"servicenow-azure-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- Azure > Subscription > ServiceNow > Import Set > Insert Mode\n"},{"meta":{"title":"servicenow v5.2.0 - Added Import Set > Insert Mode [Default] policy","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"servicenow-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- ServiceNow > Import Set > Insert Mode [Default]\n"},{"meta":{"title":"aws v5.30.4 - Real-time `modifyVolume` event will now be raised correctly for EBS Volume Notifications","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-v5-30-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails did not correctly raise the real-time `modifyVolume` event for EBS Volume Notifications. This issue is now fixed.\n"},{"meta":{"title":"aws-swf v5.5.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-swf-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n\n_Action Types_\n\n- AWS > SWF > Domain > Delete from AWS\n"},{"meta":{"title":"aws-sns v5.16.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-sns-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"aws-sagemaker v5.11.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-sagemaker-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"aws-redshift v5.20.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-redshift-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"aws-outposts v5.3.1 - Fixed incorrect references to various Quick Actions","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-outposts-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed incorrect references to various Quick Actions.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"aws-logs v5.13.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-logs-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"aws-guardduty v5.8.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-guardduty-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"aws-ec2 v5.42.0 - Volume's metadata will now also include `createdBy` details in Guardrails CMDB","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-ec2-v5-42-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Volume's metadata will now also include `createdBy` details in Guardrails CMDB.\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- The `AWS > EC2 > Volume > Performance Configuration` control would sometimes fail to set the expected configuration per `AWS > EC2 > Volume > Performance Configuration > *` policies and move to an Invalid state if the required data was not available for new volumes in the CMDB. The control will now move to TBD instead and retry after 5 minutes to fetch the required data correctly and set the performance configuration as expected.\n"},{"meta":{"title":"aws-dynamodb v5.12.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-dynamodb-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"aws-backup v5.11.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-30T09:00:00","permalink":"aws-backup-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed incorrect references to various Quick Actions.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.62.0 - Support for Node.js 20 in the Lambda runtime","author":"Turbot Team","publishedAt":"2024-08-29T09:00:00","permalink":"tef-v1-62-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Support for Node.js 20 in the Lambda runtime.\n"},{"meta":{"title":"gcp-storage v5.11.2 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-08-28T09:00:00","permalink":"gcp-storage-v5-11-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-pubsub v5.9.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-08-28T09:00:00","permalink":"gcp-pubsub-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-bigquery v5.7.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-08-28T09:00:00","permalink":"gcp-bigquery-v5-7-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-storage v5.20.0 - Diagnostic settings details will now be available in Storage Account CMDB","author":null,"publishedAt":"2024-08-26T09:00:00","permalink":"azure-storage-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Azure > Storage> Storage Account > CMDB` control will now also fetch diagnostic settings details and store them in CMDB.\n- Track and manage storage account access keys in Guardrails CMDB.\n\n_Resource Types_\n\n- Azure > Storage > Access Key\n\n_Control Types_\n\n- Azure > Storage > Access Key > CMDB\n- Azure > Storage > Access Key > Discovery\n\n_Policy Types_\n\n- Azure > Storage > Access Key > CMDB\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"aws-waf v5.8.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-26T09:00:00","permalink":"aws-waf-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n- Fixed the AKA format for rule group v2 global and regional resource types.\n"},{"meta":{"title":"servicenow-kubernetes v5.2.2 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-kubernetes-v5-2-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"servicenow-gcp-storage v5.3.2 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-gcp-storage-v5-3-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"servicenow-gcp-computeengine v5.2.2 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-gcp-computeengine-v5-2-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"servicenow-gcp v5.4.0 - Added ServiceNow controls and policies for various resources","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-gcp-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$6a"},{"meta":{"title":"servicenow-azure-storage v5.3.2 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-azure-storage-v5-3-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"servicenow-azure-network v5.3.2 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-azure-network-v5-3-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"servicenow-azure-compute v5.1.2 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-azure-compute-v5-1-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"servicenow-azure v5.3.3 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-azure-v5-3-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"servicenow-aws-s3 v5.1.2 - Import Set controls will now not require permissions to read ServiceNow system tables","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"servicenow-aws-s3-v5-1-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Import Set` controls will not require permissions to read the `sys_db_object` & `sys_dictionary` tables in ServiceNow.\n"},{"meta":{"title":"aws-rds v5.27.0 - Track and manage parameter groups for DB clusters","author":null,"publishedAt":"2024-08-23T09:00:00","permalink":"aws-rds-v5-27-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure parameter groups for DB clusters. To get started, set the `AWS > RDS > DB Cluster > Parameter Group > *` policies.\n\n_Control Types_\n\n- AWS > RDS > DB Cluster > Parameter Group\n\n_Policy Types_\n\n- AWS > RDS > DB Cluster > Parameter Group\n- AWS > RDS > DB Cluster > Parameter Group > Name\n\n_Action Types_\n\n- AWS > RDS > DB Cluster > Update Parameter Group\n\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-computeengine v5.19.1 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-08-22T09:00:00","permalink":"gcp-computeengine-v5-19-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.45.5 - General improvements and bug fixes","author":"Turbot Team","publishedAt":"2024-08-20T09:00:00","permalink":"te-v5-45-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved an issue where policy values were not being terminated due to a race condition.\n - The ServiceNow credentials resolver will now display a clear message when the instance is hibernate or unavailable state.\n\n- UI\n - Fixed an issue where filters on the Resource Explorer page were not functioning correctly.\n - The `Import` button on the Connect page has been updated to `Connect`.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp v5.25.1 - Updated various policies set during project imports to allow for a smoother import experience","author":null,"publishedAt":"2024-08-19T09:00:00","permalink":"gcp-v5-25-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We have updated various policies set during project imports to allow for a smoother import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-kubernetesengine v5.6.0 - Configure Master Authorized Networks for region and zone clusters","author":null,"publishedAt":"2024-08-19T09:00:00","permalink":"gcp-kubernetesengine-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure Master Authorized Networks for region and zone clusters via Guardrails. To get started, set the `GCP > Kubernetes Engine > Region Cluster > Master Authorized Networks Config` and `GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config` policies respectively.\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n\n_Control Types_\n\n- GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config\n\n_Policy Types_\n\n- GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config\n\n_Action Types_\n\n- GCP > Kubernetes Engine > Region Cluster > Set Desired Master Authorized Network Config\n- GCP > Kubernetes Engine > Zone Cluster > Set Desired Master Authorized Network Config\n"},{"meta":{"title":"azure v5.20.1 - Updated various policies set during subscription imports to allow for a smoother import experience","author":null,"publishedAt":"2024-08-19T09:00:00","permalink":"azure-v5-20-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We have updated various policies set during subscription imports to allow for a smoother import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"azure-network v5.18.0 - Track and manage Private Link Service resources in Guardrails","author":null,"publishedAt":"2024-08-16T09:00:00","permalink":"azure-network-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$6b"},{"meta":{"title":"aws-s3 v5.27.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-16T09:00:00","permalink":"aws-s3-v5-27-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n\n_Bug fixes_\n\n- In version 5.25.0, we added support to ignore permission errors on a bucket via the CMDB policy `Enforce: Enabled but ignore permission errors`. However, the CMDB control previously ignored permission errors only on the `HeadBucket` operation and still entered an error state for permission errors on sub-API calls. The CMDB control will now ignore all sub-API calls if the `HeadBucket` operation is denied access. If the HeadBucket operation is successful, the control will attempt to make all sub-API calls and ignore access denied errors if encountered.\n"},{"meta":{"title":"azure-provider v5.12.0 - Track and manage Container Registry resource provider in Guardrails","author":null,"publishedAt":"2024-08-14T09:00:00","permalink":"azure-provider-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n\n_Resource Types_\n\n- Azure > Provider > Container Registry\n\n_Control Types_\n\n- Azure > Provider > Container Registry > CMDB\n- Azure > Provider > Container Registry > Discovery\n- Azure > Provider > Container Registry > Registered\n\n_Policy Types_\n\n- Azure > Provider > Container Registry > CMDB\n- Azure > Provider > Container Registry > Registered\n\n_Action Types_\n\n- Azure > Provider > Container Registry > Set Registered\n"},{"meta":{"title":"azure-containerregistry v5.0.0 is now available","author":null,"publishedAt":"2024-08-14T09:00:00","permalink":"azure-containerregistry-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$6c"},{"meta":{"title":"aws-vpc-security v5.11.0 - Approved > Usage policy will now default to Approved","author":null,"publishedAt":"2024-08-14T09:00:00","permalink":"aws-vpc-security-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Approved > Usage` policy for resource types will now default to `Approved` instead of `Approved if AWS > {service} > Enabled`.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n\n_Bug fixes_\n\n- The `AWS > VPC > VPC > Stack` control would sometimes go into an error state while upserting newly created flow logs in Guardrails due to incorrect mapping of its parent resource. This issue has now been fixed, and the control will upsert flow logs more consistently and reliably than before.\n"},{"meta":{"title":"gcp-bigquerydatatransfer v5.0.2 - CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled`","author":null,"publishedAt":"2024-08-13T09:00:00","permalink":"gcp-bigquerydatatransfer-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to `Enforce: Enabled` for the service.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.44.0 - Added support for Postgres versions 13.14, 13.15, 13.16, 14.11, 14.12, 14.13 and 15.8.","author":"Turbot Team","publishedAt":"2024-08-13T09:00:00","permalink":"ted-v1-44-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Postgres versions 13.14, 13.15, 13.16, 14.11, 14.12, 14.13 and 15.8.\n- Updated Default value for the RDS certificate to `rds-ca-rsa4096-g1`.\n"},{"meta":{"title":"azure-managedidentity v5.0.0 is now available","author":null,"publishedAt":"2024-08-13T09:00:00","permalink":"azure-managedidentity-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$6d"},{"meta":{"title":"aws v5.30.3 - AWS > Turbot > Logging > Bucket control will now set AWS SSE encryption by default for buckets","author":null,"publishedAt":"2024-08-12T09:00:00","permalink":"aws-v5-30-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > Turbot > Logging > Bucket > Default Encryption` policy is now deprecated because all buckets are now encrypted by default in AWS. As a result, all buckets created and managed via the `AWS > Turbot > Logging > Bucket` stack control will now be encrypted by `AWS SSE` by default. We've also removed ACL settings for buckets and now apply bucket ownership controls instead via the stack control to align with the latest AWS recommendations. Please upgrade the `@turbot/aws-s3` mod to v5.26.0 for the stack control to work reliably as before.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n\n_Policy Types_\n\n_Renamed_\n\n- AWS > Turbot > Logging > Bucket > Default Encryption to AWS > Turbot > Logging > Bucket > Default Encryption [Deprecated]\n"},{"meta":{"title":"aws-s3 v5.26.0 - Added support for aws_s3_bucket_ownership_controls Terraform resource for buckets","author":null,"publishedAt":"2024-08-12T09:00:00","permalink":"aws-s3-v5-26-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for `aws_s3_bucket_ownership_controls` Terraform resource for buckets.\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"aws-robomaker v5.4.0 - Lambda runtimes now powered by Node 18","author":null,"publishedAt":"2024-08-09T09:00:00","permalink":"aws-robomaker-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-config v5.9.0 - Configure Terraform version for the Configuration Recording stack control","author":null,"publishedAt":"2024-08-09T09:00:00","permalink":"aws-config-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure the Terraform version for the `AWS > Config > Configuration Recording` stack control. To get started, set the `AWS > Config > Configuration Recording > Terraform Version` policy. We recommend using versions 0.11, 0.12, or 0.15 for this control to create and manage resources effectively and reliably.\n\n_Policy Types_\n\n- AWS > Config > Configuration Recording > Terraform Version\n"},{"meta":{"title":"gcp v5.25.0 - Create and manage labels for topics created via the GCP > Turbot > Event Handlers > Pub/Sub control","author":"Turbot Team","publishedAt":"2024-08-08T09:00:00","permalink":"gcp-v5-25-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now create and manage labels on Pub/Sub topics created via the `GCP > Turbot > Event Handlers > Pub/Sub` control. To get started, set the `GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels` policy.\n\n_Policy Types_\n\n- GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Labels > Ignore Changes\n- GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels\n- GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels > Ignore Changes\n"},{"meta":{"title":"aws-vpc-security v5.10.1 - Guardrails failed to cleanup deleted security group rules via the real-time `ec2:RevokeSecurityGroupEgress` and `ec2:RevokeSecurityGroupIngress` events","author":null,"publishedAt":"2024-08-07T09:00:00","permalink":"aws-vpc-security-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to cleanup deleted security group rules via the real-time `ec2:RevokeSecurityGroupEgress` and `ec2:RevokeSecurityGroupIngress` events. This issue is now fixed.\n"},{"meta":{"title":"aws v5.30.2 - The Event Handlers control did not correctly raise the real-time `CreateTags` and `DeleteTags` events for VPC security group rules","author":null,"publishedAt":"2024-08-07T09:00:00","permalink":"aws-v5-30-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Turbot > Event Handlers` control did not correctly raise the real-time `CreateTags` and `DeleteTags` events for VPC security group rules. This issue is now fixed.\n"},{"meta":{"title":"gcp-network v5.14.0 - Configure Flow Logging for Subnetworks","author":null,"publishedAt":"2024-08-06T09:00:00","permalink":"gcp-network-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure flow logging for subnetworks. To get started, set the `GCP > Network > Subnetwork > Flow Log` policy.\n\n_Control Types_\n\n- GCP > Network > Subnetwork > Flow Log\n\n_Policy Types_\n\n- GCP > Network > Subnetwork > Flow Log\n\n_Action Types_\n\n- GCP > Network > Subnetwork > Set Flow Log\n"},{"meta":{"title":"gcp-memorystore v5.3.0 - Lambda runtimes now powered by Node 18","author":null,"publishedAt":"2024-08-06T09:00:00","permalink":"gcp-memorystore-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"azure-provider v5.11.0 - Track and manage Elastic and Managed Identity resource providers in Guardrails","author":null,"publishedAt":"2024-08-06T09:00:00","permalink":"azure-provider-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Resource Types_\n\n- Azure > Provider > Elastic\n- Azure > Provider > Managed Identity\n\n_Control Types_\n\n- Azure > Provider > Elastic > CMDB\n- Azure > Provider > Elastic > Discovery\n- Azure > Provider > Elastic > Registered\n- Azure > Provider > Managed Identity > CMDB\n- Azure > Provider > Managed Identity > Discovery\n- Azure > Provider > Managed Identity > Registered\n\n_Policy Types_\n\n- Azure > Provider > Elastic > CMDB\n- Azure > Provider > Elastic > Registered\n- Azure > Provider > Managed Identity > CMDB\n- Azure > Provider > Managed Identity > Registered\n\n_Action Types_\n\n- Azure > Provider > Elastic > Set Registered\n- Azure > Provider > Managed Identity > Set Registered\n"},{"meta":{"title":"gcp-run v5.1.0 - Lambda runtimes now powered by Node 18","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"gcp-run-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp-iam v5.16.0 - Disable inactive or unapproved service accounts via Guardrails","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"gcp-iam-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now disable inactive or unapproved service accounts via Guardrails. To get started, set the `GCP > IAM > Service Account > Active` or `GCP > IAM > Service Account > Approved` policy to `Enforce: Disable inactive with days warning` or `Enforce: Disable unapproved` respectively.\n\n_Action Types_\n\n- GCP > IAM > Service Account > Disable\n"},{"meta":{"title":"azure-servicebus v5.1.0 - Lambda runtimes now powered by Node 18","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"azure-servicebus-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"azure-applicationinsights v5.7.0 - Lambda runtimes now powered by Node 18","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"azure-applicationinsights-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-secretmanager v5.1.0 - Lambda runtimes now powered by Node 18","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"aws-secretmanager-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-ram v5.3.0 - Lambda runtimes now powered by Node 18","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"aws-ram-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-ecr v5.13.1 - The Repository CMDB control went into an error state for shared repositories upserted incorrectly in Guardrails CMDB","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"aws-ecr-v5-13-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > ECR > Repository > CMDB` control went into an error state for shared repositories upserted incorrectly in Guardrails CMDB. Shared repositories will now not be upserted under shared accounts or regions, but will only be upserted under their owner accounts and regions.\n"},{"meta":{"title":"aws-ec2 v5.41.3 - Guardrails will now process `ec2:CreateReplaceRootVolumeTask` real-time event for instances","author":null,"publishedAt":"2024-08-05T09:00:00","permalink":"aws-ec2-v5-41-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to process the real-time event `ec2:CreateReplaceRootVolumeTask` for instances. This is now fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.45.4 - Performance enhancements and UI improvements","author":"Turbot Team","publishedAt":"2024-08-02T09:00:00","permalink":"te-v5-45-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Made notifications faster by improving the query, which enhances the performance of the resource activity tab.\n\n- UI\n - Fixed a bug where policy pack creation would fail if the AKA was not provided from the user interface.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-azure v5.3.2 - Bug fixed - Configuration Item control for resource group will now process data correctly in ServiceNow","author":null,"publishedAt":"2024-08-02T09:00:00","permalink":"servicenow-azure-v5-3-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Resource Group > ServiceNow > Configuration Item` control would fail to fetch instance credentials internally and did not process the data correctly in ServiceNow. This issue has now been fixed.\n"},{"meta":{"title":"servicenow-kubernetes v5.2.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-kubernetes-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"servicenow-gcp-storage v5.3.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-gcp-storage-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"servicenow-gcp-computeengine v5.2.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-gcp-computeengine-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"servicenow-gcp v5.3.0 - Added Project > ServiceNow > Import Set control and policies","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-gcp-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Control Types_\n\n- GCP > Project > ServiceNow > Import Set\n\n_Policy Types_\n\n- GCP > Project > ServiceNow > Import Set\n- GCP > Project > ServiceNow > Import Set > Archive Columns\n- GCP > Project > ServiceNow > Import Set > Record\n- GCP > Project > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-azure-storage v5.3.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-azure-storage-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"servicenow-azure-network v5.3.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-azure-network-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"servicenow-azure-compute v5.1.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-azure-compute-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"servicenow-azure v5.3.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-azure-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"servicenow-aws-s3 v5.1.1 - Bug fixed - Import Set control will now convert JSON objects to correct format so that they are stored reliably and consistently in ServiceNow","author":null,"publishedAt":"2024-08-01T09:00:00","permalink":"servicenow-aws-s3-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.43.0 - Added support for Postgres versions 15.6 and 15.7","author":"Turbot Team","publishedAt":"2024-07-31T09:00:00","permalink":"ted-v1-43-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Postgres versions 15.6 and 15.7.\n"},{"meta":{"title":"azure v5.20.0 - Updated internal dependencies to use the latest Azure SDK versions to poll events from Azure Monitor and process them in Guardrails","author":null,"publishedAt":"2024-07-31T09:00:00","permalink":"azure-v5-20-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated internal dependencies and now use the latest Azure SDK versions to poll events from Azure Monitor and process them in Guardrails. You won't notice any difference, and things will continue to work smoothly as before.\n"},{"meta":{"title":"aws-dynamodb v5.11.0 - `AWS/DynamoDB/Admin`, `AWS/DynamoDB/Metadata` and `AWS/DynamoDB/Operator` now include permissions for Resource Policy, Imports, Time to Live and Global Table Version","author":null,"publishedAt":"2024-07-31T09:00:00","permalink":"aws-dynamodb-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `AWS/DynamoDB/Admin`, `AWS/DynamoDB/Metadata` and `AWS/DynamoDB/Operator` now include permissions for Resource Policy, Imports, Time to Live and Global Table Version.\n"},{"meta":{"title":"servicenow-azure-network v5.3.0 - Added Network Security Group > ServiceNow > Import Set control and policies","author":null,"publishedAt":"2024-07-30T09:00:00","permalink":"servicenow-azure-network-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Control Types_\n\n- Azure > Network > Network Security Group > ServiceNow > Import Set\n\n_Policy Types_\n\n- Azure > Network > Network Security Group > ServiceNow > Import Set\n- Azure > Network > Network Security Group > ServiceNow > Import Set > Archive Columns\n- Azure > Network > Network Security Group > ServiceNow > Import Set > Record\n- Azure > Network > Network Security Group > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-azure v5.3.0 - Added Subscription > ServiceNow > Import Set control and policies","author":null,"publishedAt":"2024-07-30T09:00:00","permalink":"servicenow-azure-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Control Types_\n\n- Azure > Subscription > ServiceNow > Import Set\n\n_Policy Types_\n\n- Azure > Subscription > ServiceNow > Import Set\n- Azure > Subscription > ServiceNow > Import Set > Archive Columns\n- Azure > Subscription > ServiceNow > Import Set > Record\n- Azure > Subscription > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"azure-storage v5.19.0 - Enable Encryption at Rest and table logging for storage accounts","author":null,"publishedAt":"2024-07-30T09:00:00","permalink":"azure-storage-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$6e"},{"meta":{"title":"aws-s3 v5.25.1 - Bug fixed - Improved error message for the bucket CMDB control when it would go to error state due to insufficient permissions for the `headBucket` operation","author":null,"publishedAt":"2024-07-30T09:00:00","permalink":"aws-s3-v5-25-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved error message for the `AWS > S3 > Bucket > CMDB` control if it would go into an error state due to insufficient permissions for the `headBucket` operation.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.46.0 - Upgraded from Node.js 18 to Node.js 20","author":"Turbot Team","publishedAt":"2024-07-29T09:00:00","permalink":"te-v5-46-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Migrated from Node.js 18 to Node.js 20 for improved performance and security.\n - Updated the Mod Lambda architecture to ARM64 for better efficiency.\n - Added support for Node.js 20 in the Lambda runtime.\n\n_Bug fixes_\n\n- Server\n - Resolved an issue where the next tick timestamp was not being set for large commands\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.45.3 - Resolved UI deletion issue for Policy Packs with latest Turbot Mod and TE 5.45.0","author":"Turbot Team","publishedAt":"2024-07-29T09:00:00","permalink":"te-v5-45-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- UI\n - Resolved deletion issue from UI for Policy Packs with latest Turbot Mod(5.45.0) and TE 5.45.0.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.45.2 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-07-29T09:00:00","permalink":"te-v5-45-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-kubernetes v5.2.0 - Added support for new Kubernetes resource types","author":null,"publishedAt":"2024-07-26T09:00:00","permalink":"servicenow-kubernetes-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$6f"},{"meta":{"title":"kubernetes v5.1.0 - Added support for new Kubernetes resource types","author":null,"publishedAt":"2024-07-26T09:00:00","permalink":"kubernetes-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$70"},{"meta":{"title":"aws-s3 v5.25.0 - Ignore `headBucket` permission errors and allow the CMDB control to run its course to completion","author":null,"publishedAt":"2024-07-26T09:00:00","permalink":"aws-s3-v5-25-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > S3 > Bucket > CMDB` control would go into an error state if Guardrails did not have permissions to call the `headBucket` operation on a bucket. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the `AWS > S3 > Bucket > CMDB` policy to `Enforce: Enabled but ignore permission errors`.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.45.1 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-07-25T09:00:00","permalink":"te-v5-45-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-appservice v5.11.2 - Bug fixed - Client Certificate Mode control for Web Apps did not handle the default `Ignore` setting correctly","author":null,"publishedAt":"2024-07-25T09:00:00","permalink":"azure-appservice-v5-11-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In the previous version, we fixed an issue with the `Azure > App Service > Web App > Client Certificate Mode` control, ensuring that the Client Certificate Mode is set to `Require` correctly. However, we missed an edge case where the control wouldn’t enforce any mode other than the default setting of `Ignore`. We have now addressed all cases, and the control will work more reliably and consistently than before.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.61.0 - Updated AWS Lambda function architecture to ARM64 for improved performance and cost efficiency","author":"Turbot Team","publishedAt":"2024-07-22T09:00:00","permalink":"tef-v1-61-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Updated AWS Lambda function architecture to ARM64 for improved performance and cost efficiency.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.45.0 - Cost optimizations with ARM64 Lambda functions and enhanced Redis memory management","author":"Turbot Team","publishedAt":"2024-07-22T09:00:00","permalink":"te-v5-45-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Improved memory optimization for Redis.\n - Updated all AWS Lambda functions in the TE environment to use ARM64 architecture for improved performance and cost efficiency.\n - Allow notifications rules to accept nunjucks for Email address.\n - Updated several node packages to newer versions for improved functionality and security.\n\n- UI\n - `Smart Folders` are now called `Policy Packs`.\n - Now you can add AKA while creating `Policy Packs` from UI.\n\n_Bug fixes_\n\n- Server\n - Fixed an issue where controls remained in TBD state for accounts imported without an External ID.\n\n- UI\n - Removed the unsupported feature for rearranging `Policy Packs` from the UI.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-kubernetes v5.1.1 - Import Set policies for various Kubernetes resources will no longer include the `Enforce: Sync` policy value","author":null,"publishedAt":"2024-07-22T09:00:00","permalink":"servicenow-kubernetes-v5-1-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Import Set policies for various Kubernetes resources will no longer include the `Enforce: Sync` policy value for integrating Import Sets in ServiceNow.\n"},{"meta":{"title":"servicenow-gcp-storage v5.3.0 - Added Object > ServiceNow > Import Set controls and policies","author":null,"publishedAt":"2024-07-22T09:00:00","permalink":"servicenow-gcp-storage-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Control Types_\n\n- GCP > Storage > Object > ServiceNow > Import Set\n\n_Policy Types_\n\n- GCP > Storage > Object > ServiceNow > Import Set\n- GCP > Storage > Object > ServiceNow > Import Set > Archive Columns\n- GCP > Storage > Object > ServiceNow > Import Set > Record\n- GCP > Storage > Object > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-gcp-computeengine v5.2.0 - Added Import Set controls and policies for various Compute Engine resource types","author":null,"publishedAt":"2024-07-22T09:00:00","permalink":"servicenow-gcp-computeengine-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$71"},{"meta":{"title":"servicenow-azure-storage v5.3.0 - Added Import Set controls and policies for various Storage resource types","author":null,"publishedAt":"2024-07-22T09:00:00","permalink":"servicenow-azure-storage-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Control Types_\n\n- Azure > Storage > Container > ServiceNow > Import Set\n- Azure > Storage > FileShare > ServiceNow > Import Set\n- Azure > Storage > Queue > ServiceNow > Import Set\n\n_Policy Types_\n\n- Azure > Storage > Container > ServiceNow > Import Set\n- Azure > Storage > Container > ServiceNow > Import Set > Archive Columns\n- Azure > Storage > Container > ServiceNow > Import Set > Record\n- Azure > Storage > Container > ServiceNow > Import Set > Table Name\n- Azure > Storage > FileShare > ServiceNow > Import Set\n- Azure > Storage > FileShare > ServiceNow > Import Set > Archive Columns\n- Azure > Storage > FileShare > ServiceNow > Import Set > Record\n- Azure > Storage > FileShare > ServiceNow > Import Set > Table Name\n- Azure > Storage > Queue > ServiceNow > Import Set\n- Azure > Storage > Queue > ServiceNow > Import Set > Archive Columns\n- Azure > Storage > Queue > ServiceNow > Import Set > Record\n- Azure > Storage > Queue > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-azure-compute v5.1.0 - Added Import Set controls and policies for various Compute resource types","author":null,"publishedAt":"2024-07-22T09:00:00","permalink":"servicenow-azure-compute-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$72"},{"meta":{"title":"servicenow-aws-s3 v5.1.0 - Added Bucket > ServiceNow > Import Set controls and policies","author":null,"publishedAt":"2024-07-22T09:00:00","permalink":"servicenow-aws-s3-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Control Types_\n\n- AWS > S3 > Bucket > ServiceNow > Import Set\n\n_Policy Types_\n\n- AWS > S3 > Bucket > ServiceNow > Import Set\n- AWS > S3 > Bucket > ServiceNow > Import Set > Archive Columns\n- AWS > S3 > Bucket > ServiceNow > Import Set > Record\n- AWS > S3 > Bucket > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-aws v5.1.0 - Added support for archiving Import Sets in ServiceNow","author":null,"publishedAt":"2024-07-22T09:00:00","permalink":"servicenow-aws-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support to archive Import Sets in ServiceNow.\n"},{"meta":{"title":"azure-appservice v5.11.1 - Bug fixed - Client Certificate Mode control for Web Apps did not apply `Enforce: Require` settings correctly","author":null,"publishedAt":"2024-07-19T09:00:00","permalink":"azure-appservice-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > App Service > Web App > Client Certificate Mode` control did not apply `Enforce: Require` settings correctly. This is now fixed.\n"},{"meta":{"title":"gcp-monitoring v5.7.0 - Added support for `google_monitoring_alert_policy` and `google_monitoring_notification_channel` Terraform resources","author":null,"publishedAt":"2024-07-18T09:00:00","permalink":"gcp-monitoring-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for `google_monitoring_alert_policy` and `google_monitoring_notification_channel` Terraform resources.\n\n_Control Types_\n\n- GCP > Monitoring > Alert Policy > Configured\n- GCP > Monitoring > Notification Channel > Configured\n\n_Policy Types_\n\n- GCP > Monitoring > Alert Policy > Configured\n- GCP > Monitoring > Alert Policy > Configured > Claim Precedence\n- GCP > Monitoring > Alert Policy > Configured > Source\n- GCP > Monitoring > Notification Channel > Configured\n- GCP > Monitoring > Notification Channel > Configured > Claim Precedence\n- GCP > Monitoring > Notification Channel > Configured > Source\n"},{"meta":{"title":"gcp-logging v5.5.0 - Added support for `google_logging_metric` Terraform resource","author":null,"publishedAt":"2024-07-18T09:00:00","permalink":"gcp-logging-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for `google_logging_metric` Terraform resource.\n\n_Control Types_\n\n- GCP > Logging > Metric > Configured\n\n_Policy Types_\n\n- GCP > Logging > Metric > Configured\n- GCP > Logging > Metric > Configured > Claim Precedence\n- GCP > Logging > Metric > Configured > Source\n"},{"meta":{"title":"azure-storage v5.18.1 - Bug fixed - Queue logging control failed to set logging properties correctly","author":null,"publishedAt":"2024-07-18T09:00:00","permalink":"azure-storage-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Storage > Storage Account > Queue > Logging` control failed to set queue logging properties correctly. This issue has been fixed, and the control will now function correctly as intended.\n"},{"meta":{"title":"aws-iam v5.36.2 - Improved descriptions for various IAM Resource Types to ensure they are clearer and more helpful","author":null,"publishedAt":"2024-07-18T09:00:00","permalink":"aws-iam-v5-36-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"aws-ec2 v5.41.2 - Improved descriptions for various EC2 Resource Types to ensure they are clearer and more helpful","author":null,"publishedAt":"2024-07-18T09:00:00","permalink":"aws-ec2-v5-41-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Improved descriptions for various resource types to ensure they are clearer and more helpful.\n"},{"meta":{"title":"gcp-computeengine v5.9.0 - Configure Shielded Instance Configuration for instances","author":null,"publishedAt":"2024-07-16T09:00:00","permalink":"gcp-computeengine-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure Shielded Instance Configuration for instances. To get started, set `GCP > Compute > Instance > Shielded Instance Configuration > *` policies.\n\n_Control Types_\n\n- GCP > Compute Engine > Instance > Shielded Instance Configuration\n\n_Policy Types_\n\n- GCP > Compute Engine > Instance > Shielded Instance Configuration\n- GCP > Compute Engine > Instance > Shielded Instance Configuration > Integrity Monitoring\n- GCP > Compute Engine > Instance > Shielded Instance Configuration > Secure Boot\n- GCP > Compute Engine > Instance > Shielded Instance Configuration > vTPM\n\n_Action Types_\n\n- GCP > Compute Engine > Instance > Set Shielded Instance Configuration\n"},{"meta":{"title":"azure-cisv2-0 v5.1.0 - Added support for control 5.01.06 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics","author":"Turbot Team","publishedAt":"2024-07-16T09:00:00","permalink":"azure-cisv2-0-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Azure > CIS v2.0 > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)` control will also evaluate SQL databases for SKU Basic/Consumption.\n\n_Control Types_\n\n- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics\n\n_Policy Types_\n\n- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group flow logs are captured and sent to Log Analytics\n\n_Bug fixes_\n\n- The `Azure > CIS v2.0 > 4 - Database Services > 01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key` control did not evaluate the result correctly, as expected. This is now fixed.\n"},{"meta":{"title":"Terraform Provider v1.11.1 - Added documentation for `akas` attribute for `turbot_policy_pack` resource","author":"Turbot Team","publishedAt":"2024-07-15T09:00:00","permalink":"terraform-provider-v1-11-1","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_What's new?_\n\nDOCUMENTATION:\n\n* `resource/turbot_policy_pack`: Added documentation for `akas` attribute for the resource. ([#179](https://github.com/turbot/terraform-provider-turbot/issues/179))\n"},{"meta":{"title":"gcp-sql v5.10.0 - Configure Encryption In Transit for Instances","author":null,"publishedAt":"2024-07-15T09:00:00","permalink":"gcp-sql-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure Encryption In Transit for instances. To get started, set the `GCP > SQL > Instance > Encryption In Transit` policy.\n\n_Control Types_\n\n- GCP > SQL > Instance > Encryption In Transit\n\n_Policy Types_\n\n- GCP > SQL > Instance > Encryption In Transit\n\n_Action Types_\n\n- GCP > SQL > Instance > Update Encryption in Transit\n"},{"meta":{"title":"gcp-cisv2-0 v5.1.0 - Added controls related to IAM API Keys in section 1 - Identity and Access Management","author":"Turbot Team","publishedAt":"2024-07-15T09:00:00","permalink":"gcp-cisv2-0-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Control Types_\n\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure API Keys Only Exist for Active Services\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure API Keys Are Restricted to Only APIs That Application Needs Access\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure API Keys Are Rotated Every 90 Days\n\n_Policy Types_\n\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure API Keys Only Exist for Active Services\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure API Keys Are Restricted to Only APIs That Application Needs Access\n- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure API Keys Are Rotated Every 90 Days\n"},{"meta":{"title":"azure-network v5.17.0 - Upgrade SKU from Basic to Standard for Public IP Addresses","author":null,"publishedAt":"2024-07-15T09:00:00","permalink":"azure-network-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now upgrade the SKU from `Basic` to `Standard` for Public IP Addresss via `Azure > Network > Public IP Address > Standard SKU` control. To get started, set the `Azure > Network > Public IP Address > Standard SKU` policy.\n\n_Control Types_\n\n- Azure > Network > Public IP Address > Standard SKU\n\n_Policy Types_\n\n- Azure > Network > Public IP Address > Standard SKU\n- Azure > Network > Public IP Address > Standard SKU > SKU Tier\n\n_Action Types_\n\n- Azure > Network > Public IP Address > Update SKU to Standard\n"},{"meta":{"title":"azure-cosmosdb v5.6.0 - Configure Firewall and Virtual Network settings for Database Accounts","author":null,"publishedAt":"2024-07-15T09:00:00","permalink":"azure-cosmosdb-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$73"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.60.0 - Resolved an issue where an empty outbound_cidr_ranges SSM parameter caused a validation error","author":"Turbot Team","publishedAt":"2024-07-12T09:00:00","permalink":"tef-v1-60-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n - Resolved an issue where an empty outbound_cidr_ranges SSM parameter caused a validation error. Now, if the outbound_cidr_ranges parameter is empty, it will be set to None.\n\n_What's new?_\n\n - Added M7i and M7i-flex instance type.\n - Updated the HealthCheckProxy lambda function to use python 3.10."},{"meta":{"title":"gcp v5.24.4 - Bug fixed - Project CMDB control would go into error if Access Transparency was disabled","author":"Turbot Team","publishedAt":"2024-07-12T09:00:00","permalink":"gcp-v5-24-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Project > CMDB` control went into an error state while fetching Access Approval settings for the project if Access Transparency was disabled at the organization level. We have now handled such cases gracefully, and the control will fetch all available details without going into an error state.\n"},{"meta":{"title":"gcp-sql v5.9.0 - Configure Authorized Networks and Database Flags for Instances","author":null,"publishedAt":"2024-07-12T09:00:00","permalink":"gcp-sql-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$74"},{"meta":{"title":"azure-storage v5.18.0 - Controls and Actions now use latest Azure SDK versions to discover and manage Storage resources in Guardrails","author":null,"publishedAt":"2024-07-12T09:00:00","permalink":"azure-storage-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$75"},{"meta":{"title":"azure-appservice v5.11.0 - Configure Client Certificate Mode for Web Apps","author":null,"publishedAt":"2024-07-12T09:00:00","permalink":"azure-appservice-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure Client Certificate Mode for web apps. To get started, set the `Azure > App Service > Web App > Client Certificate Mode` policy.\n\n_Control Types_\n\n- Azure > App Service > Web App > Client Certificate Mode\n\n_Policy Types_\n\n- Azure > App Service > Web App > Client Certificate Mode\n\n_Action Types_\n\n- Azure > App Service > Web App > Set Client Certificate Mode\n"},{"meta":{"title":"Terraform Provider v1.11.0 - Added `turbot_policy_pack` and `turbot_policy_pack_attachment` resources","author":"Turbot Team","publishedAt":"2024-07-11T09:00:00","permalink":"terraform-provider-v1-11-0","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\n_What's new?_\n\nFEATURES:\n\n* **New Resource:** `turbot_policy_pack` ([#171](https://github.com/turbot/terraform-provider-turbot/issues/171))\n* **New Resource:** `turbot_policy_pack_attachment` ([#173](https://github.com/turbot/terraform-provider-turbot/issues/173))\n\nENHANCEMENTS:\n\n* `resource/turbot_smart_folder`: The `parent` argument is now optional and defaults to `tmod:@turbot/turbot#/`. ([#177](https://github.com/turbot/terraform-provider-turbot/issues/177))\n"},{"meta":{"title":"gcp-iam v5.15.0 - Track and manage IAM API Keys in Guardrails","author":null,"publishedAt":"2024-07-11T09:00:00","permalink":"gcp-iam-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- GCP > IAM > API Key\n\n_Control Types_\n\n- GCP > IAM > API Key > Active\n- GCP > IAM > API Key > Approved\n- GCP > IAM > API Key > CMDB\n- GCP > IAM > API Key > Discovery\n- GCP > IAM > API Key > Usage\n\n_Policy Types_\n\n- GCP > IAM > API Key > Active\n- GCP > IAM > API Key > Active > Age\n- GCP > IAM > API Key > Active > Last Modified\n- GCP > IAM > API Key > Approved\n- GCP > IAM > API Key > Approved > Custom\n- GCP > IAM > API Key > Approved > Usage\n- GCP > IAM > API Key > CMDB\n- GCP > IAM > API Key > Usage\n- GCP > IAM > API Key > Usage > Limit\n\n_Action Types_\n\n- GCP > IAM > API Key > Delete\n- GCP > IAM > API Key > Router\n"},{"meta":{"title":"gcp-bigquery v5.7.0 - Configure Encryption at Rest for Datasets","author":null,"publishedAt":"2024-07-11T09:00:00","permalink":"gcp-bigquery-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure Encryption at Rest for datasets. To get started, set the `GCP > BigQuery > Dataset > Encryption at Rest > *` policies.\n\n_Control Types_\n\n- GCP > BigQuery > Dataset > Encryption at Rest\n\n_Policy Types_\n\n- GCP > BigQuery > Dataset > Encryption at Rest\n- GCP > BigQuery > Dataset > Encryption at Rest > Customer Managed Key\n\n_Action Types_\n\n- GCP > BigQuery > Dataset > Update Encryption At Rest\n"},{"meta":{"title":"servicenow-kubernetes v5.1.0 - Added ServiceNow > Import Set controls and policies for various resource types","author":null,"publishedAt":"2024-07-09T09:00:00","permalink":"servicenow-kubernetes-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$76"},{"meta":{"title":"aws-ec2 v5.41.1 - Bug fixed - Guardrails failed to process real-time snapshot events if the Snapshot CMDB policy was set to `Enforce: Enabled for Snapshots not created with AWS Backup`","author":null,"publishedAt":"2024-07-09T09:00:00","permalink":"aws-ec2-v5-41-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to process real-time snapshot events if the `AWS > EC2 > Snapshot > CMDB` policy was set to `Enforce: Enabled for Snapshots not created with AWS Backup`. This issue has now been fixed.\n"},{"meta":{"title":"gcp-dns v5.8.0 - Configure DNSSEC for managed zones and logging for DNS policies","author":null,"publishedAt":"2024-07-08T09:00:00","permalink":"gcp-dns-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure DNSSEC for managed zones via Guardrails. To get started, set the`GCP > DNS > Managed Zone > DNSSEC Configuration` policy.\n- Users can now configure logging for DNS policies. To get started, set the `GCP > DNS > Policy > Logging` policy.\n\n_Control Types_\n\n- GCP > DNS > Managed Zone > DNSSEC Configuration\n- GCP > DNS > Policy > Logging\n\n_Policy Types_\n\n- GCP > DNS > Managed Zone > DNSSEC Configuration\n- GCP > DNS > Policy > Logging\n\n_Action Types_\n\n- GCP > DNS > Managed Zone > Update DNSSEC Configuration\n- GCP > DNS > Policy > Update Logging\n"},{"meta":{"title":"azure-network v5.16.4 - Bug fixed - Discovery controls for various resource types would go into an error state without discovering resources and upserting them in Guardrails CMDB","author":null,"publishedAt":"2024-07-08T09:00:00","permalink":"azure-network-v5-16-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Discovery controls for various resource types would go into an error state without discovering resources and upserting them in Guardrails CMDB due to a bad internal build. This issue has been fixed, and those controls will now work correctly as expected.\n"},{"meta":{"title":"azure-compute v5.17.0 - Configure Trusted Launch for second generation virtual machines","author":null,"publishedAt":"2024-07-08T09:00:00","permalink":"azure-compute-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now enable/disable Trusted Launch for all second generation virtual machines. To get started, set the `Azure > Compute > Virtual Machine > Trusted launch` policy.\n- You can now configure Encryption at Rest for Disks. To get started, set the `Azure > Compute > Disk > Encryption at Rest > *` policies.\n\n_Control Types_\n\n- Azure > Compute > Disk > Encryption at Rest\n- Azure > Compute > Virtual Machine > Trusted Launch\n\n_Policy Types_\n\n- Azure > Compute > Disk > Encryption at Rest\n- Azure > Compute > Disk > Encryption at Rest > Disk Encryption Set\n- Azure > Compute > Virtual Machine > Trusted launch\n\n_Action Types_\n\n- Azure > Compute > Disk > Update Encryption at Rest\n- Azure > Compute > Virtual Machine > Update Trusted Luanch\n"},{"meta":{"title":"azure-appservice v5.10.0 - Register web apps with Entra ID to connect to other Azure services securely","author":null,"publishedAt":"2024-07-08T09:00:00","permalink":"azure-appservice-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- User can now register web apps with Entra ID to connect to other Azure services securely without the need for usernames and passwords. To get started, set the `Azure > App Service > Web App > System Assigned Identity` policy.\n- Diagnostic Settings details will now also be available for Web Apps in Guardrails CMDB.\n\n_Control Types_\n\n- Azure > App Service > Web App > System Assigned Identity\n\n_Policy Types_\n\n- Azure > App Service > Web App > System Assigned Identity\n\n_Action Types_\n\n- Azure > App Service > Web App > Set System Assigned Identity\n\n_Bug fixes_\n\n- The `Azure > App Service > Web App > FTPS State` control failed to set the FTPS State correctly for web apps. This issue is now fixed.\n"},{"meta":{"title":"gcp-bigquery v5.6.0 - Added support for Approved > Custom policy for Datasets","author":null,"publishedAt":"2024-07-05T09:00:00","permalink":"gcp-bigquery-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Policy Types_\n\n- GCP > BigQuery > Dataset > Approved > Custom\n"},{"meta":{"title":"azure-networkwatcher v5.9.0 - Configure retention policy for flow logs","author":null,"publishedAt":"2024-07-05T09:00:00","permalink":"azure-networkwatcher-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now configure retention policy for flow logs. To get started, set the `Azure > Network Watcher > Flow Log > Retention Policy > *` policies.\n\n_Control Types_\n\n- Azure > Network Watcher > Flow Log > Retention Policy\n\n_Policy Types_\n\n- Azure > Network Watcher > Flow Log > Retention Policy\n- Azure > Network Watcher > Flow Log > Retention Policy > Days\n\n_Action Types_\n\n- Azure > Network Watcher > Flow Log > Update Retention Policy\n"},{"meta":{"title":"azure-activedirectory v5.6.0 - Directory CMDB data will now also include named locations and authorization policy details","author":null,"publishedAt":"2024-07-05T09:00:00","permalink":"azure-activedirectory-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Azure > Active Directory > Directory > CMDB` control will now also fetch named locations and authorization policy details and store them in CMDB.\n"},{"meta":{"title":"aws-iam v5.36.1 - Bug fixed - Account Password Policy details did not refresh correctly in Guardrails CMDB","author":null,"publishedAt":"2024-07-05T09:00:00","permalink":"aws-iam-v5-36-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Account Password Policy details did not refresh correctly in Guardrails CMDB if those settings were reset to defaults in AWS. This resulted in the `AWS > IAM > Account Password Policy > Settings` control not applying custom settings correctly. This issue is fixed, and the CMDB details will now refresh correctly, allowing the corresponding Settings control to work as expected.\n"},{"meta":{"title":"azure-securitycenter v5.4.1 - Security Center CMDB data will now also include security settings details","author":null,"publishedAt":"2024-07-04T09:00:00","permalink":"azure-securitycenter-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Azure > Security Center > Security Center > CMDB` control will now also fetch security settings details and store them in CMDB.\n"},{"meta":{"title":"aws-rds v5.26.3 - Bug fixed - Discovery controls for various resource types would go into an error state without discovering resources and upserting them in Guardrails CMDB","author":null,"publishedAt":"2024-07-04T09:00:00","permalink":"aws-rds-v5-26-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Discovery controls for various resource types would go into an error state without discovering resources and upserting them in Guardrails CMDB due to a bad internal build. This issue has been fixed, and those controls will now work correctly as expected.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.44.7 - Resolved an issue that caused control targeting to accounts fail when AWS Gov accounts were imported in commercial environment","author":"Turbot Team","publishedAt":"2024-07-03T09:00:00","permalink":"te-v5-44-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Resolved an issue that caused control targeting to accounts fail when AWS Gov accounts were imported in commercial environment.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-gcp-storage v5.2.1 - Fixed GCP > Storage > Bucket > ServiceNow > Import Set > Record default value","author":null,"publishedAt":"2024-07-03T09:00:00","permalink":"servicenow-gcp-storage-v5-2-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\nThe default value for `GCP > Storage > Bucket > ServiceNow > Import Set` now shows the `resource_type_uri` correctly.\n"},{"meta":{"title":"servicenow-gcp-storage v5.2.0 - Added Bucket > ServiceNow > Import Set controls and policies","author":null,"publishedAt":"2024-07-03T09:00:00","permalink":"servicenow-gcp-storage-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Control Types_\n\n**Added**\n\n- GCP > Storage > Bucket > ServiceNow > Import Set\n\n_Policy Types_\n\n**Added**\n\n- GCP > Storage > Bucket > ServiceNow > Import Set\n- GCP > Storage > Bucket > ServiceNow > Import Set > Archive Columns\n- GCP > Storage > Bucket > ServiceNow > Import Set > Record\n- GCP > Storage > Bucket > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-gcp v5.2.0 - Records can now be archived when using import sets","author":null,"publishedAt":"2024-07-03T09:00:00","permalink":"servicenow-gcp-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `ServiceNow > Turbot > Watches > GCP Archive and Delete Record` action now supports archiving `Import Set` records.\n"},{"meta":{"title":"servicenow-azure-storage v5.2.0 - Added Storage Account > ServiceNow > Import Set controls and policies","author":null,"publishedAt":"2024-07-03T09:00:00","permalink":"servicenow-azure-storage-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Control Types_\n\n**Added**\n\n- Azure > Storage > Storage Account > ServiceNow > Import Set\n\n_Policy Types_\n\n**Added**\n\n- Azure > Storage > Storage Account > ServiceNow > Import Set\n- Azure > Storage > Storage Account > ServiceNow > Import Set > Archive Columns\n- Azure > Storage > Storage Account > ServiceNow > Import Set > Record\n- Azure > Storage > Storage Account > ServiceNow > Import Set > Table Name\n"},{"meta":{"title":"servicenow-azure v5.2.0 - Records can now be archived when using import sets","author":null,"publishedAt":"2024-07-03T09:00:00","permalink":"servicenow-azure-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `ServiceNow > Turbot > Watches > Azure Archive and Delete Record` action now supports archiving `Import Set` records.\n"},{"meta":{"title":"servicenow v5.1.0 - Fixed default values for various CMDB policies and add Import Set default table name policy","author":null,"publishedAt":"2024-07-03T09:00:00","permalink":"servicenow-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Default policy values for `ServiceNow > Application > CMDB`, `ServiceNow > Cost Center > CMDB` & `ServiceNow > User > CMDB` have been updated from `Enforce: Enabled` to `Skip`.\n\n_Policy Types_\n\n**Added**\n\n- ServiceNow > Import Set\n- ServiceNow > Import Set > Table Name [Default]\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.44.6 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-07-02T09:00:00","permalink":"te-v5-44-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.44.5 - The OUTBOUND_SECURITY_GROUP_ID environment variable in Lambda functions now defaults to using the TEF outbound security group when there is no override specified in TEF and TE","author":"Turbot Team","publishedAt":"2024-07-01T09:00:00","permalink":"te-v5-44-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - The `OUTBOUND_SECURITY_GROUP_ID` environment variable in Lambda functions now defaults to using the TEF outbound security group when there is no override specified in TEF and TE.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-network v5.16.3 - The Security Group Ingress and Egress Approved controls would now revoke only the rejected port prefixes instead of deleting the entire rule","author":null,"publishedAt":"2024-07-01T09:00:00","permalink":"azure-network-v5-16-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Network > Network Security Group > Ingress Rules > Approved` and `Azure > Network > Network Security Group > Egress Rules > Approved` controls previously deleted an entire rule if at least one of the corresponding port prefixes was rejected, even if the others were approved. These controls will now revoke only the rejected port prefixes instead of deleting the entire rule in such cases.\n"},{"meta":{"title":"aws-rds v5.26.2 - Bug fixed - The RDS DB Instance Approved control did not stop an unapproved instance if the corresponding policy was set to `Enforce: Stop unapproved` or `Enforce: Stop unapproved if new`, and deletion protection for the instance was enabled","author":null,"publishedAt":"2024-06-28T09:00:00","permalink":"aws-rds-v5-26-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > RDS > DB Instance > Approved` control will now be skipped for instances that belong to a cluster. To check if a cluster is approved for use, please set the `AWS > RDS > DB Cluster > Approved > *` policies.\n- The `AWS > RDS > DB Instance > Approved` control did not stop an unapproved instance if the corresponding policy was set to `Enforce: Stop unapproved` or `Enforce: Stop unapproved if new`, and deletion protection for the instance was enabled. The control will now stop instances correctly in such cases.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.44.4 - Enhanced management of EncryptionInTransit topic policy","author":"Turbot Team","publishedAt":"2024-06-27T09:00:00","permalink":"te-v5-44-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - The creation of the `EncryptionInTransit` TopicPolicy has shifted from a custom resource to AWS CloudFormation’s `AWS::SNS::TopicPolicy`.\n\n_Bug fixes_\n\n- Server\n - Changes to notifications introduced in version 5.44.2 have been rolled back due to issues with specific queries. This action restores previous functionality and ensures stability across the platform.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.44.2 - Performance enhancements and UI improvements","author":"Turbot Team","publishedAt":"2024-06-24T09:00:00","permalink":"te-v5-44-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Made notifications faster by improving the query, which enhances the performance of the activity tab.\n\n- UI\n - The `Depends-on` tab on the controls page has been renamed to `Related`. It now includes the information from the Depends-on tab along with additional related controls information.\n\n_Bug fixes_\n\n- Server\n - Fixed an issue where sometimes an older mod version was used instead of the latest one after a mod upgrade. Now, the cache is properly updated to always use the latest version.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-network v5.16.2 - Bug fixed - The Network Security Group Ingress Rules Approved control would sometimes fail to revoke rejected rules from a network security group","author":null,"publishedAt":"2024-06-24T09:00:00","permalink":"azure-network-v5-16-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Network > Network Security Group > Ingress Rules > Approved` control would sometimes fail to revoke rejected rules when the corresponding policy was set to `Enforce: Delete unapproved`. This has been fixed, and the control will now work more reliably and consistently than before.\n"},{"meta":{"title":"osquery v5.0.2 - The osquery Event Handler action would not handle events for large payloads","author":"Turbot Team","publishedAt":"2024-06-18T09:00:00","permalink":"osquery-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Turbot > osquery > Event Handler` action was not able to handle events for large payloads. This issue is now fixed.\n"},{"meta":{"title":"gcp v5.24.3 - Bug fixed - The Project CMDB control would incorrectly delete a project from Guardrails CMDB if it was unable to fetch Access Approval settings for the project","author":"Turbot Team","publishedAt":"2024-06-18T09:00:00","permalink":"gcp-v5-24-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Project > CMDB` control would incorrectly delete a project from Guardrails CMDB if it was unable to fetch Access Approval settings for the project. This issue has been fixed and the control will now attempt to fetch all available details and will not delete the project from CMDB.\n"},{"meta":{"title":"azure-securitycenter v5.4.0 - Auto Provisioning for Security Center is now available","author":"Turbot Team","publishedAt":"2024-06-17T09:00:00","permalink":"azure-securitycenter-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Users can now configure Auto Provisioning for Azure Security Center in Guardrails. To get started, set the `Azure > Security Center > Security Center > Auto Provisioning` policy.\n\n_Control Types_\n- Azure > Security Center > Security Center > Auto Provisioning\n\n_Policy Types_\n- Azure > Security Center > Security Center > Auto Provisioning\n\n_Action Types_\n- Azure > Security Center > Security Center > Update Auto Provisioning\n"},{"meta":{"title":"azure v5.19.0 - Subscription CMDB data will now also include tagging details for the subscription","author":"Turbot Team","publishedAt":"2024-06-14T09:00:00","permalink":"azure-v5-19-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Subscription CMDB data will now also include tagging details for the subscription.\n"},{"meta":{"title":"azure-securitycenter v5.3.0 - The Security Center Defender Plan control now also supports services like Cloud Posture, Containers and Cosmos DB","author":"Turbot Team","publishedAt":"2024-06-14T09:00:00","permalink":"azure-securitycenter-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `Azure > Security Center > Security Center > Defender Plan` control now also supports services like Cloud Posture, Containers and Cosmos DB.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.44.1 - Added support for newer auth mechanism to fetch temporary Azure credentials","author":"Turbot Team","publishedAt":"2024-06-13T09:00:00","permalink":"te-v5-44-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n\n - Added support for newer auth mechanism to fetch temporary Azure credentials via the `@azure/msal-node` package.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-ec2 v5.41.0 - Skip upserting snapshots in Guardrails CMDB if they are created via the AWS Backup service","author":"Turbot Team","publishedAt":"2024-06-13T09:00:00","permalink":"aws-ec2-v5-41-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now skip upserting snapshots in Guardrails CMDB if they are created via the AWS Backup service. To get started, set the `AWS > EC2 > Snapshot > CMDB` policy to `Enforce: Enabled for Snapshots not created with AWS Backup`.\n"},{"meta":{"title":"aws v5.30.1 - Bug fixed - The Turbot Service Roles stack control did not work as expected when all policies except the Event Handlers [Global] policy were enabled","author":"Turbot Team","publishedAt":"2024-06-11T09:00:00","permalink":"aws-v5-30-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Turbot > Service Roles > Source` policy went to an invalid state if all but the `AWS > Turbot > Service Roles > Event Handlers [Global]` policy was enabled. This issue impacted the `AWS > Turbot > Service Roles` stack control, preventing the role from being created correctly. This has been fixed, and the `AWS > Turbot > Service Roles > Source` policy will now work as expected.\n"},{"meta":{"title":"aws-cisv3-0 v5.0.1 - `1.02 Ensure security contact information is registered` control will now evaluate the outcome correctly","author":"Turbot Team","publishedAt":"2024-06-11T09:00:00","permalink":"aws-cisv3-0-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered` control did not evaluate the result correctly, as expected. This is now fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.59.0 - Added support for new flags in the Flags attribute","author":"Turbot Team","publishedAt":"2024-06-10T09:00:00","permalink":"tef-v1-59-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Updated the existing *Flags* attribute to include new specific flags that control the operation of Mod Lambda functions within a Virtual Private Cloud (VPC). This update allows Lambdas to use static IP addresses, improving network stability and predictability across different cloud environments.\n New flags Added to *Flags* Attribute:\n - LAMBDA_IN_VPC_AWS\n - LAMBDA_IN_VPC_AZURE\n - LAMBDA_IN_VPC_GCP\n - LAMBDA_IN_VPC_SERVICENOW\n\n - Introduced a new SSM parameter outbound_cidr_ranges to retrieve the Elastic IPs associated with the NAT gateways."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.44.0 - Lambda functions now support static IPs with VPC integration.","author":"Turbot Team","publishedAt":"2024-06-10T09:00:00","permalink":"te-v5-44-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n\n - You can now configure Mod Lambda functions to run within a VPC across various providers including AWS, Azure, ServiceNow, and GCP. This update ensures Lambdas operate with static CIDR ranges.\n - Enhanced `osquery/logger` API to support payloads up to 10MB.\n\n_Requirements_\n\n- TEF: 1.59.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-cisv2-0 v5.0.1 - Minor fixes and improvements","author":"Turbot Team","publishedAt":"2024-06-10T09:00:00","permalink":"azure-cisv2-0-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Minor fixes and improvements.\n"},{"meta":{"title":"aws-cisv2-0 v5.0.2 - `1.02 Ensure security contact information is registered` control will now evaluate the outcome correctly","author":"Turbot Team","publishedAt":"2024-06-10T09:00:00","permalink":"aws-cisv2-0-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered` control did not evaluate the result correctly, as expected. This is now fixed.\n"},{"meta":{"title":"azure-network v5.16.1 - The Ingress/Egress Rules Approved controls for Network Security Group Rules will now revoke rejected address prefixes individually instead of deleting an entire rule","author":"Turbot Team","publishedAt":"2024-06-03T09:00:00","permalink":"azure-network-v5-16-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Network > Network Security Group > Ingress Rules > Approved` and `Azure > Network > Network Security Group > Egress Rules > Approved` controls previously deleted an entire rule if at least one of the corresponding address prefixes was rejected, even if the others were approved. These controls will now revoke only the rejected address prefix instead of deleting the entire rule in such cases.\n"},{"meta":{"title":"gcp-bigquerydatatransfer v5.0.1 - Fixed incorrect filter patterns in the Compiled Filter policy to allow Event Handlers to work as expected","author":"Turbot Team","publishedAt":"2024-05-29T09:00:00","permalink":"gcp-bigquerydatatransfer-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Turbot > Event Handlers > Logging` would go into an Invalid state because of incorrect filter patterns defined in the `GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-bigquerydatatransfer` policy. This is fixed and the control will now work as expected.\n"},{"meta":{"title":"gcp-network v5.13.1 - Guardrails would sometimes process the real-time event `compute.networks.delete` for default networks incorrectly, resulting in the inadvertent deletion of those networks from CMDB","author":"Turbot Team","publishedAt":"2024-05-28T09:00:00","permalink":"gcp-network-v5-13-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails would sometimes process the real-time event `compute.networks.delete` for default networks incorrectly, resulting in the inadvertent deletion of those networks from CMDB. This is now fixed.\n"},{"meta":{"title":"aws-appfabric v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-28T09:00:00","permalink":"aws-appfabric-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n - AWS > AppFabric\n\n_Policy Types_\n - AWS > AppFabric > API Enabled\n - AWS > AppFabric > Approved Regions [Default]\n - AWS > AppFabric > Enabled\n - AWS > AppFabric > Permissions\n - AWS > AppFabric > Permissions > Levels\n - AWS > AppFabric > Permissions > Levels > Modifiers\n - AWS > AppFabric > Permissions > Lockdown\n - AWS > AppFabric > Permissions > Lockdown > API Boundary\n - AWS > AppFabric > Regions\n - AWS > AppFabric > Tags Template [Default]\n - AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-appfabric\n - AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-appfabric\n - AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-appfabric"},{"meta":{"title":"gcp-iam v5.14.0 - Approved control and its associated policies are now available for Project User resource type","author":"Turbot Team","publishedAt":"2024-05-27T09:00:00","permalink":"gcp-iam-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Control Types_\n - GCP > IAM > Project User > Approved\n\n_Policy Types_\n - GCP > IAM > Project User > Approved\n - GCP > IAM > Project User > Approved > Custom\n - GCP > IAM > Project User > Approved > Usage\n"},{"meta":{"title":"aws-s3 v5.24.1 - Guardrails failed to process the real-time event `s3:PutBucketReplication` for buckets","author":"Turbot Team","publishedAt":"2024-05-24T09:00:00","permalink":"aws-s3-v5-24-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to process the real-time event `s3:PutBucketReplication` for buckets. This is now fixed.\n- The `AWS > S3 > Bucket > Access Logging` control would sometimes go into an error state if the target bucket name started with a number. This is fixed and the control will now work more smoothly and consistently than before.\n"},{"meta":{"title":"azure-storage v5.17.2 - System storage containers will now be discovered correctly in Guardrails","author":"Turbot Team","publishedAt":"2024-05-16T09:00:00","permalink":"azure-storage-v5-17-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to discover system storage containers (e.g. `$logs`) for storage accounts. This is now fixed.\n"},{"meta":{"title":"gcp v5.24.2 - Added support to process enable and disable real-time events for BigQuery Data Transfer API via Service Usage APIs","author":"Turbot Team","publishedAt":"2024-05-15T09:00:00","permalink":"gcp-v5-24-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Added support to process enable and disable real-time events for BigQuery Data Transfer API via Service Usage APIs.\n"},{"meta":{"title":"gcp-bigquerydatatransfer v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-15T09:00:00","permalink":"gcp-bigquerydatatransfer-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$77"},{"meta":{"title":"osquery v5.0.1 - Fixed control category titles","author":"Turbot Team","publishedAt":"2024-05-14T09:00:00","permalink":"osquery-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed control category titles to use `osquery` instead of `Osquery`.\n"},{"meta":{"title":"kubernetes v5.0.1 is now available","author":"Turbot Team","publishedAt":"2024-05-14T09:00:00","permalink":"kubernetes-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- `Kubernetes > Node` resources will no longer include the `conditions.lastHeartbeatTime` or `resource_version` properties to avoid unnecessary notifications in the activity tab.\n"},{"meta":{"title":"aws-eventbridgescheduler v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-14T09:00:00","permalink":"aws-eventbridgescheduler-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n - AWS > EventBridge Scheduler\n\n_Policy Types_\n - AWS > EventBridge Scheduler > API Enabled\n - AWS > EventBridge Scheduler > Approved Regions [Default]\n - AWS > EventBridge Scheduler > Enabled\n - AWS > EventBridge Scheduler > Permissions\n - AWS > EventBridge Scheduler > Permissions > Levels\n - AWS > EventBridge Scheduler > Permissions > Levels > Modifiers\n - AWS > EventBridge Scheduler > Permissions > Lockdown\n - AWS > EventBridge Scheduler > Permissions > Lockdown > API Boundary\n - AWS > EventBridge Scheduler > Regions\n - AWS > EventBridge Scheduler > Tags Template [Default]\n - AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-eventbridgescheduler\n - AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-eventbridgescheduler\n - AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-eventbridgescheduler"},{"meta":{"title":"aws-eventbridgepipes v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-14T09:00:00","permalink":"aws-eventbridgepipes-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n - AWS > EventBridge Pipes\n\n_Policy Types_\n - AWS > EventBridge Pipes > API Enabled\n - AWS > EventBridge Pipes > Approved Regions [Default]\n - AWS > EventBridge Pipes > Enabled\n - AWS > EventBridge Pipes > Permissions\n - AWS > EventBridge Pipes > Permissions > Levels\n - AWS > EventBridge Pipes > Permissions > Levels > Modifiers\n - AWS > EventBridge Pipes > Permissions > Lockdown\n - AWS > EventBridge Pipes > Permissions > Lockdown > API Boundary\n - AWS > EventBridge Pipes > Regions\n - AWS > EventBridge Pipes > Tags Template [Default]\n - AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-eventbridgepipes\n - AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-eventbridgepipes\n - AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-eventbridgepipes"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.43.0 - Added support for osquery management and operations.","author":"Turbot Team","publishedAt":"2024-05-13T09:00:00","permalink":"te-v5-43-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n\n - Added a new GraphQL resolver for osquery to generate an enrollSecret.\n - Added new REST APIs for osquery management, which includes:\n - `api/latest/osquery/enroll`\n - `api/latest/osquery/config`\n - `api/latest/osquery/logger`\n - Introduced a dedicated worker, along with SQS FIFO queue and SNS topic FIFO, to run osquery operations.\n - Implemented a new `serviceNowCredential` resolver specifically for Kubernetes clusters.\n - Upgraded our SDK (`@turbot/sdk`) to version 5.15.0 and our fn toolkit (`@turbot/fn`) to version 5.22.0, to support FIFO queues.\n\n- UI\n - Added support for connecting to Kubernetes, facilitating easier integration and management.\n - Added report for AWS CIS v2.0.\n - Added report for AWS CIS v3.0.\n - Added report for Azure CIS v2.0.\n - Added report for GCP CIS v2.0.\n\n_Requirements_\n\n- TEF: 1.58.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-kubernetes v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-13T09:00:00","permalink":"servicenow-kubernetes-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$78"},{"meta":{"title":"osquery v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-13T09:00:00","permalink":"osquery-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n_Resource Types_\n\n- osquery\n\n_Control Types_\n\n- Turbot > Workspace > osquery\n- Turbot > Workspace > osquery > Secret Rotation\n\n_Policy Types_\n\n- Turbot > Workspace > osquery\n- Turbot > Workspace > osquery > Enroll Secret Expiration\n- Turbot > Workspace > osquery > Secrets\n- Turbot > Workspace > osquery > Secrets > Expiration Period\n- Turbot > Workspace > osquery > Secrets > Rotation\n- osquery > Configuration\n\n_Action Types_\n\n- Turbot > Rotate osquery Secret\n- osquery > Event Handler\n"},{"meta":{"title":"kubernetes v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-13T09:00:00","permalink":"kubernetes-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$79"},{"meta":{"title":"gcp-iam v5.13.1 - Service Account Key Active control will no longer attempt to delete system-managed service account keys deemed inactive by the control","author":"Turbot Team","publishedAt":"2024-05-13T09:00:00","permalink":"gcp-iam-v5-13-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > IAM > Service Account Key > Active` control will no longer attempt to delete a system-managed service account key deemed inactive by the control.\n"},{"meta":{"title":"aws-iam v5.36.0 - Determine if an IAM access key for a user is latest and take appropriate actions","author":"Turbot Team","publishedAt":"2024-05-13T09:00:00","permalink":"aws-iam-v5-36-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now determine if an IAM access key for a user is latest and deactivate or delete any keys that are not, using Guardrails. To get started, set the `AWS > IAM > Access Key > Active > Latest` policy.\n- You can now determine if an IAM server certificate is active based on its expiration. To get started, set the `AWS > IAM > Server Certificate > Active > Expired` policy.\n\n_Policy Types_\n\n - AWS > IAM > Access Key > Active > Latest\n - AWS > IAM > Server Certificate > Active > Expired\n"},{"meta":{"title":"gcp v5.24.1 - The Project CMDB control would go into an error state if Access Approval API was disabled in GCP","author":"Turbot Team","publishedAt":"2024-05-10T09:00:00","permalink":"gcp-v5-24-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Project > CMDB` control would go into an error state if Access Approval API was disabled in GCP. This is now fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.58.0 - Enhanced Monitoring, Tagging, and Resource Management","author":"Turbot Team","publishedAt":"2024-05-08T09:00:00","permalink":"tef-v1-58-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Implemented SNS topic to handle critical alarms notifications.\n- Added Product, Vendor Tags to the IAM Role resources created by the TEF stack.\n- Introduced a new SSM parameter to manage the reserved concurrency settings for the osquery worker lambda function.\n- Updated Log Bucket Lifecycle Policies:\n - **Increased Retention Period:** Extended the retention period of the lifecycle policy for logs in the log bucket with the `/processes` prefix from 1 day to 2 days.\n - **New Policy Addition:** Implemented a new lifecycle policy for managing log retention in the log bucket for logs with the `/osquery` prefix.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.42.0 - Implementation of Critical Alarms for RDS and Redis ElastiCache Utilization Metrics","author":"Turbot Team","publishedAt":"2024-05-08T09:00:00","permalink":"ted-v1-42-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Implemented critical alarms for RDS DB CPU utilization, DB Max Connections and Redis ElastiCache Memory utilization.\n- Added Product, Vendor Tags to the IAM Role resources created by the TED stack.\n"},{"meta":{"title":"azure-compute v5.16.1 - Virtual Machine Scale Set Tags control would sometimes fail to update tags correctly for Scale Sets launched via Azure marketplace","author":"Turbot Team","publishedAt":"2024-05-08T09:00:00","permalink":"azure-compute-v5-16-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Compute > Virtual Machine Scale Set > Tags` control would sometimes fail to update tags correctly for Scale Sets launched via Azure marketplace. This is fixed and the control will now update tags correctly, as expected.\n"},{"meta":{"title":"aws-vpc-security v5.10.0 - Revoke ingress rules that are unapproved for use in Network ACLs","author":"Turbot Team","publishedAt":"2024-05-08T09:00:00","permalink":"aws-vpc-security-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Revoke ingress rules that are unapproved for use in Network ACLs. To get started, set the `AWS > VPC > Network ACL > Ingress Rules > Approved > *` policies.\n"},{"meta":{"title":"aws-logs v5.12.2 - Minor fixes and improvements","author":"Turbot Team","publishedAt":"2024-05-08T09:00:00","permalink":"aws-logs-v5-12-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Minor fixes and improvements.\n"},{"meta":{"title":"aws-efs v5.8.0 - Delete existing Mount Targets which are unapproved for use in the account","author":"Turbot Team","publishedAt":"2024-05-08T09:00:00","permalink":"aws-efs-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now delete existing Mount Targets which are unapproved for use in the account. To get started, set the `AWS > EFS > Mount Target > Approved` policy to `Enforce: Delete unapproved`.\n"},{"meta":{"title":"aws-cloudwatch v5.8.0 - Create and manage `aws_cloudwatch_metric_alarm` resources via Guardrails stacks","author":"Turbot Team","publishedAt":"2024-05-08T09:00:00","permalink":"aws-cloudwatch-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Create and manage `aws_cloudwatch_metric_alarm` resources via Guardrails stacks.\n\n_Control Types_\n - AWS > CloudWatch > Alarm > Configured\n\n_Policy Types_\n - AWS > CloudWatch > Alarm > Configured\n - AWS > CloudWatch > Alarm > Configured > Claim Precedence\n - AWS > CloudWatch > Alarm > Configured > Source\n"},{"meta":{"title":"aws-securityhub v5.3.1 - Added support for `aws_securityhub_account` Terraform resource","author":"Turbot Team","publishedAt":"2024-05-07T09:00:00","permalink":"aws-securityhub-v5-3-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Added support for `aws_securityhub_account` Terraform resource.\n"},{"meta":{"title":"aws-eks v5.7.0 - Metadata for EKS resources will now also include `createdBy` details in Turbot CMDB","author":"Turbot Team","publishedAt":"2024-05-07T09:00:00","permalink":"aws-eks-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-cisv3-0 v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-06T09:00:00","permalink":"aws-cisv3-0-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$7a"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.26 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-05-03T09:00:00","permalink":"te-v5-42-26","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-dns v5.7.0 - Track and manage DNS Policies in Guardrails","author":"Turbot Team","publishedAt":"2024-05-03T09:00:00","permalink":"gcp-dns-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource Types:\n - GCP > DNS > Policy\n\n- Control Types:\n - GCP > DNS > Policy > Active\n - GCP > DNS > Policy > Approved\n - GCP > DNS > Policy > CMDB\n - GCP > DNS > Policy > Discovery\n - GCP > DNS > Policy > Usage\n\n- Policy Types:\n - GCP > DNS > Policy > Active\n - GCP > DNS > Policy > Active > Age\n - GCP > DNS > Policy > Active > Last Modified\n - GCP > DNS > Policy > Approved\n - GCP > DNS > Policy > Approved > Custom\n - GCP > DNS > Policy > Approved > Usage\n - GCP > DNS > Policy > CMDB\n - GCP > DNS > Policy > Usage\n - GCP > DNS > Policy > Usage > Limit\n\n- Action Types:\n - GCP > DNS > Policy > Delete\n - GCP > DNS > Policy > Router\n"},{"meta":{"title":"gcp-cisv2-0 v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-05-03T09:00:00","permalink":"gcp-cisv2-0-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$7b"},{"meta":{"title":"aws-cisv2-0 v5.0.1 - Minor fixes and improvements","author":"Turbot Team","publishedAt":"2024-05-03T09:00:00","permalink":"aws-cisv2-0-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Minor fixes and improvements.\n"},{"meta":{"title":"gcp v5.24.0 - Access approval setting details for projects is now be available in Project CMDB","author":"Turbot Team","publishedAt":"2024-05-02T09:00:00","permalink":"gcp-v5-24-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Access approval setting details for projects is now be available in Project CMDB.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.25 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-04-30T09:00:00","permalink":"te-v5-42-25","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-postgresql v5.15.1 - Action Type for Firewall > IP Ranges > Approved control did not render correctly for Flexi Servers on mod inspect","author":"Turbot Team","publishedAt":"2024-04-29T09:00:00","permalink":"azure-postgresql-v5-15-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n- Action Type for `Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved` control did not render correctly on mod inspect. This is now fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.24 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-04-26T09:00:00","permalink":"te-v5-42-24","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"azure-storage v5.17.1 - Storage Account Data Protection control would go into an error state when container delete retention policy data was not available in CMDB","author":"Turbot Team","publishedAt":"2024-04-26T09:00:00","permalink":"azure-storage-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Storage > Storage Account > Data Protection` control would go into an error state when container delete retention policy data was not available in CMDB. This issue is fixed and the control will now work as expected.\n"},{"meta":{"title":"azure-postgresql v5.15.0 - Remove unapproved firewall IP Ranges on PostgreSQL servers and flexi servers","author":"Turbot Team","publishedAt":"2024-04-26T09:00:00","permalink":"azure-postgresql-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$7c"},{"meta":{"title":"cis v5.0.1 - Fixed control category names for v7.2.10, v7.7.10 and v7.14.1","author":"Turbot Team","publishedAt":"2024-04-24T09:00:00","permalink":"cis-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed control category names for v7.2.10, v7.7.10 and v7.14.1.\n"},{"meta":{"title":"azure-cisv2-0 v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-04-24T09:00:00","permalink":"azure-cisv2-0-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$7d"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.23 - Refined management of various processes to improve stability and reduce backlog issues","author":"Turbot Team","publishedAt":"2024-04-23T09:00:00","permalink":"te-v5-42-23","image":null,"tags":["TE"],"product":"guardrails"},"content":"$7e"},{"meta":{"title":"turbot v5.43.1 - Process Monitor control will now run in priority queue","author":"Turbot Team","publishedAt":"2024-04-23T09:00:00","permalink":"turbot-v5-43-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n - Moved the `Turbot > Process Monitor` control to operate within the priority queue, ensuring more timely and efficient processing of critical tasks.\n - Updated the `Turbot > Workspace > Background Tasks` control to modify the next_tick_timestamp for any policy values that previously had incorrect defaults.\n"},{"meta":{"title":"azure-cosmosdb v5.5.1 - Minor fixes and improvements","author":"Turbot Team","publishedAt":"2024-04-23T09:00:00","permalink":"azure-cosmosdb-v5-5-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Minor fixes and improvements."},{"meta":{"title":"azure-storage v5.17.0 - Configure rotation reminders for access keys and soft delete for blobs and containers in storage accounts","author":"Turbot Team","publishedAt":"2024-04-22T09:00:00","permalink":"azure-storage-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$7f"},{"meta":{"title":"azure-sql v5.14.0 - Remove unapproved firewall IP Ranges on SQL servers","author":"Turbot Team","publishedAt":"2024-04-22T09:00:00","permalink":"azure-sql-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now removed unapproved Firewall IP Ranges on SQL servers. To get started, set the `Azure > SQL > Server > Firewall > IP Ranges > Approved > *` policies.\n\n_Control Types_\n\n- Azure > SQL > Server > Firewall\n- Azure > SQL > Server > Firewall > IP Ranges\n- Azure > SQL > Server > Firewall > IP Ranges > Approved\n\n_Policy Types_\n\n- Azure > SQL > Server > Firewall\n- Azure > SQL > Server > Firewall > IP Ranges\n- Azure > SQL > Server > Firewall > IP Ranges > Approved\n- Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules\n- Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses\n- Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules\n\n_Action Types_\n\n- Azure > SQL > Server > Update Firewall IP Ranges\n"},{"meta":{"title":"gcp-kms v5.8.2 - Bug fixed - Rotation policy attributes for Crypto Keys did not update correctly in CMDB when the rotation policy was removed from such keys","author":"Turbot Team","publishedAt":"2024-04-19T09:00:00","permalink":"gcp-kms-v5-8-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `rotationPeriod` and `nextRotationTime` attributes for Crypto Keys did not update correctly in CMDB when the rotation policy for such keys was removed. This is now fixed.\n"},{"meta":{"title":"azure-mysql v5.10.0 - Configure Encryption in Transit for Flexi Servers","author":"Turbot Team","publishedAt":"2024-04-19T09:00:00","permalink":"azure-mysql-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure Encryption in Transit for Flexi Servers. To get started, set the `Azure > MySQL > Flexible Server > Encryption in Transit > *` policies.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n_Control Types_\n\n- Azure > MySQL > Flexible Server > Encryption in Transit\n\n_Policy Types_\n\n- Azure > MySQL > Flexible Server > Encryption in Transit\n\n_Action Types_\n\n- Azure > MySQL > Flexible Server > Update Encryption in Transit\n"},{"meta":{"title":"azure-appservice v5.9.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-04-19T09:00:00","permalink":"azure-appservice-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n_Policy Types_\n\n- Azure > App Service > App Service Plan > Approved > Custom\n- Azure > App Service > Function App > Approved > Custom\n- Azure > App Service > Web App > Approved > Custom\n"},{"meta":{"title":"aws-vpc-security v5.9.8 - Bug fixed - Configured control for flow logs would sometimes go into an error state for flow logs claimed by a Guardrails stack","author":"Turbot Team","publishedAt":"2024-04-19T09:00:00","permalink":"aws-vpc-security-v5-9-8","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > Flow Log > Configured` control would sometimes go into an error state for flow logs created via the AWS console, even though they were correctly claimed by a Guardrails stack. This is now fixed.\n"},{"meta":{"title":"azure-postgresql v5.14.0 - Configure log checkpoints for Flexi Servers","author":"Turbot Team","publishedAt":"2024-04-17T09:00:00","permalink":"azure-postgresql-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure log checkpoints for Flexi Servers. To get started, set the `Azure > PostgreSQL > Flexible Server > Audit Logging > *` policies.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n_Control Types_\n\n- Azure > PostgreSQL > Flexible Server > Audit Logging\n\n_Policy Types_\n\n- Azure > PostgreSQL > Flexible Server > Audit Logging\n- Azure > PostgreSQL > Flexible Server > Audit Logging > Log Checkpoints\n\n_Action Types_\n\n- Azure > PostgreSQL > Flexible Server > Update Audit Logging\n"},{"meta":{"title":"azure-keyvault v5.13.0 - Configure expiration for Key Vault Keys and Secrets","author":"Turbot Team","publishedAt":"2024-04-17T09:00:00","permalink":"azure-keyvault-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure expiration for Key Vault Keys and Secrets. To get started, set the `Azure > Key Vault > Key > Expiration > *` and `Azure > Key Vault > Secret > Expiration > *` policies respectively.\n\n_Control Types_\n\n- Azure > Key Vault > Key > Expiration\n- Azure > Key Vault > Secret > Expiration\n\n_Policy Types_\n\n- Azure > Key Vault > Key > Expiration\n- Azure > Key Vault > Key > Expiration > Days [Default]\n- Azure > Key Vault > Secret > Expiration\n- Azure > Key Vault > Secret > Expiration > Days [Default]\n\n_Action Types_\n\n- Azure > Key Vault > Key > Set Expiration\n- Azure > Key Vault > Secret > Set Expiration\n"},{"meta":{"title":"aws-directconnect v5.4.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-04-17T09:00:00","permalink":"aws-directconnect-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-xray v5.4.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-04-16T09:00:00","permalink":"aws-xray-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-storage v5.16.1 - Storage Account Queue Logging control would go into a skipped state for storage accounts, irrespective of any policy setting","author":"Turbot Team","publishedAt":"2024-04-12T09:00:00","permalink":"azure-storage-v5-16-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Storage > Storage Account > Queue > Logging` control would go into a skipped state for storage accounts, irrespective of any policy setting for Logging. This issue is fixed and the control will now work as expected.\n"},{"meta":{"title":"azure-network v5.16.0 - Delete existing Public IP Addresses which are unapproved for use in the Subscription","author":"Turbot Team","publishedAt":"2024-04-11T09:00:00","permalink":"azure-network-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now delete existing Public IP Addresses which are unapproved for use in the Subscription. To get started, set the `Azure > Network > Public IP Address > Approved` policy to `Enforce: Delete unapproved`.\n"},{"meta":{"title":"turbot-iam v5.12.2 - The Account compiled policy now correctly checks the workspace version","author":"Turbot Team","publishedAt":"2024-04-10T09:00:00","permalink":"turbot-iam-v5-12-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Turbot > IAM > Permissions > Compiled > Levels > Account` policy now correctly checks the workspace version if it's installed on a workspace version < 5.50.0.\n\n"},{"meta":{"title":"azure-postgresql v5.13.0 - Configure Encryption in Transit for Flexi Servers","author":"Turbot Team","publishedAt":"2024-04-10T09:00:00","permalink":"azure-postgresql-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure Encryption in Transit for Flexi Servers. To get started, set the `Azure > PostgresSql > Flexible Server > Encryption in Transit > *` policies.\n\n_Control Types_\n- Azure > PostgreSQL > Flexible Server > Encryption in Transit\n\n_Policy Types_\n- Azure > PostgreSQL > Flexible Server > Encryption in Transit\n\n_Action Types_\n- Azure > PostgreSQL > Flexible Server > Update Encryption in Transit\n"},{"meta":{"title":"azure-activedirectory v5.5.0 - Delete existing Entra ID users which are unapproved to be used in the Tenant","author":"Turbot Team","publishedAt":"2024-04-09T09:00:00","permalink":"azure-activedirectory-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now delete existing Entra ID users which are unapproved to be used in the Tenant. To get started, set the `Azure > Active Directory > User > Approved` policy to `Enforce: Delete unapproved`.\n\n_Policy Types_\n\n- Azure > Active Directory > User > Approved > Custom\n"},{"meta":{"title":"azure-mysql v5.9.0 - Configure TLS version for Flexi Servers","author":"Turbot Team","publishedAt":"2024-04-08T09:00:00","permalink":"azure-mysql-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure TLS version for Flexi Servers. To get started, set the `Azure > MySQL > Flexible Server > Minimum TLS Version > *` policies.\n"},{"meta":{"title":"turbot-iam v5.12.1 - Removed `Account/User` and `Account/Metadata` levels from the default Account > Permission policy","author":"Turbot Team","publishedAt":"2024-04-05T09:00:00","permalink":"turbot-iam-v5-12-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Removed `Account/User` and `Account/Metadata` levels from the default Account > Permission policy\n\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.41.0 - Added support for Postgres versions 11.21 and 11.22","author":"Turbot Team","publishedAt":"2024-04-05T09:00:00","permalink":"ted-v1-41-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Support for Postgres versions 11.21 and 11.22.\n"},{"meta":{"title":"aws v5.30.0 - Account CMDB data will now also include alternate security contact details","author":"Turbot Team","publishedAt":"2024-04-05T09:00:00","permalink":"aws-v5-30-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Account CMDB data will now also include alternate security contact details.\n"},{"meta":{"title":"aws-cisv2-0 v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-04-05T09:00:00","permalink":"aws-cisv2-0-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$80"},{"meta":{"title":"gcp-sql v5.8.1 - Bug Fixed - SQL Instances were not updated/cleaned up correctly via real-time events in Guardrails","author":"Turbot Team","publishedAt":"2024-04-04T09:00:00","permalink":"gcp-sql-v5-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- SQL Instances were sometimes not updated/cleaned up correctly via real-time events in Guardrails. This is now fixed.\n"},{"meta":{"title":"aws-ec2 v5.40.0 - Manage IMDS defaults for EC2 via the Account Attributes > Instance Metadata Service Defaults control","author":"Turbot Team","publishedAt":"2024-04-02T09:00:00","permalink":"aws-ec2-v5-40-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now manage IMDS defaults for EC2 per region. To get started, set the `AWS > EC2 > Account Attributes > Instance Metadata Service Defaults > *` policies.\n\n_Bug fixes_\n\n- The `AWS > EC2 > Instance > Approved` control would sometimes fail to stop instances that were discovered in Guardrails via real-time events if the `AWS > EC2 > Instance > Approved` policy was set to `Enforce: Stop unapproved if new`. This is now fixed.\n"},{"meta":{"title":"azure-storage v5.16.0 - Blob service property details will now be available in CMDB for Storage Accounts","author":"Turbot Team","publishedAt":"2024-04-01T09:00:00","permalink":"azure-storage-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Storage Account CMDB data will now also include details about the account's blob service properties.\n"},{"meta":{"title":"azure-postgresql v5.12.0 - Configure connection_throttling parameter for PostgreSQL servers","author":"Turbot Team","publishedAt":"2024-04-01T09:00:00","permalink":"azure-postgresql-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure `connection_throttling` parameter for PostgreSQL servers. To get started, set the `Azure > PostgreSQL > Server > Audit Logging > Connection Throttling` policy.\n"},{"meta":{"title":"azure-mysql v5.8.0 - TLS version and audit log details will now be available in CMDB for Flexi Servers","author":"Turbot Team","publishedAt":"2024-04-01T09:00:00","permalink":"azure-mysql-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- TLS version and audit log details will now be available in CMDB for Flexi Servers.\n"},{"meta":{"title":"aws-kms v5.18.0 - Disable unapproved Keys via the Key > Approved control","author":"Turbot Team","publishedAt":"2024-03-29T09:00:00","permalink":"aws-kms-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now disable unapproved Keys in AWS. To get started, set the `AWS > KMS > Key > Approved` policy to `Enforce: Disable unapproved`.\n"},{"meta":{"title":"aws-sns v5.15.3 - Bug Fixed - EventBridge Rule for real-time SNS events, created by Event Handlers, will now respect `Enforce: Enabled but ignore permission errors` policy value for Subscription CMDB","author":"Turbot Team","publishedAt":"2024-03-27T09:00:00","permalink":"aws-sns-v5-15-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In v5.15.1, we introduced the policy value `Enforce: Enabled but ignore permission errors` for the `AWS > SNS > Subscription > CMDB` policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to `Enforce: Enabled but ignore permission errors` inadvertently introduced a bug, resulting in the removal of real-time events for Subscription from the SNS EventBridge rule created by the Event Handlers. This issue has now been fixed.\n"},{"meta":{"title":"aws-kms v5.17.1 - Bug Fixed - EventBridge Rule for real-time KMS events, created by Event Handlers, will now respect `Enforce: Enabled but ignore permission errors` policy value for Key CMDB","author":"Turbot Team","publishedAt":"2024-03-27T09:00:00","permalink":"aws-kms-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In v5.13.0, we introduced the policy value `Enforce: Enabled but ignore permission errors` for the `AWS > KMS > Key > CMDB` policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to `Enforce: Enabled but ignore permission errors` inadvertently introduced a bug, resulting in the removal of the EventBridge Rule for KMS by the Event Handlers. This issue has now been fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.22 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-03-19T09:00:00","permalink":"te-v5-42-22","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-ecr v5.13.0 - You can now configure IAM resource policies on repositories","author":"Turbot Team","publishedAt":"2024-03-19T09:00:00","permalink":"aws-ecr-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - AWS > ECR > Repository > Policy\n - AWS > ECR > Repository > Policy > Required\n\n- Policy Types:\n\n - AWS > ECR > Repository > Policy\n - AWS > ECR > Repository > Policy > Required\n - AWS > ECR > Repository > Policy > Required > Items\n\n- Action Types:\n - AWS > ECR > Repository > Update Repository policy\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.21 - Account import will be smoother and more consistent than before","author":"Turbot Team","publishedAt":"2024-03-18T09:00:00","permalink":"te-v5-42-21","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n- Server\n - Account import will be smoother and more consistent than before.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-vpc-connect v5.9.1 - Bug fixed - Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account","author":"Turbot Team","publishedAt":"2024-03-18T09:00:00","permalink":"aws-vpc-connect-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n"},{"meta":{"title":"aws-vpc-security v5.9.7 - `AWS > VPC > VPC > Stack` control failed to claim security group rules correctly if the `protocol` for such rules was set to `All` or `TCP` in the stack's source policy","author":"Turbot Team","publishedAt":"2024-03-15T09:00:00","permalink":"aws-vpc-security-v5-9-7","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > VPC > Stack` control failed to claim security group rules correctly if the `protocol` for such rules was set to `All` or `TCP` in the stack's source policy. This issue has been fixed, and the control will now claim such rules correctly."},{"meta":{"title":"aws v5.29.4 - Various policy definitions have been updated to allow for a smoother account import experience","author":"Turbot Team","publishedAt":"2024-03-15T09:00:00","permalink":"aws-v5-29-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- We have updated various policy definitions set during account imports to allow for a smoother account import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.20 - Bug Fixed - AWS login dropdown button to accurately display both existing and new grants","author":"Turbot Team","publishedAt":"2024-03-13T09:00:00","permalink":"te-v5-42-20","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n- UI\n - Fixed the AWS login dropdown button to accurately display both existing and new grants.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"aws-sagemaker v5.10.0 - Bug fixed - Unsupported US Gov cloud regions for Code Repository are now removed from the Regions policy","author":"Turbot Team","publishedAt":"2024-03-13T09:00:00","permalink":"aws-sagemaker-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Unsupported US Gov cloud regions were inadvertently included in the `AWS > SageMaker > Code Repository > Regions` policy, which led to the `AWS > SageMaker > Code Repository > Discovery` control being in an error state for those regions. We've now removed the unsupported US Gov cloud regions from the Regions policy.\n\n_What's new?_\n\n- Policy Types:\n - AWS > SageMaker > Notebook Instance > Approved > Custom\n"},{"meta":{"title":"aws-iam v5.35.1 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`","author":"Turbot Team","publishedAt":"2024-03-13T09:00:00","permalink":"aws-iam-v5-35-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n"},{"meta":{"title":"aws-vpc-security v5.9.6 - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`","author":"Turbot Team","publishedAt":"2024-03-11T09:00:00","permalink":"aws-vpc-security-v5-9-6","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n- In the previous version, we fixed an issue with the `AWS > VPC > VPC > Stack` control that prevented it from recognizing security group rules with the port range set to 0 correctly. However, the control still failed to claim existing security group rules available in Guardrails CMDB, due to an inadvertent bug introduced in v5.9.2. This issue has now been fixed, and the control will correctly claim existing security group rules.\n"},{"meta":{"title":"aws-sns v5.15.2 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`","author":"Turbot Team","publishedAt":"2024-03-11T09:00:00","permalink":"aws-sns-v5-15-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n"},{"meta":{"title":"gcp-storage v5.11.1 - Bug fixed - Guardrails unnecessarily listened to and processed real-time `lists` events for various storage resources","author":"Turbot Team","publishedAt":"2024-03-08T09:00:00","permalink":"gcp-storage-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Previously, Guardrails unnecessarily listened to and processed real-time `lists` events for various storage resources. We've now improved our events filter to ignore these `lists` events, thereby reducing unnecessary processing.\n"},{"meta":{"title":"aws-lambda v5.13.3 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`","author":"Turbot Team","publishedAt":"2024-03-08T09:00:00","permalink":"aws-lambda-v5-13-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n"},{"meta":{"title":"aws-glue v5.11.1 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`","author":"Turbot Team","publishedAt":"2024-03-08T09:00:00","permalink":"aws-glue-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n"},{"meta":{"title":"aws-ec2 v5.39.2 - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`","author":"Turbot Team","publishedAt":"2024-03-08T09:00:00","permalink":"aws-ec2-v5-39-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n- The `AWS > EC2 > Snapshot > Active` and `AWS > EC2 > Snapshot > Approved` controls will now not attempt to delete a snapshot if it has one or more AMIs attached to it.\n- In the previous version, although we fixed a bug to prevent upserting volumes and snapshots with incorrect AKAs, there was still a provision for instances to be upserted with incorrect AKAs. We have now addressed this issue as well, ensuring instances are upserted more correctly and consistently than before.\n- The deprecated `ec2-reports:*` permissions are now removed from the mod.\n"},{"meta":{"title":"aws-vpc-internet v5.11.2 - Bug fixed - Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`","author":"Turbot Team","publishedAt":"2024-03-07T09:00:00","permalink":"aws-vpc-internet-v5-11-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.\n- In the previous version, we believed we had resolved an issue with Internet Gateways not being upserted into the CMDB while processing real-time `CreateDefaultVpc` events. However, we overlooked an edge case in the fix. We have now addressed this issue, ensuring that Internet Gateways will be reliably discovered and upserted into the Guardrails CMDB. We recommend updating the `aws-vpc-core` mod to version 5.17.1 or higher to enable Guardrails to correctly process real-time CreateDefaultVpc events for Internet Gateways.\n- Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to `Enforce: Disabled`. This is now fixed.\n"},{"meta":{"title":"aws-vpc-security v5.9.5 - Bug fixed - The `AWS > VPC > VPC > Stack` control would sometimes go into an error state after creating security group rules with port range set to 0","author":"Turbot Team","publishedAt":"2024-03-06T09:00:00","permalink":"aws-vpc-security-v5-9-5","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > VPC > Stack` control would sometimes go into an error state after creating security group rules with port range set to 0. This occurred because the control failed to recognize the existing rule in Guardrails CMDB and attempted to create a new rule instead. This issue has been fixed, and the stack control will now work correctly as expected.\n- The `AWS > VPC > Security Group > CMDB` control would sometimes go into an error state for security groups shared from other AWS accounts. We will now exclude shared security groups and only upsert security groups that belong to the owner account.\n"},{"meta":{"title":"aws-iam v5.35.0 - You can now also manage the IAM Permissions model for Guardrails Users via AWS > Turbot > IAM > Managed control","author":"Turbot Team","publishedAt":"2024-03-06T09:00:00","permalink":"aws-iam-v5-35-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$81"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.19 - Delete operations for resources is now faster and more efficient than before","author":"Turbot Team","publishedAt":"2024-03-05T09:00:00","permalink":"te-v5-42-19","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Updated the tier for the SSM parameter `/tenant/${workspaceFullId}` to `Advanced`.\n - Delete operations for resources is now faster and more efficient than before.\n - Auto mod update control for mods will now look only for recommended versions instead of available and recommended.\n - Fixed policy value resolution to default to the value of `resolvedSchema` if not available in the schema.\n\n- UI\n - Fixed a table typo in the Steampipe query used in the resources developer tab.\n - Display the AWS login button when setting permissions via the `AWS > Turbot > IAM > Managed` control.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot-iam v5.11.1 - The default value for `Turbot > IAM > Permissions > Compiled > Levels > Turbot` policy will now be evaluated correctly and consistently","author":"Turbot Team","publishedAt":"2024-03-05T09:00:00","permalink":"turbot-iam-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The default value for `Turbot > IAM > Permissions > Compiled > Levels > Turbot` policy will now be evaluated correctly and consistently.\n"},{"meta":{"title":"aws-ssm v5.15.1 - Bug fixed - SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB","author":"Turbot Team","publishedAt":"2024-03-05T09:00:00","permalink":"aws-ssm-v5-15-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB. This issue has now been fixed.\n"},{"meta":{"title":"aws-s3 v5.24.0 - Bucket CMDB data will now also include information about Bucket Intelligent Tiering Configuration","author":"Turbot Team","publishedAt":"2024-03-05T09:00:00","permalink":"aws-s3-v5-24-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > S3 > Bucket` CMDB data will now also include information about Bucket Intelligent Tiering Configuration.\n- A few policy values in the `AWS > S3 > Bucket > Encyprion at Rest` policy have now been deprecated and will be removed in the next major mod version (v6.0.0) because they are no longer supported by AWS.\n\n | Deprecated Values \n |-\n | Check: None \n | Check: None or higher \n | Enforce: None \n | Enforce: None or higher \n"},{"meta":{"title":"aws-vpc-internet v5.11.1 - Bug fixed - Guardrails will now upsert Internet Gateways into CMDB correctly while processing real-time `CreateDefaultVpc` events","author":"Turbot Team","publishedAt":"2024-03-04T09:00:00","permalink":"aws-vpc-internet-v5-11-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Previously, Guardrails did not upsert Internet Gateways into the CMDB while processing real-time `CreateDefaultVpc` events. This issue has been fixed, and Internet Gateways will now be more reliably upserted into the Guardrails CMDB.\n We recommend updating the `aws-vpc-core` mod to v5.17.1 or higher to allow Guardrails to process the `CreateDefaultVpc` event for Internet Gateways correctly.\n"},{"meta":{"title":"aws-vpc-core v5.17.1 - Bug fixed - Guardrails will now upsert DHCP Options into CMDB correctly while processing real-time `CreateDefaultVpc` events","author":"Turbot Team","publishedAt":"2024-03-04T09:00:00","permalink":"aws-vpc-core-v5-17-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Previously, Guardrails did not upsert DHCP Options into the CMDB while processing real-time `CreateDefaultVpc` events. This issue has been fixed, and DHCP Options will now be more reliably upserted into the Guardrails CMDB.\n"},{"meta":{"title":"gcp-dataproc v5.8.1 - Bug fixed - Improved filters for real-time Dataproc lists events to reduce unnecessary processing","author":"Turbot Team","publishedAt":"2024-03-02T09:00:00","permalink":"gcp-dataproc-v5-8-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Previously, Guardrails unnecessarily listened to and processed real-time `lists` events for various Dataproc resources. We've now improved our events filter to ignore these `lists` events, thereby reducing unnecessary processing.\n"},{"meta":{"title":"gcp v5.23.4 - Bug fixed - The Event Handlers > Pub/Sub stack control will now transition to an Invalid state until Guardrails can correctly fetch the project number","author":"Turbot Team","publishedAt":"2024-02-29T09:00:00","permalink":"gcp-v5-23-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Turbot > Event Handlers > Pub/Sub` stack control previously attempted to create a topic and its IAM member incorrectly when the `GCP > Turbot > Event Handlers > Logging > Unique Writer Identity` policy was set to `Enforce: Unique Identity`, but the project number for the project was not available. This is fixed and the control will transition to an Invalid state until Guardrails can correctly fetch the project number.\n"},{"meta":{"title":"gcp-pubsub v5.9.0 - You can now manage labels for Pub/Sub Topics via Guardrails","author":"Turbot Team","publishedAt":"2024-02-28T09:00:00","permalink":"gcp-pubsub-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - GCP > Pub/Sub > Topic > Labels\n\n- Policy Types:\n - GCP > Pub/Sub > Topic > Labels\n - GCP > Pub/Sub > Topic > Labels > Template\n\n- Action Types\n - GCP > Pub/Sub > Topic > Set Labels\n"},{"meta":{"title":"aws-s3 v5.23.1 - Bug fixed - Encryption in Transit and Encryption at Rest controls will now wait for a few minutes before applying their respective enforcements","author":"Turbot Team","publishedAt":"2024-02-28T09:00:00","permalink":"aws-s3-v5-23-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In a previous version (v5.6.2), we introduced a change in the `AWS > S3 > Bucket > Encryption in Transit` and `AWS > S3 > Bucket > Encryption at Rest` control to wait for a few minutes before applying the respective policies to new buckets created via Cloudformation Stacks. We've now extended this feature to all buckets regardless of how they were created, to ensure that IaC changes can be correctly applied to buckets without interference from immediate policy enforcements.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.57.0 - Added support for Advanced Tier for SSM Parameters","author":"Turbot Team","publishedAt":"2024-02-27T09:00:00","permalink":"tef-v1-57-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for Advanced Tier for SSM Parameters.\n- Increased the visibility timeout from 60 seconds to 7200 seconds and decreased the message retention period to 7 days for runnable DLQ.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.40.0 - Added support for Postgres versions 15.5 and Redis 7.1","author":"Turbot Team","publishedAt":"2024-02-27T09:00:00","permalink":"ted-v1-40-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Support for Postgres versions 14.9, 14.10, 15.4 and 15.5.\n- Added: Support for Redis 7.1.\n- Added: m6gd.medium to instance type parameter for RDS.\n- Added: Support for Advanced Tier for SSM Parameters.\n- Removed: t4.micro and t4.small from instance type parameter for RDS.\n\n_Note_\n\nTo use the latest RDS certificate in commercial cloud, please upgrade TE to 5.42.3 or higher and update the `RDS CA Certificate for Commercial Cloud` parameter.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.18 - Added support for AWS Custom Group Levels","author":"Turbot Team","publishedAt":"2024-02-27T09:00:00","permalink":"te-v5-42-18","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Added: Support for AWS Custom Group Levels.\n - Updated: The DLQ lambda timeout has been updated to 2 minutes instead of 1 minute.\n - Updated: The Events DLQ visibility timeout has been increased from 15 minutes to 4 hours.\n - Updated: The Events DLQ MessageRetentionPeriod has been decreased from 14 days to 7 days.\n\n- UI\n - Added: Action button to run immediate policy value.\n\n_Requirements_\n\n- TEF: 1.57.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"turbot-iam v5.11.0 - Added support for group permission levels","author":"Turbot Team","publishedAt":"2024-02-27T09:00:00","permalink":"turbot-iam-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for group permission levels.\n"},{"meta":{"title":"servicenow-gcp-firebase v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-27T09:00:00","permalink":"servicenow-gcp-firebase-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$82"},{"meta":{"title":"aws-secretsmanager v5.7.0 - Secret CMDB control would go into an error state if Guardrails did not have permissions to describe a secret","author":"Turbot Team","publishedAt":"2024-02-27T09:00:00","permalink":"aws-secretsmanager-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The `AWS > Secrets Manager > Secret > CMDB` control would go into an error state if Guardrails did not have permissions to describe a secret. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the `AWS > Secrets Manager > Secret > CMDB` policy to `Enforce: Enabled but ignore permission errors`.\n"},{"meta":{"title":"aws-iam v5.34.0 - You can now attach custom IAM Groups to Guardrails users","author":"Turbot Team","publishedAt":"2024-02-27T09:00:00","permalink":"aws-iam-v5-34-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now attach custom IAM Groups to Guardrails users if the `AWS > Turbot > Permissions` policy is set to `Enforce: User Mode`. To get started, set the `AWS > Turbot > Permissions > Custom Group Levels [Account]` policy and then attach the custom group to a user via the Grant Permission button on the Permissions page. Please note that this feature will work as intended only on TE v5.42.18 or higher and `turbot-iam` mod v5.11.0 or higher.\n\n- Policy Types:\n - AWS > Turbot > Permissions > Custom Group Levels [Account]\n\n- Policy Types renamed:\n - AWS > Turbot > Permissions > Custom Levels [Account] to AWS > Turbot > Permissions > Custom Role Levels [Account]\n - AWS > Turbot > Permissions > Custom Levels [Folder] to AWS > Turbot > Permissions > Custom Role Levels [Folder]\n"},{"meta":{"title":"servicenow-gcp-network v5.1.0 - Added support for various network resources","author":"Turbot Team","publishedAt":"2024-02-23T09:00:00","permalink":"servicenow-gcp-network-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$83"},{"meta":{"title":"aws-vpc-security v5.9.4 - Bug fixed - VPC Stack control would sometimes fail to claim existing Flow Logs in Guardrails CMDB","author":"Turbot Team","publishedAt":"2024-02-22T09:00:00","permalink":"aws-vpc-security-v5-9-4","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > VPC > Stack` control would sometimes fail to claim existing Flow Logs in Guardrails CMDB. This is now fixed.\n"},{"meta":{"title":"servicenow-gcp-iam v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-21T09:00:00","permalink":"servicenow-gcp-iam-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$84"},{"meta":{"title":"servicenow-gcp-functions v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-21T09:00:00","permalink":"servicenow-gcp-functions-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Functions > Function > ServiceNow\n - GCP > Functions > Function > ServiceNow > Configuration Item\n - GCP > Functions > Function > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Functions > Function > ServiceNow\n - GCP > Functions > Function > ServiceNow > Configuration Item\n - GCP > Functions > Function > ServiceNow > Configuration Item > Record\n - GCP > Functions > Function > ServiceNow > Configuration Item > Table Definition\n - GCP > Functions > Function > ServiceNow > Table\n - GCP > Functions > Function > ServiceNow > Table > Definition\n"},{"meta":{"title":"aws-sns v5.15.1 - Bug fixed - SNS Subscription CMDB control would go into an error state if Guardrails did not have permissions to describe a subscription","author":"Turbot Team","publishedAt":"2024-02-21T09:00:00","permalink":"aws-sns-v5-15-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > SNS > Subscription > CMDB` control would go into an error state if Guardrails did not have permissions to describe a subscription. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the `AWS > SNS > Subscription > CMDB` policy to `Enforce: Enabled but ignore permission errors`.\n"},{"meta":{"title":"servicenow-gcp v5.1.0 - Added support for GCP Projects","author":"Turbot Team","publishedAt":"2024-02-20T09:00:00","permalink":"servicenow-gcp-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Project > ServiceNow\n - GCP > Project > ServiceNow > Configuration Item\n - GCP > Project > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Project > ServiceNow\n - GCP > Project > ServiceNow > Configuration Item\n - GCP > Project > ServiceNow > Configuration Item > Record\n - GCP > Project > ServiceNow > Configuration Item > Table Definition\n - GCP > Project > ServiceNow > Table\n - GCP > Project > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-memorystore v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-20T09:00:00","permalink":"servicenow-gcp-memorystore-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Memorystore > Instance > ServiceNow\n - GCP > Memorystore > Instance > ServiceNow > Configuration Item\n - GCP > Memorystore > Instance > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Memorystore > Instance > ServiceNow\n - GCP > Memorystore > Instance > ServiceNow > Configuration Item\n - GCP > Memorystore > Instance > ServiceNow > Configuration Item > Record\n - GCP > Memorystore > Instance > ServiceNow > Configuration Item > Table Definition\n - GCP > Memorystore > Instance > ServiceNow > Table\n - GCP > Memorystore > Instance > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-storage v5.1.0 - Added support for Storage Objects","author":"Turbot Team","publishedAt":"2024-02-19T09:00:00","permalink":"servicenow-gcp-storage-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Storage > Object > ServiceNow\n - GCP > Storage > Object > ServiceNow > Configuration Item\n - GCP > Storage > Object > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Storage > Object > ServiceNow\n - GCP > Storage > Object > ServiceNow > Configuration Item\n - GCP > Storage > Object > ServiceNow > Configuration Item > Record\n - GCP > Storage > Object > ServiceNow > Configuration Item > Table Definition\n - GCP > Storage > Object > ServiceNow > Table\n - GCP > Storage > Object > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-secretmanager v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-19T09:00:00","permalink":"servicenow-gcp-secretmanager-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Secret Manager > Secret > ServiceNow\n - GCP > Secret Manager > Secret > ServiceNow > Configuration Item\n - GCP > Secret Manager > Secret > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Secret Manager > Secret > ServiceNow\n - GCP > Secret Manager > Secret > ServiceNow > Configuration Item\n - GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Record\n - GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Table Definition\n - GCP > Secret Manager > Secret > ServiceNow > Table\n - GCP > Secret Manager > Secret > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-scheduler v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-19T09:00:00","permalink":"servicenow-gcp-scheduler-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Scheduler > Job > ServiceNow\n - GCP > Scheduler > Job > ServiceNow > Configuration Item\n - GCP > Scheduler > Job > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Scheduler > Job > ServiceNow\n - GCP > Scheduler > Job > ServiceNow > Configuration Item\n - GCP > Scheduler > Job > ServiceNow > Configuration Item > Record\n - GCP > Scheduler > Job > ServiceNow > Configuration Item > Table Definition\n - GCP > Scheduler > Job > ServiceNow > Table\n - GCP > Scheduler > Job > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-dataproc v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-19T09:00:00","permalink":"servicenow-gcp-dataproc-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$85"},{"meta":{"title":"servicenow-gcp-composer v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-19T09:00:00","permalink":"servicenow-gcp-composer-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Composer > Environment > ServiceNow\n - GCP > Composer > Environment > ServiceNow > Configuration Item\n - GCP > Composer > Environment > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Composer > Environment > ServiceNow\n - GCP > Composer > Environment > ServiceNow > Configuration Item\n - GCP > Composer > Environment > ServiceNow > Configuration Item > Record\n - GCP > Composer > Environment > ServiceNow > Configuration Item > Table Definition\n - GCP > Composer > Environment > ServiceNow > Table\n - GCP > Composer > Environment > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-monitoring v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-16T09:00:00","permalink":"servicenow-gcp-monitoring-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$86"},{"meta":{"title":"servicenow-gcp-dns v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-16T09:00:00","permalink":"servicenow-gcp-dns-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > DNS > Managed Zone > ServiceNow\n - GCP > DNS > Managed Zone > ServiceNow > Configuration Item\n - GCP > DNS > Managed Zone > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > DNS > Managed Zone > ServiceNow\n - GCP > DNS > Managed Zone > ServiceNow > Configuration Item\n - GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Record\n - GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Table Definition\n - GCP > DNS > Managed Zone > ServiceNow > Table\n - GCP > DNS > Managed Zone > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-datapipeline v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-16T09:00:00","permalink":"servicenow-gcp-datapipeline-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Datapipeline > Pipeline > ServiceNow\n - GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item\n - GCP > Datapipeline > Pipeline > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Datapipeline > Pipeline > ServiceNow\n - GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item\n - GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Record\n - GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Table Definition\n - GCP > Datapipeline > Pipeline > ServiceNow > Table\n - GCP > Datapipeline > Pipeline > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-dataflow v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-02-16T09:00:00","permalink":"servicenow-gcp-dataflow-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Dataflow > Job > ServiceNow\n - GCP > Dataflow > Job > ServiceNow > Configuration Item\n - GCP > Dataflow > Job > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Dataflow > Job > ServiceNow\n - GCP > Dataflow > Job > ServiceNow > Configuration Item\n - GCP > Dataflow > Job > ServiceNow > Configuration Item > Record\n - GCP > Dataflow > Job > ServiceNow > Configuration Item > Table Definition\n - GCP > Dataflow > Job > ServiceNow > Table\n - GCP > Dataflow > Job > ServiceNow > Table > Definition\n"},{"meta":{"title":"gcp-computeengine v5.18.1 - Bug fixed - Instance Template CMDB control would go into an error state due to a bad internal build","author":"Turbot Team","publishedAt":"2024-02-16T09:00:00","permalink":"gcp-computeengine-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Compute Engine > Instance Template > CMDB` control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.\n"},{"meta":{"title":"azure v5.18.2 - Bug fixed - Guardrails would sometimes fail to import Azure Subscriptions","author":"Turbot Team","publishedAt":"2024-02-16T09:00:00","permalink":"azure-v5-18-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Due to an inadvertently introduced issue with an internal build for `Azure > Subscription`, importing subscriptions encountered schema validation problems. This issue has been resolved, and you can now successfully import subscriptions as before.\n"},{"meta":{"title":"aws-ec2 v5.39.1 - Bugs fixed - Guardrails would sometimes upsert Snapshots and Volumes with incorrect AKAs","author":"Turbot Team","publishedAt":"2024-02-16T09:00:00","permalink":"aws-ec2-v5-39-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- In the previous version, while we improved on the way we discovered missing Snapshots and Volumes while processing their update events, we inadvertently introduced a bug where some resources were upserted with incorrect AKAs. Such resources with malformed AKAs should now be cleaned up automatically from the environment, and Guardrails will now discover resources more correctly and consistently than before.\n- In a previous version (v5.31.4), we implemented a feature to Discover Instances while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.\n"},{"meta":{"title":"aws v5.29.3 - Added support for `ap-northeast-3` in the `AWS > Account > Regions` policy","author":"Turbot Team","publishedAt":"2024-02-13T09:00:00","permalink":"aws-v5-29-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for `ap-northeast-3` in the `AWS > Account > Regions` policy.\n"},{"meta":{"title":"aws-logs v5.12.1 - Added support for newer `ap-*` and `eu-*` regions in the `AWS > Logs > Regions` policy","author":"Turbot Team","publishedAt":"2024-02-13T09:00:00","permalink":"aws-logs-v5-12-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for `af-south-1`, `ap-northeast-3`, `ap-south-2`, `ap-southeast-3`, `ap-southeast-4`, `ca-west-1`, `eu-central-2`, `eu-south-1`, `eu-south-2`, `il-central-1` and `me-central-1` regions in the `AWS > Logs > Regions` policy.\n"},{"meta":{"title":"aws-ec2 v5.39.0 - You can now configure Block Public Access for Snapshots","author":"Turbot Team","publishedAt":"2024-02-13T09:00:00","permalink":"aws-ec2-v5-39-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$87"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.56.0 - Added `Deny: *` for HTTP traffic in Turbot Policy Parameter for SNS Policy","author":"Turbot Team","publishedAt":"2024-02-07T09:00:00","permalink":"tef-v1-56-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Updated: MaxPalyloadSize parameter description.\n- Updated: Turbot Policy Parameter to add back `Deny: *` for HTTP in SNS Policy.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.39.0 - Added support for Postgres versions 13.12 and 13.13","author":"Turbot Team","publishedAt":"2024-02-07T09:00:00","permalink":"ted-v1-39-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Postgres versions 13.12 and 13.13.\n- Updated: CloudWatch Alarms will now use TEF SNS topic.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.17 - Added explicit Deny policy for HTTP traffic","author":"Turbot Team","publishedAt":"2024-02-07T09:00:00","permalink":"te-v5-42-17","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Added the `Deny:*` policy for HTTP traffic back to the turbot-policy-parameter custom lambda code.\n - Event DLQ should not set the control or policy value to error if there has been a new process started for the control or policy value.\n - Run next should drop the events in case of recursive loop.\n - Add additional retryable throttling codes for actions.\n\n_Requirements_\n\n- TEF: 1.55.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-dataproc v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-07T09:00:00","permalink":"gcp-dataproc-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp-composer v5.4.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-07T09:00:00","permalink":"gcp-composer-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp-spanner v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-06T09:00:00","permalink":"gcp-spanner-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"Terraform Provider v1.10.1 is now available","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"terraform-provider-v1-10-1","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\nv1.10.1 of the [Terraform Provider for Guardrails](https://registry.terraform.io/providers/turbot/turbot/1.10.1) is now available.\n\n_Bug fixes_\n\n- `resource/turbot_file`: terraform apply failed to update `content` of an existing File in Guardrails. This is now fixed.\n"},{"meta":{"title":"gcp-logging v5.4.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"gcp-logging-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - GCP > Logging > Exclusion > Approved > Custom\n - GCP > Logging > Metric > Approved > Custom\n - GCP > Logging > Sink > Approved > Custom\n"},{"meta":{"title":"gcp-kubernetesengine v5.5.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"gcp-kubernetesengine-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Policy Types:\n - GCP > Kubernetes Engine > Region Cluster > Approved > Custom\n - GCP > Kubernetes Engine > Region Node Pool > Approved > Custom\n - GCP > Kubernetes Engine > Zone Cluster > Approved > Custom\n - GCP > Kubernetes Engine > Zone Node Pool > Approved > Custom\n"},{"meta":{"title":"gcp-dataflow v5.5.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"gcp-dataflow-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - GCP > Dataflow > Job > Approved > Custom\n"},{"meta":{"title":"gcp-computeengine v5.18.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"gcp-computeengine-v5-18-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-monitor v5.7.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"azure-monitor-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"azure-keyvault v5.12.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"azure-keyvault-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-compute v5.16.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"azure-compute-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-applicationgateway v5.7.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-05T09:00:00","permalink":"azure-applicationgateway-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-ec2 v5.38.1 - Bugs Fixed - Discovery control for Key Pair would go into an error state due to unhandled escape characters","author":null,"publishedAt":"2024-02-05T09:00:00","permalink":"aws-ec2-v5-38-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n- The `AWS > EC2 > Key Pair > Discovery` control would sometimes go into an error state if a Key Pair alias included escape characters. This is now fixed.\n\n- Control Types renamed:\n - `AWS > EC2 > Volume > Configuration` to `AWS > EC2 > Volume > Performance Configuration`\n\n- Policy Types renamed:\n - `AWS > EC2 > Volume > Configuration` to `AWS > EC2 > Volume > Performance Configuration`\n - `AWS > EC2 > Volume > Configuration > IOPS Capacity` to `AWS > EC2 > Volume > Performance Configuration > IOPS Capacity`\n - `AWS > EC2 > Volume > Configuration > Throughput` to `AWS > EC2 > Volume > Performance Configuration > Throughput`\n - `AWS > EC2 > Volume > Configuration > Type` to `AWS > EC2 > Volume > Performance Configuration > Type`\n\n- Action Types renamed:\n - `AWS > EC2 > Volume > Update Configuration` to `AWS > EC2 > Volume > Update Performance Configuration`\n"},{"meta":{"title":"turbot v5.42.1 - Policy Setting Expiration control will now run every 12 hours by default","author":"Turbot Team","publishedAt":"2024-02-04T09:00:00","permalink":"turbot-v5-42-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Turbot > Policy Setting Expiration` control will now run every 12 hours to manage policy setting expirations more consistently than before.\n"},{"meta":{"title":"gcp-network v5.13.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"gcp-network-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-iam v5.13.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"gcp-iam-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-bigtable v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"gcp-bigtable-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp-appengine v5.3.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"gcp-appengine-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"azure-sql v5.13.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"azure-sql-v5-13-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-provider v5.10.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"azure-provider-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-loganalytics v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"azure-loganalytics-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"azure-loadbalancer v5.7.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"azure-loadbalancer-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"azure-iam v5.11.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"azure-iam-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-dns v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-02T09:00:00","permalink":"azure-dns-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp v5.23.3 - Bug fixed - Org Policy details will now be properly and consistently sorted for Projects","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-v5-23-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Org policy details in the Project CMDB data will now be properly and consistently sorted.\n"},{"meta":{"title":"gcp-storage v5.11.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-storage-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-sql v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-sql-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-scheduler v5.4.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-scheduler-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Policy Types:\n\n - GCP > Scheduler > Job > Approved > Custom\n"},{"meta":{"title":"gcp-pubsub v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-pubsub-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp-monitoring v5.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-monitoring-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp-dns v5.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-dns-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-build v5.2.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"gcp-build-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-storage v5.15.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-02-01T09:00:00","permalink":"azure-storage-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-gcp-spanner v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-25T09:00:00","permalink":"servicenow-gcp-spanner-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > Cloud Run > Service > ServiceNow\n - GCP > Cloud Run > Service > ServiceNow > Configuration Item\n - GCP > Cloud Run > Service > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > Cloud Run > Service > ServiceNow\n - GCP > Cloud Run > Service > ServiceNow > Configuration Item\n - GCP > Cloud Run > Service > ServiceNow > Configuration Item > Record\n - GCP > Cloud Run > Service > ServiceNow > Configuration Item > Table Definition\n - GCP > Cloud Run > Service > ServiceNow > Table\n - GCP > Cloud Run > Service > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-run v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-25T09:00:00","permalink":"servicenow-gcp-run-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$88"},{"meta":{"title":"aws-ec2 v5.38.0 - You can now configure Volume Type, IOPS Capacity and Throughput for EBS Volumes","author":"Turbot Team","publishedAt":"2024-01-25T09:00:00","permalink":"aws-ec2-v5-38-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - AWS > EC2 > Volume > Configuration\n\n- Policy Types:\n\n - AWS > EC2 > Volume > Configuration\n - AWS > EC2 > Volume > Configuration > IOPS Capacity\n - AWS > EC2 > Volume > Configuration > Throughput\n - AWS > EC2 > Volume > Configuration > Type\n\n- Action Types:\n - AWS > EC2 > Volume > Update Configuration\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.16 - Added MAX_PAYLOAD_SIZE parameter to customize API size limit","author":"Turbot Team","publishedAt":"2024-01-19T09:00:00","permalink":"te-v5-42-16","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - You can now update API size limit via the MAX_PAYLOAD_SIZE parameter.\n\n_Requirements_\n\n- TEF: 1.55.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"gcp-datapipeline v5.1.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-01-19T09:00:00","permalink":"gcp-datapipeline-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.\n"},{"meta":{"title":"aws-kinesis v5.9.0 - Added support for Kinesis Video Streams","author":"Turbot Team","publishedAt":"2024-01-19T09:00:00","permalink":"aws-kinesis-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$89"},{"meta":{"title":"servicenow-gcp-logging v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-18T09:00:00","permalink":"servicenow-gcp-logging-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$8a"},{"meta":{"title":"servicenow-gcp-computeengine v5.1.0 - Added support for HTTP Health Check, HTTPS Health Check, Health Check, Instance Template, Node Group, Node Template, Project, Region Disk and Region Health Check","author":"Turbot Team","publishedAt":"2024-01-18T09:00:00","permalink":"servicenow-gcp-computeengine-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$8b"},{"meta":{"title":"turbot v5.47.0 - Added policy to set native stack version","author":"Turbot Team","publishedAt":"2024-01-17T09:00:00","permalink":"turbot-v5-47-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Stack > Native Stack Version [Default]\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"servicenow-gcp-sql v5.1.0 - Added support for Backup and Database","author":"Turbot Team","publishedAt":"2024-01-17T09:00:00","permalink":"servicenow-gcp-sql-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - GCP > SQL > Backup > ServiceNow\n - GCP > SQL > Backup > ServiceNow > Configuration Item\n - GCP > SQL > Backup > ServiceNow > Table\n - GCP > SQL > Database > ServiceNow\n - GCP > SQL > Database > ServiceNow > Configuration Item\n - GCP > SQL > Database > ServiceNow > Table\n\n- Policy Types:\n\n - GCP > SQL > Backup > ServiceNow\n - GCP > SQL > Backup > ServiceNow > Configuration Item\n - GCP > SQL > Backup > ServiceNow > Configuration Item > Record\n - GCP > SQL > Backup > ServiceNow > Configuration Item > Table Definition\n - GCP > SQL > Backup > ServiceNow > Table\n - GCP > SQL > Backup > ServiceNow > Table > Definition\n - GCP > SQL > Database > ServiceNow\n - GCP > SQL > Database > ServiceNow > Configuration Item\n - GCP > SQL > Database > ServiceNow > Configuration Item > Record\n - GCP > SQL > Database > ServiceNow > Configuration Item > Table Definition\n - GCP > SQL > Database > ServiceNow > Table\n - GCP > SQL > Database > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-gcp-kms v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-17T09:00:00","permalink":"servicenow-gcp-kms-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$8c"},{"meta":{"title":"servicenow-gcp-bigquery v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-17T09:00:00","permalink":"servicenow-gcp-bigquery-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$8d"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.15 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"te-v5-42-15","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Updated: Enhanced IAM policy for tighter access around custom Lambda.\n - Fixed: Turbot > Workspace > Health Control should not break if there is no input.\n\n_Requirements_\n\n- TEF: 1.55.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-gcp-bigtable v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"servicenow-gcp-bigtable-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$8e"},{"meta":{"title":"servicenow-gcp-appengine v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"servicenow-gcp-appengine-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$8f"},{"meta":{"title":"gcp v5.23.2 - Bug Fixed - Event Poller control will now run lighter and quicker than before","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"gcp-v5-23-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `GCP > Turbot > Event Poller` control now includes a precheck condition to avoid running GraphQL input queries when the `GCP > Turbot > Event Poller` policy is set to `Disabled`. You won’t notice any difference and the control should run lighter and quicker than before.\n"},{"meta":{"title":"azure v5.18.1 - Bug Fixed - Event Poller controls will now run lighter and quicker than before","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"azure-v5-18-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Turbot > Event Poller` and `Azure > Turbot > Management Group Event Poller` controls now include a precheck condition to avoid running GraphQL input queries when the `Azure > Turbot > Event Poller` and `Azure > Turbot > Management Group Event Poller` policies are set to `Disabled` respectively. You won’t notice any difference and the controls should run lighter and quicker than before.\n"},{"meta":{"title":"azure-activedirectory v5.4.1 - Bug Fixed - Event Poller control will now run lighter and quicker than before","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"azure-activedirectory-v5-4-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `Azure > Turbot > Directory Event Poller` control now includes a precheck condition to avoid running GraphQL input queries when the `Azure > Turbot > Directory Event Poller` policy is set to `Disabled`. You won’t notice any difference and the control should run lighter and quicker than before.\n"},{"meta":{"title":"aws v5.29.2 - Bug Fixed - Event Poller control will now run lighter and quicker than before","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"aws-v5-29-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Turbot > Event Poller` control now includes a precheck condition to avoid running GraphQL input queries when the `AWS > Turbot > Event Poller` policy is set to `Disabled`. You won’t notice any difference and the control should run lighter and quicker than before.\n"},{"meta":{"title":"aws-opensearch v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-16T09:00:00","permalink":"aws-opensearch-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource Types:\n - AWS > OpenSearch\n\n- Policy Types:\n - AWS > OpenSearch > API Enabled\n - AWS > OpenSearch > Approved Regions [Default]\n - AWS > OpenSearch > Enabled\n - AWS > OpenSearch > Permissions\n - AWS > OpenSearch > Permissions > Levels\n - AWS > OpenSearch > Permissions > Levels > Modifiers\n - AWS > OpenSearch > Permissions > Lockdown\n - AWS > OpenSearch > Permissions > Lockdown > API Boundary\n - AWS > OpenSearch > Regions\n - AWS > OpenSearch > Tags Template [Default]\n - AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-opensearch\n - AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-opensearch\n - AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-opensearch\n"},{"meta":{"title":"servicenow-azure v5.1.0 - Added support for Resource Group, Subscription and Tenant","author":"Turbot Team","publishedAt":"2024-01-12T09:00:00","permalink":"servicenow-azure-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$90"},{"meta":{"title":"servicenow-azure-network v5.2.0 - Added support for Private Endpoints","author":"Turbot Team","publishedAt":"2024-01-11T09:00:00","permalink":"servicenow-azure-network-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - Azure > Network > Private Endpoints > ServiceNow\n - Azure > Network > Private Endpoints > ServiceNow > Configuration Item\n - Azure > Network > Private Endpoints > ServiceNow > Table\n\n- Policy Types:\n - Azure > Network > Private Endpoints > ServiceNow\n - Azure > Network > Private Endpoints > ServiceNow > Configuration Item\n - Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Record\n - Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Table Definition\n - Azure > Network > Private Endpoints > ServiceNow > Table\n - Azure > Network > Private Endpoints > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-automation v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-11T09:00:00","permalink":"servicenow-azure-automation-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$91"},{"meta":{"title":"aws-ec2 v5.37.0 - Added support for `aws_network_interface_sg_attachment` Terraform resource for Elastic Network Interfaces","author":"Turbot Team","publishedAt":"2024-01-11T09:00:00","permalink":"aws-ec2-v5-37-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for `aws_network_interface_sg_attachment` Terraform resource for `AWS > EC2 > Network Interface`.\n\n_Bug fixes_\n\n- The `AWS > EC2 > Instance > CMDB` control would sometimes trigger multiple times if `EnclaveOptions` was not set as part of the `AWS > EC2 > Instance > CMDB > Attributes` policy. This would result in unnecessary Lambda runs for the control. The `EnclaveOptions` attribute is now available in the CMDB data by default and the `EnclaveOptions` policy value in `AWS > EC2 > Instance > CMDB > Attributes` policy has now been deprecated, and will be removed in the next major version.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.54.0 - Updated Launch Template to prevent association of Network Interface with public IPs","author":"Turbot Team","publishedAt":"2024-01-10T09:00:00","permalink":"tef-v1-54-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Updated: Launch Template to prevent association of Network Interface with public IPs.\n"},{"meta":{"title":"servicenow-azure-storage v5.1.0 is now available","author":"Turbot Team","publishedAt":"2024-01-10T09:00:00","permalink":"servicenow-azure-storage-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$92"},{"meta":{"title":"servicenow-azure-recoveryservice v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-10T09:00:00","permalink":"servicenow-azure-recoveryservice-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$93"},{"meta":{"title":"servicenow-azure-monitor v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-10T09:00:00","permalink":"servicenow-azure-monitor-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$94"},{"meta":{"title":"servicenow-gcp-kubernetesengine v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-09T09:00:00","permalink":"servicenow-gcp-kubernetesengine-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$95"},{"meta":{"title":"servicenow-azure-iam v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-09T09:00:00","permalink":"servicenow-azure-iam-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$96"},{"meta":{"title":"servicenow-azure-datafactory v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-09T09:00:00","permalink":"servicenow-azure-datafactory-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$97"},{"meta":{"title":"servicenow-azure-databricks v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-09T09:00:00","permalink":"servicenow-azure-databricks-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - Azure > Databricks > Workspace > ServiceNow\n - Azure > Databricks > Workspace > ServiceNow > Configuration Item\n - Azure > Databricks > Workspace > ServiceNow > Table\n\n- Policy Types:\n - Azure > Databricks > Workspace > ServiceNow\n - Azure > Databricks > Workspace > ServiceNow > Configuration Item\n - Azure > Databricks > Workspace > ServiceNow > Configuration Item > Record\n - Azure > Databricks > Workspace > ServiceNow > Configuration Item > Table Definition\n - Azure > Databricks > Workspace > ServiceNow > Table\n - Azure > Databricks > Workspace > ServiceNow > Table > Definition\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.14 - Minor internal improvements","author":"Turbot Team","publishedAt":"2024-01-09T09:00:00","permalink":"te-v5-42-14","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Minor internal improvements.\n\n_Requirements_\n\n- TEF: 1.51.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.13 - Bug Fixed - Scheduled actions will now not fail for firehose-aws-sns mod","author":"Turbot Team","publishedAt":"2024-01-08T09:00:00","permalink":"te-v5-42-13","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - The scheduled actions would sometimes fail to work for the firehose-aws-sns mod due an inadvertent bug introduced in TE v5.42.10. This is now fixed.\n\n_Requirements_\n\n- TEF: 1.51.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-azure-activedirectory v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-08T09:00:00","permalink":"servicenow-azure-activedirectory-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$98"},{"meta":{"title":"servicenow-gcp-pubsub v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-05T09:00:00","permalink":"servicenow-gcp-pubsub-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$99"},{"meta":{"title":"servicenow-azure-synapseanalytics v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-05T09:00:00","permalink":"servicenow-azure-synapseanalytics-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$9a"},{"meta":{"title":"servicenow-azure-sqlvirtualmachine v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-05T09:00:00","permalink":"servicenow-azure-sqlvirtualmachine-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - Azure > Search Management > Search Service > ServiceNow\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item\n - Azure > Search Management > Search Service > ServiceNow > Table\n\n- Policy Types:\n - Azure > Search Management > Search Service > ServiceNow\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition\n - Azure > Search Management > Search Service > ServiceNow > Table\n - Azure > Search Management > Search Service > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-servicebus v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-05T09:00:00","permalink":"servicenow-azure-servicebus-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$9b"},{"meta":{"title":"servicenow-azure-loadbalancer v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-05T09:00:00","permalink":"servicenow-azure-loadbalancer-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - Azure > Load Balancer > Load Balance > ServiceNow\n - Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item\n - Azure > Load Balancer > Load Balance > ServiceNow > Table\n\n- Policy Types:\n - Azure > Load Balancer > Load Balance > ServiceNow\n - Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item\n - Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Record\n - Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Table Definition\n - Azure > Load Balancer > Load Balance > ServiceNow > Table\n - Azure > Load Balancer > Load Balance > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-dns v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-05T09:00:00","permalink":"servicenow-azure-dns-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$9c"},{"meta":{"title":"servicenow-azure-cosmosdb v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-05T09:00:00","permalink":"servicenow-azure-cosmosdb-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$9d"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.12 - Policy updated for Mod Lambda SNS topic","author":"Turbot Team","publishedAt":"2024-01-04T09:00:00","permalink":"te-v5-42-12","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Updated: Enhanced IAM policy for tighter access around Mod Lambda SNS topic.\n\n_Requirements_\n\n- TEF: 1.51.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-azure-searchmanagement v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-04T09:00:00","permalink":"servicenow-azure-searchmanagement-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Search Management > Search Service > ServiceNow\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item\n - Azure > Search Management > Search Service > ServiceNow > Table\n\n- Policy Types:\n - Azure > Search Management > Search Service > ServiceNow\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record\n - Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition\n - Azure > Search Management > Search Service > ServiceNow > Table\n - Azure > Search Management > Search Service > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-networkwatcher v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-04T09:00:00","permalink":"servicenow-azure-networkwatcher-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$9e"},{"meta":{"title":"servicenow-azure-frontdoorservice v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-04T09:00:00","permalink":"servicenow-azure-frontdoorservice-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Front Door > Front Door > ServiceNow\n - Azure > Front Door > Front Door > ServiceNow > Configuration Item\n - Azure > Front Door > Front Door > ServiceNow > Table\n\n- Policy Types:\n - Azure > Front Door > Front Door > ServiceNow\n - Azure > Front Door > Front Door > ServiceNow > Configuration Item\n - Azure > Front Door > Front Door > ServiceNow > Configuration Item > Record\n - Azure > Front Door > Front Door > ServiceNow > Configuration Item > Table Definition\n - Azure > Front Door > Front Door > ServiceNow > Table\n - Azure > Front Door > Front Door > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-applicationinsights v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-04T09:00:00","permalink":"servicenow-azure-applicationinsights-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Application Insights > Application Insight > ServiceNow\n - Azure > Application Insights > Application Insight > ServiceNow > Configuration Item\n - Azure > Application Insights > Application Insight > ServiceNow > Table\n\n- Policy Types:\n - Azure > Application Insights > Application Insight > ServiceNow\n - Azure > Application Insights > Application Insight > ServiceNow > Configuration Item\n - Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Record\n - Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Table Definition\n - Azure > Application Insights > Application Insight > ServiceNow > Table\n - Azure > Application Insights > Application Insight > ServiceNow > Table > Definition\n"},{"meta":{"title":"firehose-aws-sns v1.1.6 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2024-01-04T09:00:00","permalink":"firehose-aws-sns-v1-1-6","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"servicenow-azure-securitycenter v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-03T09:00:00","permalink":"servicenow-azure-securitycenter-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Security Center > Security Center > ServiceNow\n - Azure > Security Center > Security Center > ServiceNow > Configuration Item\n - Azure > Security Center > Security Center > ServiceNow > Table\n\n- Policy Types:\n - Azure > Security Center > Security Center > ServiceNow\n - Azure > Security Center > Security Center > ServiceNow > Configuration Item\n - Azure > Security Center > Security Center > ServiceNow > Configuration Item > Record\n - Azure > Security Center > Security Center > ServiceNow > Configuration Item > Table Definition\n - Azure > Security Center > Security Center > ServiceNow > Table\n - Azure > Security Center > Security Center > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-firewall v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-03T09:00:00","permalink":"servicenow-azure-firewall-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Firewall > Firewall > ServiceNow\n - Azure > Firewall > Firewall > ServiceNow > Configuration Item\n - Azure > Firewall > Firewall > ServiceNow > Table\n\n- Policy Types:\n - Azure > Firewall > Firewall > ServiceNow\n - Azure > Firewall > Firewall > ServiceNow > Configuration Item\n - Azure > Firewall > Firewall > ServiceNow > Configuration Item > Record\n - Azure > Firewall > Firewall > ServiceNow > Configuration Item > Table Definition\n - Azure > Firewall > Firewall > ServiceNow > Table\n - Azure > Firewall > Firewall > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-applicationgateway v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-03T09:00:00","permalink":"servicenow-azure-applicationgateway-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Application Gateway Service > Application Gateway > ServiceNow\n - Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item\n - Azure > Application Gateway Service > Application Gateway > ServiceNow > Table\n\n- Policy Types:\n - Azure > Application Gateway Service > Application Gateway > ServiceNow\n - Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item\n - Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Record\n - Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Table Definition\n - Azure > Application Gateway Service > Application Gateway > ServiceNow > Table\n - Azure > Application Gateway Service > Application Gateway > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-apimanagement v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-03T09:00:00","permalink":"servicenow-azure-apimanagement-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > API Management > API Management Service > ServiceNow\n - Azure > API Management > API Management Service > ServiceNow > Configuration Item\n - Azure > API Management > API Management Service > ServiceNow > Table\n\n- Policy Types:\n - Azure > API Management > API Management Service > ServiceNow\n - Azure > API Management > API Management Service > ServiceNow > Configuration Item\n - Azure > API Management > API Management Service > ServiceNow > Configuration Item > Record\n - Azure > API Management > API Management Service > ServiceNow > Configuration Item > Table Definition\n - Azure > API Management > API Management Service > ServiceNow > Table\n - Azure > API Management > API Management Service > ServiceNow > Table > Definition\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.11 - SAML Security Enhancements","author":"Turbot Team","publishedAt":"2024-01-02T09:00:00","permalink":"te-v5-42-11","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Updated: The directory API to support `Require Signed Assertion Response`.\n\n- UI:\n - Added: Introduced UI options for `Require Signed Assertion Response` for enhanced security in SAML authentication.\n\n_Requirements_\n\n- TEF: 1.51.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n\n**Enhanced Security and Compatibility Guide for SAML Authentication**\n\n**Description:**\nThe recent update to `@node-saml/passport-saml` mandates the signing of the assertion response. To ensure backward compatibility, we have introduced a new configuration option in the UI:\n\n- **Require Signed Assertion Response**\n\nBy default, this option is set to `Disabled` to maintain compatibility with existing setups.\n\n**Recommendations:**\nWe recommend enabling this option as it adds an additional layer of security. However, please be aware that enabling this setting might impact the SAML login functionality.\n\n"},{"meta":{"title":"servicenow-azure-relay v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-02T09:00:00","permalink":"servicenow-azure-relay-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Relay > Namespace > ServiceNow\n - Azure > Relay > Namespace > ServiceNow > Configuration Item\n - Azure > Relay > Namespace > ServiceNow > Table\n\n- Policy Types:\n - Azure > Relay > Namespace > ServiceNow\n - Azure > Relay > Namespace > ServiceNow > Configuration Item\n - Azure > Relay > Namespace > ServiceNow > Configuration Item > Record\n - Azure > Relay > Namespace > ServiceNow > Configuration Item > Table Definition\n - Azure > Relay > Namespace > ServiceNow > Table\n - Azure > Relay > Namespace > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-loganalytics v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-02T09:00:00","permalink":"servicenow-azure-loganalytics-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table\n\n- Policy Types:\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Record\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Table Definition\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table\n - Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-appservice v5.0.0 is now available","author":"Turbot Team","publishedAt":"2024-01-02T09:00:00","permalink":"servicenow-azure-appservice-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$9f"},{"meta":{"title":"servicenow-azure-signalr v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-23T09:00:00","permalink":"servicenow-azure-signalr-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - Azure > SignalR Service > SignalR > ServiceNow\n - Azure > SignalR Service > SignalR > ServiceNow > Configuration Item\n - Azure > SignalR Service > SignalR > ServiceNow > Table\n\n- Policy Types:\n\n - Azure > SignalR Service > SignalR > ServiceNow\n - Azure > SignalR Service > SignalR > ServiceNow > Configuration Item\n - Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Record\n - Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Table Definition\n - Azure > SignalR Service > SignalR > ServiceNow > Table\n - Azure > SignalR Service > SignalR > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-aks v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-23T09:00:00","permalink":"servicenow-azure-aks-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - Azure > AKS > Managed Cluster > ServiceNow\n - Azure > AKS > Managed Cluster > ServiceNow > Configuration Item\n - Azure > AKS > Managed Cluster > ServiceNow > Table\n\n- Policy Types:\n\n - Azure > AKS > Managed Cluster > ServiceNow\n - Azure > AKS > Managed Cluster > ServiceNow > Configuration Item\n - Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Record\n - Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Table Definition\n - Azure > AKS > Managed Cluster > ServiceNow > Table\n - Azure > AKS > Managed Cluster > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-sql v5.1.0 - Added support for Database and Elastic Pool","author":"Turbot Team","publishedAt":"2023-12-19T09:00:00","permalink":"servicenow-azure-sql-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a0"},{"meta":{"title":"servicenow-azure-network v5.1.0 - Added support for Application Security Group, Express Route Circuits, Network Interface, Private DNS Zones, Public IP Address, Route Table and Virtual Network Gateway","author":"Turbot Team","publishedAt":"2023-12-19T09:00:00","permalink":"servicenow-azure-network-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a1"},{"meta":{"title":"servicenow-azure-keyvault v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-19T09:00:00","permalink":"servicenow-azure-keyvault-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a2"},{"meta":{"title":"servicenow-azure-postgresql v5.1.0 - Added support for Flexible Server","author":"Turbot Team","publishedAt":"2023-12-18T09:00:00","permalink":"servicenow-azure-postgresql-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Azure > PostgreSQL > Flexible Server > ServiceNow\n - Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item\n - Azure > PostgreSQL > Flexible Server > ServiceNow > Table\n\n- Policy Types:\n - Azure > PostgreSQL > Flexible Server > ServiceNow\n - Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item\n - Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Record\n - Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Table Definition\n - Azure > PostgreSQL > Flexible Server > ServiceNow > Table\n - Azure > PostgreSQL > Flexible Server > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-azure-mysql v5.1.0 - Added support for Flexible Server","author":"Turbot Team","publishedAt":"2023-12-18T09:00:00","permalink":"servicenow-azure-mysql-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n\n - Azure > MySQL > Flexible Server > ServiceNow\n - Azure > MySQL > Flexible Server > ServiceNow > Configuration Item\n - Azure > MySQL > Flexible Server > ServiceNow > Table\n\n- Policy Types:\n - Azure > MySQL > Flexible Server > ServiceNow\n - Azure > MySQL > Flexible Server > ServiceNow > Configuration Item\n - Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Record\n - Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Table Definition\n - Azure > MySQL > Flexible Server > ServiceNow > Table\n - Azure > MySQL > Flexible Server > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-aws-kms v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-18T09:00:00","permalink":"servicenow-aws-kms-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - AWS > KMS > Key > ServiceNow\n - AWS > KMS > Key > ServiceNow > Configuration Item\n - AWS > KMS > Key > ServiceNow > Table\n\n- Policy Types:\n - AWS > KMS > Key > ServiceNow\n - AWS > KMS > Key > ServiceNow > Configuration Item\n - AWS > KMS > Key > ServiceNow > Configuration Item > Record\n - AWS > KMS > Key > ServiceNow > Configuration Item > Table Definition\n - AWS > KMS > Key > ServiceNow > Table\n - AWS > KMS > Key > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-aws-cloudwatch v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-18T09:00:00","permalink":"servicenow-aws-cloudwatch-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - AWS > CloudWatch > Alarm > ServiceNow\n - AWS > CloudWatch > Alarm > ServiceNow > Configuration Item\n - AWS > CloudWatch > Alarm > ServiceNow > Table\n\n- Policy Types:\n - AWS > CloudWatch > Alarm > ServiceNow\n - AWS > CloudWatch > Alarm > ServiceNow > Configuration Item\n - AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Record\n - AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Table Definition\n - AWS > CloudWatch > Alarm > ServiceNow > Table\n - AWS > CloudWatch > Alarm > ServiceNow > Table > Definition\n"},{"meta":{"title":"servicenow-aws-cloudtrail v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-18T09:00:00","permalink":"servicenow-aws-cloudtrail-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - AWS > CloudTrail > Trail > ServiceNow\n - AWS > CloudTrail > Trail > ServiceNow > Configuration Item\n - AWS > CloudTrail > Trail > ServiceNow > Table\n\n- Policy Types:\n - AWS > CloudTrail > Trail > ServiceNow\n - AWS > CloudTrail > Trail > ServiceNow > Configuration Item\n - AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Record\n - AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Table Definition\n - AWS > CloudTrail > Trail > ServiceNow > Table\n - AWS > CloudTrail > Trail > ServiceNow > Table > Definition\n"},{"meta":{"title":"aws-rds v5.26.1 - Bug Fixed - DB Instance Discovery control would sometimes incorrectly upsert DocumentDB Instances","author":"Turbot Team","publishedAt":"2023-12-15T09:00:00","permalink":"aws-rds-v5-26-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > RDS > DB Instance > Discovery` control would sometimes upsert DocumentDB Instances as RDS Instances in Guardrails CMDB. This is fixed and the control will now filter out DocumentDB Instances while upserting resources in CMDB.\n"},{"meta":{"title":"aws-lambda v5.13.2 - Added support for latest Lambda runtimes in the `AWS > Lambda > Function > Allowed Runtime > Values` policy","author":"Turbot Team","publishedAt":"2023-12-13T09:00:00","permalink":"aws-lambda-v5-13-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n- Added support for latest lambda runtimes in the AWS > Lambda > Function > Allowed Runtime > Values policy.\n"},{"meta":{"title":"aws-iam v5.33.0 - Added support for Approved policies and control for Root Resource Type","author":"Turbot Team","publishedAt":"2023-12-13T09:00:00","permalink":"aws-iam-v5-33-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n- Control Types:\n - AWS > IAM > Root > Approved\n\n- Policy Types:\n - AWS > IAM > Root > Approved\n - AWS > IAM > Root > Approved > Custom\n - AWS > IAM > Root > Approved > Usage\n\n- Action Types:\n - AWS > IAM > Root > Skip alarm for Approved control\n - AWS > IAM > Root > Skip alarm for Approved control [90 days]\n\n_Bug fixes_\n- The `AWS > IAM > Account Password Policy > CMDB` control would incorrectly go into an Alarm state when Guardrails was denied access to fetch the Account Password Policy data. This is fixed and the control will now move to an Error state instead for such cases.\n- Guardrails stack controls would sometimes fail to update IAM resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.\n"},{"meta":{"title":"servicenow v5.0.2 - README.md file is now available for users to check details about resource types that the mod covers","author":"Turbot Team","publishedAt":"2023-12-11T09:00:00","permalink":"servicenow-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- README.md file is now available for users to check details about resource types that the mod covers.\n"},{"meta":{"title":"aws-cloudfront v5.5.0 - Added support for CloudFront KeyValueStore permissions","author":"Turbot Team","publishedAt":"2023-12-11T09:00:00","permalink":"aws-cloudfront-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `AWS/CloudFront/Admin` and `AWS/CloudFront/Metadata` will now also include permissions for CloudFront KeyValueStore.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.10 - Bug fixed - Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"te-v5-42-10","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk.\n\n_Requirements_\n\n- TEF: 1.51.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3\n"},{"meta":{"title":"servicenow-gcp v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-gcp-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - ServiceNow > Turbot > Watches > GCP\n\n- Control Types:\n - ServiceNow > Turbot > Watches > GCP\n\n- Action Types:\n - ServiceNow > Turbot > Watches > GCP Archive And Delete Record\n"},{"meta":{"title":"servicenow-gcp-storage v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-gcp-storage-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - GCP > Storage > Bucket > ServiceNow\n - GCP > Storage > Bucket > ServiceNow > Configuration Item\n - GCP > Storage > Bucket > ServiceNow > Configuration Item > Record\n - GCP > Storage > Bucket > ServiceNow > Configuration Item > Table Definition\n - GCP > Storage > Bucket > ServiceNow > Table\n - GCP > Storage > Bucket > ServiceNow > Table > Definition\n\n- Control Types:\n - GCP > Storage > Bucket > ServiceNow\n - GCP > Storage > Bucket > ServiceNow > Configuration Item\n - GCP > Storage > Bucket > ServiceNow > Table\n"},{"meta":{"title":"servicenow-gcp-sql v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-gcp-sql-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - GCP > SQL > Instance > ServiceNow\n - GCP > SQL > Instance > ServiceNow > Configuration Item\n - GCP > SQL > Instance > ServiceNow > Configuration Item > Record\n - GCP > SQL > Instance > ServiceNow > Configuration Item > Table Definition\n - GCP > SQL > Instance > ServiceNow > Table\n - GCP > SQL > Instance > ServiceNow > Table > Definition\n\n- Control Types:\n - GCP > SQL > Instance > ServiceNow\n - GCP > SQL > Instance > ServiceNow > Configuration Item\n - GCP > SQL > Instance > ServiceNow > Table\n"},{"meta":{"title":"servicenow-gcp-network v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-gcp-network-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a3"},{"meta":{"title":"servicenow-gcp-computeengine v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-gcp-computeengine-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a4"},{"meta":{"title":"servicenow-azure v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-azure-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - ServiceNow > Turbot > Watches > Azure\n\n- Control Types:\n - ServiceNow > Turbot > Watches > Azure\n\n- Action Types:\n - ServiceNow > Turbot > Watches > Azure Archive And Delete Record\n"},{"meta":{"title":"servicenow-azure-storage v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-azure-storage-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Azure > Storage > Storage Account > ServiceNow\n - Azure > Storage > Storage Account > ServiceNow > Configuration Item\n - Azure > Storage > Storage Account > ServiceNow > Configuration Item > Record\n - Azure > Storage > Storage Account > ServiceNow > Configuration Item > Table Definition\n - Azure > Storage > Storage Account > ServiceNow > Table\n - Azure > Storage > Storage Account > ServiceNow > Table > Definition\n\n- Control Types:\n - Azure > Storage > Storage Account > ServiceNow\n - Azure > Storage > Storage Account > ServiceNow > Configuration Item\n - Azure > Storage > Storage Account > ServiceNow > Table\n"},{"meta":{"title":"servicenow-azure-sql v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-azure-sql-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Azure > SQL > Server > ServiceNow\n - Azure > SQL > Server > ServiceNow > Configuration Item\n - Azure > SQL > Server > ServiceNow > Configuration Item > Record\n - Azure > SQL > Server > ServiceNow > Configuration Item > Table Definition\n - Azure > SQL > Server > ServiceNow > Table\n - Azure > SQL > Server > ServiceNow > Table > Definition\n\n- Control Types:\n - Azure > SQL > Server > ServiceNow\n - Azure > SQL > Server > ServiceNow > Configuration Item\n - Azure > SQL > Server > ServiceNow > Table\n"},{"meta":{"title":"servicenow-azure-postgresql v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-azure-postgresql-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Azure > PostgreSQL > Server > ServiceNow\n - Azure > PostgreSQL > Server > ServiceNow > Configuration Item\n - Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Record\n - Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Table Definition\n - Azure > PostgreSQL > Server > ServiceNow > Table\n - Azure > PostgreSQL > Server > ServiceNow > Table > Definition\n\n- Control Types:\n - Azure > PostgreSQL > Server > ServiceNow\n - Azure > PostgreSQL > Server > ServiceNow > Configuration Item\n - Azure > PostgreSQL > Server > ServiceNow > Table\n"},{"meta":{"title":"servicenow-azure-network v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-azure-network-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a5"},{"meta":{"title":"servicenow-azure-mysql v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-azure-mysql-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Azure > MySQL > Server > ServiceNow\n - Azure > MySQL > Server > ServiceNow > Configuration Item\n - Azure > MySQL > Server > ServiceNow > Configuration Item > Record\n - Azure > MySQL > Server > ServiceNow > Configuration Item > Table Definition\n - Azure > MySQL > Server > ServiceNow > Table\n - Azure > MySQL > Server > ServiceNow > Table > Definition\n\n- Control Types:\n - Azure > MySQL > Server > ServiceNow\n - Azure > MySQL > Server > ServiceNow > Configuration Item\n - Azure > MySQL > Server > ServiceNow > Table\n"},{"meta":{"title":"servicenow-azure-compute v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-azure-compute-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a6"},{"meta":{"title":"servicenow-aws v5.0.1 - Bug Fixed - Watches control would fail to delete/archive records in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-08T09:00:00","permalink":"servicenow-aws-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `ServiceNow > Turbot > Watches > AWS` control would fail to delete/archive records in ServiceNow. This is now fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.9 - Minor fixes - TE stack will now enable propagation of custom tags to ECS tasks","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"te-v5-42-9","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Updated TE stack to enable propagation of custom tags to ECS tasks.\n - Updated @turbot/aws-sdk to 5.13.0, @turbot/fn to 5.21.0 and aws-sdk to 2.922.\n\n_Requirements_\n\n- TEF: 1.51.0\n- TED: 1.9.1\n\n_Base images_\n\nAlpine: 3.17.5\nUbuntu: 22.04.3"},{"meta":{"title":"servicenow-aws-vpc-security v5.0.2 - Minor fixes on Configuration Item and Table controls","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"servicenow-aws-vpc-security-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the `cmdb_ci*` Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.\n- The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.\n- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"servicenow-aws-vpc-internet v5.0.2 - Minor fixes on Configuration Item and Table controls","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"servicenow-aws-vpc-internet-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the `cmdb_ci*` Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.\n- The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.\n- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"servicenow-aws-vpc-core v5.0.2 - Minor fixes on Configuration Item and Table controls","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"servicenow-aws-vpc-core-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the `cmdb_ci*` Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.\n- The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.\n- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"servicenow-aws-s3 v5.0.2 - Minor fixes on Configuration Item and Table controls","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"servicenow-aws-s3-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the `cmdb_ci*` Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.\n- The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.\n- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"servicenow-aws-rds v5.0.2 - Minor fixes on Configuration Item and Table controls","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"servicenow-aws-rds-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the `cmdb_ci*` Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.\n- The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.\n- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"servicenow-aws-iam v5.0.2 - Minor fixes on Configuration Item and Table controls","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"servicenow-aws-iam-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the `cmdb_ci*` Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.\n- The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.\n- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"servicenow-aws-ec2 v5.0.2 - Minor fixes on Configuration Item and Table controls","author":"Turbot Team","publishedAt":"2023-12-07T09:00:00","permalink":"servicenow-aws-ec2-v5-0-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the `cmdb_ci*` Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.\n- The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.\n- The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"servicenow v5.0.1 - Bug Fixed - Discovery controls would sometimes upsert resources with incorrect AKAs","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The Discovery controls for Application, Cost Center and User would sometimes upsert resources with incorrect AKAs for a freshly imported ServiceNow Instance in Guardrails CMDB. This is fixed and the controls will now work as expected.\n"},{"meta":{"title":"servicenow-aws-vpc-security v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-aws-vpc-security-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.\n"},{"meta":{"title":"servicenow-aws-vpc-internet v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-aws-vpc-internet-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.\n"},{"meta":{"title":"servicenow-aws-vpc-core v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-aws-vpc-core-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.\n"},{"meta":{"title":"servicenow-aws-s3 v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-aws-s3-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.\n"},{"meta":{"title":"servicenow-aws-rds v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-aws-rds-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.\n"},{"meta":{"title":"servicenow-aws-iam v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-aws-iam-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.\n"},{"meta":{"title":"servicenow-aws-ec2 v5.0.1 - Bug Fixed - ServiceNow Table control would sometimes fail create tables correctly in ServiceNow","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"servicenow-aws-ec2-v5-0-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.\n"},{"meta":{"title":"aws v5.29.1 - Event Poller will now be automatically set to `Disabled` if either the Event Handlers or Event Handlers [Global] is set to `Enforce: Configured`","author":"Turbot Team","publishedAt":"2023-12-06T09:00:00","permalink":"aws-v5-29-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Turbot > Event Poller` policy will now be automatically set to `Disabled` if any of the `AWS > Turbot > Event Handlers` or `AWS > Turbot > Event Handlers [Global]` policies is set to `Enforce: Configured`.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.8 - Bug Fixed - ServiceNow Instance Client Secret and Password were processed incorrectly while fetching credentials for the Instance","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"te-v5-42-8","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - ServiceNow Instance Client Secret and Password were processed incorrectly while fetching credentials for the Instance.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.7 - Bug Fixed - Create mutation for ServiceNow instance failed if no instances were available in a Guardrails workspace","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"te-v5-42-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Server\n - Create mutation for ServiceNow instance failed if no instances were available in a Guardrails workspace.\n"},{"meta":{"title":"servicenow v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a7"},{"meta":{"title":"servicenow-aws-vpc-security v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-aws-vpc-security-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a8"},{"meta":{"title":"servicenow-aws-vpc-internet v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-aws-vpc-internet-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - AWS > VPC > Elastic IP > ServiceNow\n - AWS > VPC > Elastic IP > ServiceNow > Configuration Item\n - AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Record\n - AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Table Definition\n - AWS > VPC > Elastic IP > ServiceNow > Table\n - AWS > VPC > Elastic IP > ServiceNow > Table > Definition\n\n- Control Types:\n - AWS > VPC > Elastic IP > ServiceNow\n - AWS > VPC > Elastic IP > ServiceNow > Configuration Item\n - AWS > VPC > Elastic IP > ServiceNow > Table\n"},{"meta":{"title":"servicenow-aws-vpc-core v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-aws-vpc-core-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$a9"},{"meta":{"title":"servicenow-aws v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-aws-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - ServiceNow > Turbot > Watches > AWS\n\n- Control Types:\n - ServiceNow > Turbot > Watches > AWS\n\n- Action Types:\n - ServiceNow > Turbot > Watches > AWS Archive And Delete Record\n"},{"meta":{"title":"servicenow-aws-s3 v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-aws-s3-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - AWS > S3 > Bucket > ServiceNow\n - AWS > S3 > Bucket > ServiceNow > Configuration Item\n - AWS > S3 > Bucket > ServiceNow > Configuration Item > Record\n - AWS > S3 > Bucket > ServiceNow > Configuration Item > Table Definition\n - AWS > S3 > Bucket > ServiceNow > Table\n - AWS > S3 > Bucket > ServiceNow > Table > Definition\n\n- Control Types:\n - AWS > S3 > Bucket > ServiceNow\n - AWS > S3 > Bucket > ServiceNow > Configuration Item\n - AWS > S3 > Bucket > ServiceNow > Table\n"},{"meta":{"title":"servicenow-aws-iam v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-aws-iam-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$aa"},{"meta":{"title":"servicenow-aws-ec2 v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-12-05T09:00:00","permalink":"servicenow-aws-ec2-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$ab"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.6 - Added support to import ServiceNow Instances in Guardrails","author":"Turbot Team","publishedAt":"2023-12-01T09:00:00","permalink":"te-v5-42-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server\n - Added: Support for creating and deleting watches using @turbot/sdk.\n - Updated: @turbot/fn, @turbot/aws-sdk, aws-sdk, @turbot/utils, @turbot/errors, @turbot/log, @turbot/responses packages.\n - Added: Support for ServiceNow credentials.\n\n- UI:\n - Added: Support to import ServiceNow Instance in Guardrails.\n"},{"meta":{"title":"turbot v5.42.0 - Added support for new Control Categories in Guardrails","author":"Turbot Team","publishedAt":"2023-11-30T09:00:00","permalink":"turbot-v5-42-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Category Types:\n - CMDB > External\n - Cloud > Integration\n"},{"meta":{"title":"aws-kendra v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-11-28T09:00:00","permalink":"aws-kendra-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource Types:\n - AWS > Kendra\n\n- Policy Types:\n - AWS > Kendra > API Enabled\n - AWS > Kendra > Approved Regions [Default]\n - AWS > Kendra > Enabled\n - AWS > Kendra > Permissions\n - AWS > Kendra > Permissions > Levels\n - AWS > Kendra > Permissions > Levels > Modifiers\n - AWS > Kendra > Permissions > Lockdown\n - AWS > Kendra > Permissions > Lockdown > API Boundary\n - AWS > Kendra > Regions\n - AWS > Kendra > Tags Template [Default]\n - AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-kendra\n - AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-kendra\n - AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-kendra\n"},{"meta":{"title":"turbot v5.41.0 - Added support for new Categories in Guardrails","author":"Turbot Team","publishedAt":"2023-11-24T09:00:00","permalink":"turbot-v5-41-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Category Types:\n - Turbot > Resource > Category > Business Application\n - Turbot > Resource > Category > Cloud > Api\n - Turbot > Resource > Category > Cloud > Provider\n - Turbot > Resource > Category > Cloud > Resource Group\n - Turbot > Resource > Category > Container\n - Turbot > Resource > Category > Cost Management\n - Turbot > Resource > Category > End User Computing\n - Turbot > Resource > Category > Migration\n - Turbot > Resource > Category > Robotics\n"},{"meta":{"title":"gcp v5.23.1 - Added support to process enable and disable real-time events for Firebase Management APIs","author":"Turbot Team","publishedAt":"2023-11-24T09:00:00","permalink":"gcp-v5-23-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support to process enable and disable real-time events for Firebase Management APIs.\n"},{"meta":{"title":"gcp-firebase v5.1.0 - You can can now enable Firebase Management API via Guardrails; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-24T09:00:00","permalink":"gcp-firebase-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now Enable/Disable Firebase Management API via Guardrails. To get started, set the `GCP > Firebase > API Enabled` policy.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Control Types:\n - GCP > Firebase > API Enabled\n\n- Policy Types:\n - GCP > Firebase > API Enabled\n - GCP > Firebase > Android App > Approved > Custom\n - GCP > Firebase > Web App > Approved > Custom\n - GCP > Firebase > iOS App > Approved > Custom\n\n- Action Types:\n - GCP > Firebase > Set API Enabled\n"},{"meta":{"title":"azure-synapseanalytics v5.7.0 - Added support for newer Europe, India, US and US Government regions; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-24T09:00:00","permalink":"azure-synapseanalytics-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for newer US, Europe, India and US Government regions in the `Azure > Synapse Analytics > Regions` policy.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Synapse Analytics > SQL Pool > Approved > Custom\n - Azure > Synapse Analytics > SQL Pool > Regions\n - Azure > Synapse Analytics > Workspace > Approved > Custom\n"},{"meta":{"title":"azure-apimanagement v5.3.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-24T09:00:00","permalink":"azure-apimanagement-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > API Management > API Management Service > Approved > Custom\n"},{"meta":{"title":"azure-aks v5.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-24T09:00:00","permalink":"azure-aks-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > AKS > Managed Cluster > Approved > Custom\n"},{"meta":{"title":"azure-networkwatcher v5.8.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-23T09:00:00","permalink":"azure-networkwatcher-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Network Watcher > Flow Log > Approved > Custom\n - Azure > Network Watcher > Network Watcher > Approved > Custom\n"},{"meta":{"title":"azure-datafactory v5.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-23T09:00:00","permalink":"azure-datafactory-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Data Factory > Dataset > Approved > Custom\n - Azure > Data Factory > Factory > Approved > Custom\n - Azure > Data Factory > Pipeline > Approved > Custom\n"},{"meta":{"title":"gcp-notebooks v5.1.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-21T09:00:00","permalink":"gcp-notebooks-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"gcp-datacatalog v5.2.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-21T09:00:00","permalink":"gcp-datacatalog-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"azure-firewall v5.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-21T09:00:00","permalink":"azure-firewall-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Firewall > Firewall > Approved > Custom\n"},{"meta":{"title":"azure-securitycenter v5.2.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-20T09:00:00","permalink":"azure-securitycenter-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"azure-frontdoorservice v5.7.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-20T09:00:00","permalink":"azure-frontdoorservice-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Front Door > Front Door > Approved > Custom\n"},{"meta":{"title":"azure-databricks v5.3.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-20T09:00:00","permalink":"azure-databricks-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Databricks > Workspace > Approved > Custom\n"},{"meta":{"title":"azure-cosmosdb v5.5.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-20T09:00:00","permalink":"azure-cosmosdb-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"gcp-computeengine v5.17.0 - Trusted Access control for Images now also supports All Authenticated and All Users policies","author":"Turbot Team","publishedAt":"2023-11-17T09:00:00","permalink":"gcp-computeengine-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - GCP > Compute Engine > Image > Policy > Trusted Access > All Authenticated\n - GCP > Compute Engine > Image > Policy > Trusted Access > All Users\n"},{"meta":{"title":"azure-signalr v5.1.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-17T09:00:00","permalink":"azure-signalr-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > SignalR Service > SignalR > Approved > Custom\n"},{"meta":{"title":"azure-relay v5.1.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-17T09:00:00","permalink":"azure-relay-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Relay > Namespace > Approved > Custom\n"},{"meta":{"title":"gcp-functions v5.8.0 - Trusted Access control now also supports All Authenticated and All Users policies","author":"Turbot Team","publishedAt":"2023-11-16T09:00:00","permalink":"gcp-functions-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - GCP > Functions > Function > Policy > Trusted Access > All Authenticated\n - GCP > Functions > Function > Policy > Trusted Access > All Users\n"},{"meta":{"title":"azure-searchmanagement v5.7.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-16T09:00:00","permalink":"azure-searchmanagement-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n\n_What's new?_\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Search Management > Search Service > Approved > Custom\n\n"},{"meta":{"title":"azure-recoveryservice v5.5.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-16T09:00:00","permalink":"azure-recoveryservice-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n\n_What's new?_\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Policy Types:\n - Azure > Recovery Service > Vault > Approved > Custom"},{"meta":{"title":"aws-swf v5.4.0 - Quick Actions now available for Domains; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-16T09:00:00","permalink":"aws-swf-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$ac"},{"meta":{"title":"aws-qldb v5.3.0 - Quick Actions now available for Ledgers; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-09T09:00:00","permalink":"aws-qldb-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$ad"},{"meta":{"title":"aws-neptune v5.4.0 - Quick Actions now available for DB Clusters and Instances; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-09T09:00:00","permalink":"aws-neptune-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$ae"},{"meta":{"title":"aws-inspector v5.2.0 - Quick Actions now available for Assessment Targets and Templates; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-09T09:00:00","permalink":"aws-inspector-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$af"},{"meta":{"title":"aws-dax v5.4.0 - Quick Actions now available for Clusters; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-09T09:00:00","permalink":"aws-dax-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b0"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.5 - SAML Security Enhancements and Package Update (v4.0.4).","author":"Turbot Team","publishedAt":"2023-11-08T09:00:00","permalink":"te-v5-42-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"$b1"},{"meta":{"title":"aws-outposts v5.3.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-08T09:00:00","permalink":"aws-outposts-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-lightsail v5.5.0 - Quick Actions now available for all Lightsail resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-08T09:00:00","permalink":"aws-lightsail-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b2"},{"meta":{"title":"aws-bedrock v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-11-08T09:00:00","permalink":"aws-bedrock-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource Types:\n - AWS > Bedrock\n\n- Policy Types:\n - AWS > Bedrock > API Enabled\n - AWS > Bedrock > Approved Regions [Default]\n - AWS > Bedrock > Enabled\n - AWS > Bedrock > Permissions\n - AWS > Bedrock > Permissions > Levels\n - AWS > Bedrock > Permissions > Levels > Modifiers\n - AWS > Bedrock > Permissions > Lockdown\n - AWS > Bedrock > Permissions > Lockdown > API Boundary\n - AWS > Bedrock > Regions\n - AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-bedrock\n - AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-bedrock\n - AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-bedrock\n"},{"meta":{"title":"aws-appmesh v5.4.0 - Quick Actions now available for Mesh; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-08T09:00:00","permalink":"aws-appmesh-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b3"},{"meta":{"title":"aws-rds v5.26.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-07T09:00:00","permalink":"aws-rds-v5-26-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-elasticache v5.9.1 - Bug Squashed - ElastiCache Snapshot CMDB control would go into an error state due to a bad internal build","author":"Turbot Team","publishedAt":"2023-11-07T09:00:00","permalink":"aws-elasticache-v5-9-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > ElastiCache > Snapshot > CMDB` control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"aws-glue v5.11.0 - Quick Actions now available for all Glue resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-06T09:00:00","permalink":"aws-glue-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b4"},{"meta":{"title":"aws-codecommit v5.5.0 - Quick Actions now available for Repositories; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-06T09:00:00","permalink":"aws-codecommit-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b5"},{"meta":{"title":"gcp v5.23.0 - You can now set a Unique Writer Identity for Logging Sinks created via Event Handlers stack","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"gcp-v5-23-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now set a Unique Writer Identity for Logging Sink created via the `GCP > Turbot > Event Handlers` stack. To get started, set the `GCP > Turbot > Event Handlers > Logging > Unique Writer Identity` policy.\n"},{"meta":{"title":"gcp-pubsub v5.7.2 - Guardrails' stack controls will now manage Pub/Sub Topics more reliably than before","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"gcp-pubsub-v5-7-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails stack controls would sometimes fail to update Pub/Sub Topic resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.\n"},{"meta":{"title":"gcp-logging v5.3.3 - Guardrails' stack controls will now manage Logging Sinks more reliably than before","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"gcp-logging-v5-3-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails stack controls would sometimes fail to update Logging Sink resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.\n"},{"meta":{"title":"aws-wellarchitected v5.7.0 - Quick Actions now available for Workloads; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"aws-wellarchitected-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b6"},{"meta":{"title":"aws-storagegateway v5.4.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"aws-storagegateway-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-secretsmanager v5.6.0 - Quick Actions now available for Secrets; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"aws-secretsmanager-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b7"},{"meta":{"title":"aws-glacier v5.6.0 - Quick Actions now available for Vaults; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"aws-glacier-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b8"},{"meta":{"title":"aws-elasticbeanstalk v5.3.0 - Quick Actions now available for Applications; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"aws-elasticbeanstalk-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$b9"},{"meta":{"title":"aws-batch v5.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-03T09:00:00","permalink":"aws-batch-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n"},{"meta":{"title":"aws-wafregional v5.4.0 - Quick Actions now available for WAF Regional Rules; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-02T09:00:00","permalink":"aws-wafregional-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$ba"},{"meta":{"title":"aws-vpc-internet v5.11.0 - Quick Actions now available for all VPC Internet resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-02T09:00:00","permalink":"aws-vpc-internet-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$bb"},{"meta":{"title":"aws-vpc-core v5.17.0 - Quick Actions now available for all VPC Core resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-02T09:00:00","permalink":"aws-vpc-core-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$bc"},{"meta":{"title":"aws-sqs v5.14.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-02T09:00:00","permalink":"aws-sqs-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-sns v5.15.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-02T09:00:00","permalink":"aws-sns-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-elasticsearch v5.5.0 - Quick Actions now available for Domains; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-02T09:00:00","permalink":"aws-elasticsearch-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$bd"},{"meta":{"title":"aws-ec2 v5.36.2 - Bug Squashed - Account Attributes CMDB control would go into an error state due to a bad internal build","author":"Turbot Team","publishedAt":"2023-11-02T09:00:00","permalink":"aws-ec2-v5-36-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > EC2 > Account Attributes > CMDB` control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"aws v5.29.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-01T09:00:00","permalink":"aws-v5-29-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-ssm v5.15.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-01T09:00:00","permalink":"aws-ssm-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include createdBy details in Turbot CMDB.\n"},{"meta":{"title":"aws-elasticache v5.9.0 - Quick Actions now available for all ElasticCache resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-01T09:00:00","permalink":"aws-elasticache-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$be"},{"meta":{"title":"aws-datapipeline v5.3.0 - Quick Actions now available for Pipelines; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-11-01T09:00:00","permalink":"aws-datapipeline-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$bf"},{"meta":{"title":"aws-backup v5.10.1 - Bugs Squashed - Recovery Points deleted in AWS were not cleaned up automatically via real-time events in Guardrails","author":"Turbot Team","publishedAt":"2023-11-01T09:00:00","permalink":"aws-backup-v5-10-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Recovery Points deleted in AWS were not cleaned up automatically via real-time events in Guardrails. This is now fixed.\n"},{"meta":{"title":"aws-vpc-connect v5.9.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-31T09:00:00","permalink":"aws-vpc-connect-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-sagemaker v5.9.0 - Quick Actions now available for all SageMaker resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-31T09:00:00","permalink":"aws-sagemaker-v5-9-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c0"},{"meta":{"title":"aws-route53resolver v5.4.0 - Quick Actions now available for Resolver Endpoints and Rules; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-30T09:00:00","permalink":"aws-route53resolver-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c1"},{"meta":{"title":"aws-route53 v6.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-30T09:00:00","permalink":"aws-route53-v6-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-kms v5.17.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-30T09:00:00","permalink":"aws-kms-v5-17-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-events v5.12.0 - Quick Actions now available for Rules and Targets; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-30T09:00:00","permalink":"aws-events-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the `Actions` button, which will reveal a dropdown menu with available actions, and select one. See [Quick Actions](https://turbot.com/v5/docs/guides/quick-actions) for more information.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Action Types:\n - AWS > Events > Rule > Skip alarm for Approved control\n - AWS > Events > Rule > Skip alarm for Approved control [90 days]\n - AWS > Events > Target > Skip alarm for Active control\n - AWS > Events > Target > Skip alarm for Active control [90 days]\n - AWS > Events > Target > Skip alarm for Approved control\n - AWS > Events > Target > Skip alarm for Approved control [90 days]\n"},{"meta":{"title":"aws-waf v5.7.0 - Quick Actions now available for all WAF resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-27T09:00:00","permalink":"aws-waf-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c2"},{"meta":{"title":"aws-backup v5.10.0 - Quick Actions now available for all Backup resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-27T09:00:00","permalink":"aws-backup-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c3"},{"meta":{"title":"aws-workspaces v5.3.0 - Quick Actions now available for WorkSpaces; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-26T09:00:00","permalink":"aws-workspaces-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c4"},{"meta":{"title":"aws-s3 v5.23.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-25T09:00:00","permalink":"aws-s3-v5-23-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-mq v5.2.0 - Quick Actions now available for Brokers; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-25T09:00:00","permalink":"aws-mq-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c5"},{"meta":{"title":"aws-logs v5.12.0 - Quick Actions now available for all Logs resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-25T09:00:00","permalink":"aws-logs-v5-12-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c6"},{"meta":{"title":"aws-fsx v5.3.0 - Quick Actions now available for Backups and File Systems; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-25T09:00:00","permalink":"aws-fsx-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c7"},{"meta":{"title":"aws-cloudwatch v5.7.0 - Quick Actions now available for Alarms; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-25T09:00:00","permalink":"aws-cloudwatch-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c8"},{"meta":{"title":"aws-appstream v5.3.0 - Quick Actions now available for all AppStream resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-25T09:00:00","permalink":"aws-appstream-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$c9"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.4 - passport-saml Node package downgraded to 1.3.5.","author":"Turbot Team","publishedAt":"2023-10-24T09:00:00","permalink":"te-v5-42-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server:\n - Updated: Downgrade passport-saml Node package to 1.3.5.\n"},{"meta":{"title":"aws-ec2 v5.36.1 - Bug Squashed - Volume Discovery control would go into an error state due to bad GraphQL queries","author":"Turbot Team","publishedAt":"2023-10-17T09:00:00","permalink":"aws-ec2-v5-36-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > EC2 > Volume > Discovery` control would go into an error state because of an unintended GraphQL query bug. This is fixed and the control will now work correctly as expected.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.53.0 - Hive manager Updated to Manage New RDS Certificate","author":"Turbot Team","publishedAt":"2023-10-11T09:00:00","permalink":"tef-v1-53-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Updated: Hive manager code to include the new certificate.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.38.0 - New Parameter for RDS Certificate for Commercial Cloud","author":"Turbot Team","publishedAt":"2023-10-11T09:00:00","permalink":"ted-v1-38-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: parameter for RDS certificate for commercial cloud.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.3 - Bugs Squashed - Stack Control Execution Issue with Large number of Resources; RDS CA Certificate to use the latest bundled certificate","author":"Turbot Team","publishedAt":"2023-10-11T09:00:00","permalink":"te-v5-42-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server:\n - Updated: RDS CA Certificate to use the latest bundled certificate.\n - Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4\n - Updated: Steampipe query in developer section now points to the correct table.\n\n- UI:\n - Added: Option to view Changelogs in the Help dropdown menu.\n\n_Bug fixes_\n\n- Server:\n - Fixed: Stack control failed to run when a large number of resources were being managed by a stack control.\n"},{"meta":{"title":"aws-guardduty v5.7.0 - Quick Actions now available for all GuardDuty resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-09T09:00:00","permalink":"aws-guardduty-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$ca"},{"meta":{"title":"aws-emr v5.7.0 - Quick Actions now available for Clusters and Security Configurations; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-09T09:00:00","permalink":"aws-emr-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$cb"},{"meta":{"title":"aws-ecs v5.6.0 - Quick Actions now available for all ECS resources; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-09T09:00:00","permalink":"aws-ecs-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$cc"},{"meta":{"title":"aws-ec2 v5.36.0 - You can now Block Public Access for AMIs; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-09T09:00:00","permalink":"aws-ec2-v5-36-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- You can now configure Block Public Access for AMIs. To get started, set the `AWS > EC2 > Account Attributes > Block Public Access for AMIs` policy to `Enforce: Enable Block Public Access for AMIs`.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n\n- Control Types:\n - AWS > EC2 > Account Attributes > Block Public Access for AMIs\n\n- Policy Types:\n - AWS > EC2 > Account Attributes > Block Public Access for AMIs\n\n- Action Types:\n - AWS > EC2 > Account Attributes > Update Block Public Access for AMIs\n"},{"meta":{"title":"aws-dms v5.5.0 - Quick Actions now available for Endpoints and Replication Instances; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-09T09:00:00","permalink":"aws-dms-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$cd"},{"meta":{"title":"aws-ses v5.4.0 - Quick Actions now available for Identities; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-06T09:00:00","permalink":"aws-ses-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the `Actions` button, which will reveal a dropdown menu with available actions, and select one. See [Quick Actions](https://turbot.com/guardrails/docs/guides/quick-actions) for more information.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Action Types:\n - AWS > SES > Identity > Delete from AWS\n - AWS > SES > Identity > Skip alarm for Active control\n - AWS > SES > Identity > Skip alarm for Active control [90 days]\n - AWS > SES > Identity > Skip alarm for Approved control\n - AWS > SES > Identity > Skip alarm for Approved control [90 days]\n"},{"meta":{"title":"aws-securityhub v5.3.0 - Quick Actions now available for Security Hub; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-06T09:00:00","permalink":"aws-securityhub-v5-3-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$ce"},{"meta":{"title":"aws-kinesis v5.8.0 - Quick Actions now available for Consumers and Streams; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-06T09:00:00","permalink":"aws-kinesis-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$cf"},{"meta":{"title":"aws-dynamodb v5.10.0 - Quick Actions now available for Backups, Global Tables and Tables; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-06T09:00:00","permalink":"aws-dynamodb-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d0"},{"meta":{"title":"aws-stepfunctions v5.6.0 - Quick Actions now available for State Machines; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-05T09:00:00","permalink":"aws-stepfunctions-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d1"},{"meta":{"title":"aws-shield v5.2.0 - Quick Actions now available for Shield Protection; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-05T09:00:00","permalink":"aws-shield-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d2"},{"meta":{"title":"aws-directoryservice v5.4.0 - Quick Actions now available for Directories; Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-10-05T09:00:00","permalink":"aws-directoryservice-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d3"},{"meta":{"title":"aws-codebuild v5.5.0 - Quick Actions now available for all CodeBuild resources; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-05T09:00:00","permalink":"aws-codebuild-v5-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d4"},{"meta":{"title":"aws-cloudformation v5.11.0 - Quick Actions now available for Stacks and Stack Sets; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-05T09:00:00","permalink":"aws-cloudformation-v5-11-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d5"},{"meta":{"title":"aws-athena v5.4.0 - Quick Actions now available for NamedQuery and Workgroups; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-05T09:00:00","permalink":"aws-athena-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d6"},{"meta":{"title":"aws-cloudsearch v5.4.0 - Quick Actions now available for Domains; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-04T09:00:00","permalink":"aws-cloudsearch-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the `Actions` button, which will reveal a dropdown menu with available actions, and select one. See [Quick Actions](https://turbot.com/guardrails/docs/guides/quick-actions) for more information.\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Resource's metadata will now also include `createdBy` details in Turbot CMDB.\n\n- Action Types:\n - AWS > CloudSearch > Domain > Skip alarm for Active control\n - AWS > CloudSearch > Domain > Skip alarm for Active control [90 days]\n - AWS > CloudSearch > Domain > Skip alarm for Approved control\n - AWS > CloudSearch > Domain > Skip alarm for Approved control [90 days]\n"},{"meta":{"title":"aws-cloudfront v5.4.0 - Quick Actions now available for all CloudFront resources; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-04T09:00:00","permalink":"aws-cloudfront-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d7"},{"meta":{"title":"aws-apigateway v5.8.0 - Quick Actions now available for all API Gateway resources; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-04T09:00:00","permalink":"aws-apigateway-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d8"},{"meta":{"title":"aws-amplify v5.4.0 - New permissions for Deployment, WebHook and Artifacts; Quick Actions for Amplify Apps; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-04T09:00:00","permalink":"aws-amplify-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$d9"},{"meta":{"title":"aws-acm v5.8.0 - Quick Actions now available for Certificates; Lambda runtimes now powered by Node 18; and more","author":"Turbot Team","publishedAt":"2023-10-04T09:00:00","permalink":"aws-acm-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$da"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.37.0 - Added support for t4g, m7g, m6gd, r7g, r6gd, c6g and c6gd instance types for RDS; and more","author":"Turbot Team","publishedAt":"2023-09-29T09:00:00","permalink":"ted-v1-37-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: t4g, m7g, m6gd, r7g, r6gd, c6g and c6gd to instance type parameter for RDS.\n- Added: new hive parameter group for Postgres 14 and 15.\n"},{"meta":{"title":"aws-eks v5.6.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-09-29T09:00:00","permalink":"aws-eks-v5-6-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.\n"},{"meta":{"title":"aws-route53 v6.5.0 - Added new Resource Type for Route53 Records","author":"Turbot Team","publishedAt":"2023-09-28T09:00:00","permalink":"aws-route53-v6-5-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$db"},{"meta":{"title":"aws-organizations v5.2.0 - New Active and Approved controls and policies for Organizational Root and Organizational Account resource types","author":"Turbot Team","publishedAt":"2023-09-26T09:00:00","permalink":"aws-organizations-v5-2-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$dc"},{"meta":{"title":"aws-msk v5.4.0 - Added new permissions for Cluster V2, Scram Secrets and Kafka VPC Connections; and more","author":"Turbot Team","publishedAt":"2023-09-26T09:00:00","permalink":"aws-msk-v5-4-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$dd"},{"meta":{"title":"aws-elasticache v5.8.0 - You can now configure Backups for your Elasticache Replication Groups","author":"Turbot Team","publishedAt":"2023-09-26T09:00:00","permalink":"aws-elasticache-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - AWS > ElastiCache > Replication Group > Backup\n\n- Policy Types:\n - AWS > ElastiCache > Replication Group > Backup\n - AWS > ElastiCache > Replication Group > Backup > Retention Period\n - AWS > ElastiCache > Replication Group > Backup > Window\n\n- Action Types:\n - AWS > ElastiCache > Cache Cluster > Skip alarm for approved control\n - AWS > ElastiCache > Cache Cluster > Skip alarm for approved control [90 days]\n - AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control\n - AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control [90 days]\n - AWS > ElastiCache > Replication Group > Skip alarm for approved control\n - AWS > ElastiCache > Replication Group > Skip alarm for approved control [90 days]\n - AWS > ElastiCache > Replication Group > Update Backup\n - AWS > ElastiCache > Snapshot > Skip alarm for approved control\n - AWS > ElastiCache > Snapshot > Skip alarm for approved control [90 days]\n"},{"meta":{"title":"aws v5.28.0 - Added support for Global Event Handlers","author":"Turbot Team","publishedAt":"2023-09-22T09:00:00","permalink":"aws-v5-28-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$de"},{"meta":{"title":"aws-rds v5.25.0 - New Performance Insights permissions","author":"Turbot Team","publishedAt":"2023-09-21T09:00:00","permalink":"aws-rds-v5-25-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `AWS/RDS/Admin`, `AWS/RDS/Metadata` and `AWS/RDS/Operator` now include permissions for Performance Insights.\n- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.\n"},{"meta":{"title":"gcp v5.22.0 - Added support for newly supported multi-regions in GCP","author":"Turbot Team","publishedAt":"2023-09-20T09:00:00","permalink":"gcp-v5-22-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for new multi-regions `NAM8`, `NAM9`, `NAM10`, `NAM11`, `NAM12`, `NAM13`, `NAM14`, `NAM15`, `NAM-EUR-ASIA1`, `NAM-EUR-ASIA3`, `IN`, `EUR5`, `EUR6`, `EUROPE` and `EMEA` in the `GCP > Project > Regions` policy.\n\n- Policy Types Removed:\n - GCP > Project > Multi-Regions [Deprecated]\n"},{"meta":{"title":"aws-vpc-security v5.9.3 - Fixed issues for Security Group CMDB control on TE v 5.42.1 or lower","author":"Turbot Team","publishedAt":"2023-09-18T09:00:00","permalink":"aws-vpc-security-v5-9-3","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > VPC > Security Group > CMDB` control would sometimes go into an error state if the TE version installed on the workspace was 5.42.1 or lower. This is fixed and the control will now work as expected.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.36.0 - Added support for m7g instance types for Elasticache; and more","author":"Turbot Team","publishedAt":"2023-09-15T09:00:00","permalink":"ted-v1-36-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: m7g instance types for Elasticache.\n\n_Bug fixes_\n\n- User group name for hive names with _ in it.\n- Hive manager code to add access grant to public schema for postgres 15.\n\n_Requirements_\n\n- TEF: 1.52.0\n"},{"meta":{"title":"gcp v5.21.0 - Added support for new `europe-west10` region","author":"Turbot Team","publishedAt":"2023-09-15T09:00:00","permalink":"gcp-v5-21-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for new `europe-west10` region in the `GCP > Project > Regions` policy.\n- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.\n"},{"meta":{"title":"gcp-computeengine v5.16.0 - Added support for newly supported regions in GCP Compute Engine Service, and fixed a bug to upsert data disks correctly in Guardrails","author":"Turbot Team","publishedAt":"2023-09-15T09:00:00","permalink":"gcp-computeengine-v5-16-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added support for new `asia-northeast3`, `asia-south2`, `asia-southeast2`, `australia-southeast2`, `europe-central2`, `europe-southwest1`, `europe-west10`, `europe-west12`, `europe-west8`, `europe-west9`, `me-central1`, `me-west1`, `northamerica-northeast2`, `southamerica-west1`, `us-east5`, `us-south1`, `us-west3` and `us-west4` regions in the `GCP > Compute Engine > Regions` policy.\n- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.\n\n_Bug fixes_\n\n- The real-time Event Handlers would sometimes fail to upsert data disks attached to instances in Guardrails CMDB. This is now fixed.\n"},{"meta":{"title":"aws-vpc-security v5.9.2 - Fixed issues for Security Groups and Security Group Rules created/claimed via Guardrails stacks","author":"Turbot Team","publishedAt":"2023-09-15T09:00:00","permalink":"aws-vpc-security-v5-9-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Guardrails stack controls would fail to claim any existing Security Group if the Security Group was available in Guardrails CMDB and the stack's Source policy included the Terraform plan for the Security Group. This is fixed and stack control will now be able to claim existing Security Groups correctly. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.\n- Guardrails stack controls would sometimes fail to update Security Groups and Security Group Rules if the Terraform plan in the stack's source policy included changes to attributes which force replaced the resource. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.\n"},{"meta":{"title":"aws-ec2 v5.35.0 - Fixed Schedule control behavior to not start/stop an instance if it were stopped/started manually outside of the control","author":"Turbot Team","publishedAt":"2023-09-15T09:00:00","permalink":"aws-ec2-v5-35-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - AWS > EC2 > Instance > Schedule Tag > Name\n\n_Bug fixes_\n\n- After starting/stopping an instance successfully, the `AWS > EC2 > Instance > Schedule` control would try and perform the same start/stop action again if the state of the instance was changed outside of the control within 1 hour of the successful start/stop run. This is fixed and the control will now not trigger a start/stop action again for a minimum of 1 hour of the previous successful run.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.52.0 - Hive manager now includes access grant for public schema for Postgres 15","author":"Turbot Team","publishedAt":"2023-09-14T09:00:00","permalink":"tef-v1-52-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Updated: Hive manager code to include access grant for public schema for postgres 15.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.2 - Bugs Squashed - Create workspaces on fresh PostgreSQL 15 installations, removed support for vm2 node package; and more","author":"Turbot Team","publishedAt":"2023-09-14T09:00:00","permalink":"te-v5-42-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server:\n - Updated: Now supports creating multiple AKAs starting with arn, azure, and gcp via APIs.\n - Updated: Add mod version check for workspace upgrade.\n\n_Bug fixes_\n\n- Server:\n - Fixed: Ensure successful workspace creation on fresh PostgreSQL 15 installations.\n - Fixed: The stack should claim the Security Group (SG) or Security Group Rule (SGR) if the resource already exists.\n - Removed: vm2 node package.\n"},{"meta":{"title":"azure-network v5.15.0 - Added new Resource Types for Express Route Circuits","author":"Turbot Team","publishedAt":"2023-09-14T09:00:00","permalink":"azure-network-v5-15-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$df"},{"meta":{"title":"aws-iam v5.32.0 - Added support to delete Login Profiles for IAM Users","author":"Turbot Team","publishedAt":"2023-09-11T09:00:00","permalink":"aws-iam-v5-32-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\nUsers can now delete Login Profiles for IAM Users.\n\n- Control Types:\n - AWS > IAM > User > Login Profile\n\n- Policy Types:\n - AWS > IAM > User > Login Profile\n\n- Action Types:\n - AWS > IAM > User > Delete Login Profile\n"},{"meta":{"title":"azure-network v5.14.0 - Added new Resource Types for Private DNS Zones and Private Endpoints","author":"Turbot Team","publishedAt":"2023-09-06T09:00:00","permalink":"azure-network-v5-14-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$e0"},{"meta":{"title":"aws v5.27.2 - Fine-tuned the internals and smoothed out some wrinkles","author":"Turbot Team","publishedAt":"2023-09-06T09:00:00","permalink":"aws-v5-27-2","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- A few policy values would sometimes fail to evaluate correctly if the mod was installed on TE v5.42.1. We've fixed this issue and such policy values will now be evaluated correctly.\n"},{"meta":{"title":"aws v5.27.1 - Added support for AWS S3 Multi-Region Access Poin real-time events","author":"Turbot Team","publishedAt":"2023-09-06T09:00:00","permalink":"aws-v5-27-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The `AWS > Turbot > Event Handlers` now support real-time events for AWS S3 Multi-Region Access Point.\n"},{"meta":{"title":"aws-multiregionaccesspoint v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-09-06T09:00:00","permalink":"aws-multiregionaccesspoint-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$e1"},{"meta":{"title":"aws-s3 v5.22.0 - New Multi Region Access Point Routes permissions","author":"Turbot Team","publishedAt":"2023-09-06T09:00:00","permalink":"aws-s3-v5-22-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `AWS/S3/Admin` and `AWS/S3/Metadata` now include permissions for Multi-Region Access Point Routes.\n"},{"meta":{"title":"aws-efs v5.7.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-09-01T09:00:00","permalink":"aws-efs-v5-7-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime for lambda functions in the aws-efs mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.\n"},{"meta":{"title":"aws-config v5.8.0 - New Approved > Custom policies and Quick Actions for Cofigurations Recorder, Delivery Channel and Rule","author":"Turbot Team","publishedAt":"2023-09-01T09:00:00","permalink":"aws-config-v5-8-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"$e2"},{"meta":{"title":"aws-cloudtrail v5.10.0 - Lambda runtimes now powered by Node 18","author":"Turbot Team","publishedAt":"2023-08-31T09:00:00","permalink":"aws-cloudtrail-v5-10-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- We've updated the runtime for lambda functions in the [aws-cloudtrail](https://turbot.com/guardrails/docs/mods/aws/aws-cloudtrail#5100-2023-08-31) mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.\n"},{"meta":{"title":"aws-elasticinference v5.0.0 is now available","author":"Turbot Team","publishedAt":"2023-08-25T09:00:00","permalink":"aws-elasticinference-v5-0-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Resource Types:\n - AWS > Elastic Inference\n\n- Policy Types:\n - AWS > Elastic Inference > API Enabled\n - AWS > Elastic Inference > Approved Regions [Default]\n - AWS > Elastic Inference > Enabled\n - AWS > Elastic Inference > Permissions\n - AWS > Elastic Inference > Permissions > Levels\n - AWS > Elastic Inference > Permissions > Levels > Modifiers\n - AWS > Elastic Inference > Permissions > Lockdown\n - AWS > Elastic Inference > Permissions > Lockdown > API Boundary\n - AWS > Elastic Inference > Regions\n - AWS > Elastic Inference > Tags Template [Default]\n - AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-elasticinference\n - AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-elasticinference\n - AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-elasticinference\n - AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-elasticinference\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.1 - Replaced vm2 with eval for inline and trustedInline execution of policies, controls, and actions; and more","author":"Turbot Team","publishedAt":"2023-08-24T09:00:00","permalink":"te-v5-42-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server:\n - Cloudwatch dashboard query for View AWS External Messages by AWS Account ID and Events to exclude restriction on AWS.\n - Allow sending notifications for same state change.\n - Replaced vm2 with eval for inline and trustedInline execution of policies, controls, and actions.\n"},{"meta":{"title":"gcp-oauth v5.1.0 - New oauthconfig:* permissions","author":"Turbot Team","publishedAt":"2023-08-24T09:00:00","permalink":"gcp-oauth-v5-1-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `GCP/OAuth/Admin` and `GCP/OAuth/Metadata` now also include `oauthconfig:*` permissions. Click [here](https://turbot.com/guardrails/docs/mods/gcp/gcp-oauth#510-2023-08-24) for more details.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.51.0 - Restrict untrusted code upload to Guardrails","author":"Turbot Team","publishedAt":"2023-08-14T09:00:00","permalink":"tef-v1-51-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Parameter for restricting untrusted code upload to Turbot Guardrails.\n- Removed: Alb Waf support.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.42.0 - Revamping Workflow - Introducing Workers, SQS and SNS for Stack Efficiency","author":"Turbot Team","publishedAt":"2023-08-14T09:00:00","permalink":"te-v5-42-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Server:\n - Added: worker, sqs queue, sns topic for factory.\n - Updated: Allow upload of mod based on the value of TURBOT_CUSTOM_MOD_UPLOAD.\n - Added: Environment variable for custom mod upload.\n - Removed: Support for ALB WAF.\n\n_Bug fixes_\n\n- Server:\n - Stack will not fail to delete and recreate resources.\n\n_Requirements_\n\n- TEF: 1.51.0\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.35.0 - Added support for multiple Postgres versions","author":"Turbot Team","publishedAt":"2023-08-10T09:00:00","permalink":"ted-v1-35-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Postgres version 11.19, 11.20, 12.14, 12.15, 13.10, 13.11, 14.8, 15.2 and 15.3.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.41.1 - Bugs Squashed - Attach/Detach Actor Info & Redis Dependent Notifications Fix; and more","author":"Turbot Team","publishedAt":"2023-08-02T09:00:00","permalink":"te-v5-41-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- UI\n - Added: Inactive Users report.\n\n_Bug fixes_\n\n- Server:\n - The actor information for attach and detach smart folder.\n - Disable notification feature if Redis is not being used.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.50.0 - Added support for Factory worker","author":"Turbot Team","publishedAt":"2023-07-27T09:00:00","permalink":"tef-v1-50-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Support for Factory worker.\n- Updated: Descriptions and names to Turbot Guardrails Enterprise Foundation from Turbot Enterprise Foundation.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.34.0","author":"Turbot Team","publishedAt":"2023-07-27T09:00:00","permalink":"tef-v1-34-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Updated: descriptions and names from Turbot Enterprise Database to Turbot Guardrails Enterprise Database."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.41.0 - Notifying Made Easy - Control/Action Updates via Slack, Teams, and Email","author":"Turbot Team","publishedAt":"2023-07-27T09:00:00","permalink":"te-v5-41-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"$e3"},{"meta":{"title":"Turbot Guardrails CLI v1.29.0","author":"Turbot Team","publishedAt":"2023-07-27T09:00:00","permalink":"cli-v1-29-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Rebrand to Turbot Guardrails CLI. We recommend using the new guardrails registries `guardrails.turbot.com`, `guardrails.turbot-stg.com` or `guardrails.turbot-dev.com` to publish a guardrails mod. To maintain compatibility, none of the existing commands have changed, your existing configuration and commands will continue to work as before."},{"meta":{"title":"turbot v5.45.0 - Added Policy to set process retention in cache","author":"Turbot Team","publishedAt":"2023-07-22T09:00:00","permalink":"turbot-v5-45-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Workspace > Retention > Process Cache Retention.\n\n- Resource Types:\n - `Smart Folders` are now called `Policy Packs`.\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"Terraform Provider v1.10.0 is now available","author":"Turbot Team","publishedAt":"2023-07-07T09:00:00","permalink":"terraform-provider-v1-10-0","image":null,"tags":["Terraform"],"product":"guardrails"},"content":"\nv1.10.0 of the [Terraform Provider for Guardrails](https://registry.terraform.io/providers/turbot/turbot/1.10.0) is now available.\n\n_Documentation_\n\nRebrand to Turbot Guardrails provider. Resource and data source names in this provider have not changed to maintain compatibility. Existing templates will continue to work as-is without need to change anything.\n\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.11 ","author":"Turbot Team","publishedAt":"2023-07-05T09:00:00","permalink":"te-v5-40-11","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n- Fixed: Resource details are now correctly included when doing a csv download of the `Resources Deleted by Turbot` report.\n\n_Requires_\n- [TEF v1.49.0](https://turbot.com/v5/docs/releases/tef#v1490-2023-03-30)\n\n_Container Info_\n- Ubuntu: [`22.04`, `jammy-20230425`](https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-ca5534a51dd04bbcebe9b23ba05f389466cf0c190f1f8f182d7eea92a9671d00)\n- Alpine: [`3.17.3`](https://hub.docker.com/layers/library/alpine/3.17.3/images/sha256-b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d)"},{"meta":{"title":"turbot v5.44.1 - Improved pattern validation for Slack webhook URL in Rule-Based Routing policy for notifications","author":"Turbot Team","publishedAt":"2023-06-24T09:00:00","permalink":"turbot-v5-44-1","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Policy Types:\n - Improved pattern validation for `slackWebhookUrl` in `Turbot > Notifications > Rule-Based Routing` policy.\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.8 ","author":"Turbot Team","publishedAt":"2023-06-23T09:00:00","permalink":"te-v5-40-8","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Tagging details now included in CSV download for GCP Compute Engine VM Instances, Azure Compute Virtual Machines, Azure Compute Disks and EBS Volumes report.\n- Added: New filters for Turbot Files and Smart Folders in the resource browser.\n- Updated: Editing a Turbot File via the UI no longer requires the resource AKA to be specified.\n- Fixed: Resource deletion will no longer trigger an increase the count of active controls.\n\n_Requires_\n- TEF v1.49.0\n\n_Container Info_\n- Ubuntu: [`22.04`, `jammy-20230425`](https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-ca5534a51dd04bbcebe9b23ba05f389466cf0c190f1f8f182d7eea92a9671d00)\n- Alpine: [`3.17.3`](https://hub.docker.com/layers/library/alpine/3.17.3/images/sha256-b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d)"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.10 ","author":"Turbot Team","publishedAt":"2023-06-23T09:00:00","permalink":"te-v5-40-10","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Quick actions are now available for users that only have permission at the account level.\n- Fixed: The resource import page will now function correctly if the AWS mod is not installed.\n- Fixed: Resource deletion will no longer trigger an increase the count of active controls.\n\n_Requires_\n- TEF v1.49.0\n\n_Container Info_\n- Ubuntu: [`22.04`, `jammy-20230425`](https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-ca5534a51dd04bbcebe9b23ba05f389466cf0c190f1f8f182d7eea92a9671d00)\n- Alpine: [`3.17.3`](https://hub.docker.com/layers/library/alpine/3.17.3/images/sha256-b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d)"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.33.0","author":"Turbot Team","publishedAt":"2023-06-16T09:00:00","permalink":"ted-v1-33-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added: Postgres version 14.6 and 14.7.\n"},{"meta":{"title":"turbot v5.44.0 - Added Policy to store and manage outbound CIDR ranges for Lambda functions, ensuring secure connectivity with external applications","author":"Turbot Team","publishedAt":"2023-06-10T09:00:00","permalink":"turbot-v5-44-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Policy Types:\n - Turbot > Workspace > Outbound CIDR Ranges\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.7 ","author":"Turbot Team","publishedAt":"2023-05-15T09:00:00","permalink":"te-v5-40-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Ability to specify AKA when creating Turbot File.\n- Updated: Turbot explorer search will show results for Smart Folders and Turbot\n Files.\n- Fixed: Terraform stack control should not end in error if the data size for\n command is too large.\n- Fixed: Turbot actions will now be visible for users with grants at the cloud\n account level.\n\n_Enterprise_\n\n- Updated: Added debug statements for createGrant mutations.\n\n_Requires_\n\n- TEF v1.49.0\n\n_Container Info_\n\n- Ubuntu:\n [`22.04`, `jammy-20230425`](https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-ca5534a51dd04bbcebe9b23ba05f389466cf0c190f1f8f182d7eea92a9671d00)\n- Alpine:\n [`3.17.3`](https://hub.docker.com/layers/library/alpine/3.17.3/images/sha256-b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d)"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.6 ","author":"Turbot Team","publishedAt":"2023-05-15T09:00:00","permalink":"te-v5-40-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Enterprise_\n\n- Changed: Removed long debug statements from stack controls to improve\n performance of large stacks.\n- Added: Additional logging information emmited while preparing stack container.\n\n_Requires_\n\n- TEF v1.49.0\n\n_Container Info_\n\n- Ubuntu:\n [`22.04`, `jammy-20230425`](https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-ca5534a51dd04bbcebe9b23ba05f389466cf0c190f1f8f182d7eea92a9671d00?context=explore)\n- Alpine:\n [`3.17.3`](https://hub.docker.com/layers/library/alpine/3.17.3/images/sha256-b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d?context=explore)"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.5 ","author":"Turbot Team","publishedAt":"2023-05-09T09:00:00","permalink":"te-v5-40-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Fixed: Smart retention controls are now a bit smarter.\n\n_Enterprise_\n\n- Updated: Resource policy of Events SQS queues now require encryption in\n transit.\n- Updated: Resource policy of Events SNS topics now require encryption in\n transit.\n\n_Requires_\n\n- TEF v1.49.0\n\n_Container Info_\n\n- Ubuntu `22.04`, `jammy-20230425`\n- Alpine: `3.18.0`\n- "},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.4 ","author":"Turbot Team","publishedAt":"2023-05-04T09:00:00","permalink":"te-v5-40-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: debug statement for Smart Retention control.\n\n_Requires_\n\n- TEF v1.49.0"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.3 ","author":"Turbot Team","publishedAt":"2023-04-13T09:00:00","permalink":"te-v5-40-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"# Server\n\n_What's new?_\n\n- Added support for version `v5.10.0` of the Turbot IAM mod.\n- Fixed: Adding grants to group profile now works as expected.\n\n_Requires_\n\n- TEF v1.49.0"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.49.0","author":"Turbot Team","publishedAt":"2023-03-30T09:00:00","permalink":"tef-v1-49-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: New parameter that allows selection of the TLS policy for application load balancers."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.32.0","author":"Turbot Team","publishedAt":"2023-03-30T09:00:00","permalink":"tef-v1-32-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added: Parameter to manage KMS Key for RDS Performance Insights."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.2 ","author":"Turbot Team","publishedAt":"2023-03-30T09:00:00","permalink":"te-v5-40-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Updated: Accounts Summary Report now includes resource AKA(s) in the CSV\n output.\n- Updated: The Turbot auth token cookie `SameSite` configuration to `strict`.\n- Updated: The policy setting page to now render HTML content as string.\n\n_Enterprise_\n\n- Added: Parameter for TLS Policy for ALB HTTPS Listener.\n- Added: Rate limits to the login directories APIs.\n\n_Requires_\n\n- TEF v1.49.0"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.31.0","author":"Turbot Team","publishedAt":"2023-03-22T09:00:00","permalink":"tef-v1-31-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Updated: Moved management of the Elasticache user group to CloudFormation\n instead of the Hive Manager lambda. It is no longer necessary to update the\n Redis access control groups after making changes to the Redis cluster."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.1 ","author":"Turbot Team","publishedAt":"2023-03-22T09:00:00","permalink":"te-v5-40-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: AWS Lambda Functions report.\n- Updated: Turbot will now use AWS Terraform provider version `3.75.0` when\n `Turbot > Stack Terraform Version [Default]` is set to `0.15.*`\n\n_Bug fixes_\n\n- Fixed: Timestamp display in the console now updates correctly for recently\n deleted mods.\n- Fixed: When an `Action` fails due to cloud provider throttling, Turbot will\n now reschedule the control that triggered the action, those actions should now\n be more consistently applied under heavy loads.\n\n_Note_ AWS IAM permissions change in this release:\n\n- Updated: Worker Lambda to include Elasticache permissions to support the\n `Turbot > Cache > Health Check` control.\n- Updated: Hive Manager no longer manages the authentication configuration for\n ElastiCache. This responsibility has shifted to Turbot Guardrails Enterprise Database.\n- "},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.48.0","author":"Turbot Team","publishedAt":"2023-03-21T09:00:00","permalink":"tef-v1-48-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Parameter to modify Lambda trigger concurrency. "},{"meta":{"title":"turbot v5.43.0 - Unused `Turbot > Type Installed > Background Tasks` is now removed","author":"Turbot Team","publishedAt":"2023-03-05T09:00:00","permalink":"turbot-v5-43-0","image":null,"tags":["Mods"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Control Types:\n - Unused `Turbot > Type Installed > Background Tasks` is now removed\n\n_Requirements_\n\n- TE: 5.35.4"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.47.0","author":"Turbot Team","publishedAt":"2023-03-01T09:00:00","permalink":"tef-v1-47-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"_What's new?_\n- Added: New parameter for attaching a custom security group to each ECS host.\n- Added: New parameter for attaching a custom security group to the TE ALB. Requires TE > `v5.40.0`. \n- Added: Option added to enable IMDSv2 for ECS hosts.\n- Added: New parameters to specify the size and type of EBS volumes attached to ECS Hosts. \n- Added: New parameter to specify a port for outbound SMTP (if needed).\n- Updated: The `db_pair` security group now includes Elasticache rules, when Elasticache is enabled.\n\n_Deprecation_\n- As a result of this change to the `db_pair` security group, the Elasticache `cache_pair` security group is no longer required. It will be removed in a future release."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.40.0 ","author":"Turbot Team","publishedAt":"2023-03-01T09:00:00","permalink":"te-v5-40-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed: Improved handling of HTTP \"Too Many Requests\" (429) errors.\n\n_Enterprise_\n\n- Updated: TE Management Lambdas, and ECS Containers will be deployed with the\n NodeJS 16.x runtime. This change is independent of Mod Lambda runtime\n versions.\n- Added: If specified in TEF, a custom security group may be assigned to the TE\n ALB.\n\n_Requires_\n\n- TEF v1.47.0"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.46.0","author":"Turbot Team","publishedAt":"2023-02-09T09:00:00","permalink":"tef-v1-46-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Parameter to modify Lambda trigger concurrency"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.12 ","author":"Turbot Team","publishedAt":"2023-02-09T09:00:00","permalink":"te-v5-39-12","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Enterprise_\n\n- Added: Parameter for Lambda trigger concurrency.\n\n_Requires_ TEF: v1.46.0 TED: v1.9.1\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.45.0","author":"Turbot Team","publishedAt":"2023-02-02T09:00:00","permalink":"tef-v1-45-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: SSM parameter for events DLQ and worker retry reserved concurrency."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.11 ","author":"Turbot Team","publishedAt":"2023-02-02T09:00:00","permalink":"te-v5-39-11","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed: Issue that could prevent indexes from being recreated after being\n dropped.\n- Fixed: Issue with safeGet() function that could prevent reports from rendering\n in the UI.\n- Fixed: Ansible task and service now created correctly created for Ansible\n version `2.10.7`.\n\n_Enterprise_\n\n- Added: Support for trigger concurrency in worker and events lamda functions.\n\n_Requires_ TEF: v1.45.0 TED: v1.9.1"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.44.0","author":"Turbot Team","publishedAt":"2023-01-19T09:00:00","permalink":"tef-v1-44-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"_What's new?_\n- New: Turbot's autoscale group configuration has switched from `launch templates` to `launch configurations`.\n- Added: Parameter to select Lambda function runtime version.\n- Added: Encryption in transit policy for SNS topics and SQS queues.\n- Updated: Changed EBS volume storage type to `gp3`.\n- "},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.10","author":"Turbot Team","publishedAt":"2023-01-17T09:00:00","permalink":"te-v5-39-10","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Fixed: Activity page should display `alternatePersona` in the actor field if\n available.\n\n_Bug fixes_\n\n- Fixed: AWS EC2 Instance report now runs more reliably.\n- Updated: Improved the performance of the Activity page.\n\n_Enterprise_\n\n- Added: Encryption in transit policy for SNS topics and SQS queues in the\n Turbot Master account.\n- Updated: Removed the deleted control historical records from control_usage\n table.\n- Updated: `vm2` package to 3.9.11 in the ECS containers.\n- "},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.9 ","author":"Turbot Team","publishedAt":"2022-12-19T09:00:00","permalink":"te-v5-39-9","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Support to import Azure China Cloud subscriptions.\n- Added: Support for Azure China Cloud endpoints.\n\n_Bug fixes_\n\n- Updated: Increased reliability of policy value application when attaching a\n smartfolder.\n\n_Enterprise_\n\n- Updated: Removed Xray configuration from Postgres pool, as it was not being\n used.\n- Updated: vm2 in main package.json updated to 3.9.11.\n- Updated: Maintenance container base image to node:14-alpine3.17.\n\n_Requires_ TEF: v1.42.1 TED: v1.9.1\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.28.0","author":"Turbot Team","publishedAt":"2022-12-09T09:00:00","permalink":"tef-v1-28-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added: Support for Postgres versions: 13.8, 14.1, 14.2, 14.3, 14.4, 14.5.\n- Added: Support for Redis 7.0.\n- Added: Support for RDS gp3 disk types."},{"meta":{"title":"Turbot Guardrails CLI v1.28.6","author":"Turbot Team","publishedAt":"2022-11-29T09:00:00","permalink":"cli-v1-28-6","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Add role as a valid level to generate temporary credentials for roles.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.8 ","author":"Turbot Team","publishedAt":"2022-11-23T09:00:00","permalink":"te-v5-39-8","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Updated: Query for resource notifications to improve performance when using\n the `Activity` sub-tab on the resource page.\n- Updated: Improved logic used to determine when to run maintenance control for\n stale policy values.\n- Updated: Mod install controlls will now use the standard worker queue instead\n of worker_priority queue to allow other actions to take priority during mod\n installs.\n\n_Enterprise_\n\n- Updated: Updated Ubuntu vm2 package to version 3.9.11. to resolve\n CVE-2022-36067.\n- Updated: Message retetion period of events priority queue changed to 96 hours.\n\n_Requires_ TEF: v1.42.1 TED: v1.9.1\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.43.0","author":"Turbot Team","publishedAt":"2022-11-16T09:00:00","permalink":"tef-v1-43-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: support for TLS 1.2 for API Gateway"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.7 ","author":"Turbot Team","publishedAt":"2022-11-08T09:00:00","permalink":"te-v5-39-7","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Added: Btree aka index for akas_history and akas table. The Activity Tab\n should show improved performance.\n\n_Requires_ TEF: v1.42.1 TED: v1.9.1\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.6 ","author":"Turbot Team","publishedAt":"2022-10-25T09:00:00","permalink":"te-v5-39-6","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed: Downloading the csv for EC2 > Instance > Report should not fail.\n\n_Enterprise_\n\n- Added: ability to run async/callback in control's `inline`.\n- Added: Ability to move control to priority queue.\n- Updated: mute noisy log if unable to get process log data from S3.\n\n_Requires_ TEF: v1.42.1 TED: v1.9.1\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.27.0","author":"Turbot Team","publishedAt":"2022-10-06T09:00:00","permalink":"tef-v1-27-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added: Postgres version 13.7 to RDS engine parameter.\n- Added: Tags to elasticache resources."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.5 ","author":"Turbot Team","publishedAt":"2022-09-06T09:00:00","permalink":"te-v5-39-5","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Updated: Local Profiles and Group Profiles filter now use free text search\n instead of akas matches.\n- Updated: Installing a mod using the CLI now runs faster, reducing the\n likelyhood of a timeout.\n- Fixed: Quick actions menu will no longer show actions from child resources.\n\n_Enterprise_\n\n- Added: Support for workspace URL in Turbot > Workspace > Workspace URL policy.\n\n_Requires_ TEF: v1.42.1 TED: v1.9.1\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.42.0","author":"Turbot Team","publishedAt":"2022-08-25T09:00:00","permalink":"tef-v1-42-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: SSM parameter for Process Log Fallback Bucket.\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.4 ","author":"Turbot Team","publishedAt":"2022-08-25T09:00:00","permalink":"te-v5-39-4","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed: Resolved issue where EC2 instance report would fail to run.\n- Fixed: Permissions summary report now works for users without permissions at\n the root level.\n\n_Enterprise_\n\n- Added: allow an alternative process log bucket to be provided to read from an\n older bucket.\n- Updated: Ansible container base image to Ubuntu 22.10 (Kinetic Kudu)\n- Updated: Ansible version to 2.10.7\n- Updated: Docker base images of API and Factory to ubuntu 22.\n\n_Requires_ TEF: v1.42.1 TED: v1.9.1\n"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.3 ","author":"Turbot Team","publishedAt":"2022-08-08T09:00:00","permalink":"te-v5-39-3","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed: Apollo UI behaves properly when setting backoff interval of an action.\n- Fixed: Actor display information will now fallback to `unidentified` if\n persona and identity are not available.\n- Updated: UI will now use the actor information of the process (if supplied)\n for Policy Setting CRUD operations.\n- Updated: Action runs now carry the identity of its launcher. This changes the\n way notifications are presented. Previously notifications from an action\n showed as `Unidentified`, now they will carry the identity of the launcher,\n most of the time this will be the Turbot identity unless the action is\n launched by a user from Turbot UI.\n\n_Enterprise_\n\n- Updated: Linux Environment control to support version 3 of SELinux Python\n bindings"},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.2 ","author":"Turbot Team","publishedAt":"2022-07-27T09:00:00","permalink":"te-v5-39-2","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Enterprise_\n\n- Updated: Improved Ansible container error handling\n\n_UI_\n\n- Added: Mutation resolver for quick action and steampipe query in the developer\n tab.\n- Added: Add support to execute quick action via URL."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.1 ","author":"Turbot Team","publishedAt":"2022-07-13T09:00:00","permalink":"te-v5-39-1","image":null,"tags":["TE"],"product":"guardrails"},"content":"\n_Enterprise_\n\n- Fixed: Control type should only trigger the control if there is a change in\n graphql/inline/function."},{"meta":{"title":"Turbot Guardrails Enterprise (TE) v5.39.0 ","author":"Turbot Team","publishedAt":"2022-07-05T09:00:00","permalink":"te-v5-39-0","image":null,"tags":["TE"],"product":"guardrails"},"content":"$e4"},{"meta":{"title":"Turbot Guardrails CLI v1.28.5","author":"Turbot Team","publishedAt":"2022-06-30T09:00:00","permalink":"cli-v1-28-5","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- CLI failed to download latest mod versions automatically for mods with version\n < 5.0.0.\n- `turbot completion` command was displayed twice on running `turbot help`.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.28.4","author":"Turbot Team","publishedAt":"2022-06-07T09:00:00","permalink":"cli-v1-28-4","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- CLI failed to install dependencies for a mod with more than 26 dependencies.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.41.0","author":"Turbot Team","publishedAt":"2022-06-06T09:00:00","permalink":"tef-v1-41-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: new IAM permissions for Mod Lambda to publish messages to the Priority Events queue.\n- Added: parameter for Worker Priority and Events Tick Lambda Reserved Concurrency.\n- Added: EC2 ECS host recycling using parameter.\n\n_Bug fixes_\n- Fixed: ECS Rolling update.\n- Fixed: Condition of Foundation Key to prevent its creation if TEFKmsKey parameter value is specified.\n\n### There are IAM changes in this release:\n- New IAM permissions for Mod Lambda to publish messages to the Priority Events queue.\n- New IAM roles for ECS Rolling Update."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.26.0","author":"Turbot Team","publishedAt":"2022-05-18T09:00:00","permalink":"tef-v1-26-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Updated: GovCloud certificate to rds-ca-rsa4096-g1."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.40.0","author":"Turbot Team","publishedAt":"2022-04-29T09:00:00","permalink":"tef-v1-40-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Parameter to limit the URL where the API Gateway Lambda can forward to. This should be a regular expression of valid workspace URLs.\n- Updated: `TEF KMS Key` parameter name changed to `TEF KMS Key Arn`.\n- Updated: Enforce HTTPS access for S3 buckets created by TEF.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.25.0","author":"Turbot Team","publishedAt":"2022-04-29T09:00:00","permalink":"tef-v1-25-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Updated: Enforce HTTPS access for S3 buckets created by TED.\n- Added: Postgres versions 11.12, 11.13, 11.14, 11.15, 12.7, 12.8, 12.9, 12.10,\n 13.3, 13.4, 13.5 and 13.6."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.39.1","author":"Turbot Team","publishedAt":"2022-04-08T09:00:00","permalink":"tef-v1-39-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Parameter for Alb WAF option. (Default is disabled)\n- Added: Parameter for Mods Cleanup."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.30.0","author":"Turbot Team","publishedAt":"2022-03-01T09:00:00","permalink":"tef-v1-30-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Updated: Moved management of the Elasticache user group to CloudFormation\n instead of the Hive Manager lambda. It is no longer necessary to update the\n Redis access control groups after making changes to the Redis cluster.\n\n## 1.30.0 [2022-03-01]\n\n_What's new?_\n\n- Updated: Elasticache now uses the `db_pair` security group from TEF 1.47.0.\n- Fixed: The Cloudformation Hive custom resource used to depend on Elasticache\n when it shouldn't have in environments without Elasticache deployed.\n\n_Deprecation_\n\n- As a result of this change to the `db_pair` security group, the Elasticache\n `cache_pair` security group is no longer required. It will be removed in a\n future release.\n\n_Requirements_\n\n- TEF v1.47.0"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.38.0","author":"Turbot Team","publishedAt":"2022-02-28T09:00:00","permalink":"tef-v1-38-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Parameters for Api and Events Container Scaling metrics, and threshold values for CPU Utilization.\n- Added: Parameter to allow import of Foundation KMS Key.\n- Updated: Set DeletionPolicy of FoundationKey to Retain."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.37.0","author":"Turbot Team","publishedAt":"2022-02-11T09:00:00","permalink":"tef-v1-37-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: Parameters for ECS Factory Task hard limit and soft limit on memory."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.36.0","author":"Turbot Team","publishedAt":"2022-02-07T09:00:00","permalink":"tef-v1-36-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n- There are IAM changes in this release.\n\n_What's new?_\n- Updated: Condition for HiveManagerExecutionRole.\n- Updated: TurbotParameters and TurbotSnsSqsPolicyParameterLambda to include variables for Proxy setting.\n- Removed: MskManagerExecutionRole role from custom iam role template."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.24.0","author":"Turbot Team","publishedAt":"2022-02-07T09:00:00","permalink":"tef-v1-24-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added: Postgres version 13.5 to RDS engine parameter.\n- Fixed: Replication group setting to enable Data Tiering for r6gd node type."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.29.0","author":"Turbot Team","publishedAt":"2022-02-02T09:00:00","permalink":"tef-v1-29-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added: Postgres version 12.11 and 12.12.\n- Updated: PerformanceInsights description.\n- Updated: Default storage type to `gp3`.\n [More info on using gp3](enterprise/FAQ/general-purpose-gp3)\n- Updated: Hive custom resource depends on to include Elasticache cluster and\n parameter group and add ParameterDeploymentTrigger."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.23.0","author":"Turbot Team","publishedAt":"2022-01-04T09:00:00","permalink":"tef-v1-23-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added: r6gd node type option for Elasticache."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.22.2","author":"Turbot Team","publishedAt":"2021-11-25T09:00:00","permalink":"tef-v1-22-2","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Updated: Backup Service Role to include kms Grant permissions for\n CopyDBSnapshot operation."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.22.1","author":"Turbot Team","publishedAt":"2021-11-03T09:00:00","permalink":"tef-v1-22-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Updated: Backup Service Role to include kms permissions."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.35.0","author":"Turbot Team","publishedAt":"2021-10-22T09:00:00","permalink":"tef-v1-35-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n- Added: VPC Endpoint for s3 to reduce NAT Gateway cost.\n- Updated: API and Events container scaling by replacing hardcoded values with parameters.\n- Updated: Outbound, Api and Database security groups so that they are created for Predefined VPC if custom security groups are not mentioned.\n- Updated: default value of LogRetentionDays parameter changed to 180."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.22.0","author":"Turbot Team","publishedAt":"2021-10-22T09:00:00","permalink":"tef-v1-22-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Postgres version 13.3, 13.4 to RDS engine parameter.\n- Fixed: Cloudwatch alarms to use correct db identifier when hive name has \\_ in\n it.\n- Updated: Default database system backup to 7 days.\n- Updated: AWS Backup Service role to allow copying of RDS snapshots.\n- Updated: Cloudwatch alarms for ElastiCache SwapUsage and\n DatabaseMemoryUsagePercentage for multi-node architectures.\n- Updated: Dashboard to move read-replica stats to right axis and that of\n primary to the left.\n- Updated: Dashboard to add Total IOPS metrics."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.34.1","author":"Turbot Team","publishedAt":"2021-07-02T09:00:00","permalink":"tef-v1-34-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n- There are IAM changes in this release for the `turbot_policy_parameter`.\n\n_Bug fixes_\n- TE Build ID was misconfigured causing TEF to build unsuccessfully, this has now been corrected and TEF builds as expected."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.21.1","author":"Turbot Team","publishedAt":"2021-06-25T09:00:00","permalink":"tef-v1-21-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Minimum DB size is now 50GB, default size is 200GB.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.34.0","author":"Turbot Team","publishedAt":"2021-06-16T09:00:00","permalink":"tef-v1-34-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"_Warning_\n- There are IAM changes in this release for the `turbot_policy_parameter`.\n\n_What's new?_\n- Turbot Security Group is added and includes rules for Ansible and LDAP. The security group is intended for additional rules to be added under feature flags. Note: the existing LDAP and Ansible security groups will remain for older TE versions.\n- Dashboard for ECS Cluster metrics is now added.\n- Autoscaling parameters were added for the Events Service.\n- ElastiCache Security Groups and Subnet Groups are now added to the overrides template.\n- TEF Workspace Manager now prevents users from changing the workspace name.\n- OSGuardrail parameter location from Advanced - OS Guardrails to Advanced - Deployment Group.\n- `turbot_parameters` and `turbot_policy_parameter` lambda functions now include VPC config.\n- `turbot_policy_parameter` IAM Role now includes EC2 network interfaces policy. \n- Improved input validation to not allow blank values."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.21.0","author":"Turbot Team","publishedAt":"2021-06-16T09:00:00","permalink":"tef-v1-21-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- CloudWatch Alarms and Dashboards are added for ElastiCache SwapUsage and\n DatabaseMemoryUsagePercentage.\n- ElastiCache Instance Type can now be specified in the template.\n- Read replica parameter default is now set to false.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.20.1","author":"Turbot Team","publishedAt":"2021-05-06T09:00:00","permalink":"tef-v1-20-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- DB parameter group support for 11.10, 11.11, 12.6 and 13.2.\n- Postgres version 13.2 is now the default selection.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.20.0","author":"Turbot Team","publishedAt":"2021-04-28T09:00:00","permalink":"tef-v1-20-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Shared_buffers parameter added for DB parameter group.\n- Postgres version 13.1 is now the default selection.\n- Postgres wal_keep_size default size is now 2048 (RDS Postgres default).\n- Turbot database default size is now 250GB.\n- Storage autoscale threshold default is now 1TB. For new TED installations\n only!\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails CLI v1.28.3","author":"Turbot Team","publishedAt":"2021-04-15T09:00:00","permalink":"cli-v1-28-3","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Invalid module reference fixed - this was causing `turbot template build` to\n fail.\n\n"},{"meta":{"title":"Turbot Guardrails CLI v1.28.2","author":"Turbot Team","publishedAt":"2021-04-13T09:00:00","permalink":"cli-v1-28-2","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `template build` was loading the lock-file from the base branch to determine\n the current template version. When using a work-in-progress (wip) branch, this\n could lead to identifying an incorrect current version, leading to rebasing\n errors. Fix by loading the lock file from the wip branch.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.33.0","author":"Turbot Team","publishedAt":"2021-04-02T09:00:00","permalink":"tef-v1-33-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n- S3 bucket lifecycle rule added to the mods processing log bucket. \n- Optional AWS Security Group added to be used for connecting to LDAP server.\n- S3 inventory reports will no longer generate in the TEF Process Logs bucket.\n- Updated process log bucket lifecycle configurations to remove /debug/ rules.\n- Runtime has been updated to Node 14 for all Turbot Core deployed Lambda functions."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.19.0","author":"Turbot Team","publishedAt":"2021-04-02T09:00:00","permalink":"tef-v1-19-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Postgres version 13.1. For new TED installations only!\n- ElastiCache replication groups now support multi nodes.cluster mode.\n\n_Bug fixes_\n\n- Hive Log Bucket lifecycle configurations now delete all objects.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.18.1","author":"Turbot Team","publishedAt":"2021-03-08T09:00:00","permalink":"tef-v1-18-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Dependency issue with the HiveKey.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.32.0","author":"Turbot Team","publishedAt":"2021-03-04T09:00:00","permalink":"tef-v1-32-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* OSGuardrails feature flag, adding security groups and SSM parameters as required.\n* HealthCheckProxyLambda runtime updated from 2.7 to 3.8."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.18.0","author":"Turbot Team","publishedAt":"2021-03-04T09:00:00","permalink":"tef-v1-18-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Postgres version 12.5. **For new TED installations only!**\n- Parameter Group support for both 11.x and 12.x.\n\n_Bug fixes_\n\n- Cache cluster parameter passed to Hive Manager should also convert underscore\n to hyphen.\n- Allow default encryption for ElastiCache for use in GovCloud (which does not\n support CMK).\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails CLI v1.28.1","author":"Turbot Team","publishedAt":"2021-03-04T09:00:00","permalink":"cli-v1-28-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Fixed CLI packaging error required for proper v1.28.0 installation.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.28.0","author":"Turbot Team","publishedAt":"2021-03-03T09:00:00","permalink":"cli-v1-28-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot template build` now cleans up branches after a rebase failure.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.31.3","author":"Turbot Team","publishedAt":"2021-01-28T09:00:00","permalink":"tef-v1-31-3","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n\n* IAM permissions updated in v1.31.0.\n\n_Bug fixes_\n\n* Fix and republish a corrupt portfolio build artifact."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.17.2","author":"Turbot Team","publishedAt":"2021-01-28T09:00:00","permalink":"tef-v1-17-2","image":null,"tags":["TED"],"product":"guardrails"},"content":"_Bug fixes_\n\n- AWS Backup Vault name format issue.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.31.2","author":"Turbot Team","publishedAt":"2021-01-27T09:00:00","permalink":"tef-v1-31-2","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n\n* IAM permissions updated in v1.31.0.\n\n_Bug fixes_\n\n* Hive Manager should convert underscore to hyphen when creating Redis group (from TE)."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.31.1","author":"Turbot Team","publishedAt":"2021-01-25T09:00:00","permalink":"tef-v1-31-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n\n* IAM permissions updated in v1.31.0.\n\n_Bug fixes_\n\n* Hive Manager should convert underscore to hyphen when creating Redis user (from TE)."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.17.1","author":"Turbot Team","publishedAt":"2021-01-25T09:00:00","permalink":"tef-v1-17-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"_Bug fixes_\n\n- ElastiCache Redis cluster name should convert underscores to hyphens.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.31.0","author":"Turbot Team","publishedAt":"2021-01-22T09:00:00","permalink":"tef-v1-31-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n\n* IAM permissions updated.\n\n_What's new?_\n\n* ElastiCache Redis is now enabled by default.\n* Parameters - Mod Lambda function limits.\n* Parameters - Worker Lambda configuration, allowing reuse across TE versions.\n* CloudWatch Alarms for SQS ApproximateAgeOfOldestMessage."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.17.0","author":"Turbot Team","publishedAt":"2021-01-22T09:00:00","permalink":"tef-v1-17-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- ElastiCache Redis is now enabled by default.\n\n_Bug fixes_\n\n- Postgres 11.9 is now available for the read replica as well.\n- ElastiCache Redis cluster should be created with the hive name rather than\n just resource name prefix.\n- AWS Backup Vault deletion policy is now set to retain.\n\n_Requirements_\n\n- TEF v1.31.2"},{"meta":{"title":"Turbot Guardrails CLI v1.27.0","author":"Turbot Team","publishedAt":"2020-12-07T09:00:00","permalink":"cli-v1-27-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot template build --rebase` command now cleans up the work in progress\n branch if the template render fails.\n\n_Bug fixes_\n\n- `turbot template build --rebase` command was failing to re-apply manual\n changes.\n- `turbot template build --fleet-mode` would stop building all branches if a\n single one failed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.30.1","author":"Turbot Team","publishedAt":"2020-11-26T09:00:00","permalink":"tef-v1-30-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Fixed: Code of s3BucketArnLambda to fix s3 permission."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.30.0","author":"Turbot Team","publishedAt":"2020-11-20T09:00:00","permalink":"tef-v1-30-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Hive Manager and Workspace Manager runtime updated to node 12.\n\n_Bug fixes_\n\n* Install Hive Manager in all regions, not just the Alpha region."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.15.0","author":"Turbot Team","publishedAt":"2020-11-20T09:00:00","permalink":"tef-v1-15-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- Added latest RDS DB instance types.\n- Experimental ElastiCache: Configure use of Redis 6.x Access Control Lists.\n- Experimental ElastiCache: Also install Hive Manager in the replica region, for\n Redis management.\n\n_Requirements_\n\n- TEF v1.30.0"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.29.0","author":"Turbot Team","publishedAt":"2020-11-12T09:00:00","permalink":"tef-v1-29-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n\n* IAM permissions updated.\n\n_What's new?_\n\n* New `turbot_transient` KMS key specifically used for encryption of transient data (e.g. SNS, SQS).\n* Tightened IAM access policies to Turbot's own S3 buckets.\n* Hive Manager is now permitted IAM access to manage ElastiCache.\n* Added ListBucket permission to WorkspaceManager role so head object calls will return 404 instead of 403.\n\n_Bug fixes_\n\n* Event Proxy Lambda must be installed in the subnet where Load Balancers are installed (by TE)."},{"meta":{"title":"Turbot Guardrails CLI v1.26.0","author":"Turbot Team","publishedAt":"2020-11-12T09:00:00","permalink":"cli-v1-26-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot compose` (used by all CLI commands that compose mods) now omits the\n `releaseNotes` field from `turbot.head.json`. It is still included in\n `turbot.dist.json`.\n- `turbot template` has a new `--unchanged-issue ` argument. When a\n template build operation commits changes to git, if no files have actually\n changed then the commit message will use this issue instead of the normal\n `--issue ` field. The commit message will also specify \"no changes\".\n"},{"meta":{"title":"Turbot Guardrails CLI v1.25.0","author":"Turbot Team","publishedAt":"2020-11-02T09:00:00","permalink":"cli-v1-25-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot publish` has a new `--timeout ` argument to customize the\n publish timeout. The default has been increased to 2 minutes.\n- Use `turbot template build --issue 1234 --close-issue` will set the commit\n message to close the issue.\n\n_Bug fixes_\n\n- `turbot test` should not fail with the the error\n `TypeError: tmod.parse is not a function`.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.28.0","author":"Turbot Team","publishedAt":"2020-10-26T09:00:00","permalink":"tef-v1-28-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n\n* IAM permissions updated.\n\n_What's new?_\n\n* Further refined our IAM permissions for S3 bucket access, with a focus on\n removing more wildcards. It was already good, but now it's better.\n\n_Bug fixes_\n\n* Made the ElastiCache network infrastructure optional through `Development\n Mode`. It was harmless, but not necessary unless ElastiCache is enabled in\n TED.\n* Moved policy parameter role into the IAM stacks, where it belongs."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.14.2","author":"Turbot Team","publishedAt":"2020-10-23T09:00:00","permalink":"tef-v1-14-2","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Databases should never automatically upgrade their minor or major versions.\n Doing so takes the database out of sync with the CloudFormation stack, leading\n to upgrade rollbacks. We've deliberately removed these options and set the\n auto-update to false.\n\n_Requirements_\n\n- TEF v1.25.0"},{"meta":{"title":"Turbot Guardrails CLI v1.24.3","author":"Turbot Team","publishedAt":"2020-10-23T09:00:00","permalink":"cli-v1-24-3","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot template build --patch --push-instance-root` command failed to push\n changes to the wip branch.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.14.1","author":"Turbot Team","publishedAt":"2020-10-21T09:00:00","permalink":"tef-v1-14-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Changes to the Turbot audit trail log group in v1.14.0 forced a name change,\n which is difficult for customers with integrations. This version removes that\n requirement, so existing installs keep their original log group name.\n\n_Bug fixes_\n\n- Required TEF version dropped back down to TEF v1.25.0. v1.27.0 is only\n required if you are setting up the experimental ElastiCache features.\n\n_Requirements_\n\n- TEF v1.25.0"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.27.0","author":"Turbot Team","publishedAt":"2020-10-14T09:00:00","permalink":"tef-v1-27-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Reclaimed the `ECSDesiredInstanceCount` parameter, which now defaults to\n using `ECSMinInstanceCount` instead. This frees up a precious parameter slot\n for other options.\n* Added the `DevelopmentMode` parameter for internal use, which groups options\n like using the latest container image (instead of cached).\n* For environments with ElastiCache enabled in TED, cache subnet group and\n security groups have been added."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.14.0","author":"Turbot Team","publishedAt":"2020-10-14T09:00:00","permalink":"tef-v1-14-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- The deletion policy for the DB Parameter Group is now set to Retain.\n- New installations will now add the stack ID to the audit trail log group,\n making it easier to re-install TED multiple times in testing / setup.\n- New `ExperimentalFeatures` flag, allowing gradual introduction of new\n capabilities. The first one is installation of ElastiCache preparing for\n future use in TE.\n\n_Requirements_\n\n- TEF v1.27.0"},{"meta":{"title":"Turbot Guardrails CLI v1.24.2","author":"Turbot Team","publishedAt":"2020-10-07T09:00:00","permalink":"cli-v1-24-2","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot pack` and `turbot publish` were failing to run pre-pack script when\n `--dir` arg is used.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.24.1","author":"Turbot Team","publishedAt":"2020-10-06T09:00:00","permalink":"cli-v1-24-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot inspect` should give a clear error message for invalid templates.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.24.0","author":"Turbot Team","publishedAt":"2020-10-05T09:00:00","permalink":"cli-v1-24-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot inspect --format changelog` should properly escape CSV fields with\n commas.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.26.3","author":"Turbot Team","publishedAt":"2020-10-01T09:00:00","permalink":"tef-v1-26-3","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n* Error handling in workspace pre-install checker.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.26.2","author":"Turbot Team","publishedAt":"2020-10-01T09:00:00","permalink":"tef-v1-26-2","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n* Error handling in workspace pre-install checker."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.26.1","author":"Turbot Team","publishedAt":"2020-09-30T09:00:00","permalink":"tef-v1-26-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n\n_Bug fixes_\n\n* ECS Agent should attempt to use the locally cached image, which dramatically\n reduces disk IO and download bandwidth.\n* Upgrade via CloudFormation had a race condition in our custom resource Lambda\n functions that could be triggered when doing a large number of upgrades or\n rollbacks in parallel."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.26.0","author":"Turbot Team","publishedAt":"2020-09-24T09:00:00","permalink":"tef-v1-26-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n* When a custom outbound access security group is specified in the TEF template\n do not create the {prefix}\\_outbound\\_internet\\_security\\_group or the\n {prefix}\\_{version}\\_outbound\\_internet\\_security\\_group."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.25.0","author":"Turbot Team","publishedAt":"2020-09-22T09:00:00","permalink":"tef-v1-25-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Ability to restrict SNS topic and SQS queue access based on Organization Id."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.13.0","author":"Turbot Team","publishedAt":"2020-09-22T09:00:00","permalink":"tef-v1-13-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n- Added: support to restrict access to SNS topic and SQS queue based on the\n Organization Id.\n\n_Requirements_\n\n- TEF v1.25.0"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.12.0","author":"Turbot Team","publishedAt":"2020-09-21T09:00:00","permalink":"tef-v1-12-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Added: Encryption to SNS Topic for Dashboard.\n- Updated: TED Stack - changed R/W IOPS metrics from line to stacked area,\n changed Transaction ID Wraparound Monitor threshold to 2 billion.\n- Fixed: Description and Typo (Duraction to Duration, Actiond to Action).\n\n_Requirements_\n\n- TEF v1.22.1"},{"meta":{"title":"Turbot Guardrails CLI v1.23.0","author":"Turbot Team","publishedAt":"2020-09-18T09:00:00","permalink":"cli-v1-23-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot install` - checks if a compatible version of each dependency is\n already installed. If so, it is does not install from the registry unless\n there is a newer version available.\n- `turbot template build --rebase` rebuilds templates while using rebase to\n better merge and preserve custom changes to the rendered files since the last\n build.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.22.0","author":"Turbot Team","publishedAt":"2020-09-07T09:00:00","permalink":"cli-v1-22-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Show a progress bar during long running operations.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.24.0","author":"Turbot Team","publishedAt":"2020-08-21T09:00:00","permalink":"tef-v1-24-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Warning_\n\n* IAM permissions updated.\n\n_Bug fixes_\n\n* The (optional) API Gateway to proxy external events to the internal Turbot\n load balancer was returning error codes (5xx) all queries even though it\n worked successfully. This could lead to retries of the message (which were\n not processed due to our duplicate detection). Errors in both the event\n handler and the health check have been cleared."},{"meta":{"title":"Turbot Guardrails CLI v1.21.0","author":"Turbot Team","publishedAt":"2020-08-20T09:00:00","permalink":"cli-v1-21-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Improved error messages for failed queries like authentication, network\n connectivity, etc.\n- Update credentials precedence to prioritise specific credentials (key,\n secretKey and workspace) over profile.\n\n_Bug fixes_\n\n- `turbot configure` fails when no command line credentials arguments are given\n but they set in environment\n- `turbot workspace list` should ignore `TURBOT_PROFILE` env var and only filter\n profiles if one is given in command line.\n- `turbot download` should fall back to use the production registry if the user\n is not logged in.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.20.1","author":"Turbot Team","publishedAt":"2020-07-31T09:00:00","permalink":"cli-v1-20-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Exceptions from the pre-pack script in `turbot pack` were not caught and\n reported correctly.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.20.0","author":"Turbot Team","publishedAt":"2020-07-30T09:00:00","permalink":"cli-v1-20-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Improved error messages for `turbot pack`, `turbot up` and `turbot publish`\n for faster troubleshooting.\n\n_Bug fixes_\n\n- `turbot graphql` queries for `control`, `policy-value`, etc were not properly\n handling the `--resource-id` and `--resource-aka` arguments.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.19.3","author":"Turbot Team","publishedAt":"2020-07-30T09:00:00","permalink":"cli-v1-19-3","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot configure` was failing for some Windows users when used in interactive\n mode.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.23.0","author":"Turbot Team","publishedAt":"2020-07-22T09:00:00","permalink":"tef-v1-23-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Updated Workspace Manager permissions for SSM policy lookups and reading S3\n data for access to the TE workspace manager Lambda results."},{"meta":{"title":"Turbot Guardrails CLI v1.19.2","author":"Turbot Team","publishedAt":"2020-07-20T09:00:00","permalink":"cli-v1-19-2","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot configure` was always failing validation when using interactive mode\n to enter credentials.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.19.1","author":"Turbot Team","publishedAt":"2020-07-20T09:00:00","permalink":"cli-v1-19-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot install [mod]` was not working. You can now install specific mods as\n expected.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.19.0","author":"Turbot Team","publishedAt":"2020-07-16T09:00:00","permalink":"cli-v1-19-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Use `turbot install [mod[@version]]` to\n install a specific mod as a local dependency.\n- Credentials passed to `turbot workspace configure` are now validated before\n saving, so you can be confident they are good to go.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.18.1","author":"Turbot Team","publishedAt":"2020-07-10T09:00:00","permalink":"cli-v1-18-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Use `turbot workspace list` to see a list of your currently configured\n workspaces.\n- `turbot workspace configure` added, with the same behavior as\n `turbot configure`.\n\n_Bug fixes_\n\n- `turbot test` was failing for some GCP controls due to an update in the GCP\n auth library package. This has been fixed.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.18.0","author":"Turbot Team","publishedAt":"2020-07-10T09:00:00","permalink":"cli-v1-18-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_See v1.18.1_"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.22.1","author":"Turbot Team","publishedAt":"2020-07-07T09:00:00","permalink":"tef-v1-22-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n* As part of preparing for connection pooling, the hive manager included steps\n to initialize multiple database roles. These are not yet in use so have been\n removed."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.11.0","author":"Turbot Team","publishedAt":"2020-07-07T09:00:00","permalink":"tef-v1-11-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"_What's new?_\n\n- As part of preparing for connection pooling, the hive manager included steps\n to initialize multiple database roles. These are not yet in use so have been\n removed.\n\n_Requirements_\n\n- TEF v1.22.1"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.22.0","author":"Turbot Team","publishedAt":"2020-07-06T09:00:00","permalink":"tef-v1-22-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* The default browser facing security group (used by the load balancer) is now\n open on port 80, so HTTP traffic can be automatically redirected to HTTPS at\n the load balancer level.\n* Expanded EC2 instance type options, and changed the default to `t3.medium`.\n* Changed the default maximum limit for ECS hosts from 64 to a more sensible,\n but still generous, 8.\n* Further restricted permissions to EC2 hosts, limiting the accessible resources\n as much as possible."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.21.0","author":"Turbot Team","publishedAt":"2020-06-19T09:00:00","permalink":"tef-v1-21-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Introducing a new parameter model in TEF, allowing parameter \"overrides\" to\n be optionally set in SSM. Turbot creates default parameters, but will\n automatically detect any overrides you create during the stack run. This\n allows us to expand beyond the 60 parameter limit of CloudFormation.\n* Each Turbot version installs minimal IAM policies and roles specific to its\n requirements. Some customers prefer more control over IAM management, so we\n now support BYO-IAM with parameters for all IAM entities required in the\n Turbot primary account.\n* Added parameters to optionally set the `ALB Log Prefix` and `ALB Idle Timeout`.\n* TEF will now perform a rolling update of the EC2 hosts if required due to\n launch configuration changes, ensuring no downtime during upgrades.\n* Allow preinstall check Lambda function to use VPC from non-VPC setting."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.10.0","author":"Turbot Team","publishedAt":"2020-06-19T09:00:00","permalink":"tef-v1-10-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Parameter groups created in GovCloud do not support newer parameters, unless a\n new parameter group is created (Note: AWS Commerical accounts were not\n affected by this). This blocks some existing customers from upgrading their\n TED stack. Because parameter group changes require a reboot (downtime), and\n most customers do not require this change, we've made it an optional parameter\n in the stack to force the change as required.\n- Default storage allocation for new installs is now 1TB (up from 100GB).\n\n_Requirements_\n\n- TEF v1.19.1"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.20.0","author":"Turbot Team","publishedAt":"2020-05-29T09:00:00","permalink":"tef-v1-20-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Added `169.254.170.2` to the default `NO_PROXY` parameter. This is required for stack containers to execute in some proxy environments."},{"meta":{"title":"Turbot Guardrails CLI v1.17.3","author":"Turbot Team","publishedAt":"2020-05-21T09:00:00","permalink":"cli-v1-17-3","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot install` was attempting to install the latest version, which would\n fail if that version was not available or recommended. It will now install the\n latest recommended version, or if none are recommended, the latest available\n version.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.19.1","author":"Turbot Team","publishedAt":"2020-05-20T09:00:00","permalink":"tef-v1-19-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n* Network Interface permissions added in v1.19.0 are low risk, but have\n been tightened further to only be granted in environments running Lambda\n inside the VPC."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.9.1","author":"Turbot Team","publishedAt":"2020-05-19T09:00:00","permalink":"tef-v1-9-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- v1.9.0 introduced a mix of names between `preinstall` and `preinstallation`\n which felt messy. This patch release brought to you by our clean up crew.\n\n_Requirements_\n\n- TEF v1.19.1"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.19.0","author":"Turbot Team","publishedAt":"2020-05-18T09:00:00","permalink":"tef-v1-19-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* TED and TE are being enhanced to automatically check that their required\n versions of TEF and TED are installed. The Lambda function they use for\n that check (custom resource during the CloudFormation stack run) is\n deployed in TEF, and added in this release.\n* Turbot Guardrails Enterprise uses a lot of Lambda functions to execute mod code. For\n organizations who prefer more visibility into network traffic, we're adding\n support to run these functions inside the VPC. This version of TEF expands\n the IAM permissions granted to Lambda functions with the minimum required\n to attach Network Interface cards."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.9.0","author":"Turbot Team","publishedAt":"2020-05-18T09:00:00","permalink":"tef-v1-9-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- TED now automatically checks the required TEF version is installed. If not,\n the TED stack will automatically rollback allowing you to upgrade TEF first.\n\n_Requirements_\n\n- TEF v1.19.1"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.18.1","author":"Turbot Team","publishedAt":"2020-05-14T09:00:00","permalink":"tef-v1-18-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* `Flags` parameter now has validation rules and defaults to `NONE` (CloudFormation does not like empty string defaults for SSM parameters)."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.18.0","author":"Turbot Team","publishedAt":"2020-05-14T09:00:00","permalink":"tef-v1-18-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* `Flags` parameter will allow features to be enabled or disabled at the\n installation level giving us more flexibility to innovate and gradually\n deploy features."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.8.0","author":"Turbot Team","publishedAt":"2020-05-14T09:00:00","permalink":"tef-v1-8-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"$e5"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.17.0","author":"Turbot Team","publishedAt":"2020-05-12T09:00:00","permalink":"tef-v1-17-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Moved to ECS optimized Amazon Linux 2 as our host OS for containers.\n (Previously we used ECS optimized Amazon Linux 1.)\n* Expanded proxy server support, particularly through the ECS bootstrap sequence.\n We now support HTTP and HTTPS requests being routed to a `http://` proxy for\n all traffic - no need for endpoints or similar in any case. (We do not yet\n support custom certificates and `https://` proxies.)\n* TEF now publishes an SSM parameter with the currently installed version,\n which will be used in the future to check version compatibility during TED\n and TE upgrades."},{"meta":{"title":"Turbot Guardrails CLI v1.17.2","author":"Turbot Team","publishedAt":"2020-05-11T09:00:00","permalink":"cli-v1-17-2","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- The build of v1.17.1 was not properly published, leading to confusion and\n mixed installs. This release is identical, but properly distributed.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.17.1","author":"Turbot Team","publishedAt":"2020-05-07T09:00:00","permalink":"cli-v1-17-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Remove the explicit default value for `force-recommended` as this causes\n issues when using the yargs `conflicts` parameter.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.17.0","author":"Turbot Team","publishedAt":"2020-05-07T09:00:00","permalink":"cli-v1-17-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Mod authors often want to set their new version as `RECOMMENDED` in the\n registry, telling users it's the best choice. Use\n `turbot publish --force-recommended` and `turbot modify --force-recommended`\n to mark this version as `RECOMMENDED` and set all currently recommended\n versions to `AVAILABLE`.\n\n_Bug fixes_\n\n- `turbot test` was showing incorrect test data validation errors, due to a\n graphql schema change that had not been handled by the CLI.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.16.0","author":"Turbot Team","publishedAt":"2020-05-05T09:00:00","permalink":"tef-v1-16-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* `Allow Self-Signed Certificate` parameter, instructing Turbot to ignore\n certificate errors when connecting to external services - for example -\n enterprise environments with an outbound internet proxy.\n* S3 bucket inventory has been enabled, setting us up for future batch\n operations on collections of log files.\n* Updated lifecycle rules to clean deleted versions of debug logs and\n match changes to the prefix of log files."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.15.0","author":"Turbot Team","publishedAt":"2020-05-01T09:00:00","permalink":"tef-v1-15-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Added a \"connectivity test\" lambda function, making it easier to verify that\n an environment has the necessary network setup. Run\n `${ResourceNamePrefix}_connectivity_checker` manually to test.\n* Improved descriptions for the Installation Domain and Turbot Certificate ARN\n parameters."},{"meta":{"title":"Turbot Guardrails CLI v1.16.0","author":"Turbot Team","publishedAt":"2020-04-30T09:00:00","permalink":"cli-v1-16-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot inspect` now enforces valid semantic versions in mod version numbers.\n We admire your creativity, but encourage you to express it elsewhere.\n\n_Bug fixes_\n\n- Fixed `turbot up --zip`, which broke during a dependency update.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.14.0","author":"Turbot Team","publishedAt":"2020-04-24T09:00:00","permalink":"tef-v1-14-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Turbot License Key has been added as a (currently optional) parameter."},{"meta":{"title":"Turbot Guardrails CLI v1.15.1","author":"Turbot Team","publishedAt":"2020-04-24T09:00:00","permalink":"cli-v1-15-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot login` was failing if the `~/.config` folder did not exist.\n- `turbot template build` was always expecting a `wip-*` instance branch to\n exist. It's now correctly limited to runs where `--use-instance-root-branch`\n is passed.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.15.0","author":"Turbot Team","publishedAt":"2020-04-22T09:00:00","permalink":"cli-v1-15-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Proxy support via the `HTTPS_PROXY` environment variable. Login, install mods\n and publish to our registry all via your favorite proxy. (Provided it's a\n `http://` proxy, we don't support `https://` yet.)\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.13.0","author":"Turbot Team","publishedAt":"2020-04-17T09:00:00","permalink":"tef-v1-13-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Updates Hive Manager, which includes the ability to convert ownership of\n database schemas. This is part of a longer term effort to move database\n ownership to specific turbot roles, reducing our use of the master account."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.7.0","author":"Turbot Team","publishedAt":"2020-04-17T09:00:00","permalink":"tef-v1-7-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Parameters to set `rds.force_admin_logging_level` and `track_functions`,\n- Add CloudWatch alarms for DB connections, CPU utilization and free storage\n alerts.\n- Added t2.medium and t2.large instance class options, useful in test or dev\n environments."},{"meta":{"title":"Turbot Guardrails CLI v1.14.0","author":"Turbot Team","publishedAt":"2020-04-17T09:00:00","permalink":"cli-v1-14-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"$e6"},{"meta":{"title":"Turbot Guardrails CLI v1.13.0","author":"Turbot Team","publishedAt":"2020-04-06T09:00:00","permalink":"cli-v1-13-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"What's new?_\n\n- Registry login using `turbot login` (and similar) now requires both\n `--username` and `--password` or neither. They just can't live without each\n other.\n\n_Bug fixes_\n\n- `turbot template build --patch` command was failing without running the git\n command.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.12.1","author":"Turbot Team","publishedAt":"2020-04-02T09:00:00","permalink":"tef-v1-12-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n* EC2 instances used for ECS should have AssociatePublicIpAddress set to false.\n This is a defence improvement since our EC2 instances are run in a private VPC\n so were not publically accessible anyway."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.12.0","author":"Turbot Team","publishedAt":"2020-04-01T09:00:00","permalink":"tef-v1-12-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Cleanup IAM roles to use `_` consistently in names (instead of mixing `_` and\n `-` together)."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.11.0","author":"Turbot Team","publishedAt":"2020-03-31T09:00:00","permalink":"tef-v1-11-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n\n_What's new?_\n\n* Some organizations need to use a self-signed certificate for their ALB. This would\n fail a certificate check when also using our API Gateway proxy. Use the `Self\n Signed Certificate In ALB` parameter to ignore these certificate errors.\n\n_Bug fixes_\n\n* The IAM role used for ECS EC2 instances is now named consistently with our\n other IAM roles."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.10.0","author":"Turbot Team","publishedAt":"2020-03-27T09:00:00","permalink":"tef-v1-10-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n\n_Warning_\n\n* Existing TEF installations must install v1.9.0 before upgrading to\n v1.10.0. This sequence will automatically preserve and transition parameter\n settings for S3 bucket names as we move from fixed names to randomized names\n by default for new installations.\n\n_What's new?_\n\n* Log and process buckets now use a partly random name by default, making new\n installations smoother and easier to troubleshoot."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.9.0","author":"Turbot Team","publishedAt":"2020-03-26T09:00:00","permalink":"tef-v1-9-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n\n_What's new?_\n\n* Optionally use a random name for log and process log buckets, making repeated\n install and uninstall easier.\n* Log buckets will now be retained on deletion of the TEF stack."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.6.1","author":"Turbot Team","publishedAt":"2020-03-24T09:00:00","permalink":"tef-v1-6-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- The SNS topic name for CPU alarms was not consistent with our other resources.\n Now it is."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.8.0","author":"Turbot Team","publishedAt":"2020-03-23T09:00:00","permalink":"tef-v1-8-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Setup an S3 bucket to store process logs, including lifecycle rules to\n cleanup debug logs."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.6.0","author":"Turbot Team","publishedAt":"2020-03-23T09:00:00","permalink":"tef-v1-6-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Alarm levels defined in the dashboard for CPU utilization and free storage,\n making problem levels clearer.\n- Dashboard charts are now zero based, as any statistician will tell you they\n should be.\n- SNS topic publishing CPU alarms, making it easy to subscribe for alerts."},{"meta":{"title":"Turbot Guardrails CLI v1.12.0","author":"Turbot Team","publishedAt":"2020-03-19T09:00:00","permalink":"cli-v1-12-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- In `turbot compose` the `+schema` directive can now map from openApi format\n schema to valid JSON schema.\n\n_Bug fixes_\n\n- `turbot template build` fleet operations were failing due to an error\n displaying the summary. This has been fixed.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.7.0","author":"Turbot Team","publishedAt":"2020-03-17T09:00:00","permalink":"tef-v1-7-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Turbot Hive Manager lambda now has permission to create encrypted SSM\n parameters, required by TED v1.5.0."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.5.0","author":"Turbot Team","publishedAt":"2020-03-17T09:00:00","permalink":"tef-v1-5-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Warning_\n\n- Requires TEF v1.7.0 or later.\n\n_What's new?_\n\n- Parameter to set the maintenance window.\n- Parameter to set a Customer Managed Key for encryption.\n- Parameter to set the turbot master password. If blank, the master password is\n automatically reset.\n\n_Bug fixes_\n\n- Auto scaling of storage for the read replicas outside the primary region."},{"meta":{"title":"Turbot Guardrails CLI v1.11.0","author":"Turbot Team","publishedAt":"2020-03-12T09:00:00","permalink":"cli-v1-11-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Use `turbot test` to check GraphQL mutations (e.g. `updatePolicySetting`) are\n called as expected from controls.\n- `turbot compose` no longer errors when a glob matches no source files.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.6.0","author":"Turbot Team","publishedAt":"2020-03-09T09:00:00","permalink":"tef-v1-6-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"$e7"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.5.0","author":"Turbot Team","publishedAt":"2020-03-05T09:00:00","permalink":"tef-v1-5-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Workspace manager creation of turbot.com directories updated to use\n a server name (instead of a phase).\n"},{"meta":{"title":"Turbot Guardrails CLI v1.10.0","author":"Turbot Team","publishedAt":"2020-03-04T09:00:00","permalink":"cli-v1-10-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Use `turbot test` to check GraphQL mutations (e.g. `updatePolicySetting`) are\n called as expected from controls.\n- `turbot compose` no longer errors when a glob matches no source files.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.9.0","author":"Turbot Team","publishedAt":"2020-02-26T09:00:00","permalink":"cli-v1-9-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- A new directive, `+schema` has been added for `turbot compose`. This allows\n you to include a specific item from a schema file, including all definitions\n which are referenced.\n- `turbot template build` will now run even if there are changes on the local\n branch, if neither the `--use-fleet-branch` or `--use-instance-root-branch`\n arguments are set. This is useful when running building templates for the\n first time with local config updated but not committed.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.8.0","author":"Turbot Team","publishedAt":"2020-02-24T09:00:00","permalink":"cli-v1-8-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot inspect --format changelog` now includes the uri of each control,\n policy, resource and action item.\n\n_Bug fixes_\n\n- `turbot up` was broken in 1.7.0. This has been fixed.\n- `turbot pack` and `turbot publish` had to be run out of the target mod\n directory. They can now be run out of any directory by passing the `--dir`\n flag.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.7.0","author":"Turbot Team","publishedAt":"2020-02-23T09:00:00","permalink":"cli-v1-7-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot aws credentials` now supports `--aws-profile `,\n `--profile ` and\n `--access-key --secret-key `\n combinations.\n\n_Bug fixes_\n\n- `turbot test` was doing type coercion of input data before validation. It now\n expects correct types to be passed, matching the behavior of the Turbot\n server.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.4.1","author":"Turbot Team","publishedAt":"2020-02-21T09:00:00","permalink":"tef-v1-4-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Auto scaling of storage for the primary read replica."},{"meta":{"title":"Turbot Guardrails CLI v1.6.0","author":"Turbot Team","publishedAt":"2020-02-12T09:00:00","permalink":"cli-v1-6-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- Use `--no-color` to simplify the output of any command. Sometimes less is\n more.\n- `turbot template build --git --branch ` allows you to specify the\n branch the build operations will be committed onto.\n- `turbot template build` no longer supports the `--config` flag. Use\n `template.yml` files instead.\n\n_Bug fixes_\n\n- `turbot install` was not downloading files. Now it does.\n- `turbot template build` was creating `template.yml` files for every template\n instance. This is noisy and defeats the value of template inheritence, so has\n been stopped.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.5.1","author":"Turbot Team","publishedAt":"2020-02-10T09:00:00","permalink":"cli-v1-5-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot template build --git` should checkout the original git branch at the\n end of the build. Broken in v1.5.0\n"},{"meta":{"title":"Turbot Guardrails CLI v1.5.0","author":"Turbot Team","publishedAt":"2020-02-10T09:00:00","permalink":"cli-v1-5-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot template build --git` now skips instances without a template-lock\n file, which cannot be resolved anyway.\n\n_Bug fixes_\n\n- `turbot up` and `turbot publish` were stalling for large mods.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.4.1","author":"Turbot Team","publishedAt":"2020-02-07T09:00:00","permalink":"cli-v1-4-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot template build --git` should checkout the original git branch at the\n end of the build. Broken in v1.4.0.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.4.0","author":"Turbot Team","publishedAt":"2020-02-06T09:00:00","permalink":"cli-v1-4-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"\n_What’s new?_\n\n- Clearer reporting of errors when running `turbot template build`.\n- `turbot template build --fleet-mode` now defaults to `update`, which is almost\n always the right choice.\n- When running `turbot template build --git` it is no longer necessary to\n specify a base git branch, it sensibly assumes you want to use the current\n branch.\n- Use `turbot pack --zip-file awesome.zip` to output mods with any name you\n prefer.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.3.1","author":"Turbot Team","publishedAt":"2020-02-05T09:00:00","permalink":"cli-v1-3-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot template outdated` fixed to work with specific template definition\n directories.\n- Only save successful template operations to the branch when using\n `turbot template build --git`. Previously we were polluting that goodness with\n failures as well.\n- Limit `template-lock.yml` to data that is absolutely necessary, removing noise\n from change logs.\n- Disabled `turbot template update`. Please use `turbot template build` instead,\n as you probably already were.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.3.0","author":"Turbot Team","publishedAt":"2020-02-04T09:00:00","permalink":"cli-v1-3-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- `turbot inspect --output-format` will now accept either a file path to the template or the template string directly.\n- Clearer output of the actions taken when running `turbot template build`.\n- Automatic code merging when doing updates with `turbot template build` will now merge successful changes onto a single branch and write failed patches to the filesystem for easier review.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.4.0","author":"Turbot Team","publishedAt":"2020-02-03T09:00:00","permalink":"tef-v1-4-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Support customization of parameters for `max_connections`, `deadlock_timeout`,\n `idle_in_transaction_session_timeout` and `statement_timeout`."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.4.0","author":"Turbot Team","publishedAt":"2020-01-22T09:00:00","permalink":"tef-v1-4-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Added a lifecycle rule to automatically delete temporary data from S3."},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.3.0","author":"Turbot Team","publishedAt":"2020-01-20T09:00:00","permalink":"tef-v1-3-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Reduced scope of permissions granted to custom mod Lambda functions. These\n add extra levels of protection and take effect as mods are installed or\n updated in Turbot v5.5.0 or later."},{"meta":{"title":"Turbot Guardrails CLI v1.2.1","author":"Turbot Team","publishedAt":"2020-01-20T09:00:00","permalink":"cli-v1-2-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot template build` has a special case \"provider\" field in the render\n context. Long term it will be removed. Short term, it should not break for\n vendor level mods like @turbot/aws or @turbot/linux.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.3.0","author":"Turbot Team","publishedAt":"2020-01-16T09:00:00","permalink":"tef-v1-3-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- `Instance Type for Replica DB` will now default to `Same as Primary DB`, which\n is a lot easier than having to set and maintain it manually when most of the\n time they are the same anyway.\n- Choose a custom master username during install."},{"meta":{"title":"Turbot Guardrails CLI v1.2.0","author":"Turbot Team","publishedAt":"2020-01-16T09:00:00","permalink":"cli-v1-2-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What's new?_\n\n- View and confirm `turbot template build` actions before they happen. (Add\n `--yes` to keep the previous behavior.)\n- Easily review success and failure after running `turbot template build` across\n many instances.\n\n_Bug fixes_\n\n- `turbot download` will now give up gracefully on failed downloads, relieving it of an eternity of failed retries.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.16.0","author":"Turbot Team","publishedAt":"2020-01-14T09:00:00","permalink":"tef-v1-16-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Option to configure AWS Backup with daily, weekly and/or monthly snapshots of\n the primary database.\n- Add Postgres v11.9 to supported versions list.\n- CloudWatch Alarms added for freeable memory, read replica CPU and queue depth.\n- RDS disk burst balance metrics added to TED dashboard.\n- Elasticache metrics added to TED dashboard.\n- Improve text and limit for Transaction ID Wraparound in TED dashboard.\n\n_Requirements_\n\n- TEF v1.30.0"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.2.0","author":"Turbot Team","publishedAt":"2020-01-14T09:00:00","permalink":"tef-v1-2-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Publish the alpha region as an SSM parameter so it can be used as a default\n in other areas - like TED's default location for the primary DB."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.2.0","author":"Turbot Team","publishedAt":"2020-01-14T09:00:00","permalink":"tef-v1-2-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Warning_\n\n- Requires TEF v1.2.0 or later.\n- The parameter `Instance Type for Replica DB` is new and must be set during\n upgrade. (Note: Fixed in v1.3.0 to use `Same as Primary DB` by default.)\n\n_What's new?_\n\n- The Turbot Audit Trail is stored in a CloudWatch Log group managed in TED. It\n will now be retained if the TED stack is deleted, avoiding loss of audit trail\n data in that rare scenario.\n- Easily configure auto-scaling of the database storage up to a maximum value.\n- Read replicas can now have a different instance class to the primary.\n Typically they have a lower load level, so we've added flexibility to optimize\n costs.\n- Default to using the alpha region (as defined in TEF) for primary DB install."},{"meta":{"title":"Turbot Guardrails CLI v1.1.1","author":"Turbot Team","publishedAt":"2020-01-13T09:00:00","permalink":"cli-v1-1-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Fix `turbot template build` crash added by v1.1.0.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.1.0","author":"Turbot Team","publishedAt":"2020-01-13T09:00:00","permalink":"cli-v1-1-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_What’s new?_\n\n- Use `turbot aws credentials --account 123456789012 --profile my-account` to\n generate and save temporary AWS credentials into your local AWS profile.\n Easily work across many AWS accounts using your single Turbot profile.\n- Filter `turbot template build` to target all instances of a specific template,\n which is great when you are in the process of converting code to use the\n template (some code in template management, some still custom).\n\n_Bug fixes_\n\n- `turbot test` was broken in v1.0.4 due to a missing dependency. Life is better with friends.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.1.1","author":"Turbot Team","publishedAt":"2020-01-08T09:00:00","permalink":"tef-v1-1-1","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n\n_Bug fixes_\n\n* The Hive Manager and Workspace Manager lambda functions used during the\n workspace upgrade process were not properly connecting to the database using\n SSL during initial workspace creation (they were during upgrades). Our change\n to force SSL on the database in TED revealed this issue, which is now fixed."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.1.1","author":"Turbot Team","publishedAt":"2020-01-08T09:00:00","permalink":"ted-v1-1-1","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Bug fixes_\n\n- Expanded the list of database instance classes available during install to\n include older generations (e.g. m3) which are required for AWS us-gov-west-1.\n- Added the AWS RDS 2017 certificate as an option, since it's uniquely used and\n required in Gov Cloud installs.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.1.0","author":"Turbot Team","publishedAt":"2020-01-07T09:00:00","permalink":"tef-v1-1-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* TEF version is now published as an output parameter in CloudFormation. (We'd\n rather that Service Catalog showed this automatically, but there is an AWS\n quirk that breaks that feature when Service Catalog versions are published\n using CloudFormation.)\n* Workspace upgrades may now take up to 15 minutes before timing out. This\n allows us to run larger data migration jobs during the upgrade process.\n (Don't worry, we design these to be background tasks that don't affect\n availability during the upgrade.)\n* Custom security groups are published as SSM parameters allowing them to be\n leveraged by the Turbot Guardrails Enterprise CloudFormation stacks to override\n per-version default security groups.\n\n_Bug fixes_\n\n* GovCloud installations require conditions in IAM to match the correct\n partition `arn:aws-us-gov:`."},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.1.0","author":"Turbot Team","publishedAt":"2020-01-07T09:00:00","permalink":"tef-v1-1-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_Warning_\n\n- The AWS RDS certificate change requires a database reboot. This may cause a\n brief impact on availability. Please schedule this change for a suitable\n window.\n\n_What's new?_\n\n- SSL is now required by default for all connections to the database. We used\n SSL anyway, but now we enforce it at the DB level as an extra precaution.\n- Upgrade database instances to the AWS RDS 2019 root certificate (their 2015\n certificate is expiring soon)."},{"meta":{"title":"Turbot Guardrails CLI v1.0.4","author":"Turbot Team","publishedAt":"2020-01-07T09:00:00","permalink":"cli-v1-0-4","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `turbot template` should allow rendering of the filename as well as folder\n names, e.g. `src/{{instance}}/resource/types/{{instance}}.yml`.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.0.3","author":"Turbot Team","publishedAt":"2019-12-19T09:00:00","permalink":"cli-v1-0-3","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- `test.options` are useful, but not required, so `turbot test` should not crash if they are not set for a test.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.0.2","author":"Turbot Team","publishedAt":"2019-12-19T09:00:00","permalink":"cli-v1-0-2","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- Registry name validation should work for valid registries like turbot.com.\n- `turbot test` has a `test.awsProfile` field to set the AWS profile to use when\n running tests locally. This has been moved into the generic, customizable\n `test.options.awsProile` location since it's relevant to AWS mods specifically\n rather than a core feature of Turbot.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Foundation (TEF) v1.0.0","author":"Turbot Team","publishedAt":"2019-12-18T09:00:00","permalink":"tef-v1-0-0","image":null,"tags":["TEF"],"product":"guardrails"},"content":"\n_What's new?_\n\n* Initial version.\n* CloudFormation design for deployment via Service Catalog.\n* Foundation components: KMS keys, IAM roles, Log groups & buckets.\n* Network configuration with up to 3 tiers (public, turbot, database) across 3 availability zones in 3 regions.\n* Automated VPC peering setup across regions.\n* Subnet Groups and Security Groups for database and cache services.\n* Optional gateway proxy for external event handling with an internal installation.\n* Optional BYO network parameters for complex or pre-existing environments."},{"meta":{"title":"Turbot Guardrails CLI v1.0.1","author":"Turbot Team","publishedAt":"2019-12-18T09:00:00","permalink":"cli-v1-0-1","image":null,"tags":["CLI"],"product":"guardrails"},"content":"_Bug fixes_\n\n- The default registry is now turbot.com. Other development registries have been\n cleaned up to reduce noise.\n- Cleaned up available commands and their descriptions.\n"},{"meta":{"title":"Turbot Guardrails CLI v1.0.0","author":"Turbot Team","publishedAt":"2019-12-18T09:00:00","permalink":"cli-v1-0-0","image":null,"tags":["CLI"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Easily manage Turbot credentials and profiles.\n- Run graphql commands in scripts.\n- Install and inspect mods.\n- Build, compose & test Turbot mods.\n- Upload mods to Turbot for internal testing or use.\n- Publish mods to the Turbot registry for public sharing.\n- Use templates to accelerate the development of mods.\n"},{"meta":{"title":"Turbot Guardrails Enterprise Database (TED) v1.0.0","author":"Turbot Team","publishedAt":"2019-12-11T09:00:00","permalink":"tef-v1-0-0","image":null,"tags":["TED"],"product":"guardrails"},"content":"\n_What's new?_\n\n- Initial version.\n- CloudFormation design for deployment via Service Catalog.\n- CloudFormation stack per hive (physical shard).\n- Postgres design with primary, failover and regional read replicas.\n- Encryption at rest for all data.\n- Custom Resource for automatic database hive configuration."}],"urlPrefix":"/guardrails"}]}]}]]}]]}]