Bug fixes

• Server
  • Fixed a permission issue affecting visibility of policy packs.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• You can now configure the AWS > IAM > MFA Virtual > Active control for virtual MFA devices based on their age. To get started, set the AWS > IAM > MFA Virtual > Active > Age policy. As part of this enhancement, a new value of 45 days has been applied to all relevant Active policies.

Policy Types

• AWS > IAM > MFA Virtual > Active > Age

Action Types

• AWS > IAM > MFA Virtual > Delete

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• Server

  • Introduced support for initializing a new encryption key baseline for workspaces.
  • Users can now see all policy packs defined within the resource hierarchy where they have access, providing clearer insight into inherited policies.

• UI

  • The page title now dynamically includes the workspace name, helping users distinguish tabs when working across multiple environments.

Bug fixes

• Server
  • Refined the backup flow for tenant master keys, improving error handling, increasing stability.

Note

This is a checkpoint version. Guardrails must be updated to v5.51.x first before continuing. It can be any version in v5.51.x series.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

Bug fixes

• The Azure > Subscription > Event Poller control previously processed some real-time events multiple times, resulting in unnecessary Lambda churn. The event processing logic has been improved to ensure each event is handled only once, enhancing overall efficiency.
• The Azure > Subscription > CMDB control previously ran unnecessarily when Guardrails received real-time Microsoft.Resources/tags/write events for resources other than subscriptions or resource groups. These events will no longer be processed, preventing unnecessary CMDB control runs.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them. Resource Types

• AWS > API Gateway > Account

Control Types

• AWS > API Gateway > Account > CMDB
• AWS > API Gateway > Account > Discovery

Policy Types

• AWS > API Gateway > Account > CMDB
• AWS > API Gateway > Account > Regions

Action Types

• AWS > API Gateway > Account > Router

Bug fixes

• Improved sensitive data masking in log outputs to include additional value types.

Bug fixes

• Server

  • Discovery controls now run more reliably, reducing interruptions caused by premature termination.
  • Addressed a race condition that could occasionally result in missed priority events during policy value processing.

• UI

  • Resolved an issue where resource type values were hard-coded in a hook, improving flexibility and maintainability.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Resolved an issue where parent updates in resource_turbot_file were silently ignored. These updates are now processed correctly to ensure changes are properly applied.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.
• Web ACL resource type is now deprecated and will be removed in the next major version. Please refer Migrate workloads from AWS WAF Classic for more information.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Resource Types

Renamed

• AWS > WAF > Web ACL to AWS > WAF > Web ACL [Deprecated]

Control Types

Renamed

• AWS > WAF > Web ACL > Active to AWS > WAF > Web ACL [Deprecated] > Active
• AWS > WAF > Web ACL > Approved to AWS > WAF > Web ACL [Deprecated] > Approved
• AWS > WAF > Web ACL > CMDB to AWS > WAF > Web ACL [Deprecated] > CMDB
• AWS > WAF > Web ACL > Discovery to AWS > WAF > Web ACL [Deprecated] > Discovery
• AWS > WAF > Web ACL > Tags to AWS > WAF > Web ACL [Deprecated] > Tags
• AWS > WAF > Web ACL > Usage to AWS > WAF > Web ACL [Deprecated] > Usage

Policy Types

Renamed

• AWS > WAF > Web ACL > Active to AWS > WAF > Web ACL [Deprecated] > Active
• AWS > WAF > Web ACL > Active > Age to AWS > WAF > Web ACL [Deprecated] > Active > Age
• AWS > WAF > Web ACL > Active > Budget to AWS > WAF > Web ACL [Deprecated] > Active > Budget
• AWS > WAF > Web ACL > Active > Last Modified to AWS > WAF > Web ACL [Deprecated] > Active > Last Modified
• AWS > WAF > Web ACL > Approved to AWS > WAF > Web ACL [Deprecated] > Approved
• AWS > WAF > Web ACL > Approved > Budget to AWS > WAF > Web ACL [Deprecated] > Approved > Budget
• AWS > WAF > Web ACL > Approved > Custom to AWS > WAF > Web ACL [Deprecated] > Approved > Custom
• AWS > WAF > Web ACL > Approved > Usage to AWS > WAF > Web ACL [Deprecated] > Approved > Usage
• AWS > WAF > Web ACL > CMDB to AWS > WAF > Web ACL [Deprecated] > CMDB
• AWS > WAF > Web ACL > Tags to AWS > WAF > Web ACL [Deprecated] > Tags
• AWS > WAF > Web ACL > Tags > Template to AWS > WAF > Web ACL [Deprecated] > Tags > Template
• AWS > WAF > Web ACL > Usage to AWS > WAF > Web ACL [Deprecated] > Usage
• AWS > WAF > Web ACL > Usage > Limit to AWS > WAF > Web ACL [Deprecated] > Usage > Limit

Action Types

Renamed

• AWS > WAF > Web ACL > Delete to AWS > WAF > Web ACL [Deprecated] > Delete
• AWS > WAF > Web ACL > Delete from AWS to AWS > WAF > Web ACL [Deprecated] > Delete from AWS
• AWS > WAF > Web ACL > Router to AWS > WAF > Web ACL [Deprecated] > Router
• AWS > WAF > Web ACL > Set Tags to AWS > WAF > Web ACL [Deprecated] > Set Tags
• AWS > WAF > Web ACL > Skip alarm for Active control to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Active control
• AWS > WAF > Web ACL > Skip alarm for Active control [90 days] to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Active control [90 days]
• AWS > WAF > Web ACL > Skip alarm for Approved control to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Approved control
• AWS > WAF > Web ACL > Skip alarm for Approved control [90 days] to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Approved control [90 days]
• AWS > WAF > Web ACL > Skip alarm for Tags control to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Tags control
• AWS > WAF > Web ACL > Skip alarm for Tags control [90 days] to AWS > WAF > Web ACL [Deprecated] > Skip alarm for Tags control [90 days]
• AWS > WAF > Web ACL > Update Tags to AWS > WAF > Web ACL [Deprecated] > Update Tags

Bug fixes

• The AWS > Secrets Manager > Secret > Stack [Native] control previously failed to import and manage resources outside the us-east-1 region. This issue has now been resolved.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.
• Pipeline resource type is now deprecated and will be removed in the next major version. Please refer Migrate workloads from AWS Data Pipeline for more information.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Resource Types

Renamed

• AWS > Data Pipeline > Pipeline to AWS > Data Pipeline > Pipeline [Deprecated]

Control Types

Renamed

• AWS > Data Pipeline > Pipeline > Active to AWS > Data Pipeline > Pipeline [Deprecated] > Active
• AWS > Data Pipeline > Pipeline > Approved to AWS > Data Pipeline > Pipeline [Deprecated] > Approved
• AWS > Data Pipeline > Pipeline > CMDB to AWS > Data Pipeline > Pipeline [Deprecated] > CMDB
• AWS > Data Pipeline > Pipeline > Discovery to AWS > Data Pipeline > Pipeline [Deprecated] > Discovery
• AWS > Data Pipeline > Pipeline > Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Tags

Policy Types

Renamed

• AWS > Data Pipeline > Pipeline > Active to AWS > Data Pipeline > Pipeline [Deprecated] > Active
• AWS > Data Pipeline > Pipeline > Active > Age to AWS > Data Pipeline > Pipeline [Deprecated] > Active > Age
• AWS > Data Pipeline > Pipeline > Active > Last Modified to AWS > Data Pipeline > Pipeline [Deprecated] > Active > Last Modified
• AWS > Data Pipeline > Pipeline > Approved to AWS > Data Pipeline > Pipeline [Deprecated] > Approved
• AWS > Data Pipeline > Pipeline > Approved > Custom to AWS > Data Pipeline > Pipeline [Deprecated] > Approved > Custom
• AWS > Data Pipeline > Pipeline > Approved > Regions to AWS > Data Pipeline > Pipeline [Deprecated] > Approved > Regions
• AWS > Data Pipeline > Pipeline > Approved > Usage to AWS > Data Pipeline > Pipeline [Deprecated] > Approved > Usage
• AWS > Data Pipeline > Pipeline > CMDB to AWS > Data Pipeline > Pipeline [Deprecated] > CMDB
• AWS > Data Pipeline > Pipeline > Regions to AWS > Data Pipeline > Pipeline [Deprecated] > Regions
• AWS > Data Pipeline > Pipeline > Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Tags
• AWS > Data Pipeline > Pipeline > Tags > Template to AWS > Data Pipeline > Pipeline [Deprecated] > Tags > Template

Action Types

Renamed

• AWS > Data Pipeline > Pipeline > Delete to AWS > Data Pipeline > Pipeline [Deprecated] > Delete
• AWS > Data Pipeline > Pipeline > Delete from AWS to AWS > Data Pipeline > Pipeline [Deprecated] > Delete from AWS
• AWS > Data Pipeline > Pipeline > Router to AWS > Data Pipeline > Pipeline [Deprecated] > Router
• AWS > Data Pipeline > Pipeline > Set Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Set Tags
• AWS > Data Pipeline > Pipeline > Skip alarm for Active control to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Active control
• AWS > Data Pipeline > Pipeline > Skip alarm for Active control [90 days] to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Active control [90 days]
• AWS > Data Pipeline > Pipeline > Skip alarm for Approved control to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Approved control
• AWS > Data Pipeline > Pipeline > Skip alarm for Approved control [90 days] to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Approved control [90 days]
• AWS > Data Pipeline > Pipeline > Skip alarm for Tags control to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Tags control
• AWS > Data Pipeline > Pipeline > Skip alarm for Tags control [90 days] to AWS > Data Pipeline > Pipeline [Deprecated] > Skip alarm for Tags control [90 days]
• AWS > Data Pipeline > Pipeline > Update Tags to AWS > Data Pipeline > Pipeline [Deprecated] > Update Tags

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• Azure > Resource Group > Stack [Native]

Policy Types

• Azure > Resource Group > Stack [Native]
• Azure > Resource Group > Stack [Native] > Drift Detection
• Azure > Resource Group > Stack [Native] > Drift Detection > Interval
• Azure > Resource Group > Stack [Native] > Modifier
• Azure > Resource Group > Stack [Native] > Secret Variables
• Azure > Resource Group > Stack [Native] > Source
• Azure > Resource Group > Stack [Native] > Timeout
• Azure > Resource Group > Stack [Native] > Variables
• Azure > Resource Group > Stack [Native] > Version

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

Bug fixes

• EventBridge rules configured via Event Handlers have been improved to exclude real-time events containing errors from being sent to the Guardrails endpoint. This prevents Guardrails from processing unnecessary error events.
• The default value for the AWS > Region > Connection Region policy did not evaluate correctly for AWS GovCloud accounts. This issue has been resolved.

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > Secrets Manager > Secret > Stack [Native]

Policy Types

• AWS > Secrets Manager > Secret > Stack [Native]
• AWS > Secrets Manager > Secret > Stack [Native] > Drift Detection
• AWS > Secrets Manager > Secret > Stack [Native] > Drift Detection > Interval
• AWS > Secrets Manager > Secret > Stack [Native] > Modifier
• AWS > Secrets Manager > Secret > Stack [Native] > Secret Variables
• AWS > Secrets Manager > Secret > Stack [Native] > Source
• AWS > Secrets Manager > Secret > Stack [Native] > Timeout
• AWS > Secrets Manager > Secret > Stack [Native] > Variables
• AWS > Secrets Manager > Secret > Stack [Native] > Version

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Users can now select the default region when logging in to AWS accounts via Guardrails using Role mode. To get started, set the AWS > Account > Permissions > Default Region policy.

Policy Types

• AWS > Account > Permissions > Default Region

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new

• Initial version of Turbot Guardrails MCP server
• Query resources, controls and types
• Mock and test policy settings and policy packs

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Users can now manage endpoint access for clusters. To get started, set the AWS > EKS > Cluster > Endpoint Access > * policies.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Control Types

• AWS > EKS > Cluster > Endpoint Access

Policy Types

• AWS > EKS > Cluster > Endpoint Access
• AWS > EKS > Cluster > Endpoint Access > CIDR Ranges

Action Types

• AWS > EKS > Cluster > Set Endpoint Access

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Previously, modifying instance identifiers to use different casing while retaining the same name caused Guardrails to incorrectly update the DBInstanceIdentifier and the AKA for the resource. Guardrails will now be smarter to avoid updating these details in CMDB data in such scenarios.

Bug fixes

• The AWS > EC2 > AMI > Discovery control previously failed to fetch all resources, due to the lack of pagination support. This issue has been fixed, and the control will now correctly fetch all available AMIs.

Bug fixes

• Removed unnecessary attributes from the default value of the Kubernetes > Pod > osquery > Configuration > Columns policy, which previously caused churn by unnecessarily triggering the Kubernetes > Pod > CMDB control.

Bug fixes

• Server
  • Removed stray debug logs.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Server
  • Improved error handling for Runnable Monitor and Event Monitor to catch uncaught exceptions.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Control Types:
  • Adjusted the sequence of operations for Turbot > Workspace > Background Tasks to ensure a more reliable and consistent execution flow.

Requirements

• TE: 5.35.4

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Improved the logic in the Table and Configuration Item controls to avoid querying credentials unnecessarily when those controls are skipped.
• Improved the GraphQL input query for the Configuration Item > Record policy to retrieve only the essential details required for the policy's functionality. This enhancement enables Guardrails to evaluate policies more efficiently, improving performance and reducing processing load.

Bug fixes

• CIS controls previously entered an invalid or TBD state when the CMDB controls for associated resources were in a skipped or TBD state, even if the corresponding CIS policies were set to Skip. This issue has been resolved; such controls will now correctly transition to a skipped state.

Bug fixes

• The Azure > Storage > Storage Account > Tags control previously failed to update tags for storage accounts of type StandardV2_LRS. This issue has been resolved, and the control now correctly updates tags for this storage account type.
• The Azure > Storage > Queue > Discovery control previously entered an error state for storage accounts of kind FileStorage. This issue has been resolved, and the control will now be skipped for such storage accounts.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• You can now configure and manage rotation for secrets. To get started, set the AWS > Secrets Manager > Secret > Rotation > * policies.

Control Types

• AWS > Secrets Manager > Secret > Rotation

Policy Types

• AWS > Secrets Manager > Secret > Rotation
• AWS > Secrets Manager > Secret > Rotation > Schedule Expression

Action Types

• AWS > Secrets Manager > Secret > Set Rotation

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Server

  • Reduced the time taken to collect and process data in Account > Statistics, resulting in noticeably faster and a smoother experience.
  • Enhanced the reliability of Turbot > Mod > Runnable Monitor and Turbot > Mod Event Monitor by improving how they handle temporary lock conflicts, ensuring more consistent operation.
  • Fixed an issue where moving a resource between parents could create an incorrect path.
  • Policy packs can now only be attached to resources where it is feasible to attach.

• UI

  • Resolved a layout issue where long resource names could break the detail headers on the Control, Process, and Policy pages.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Guardrails previously upserted DB parameter groups into the CMDB with incorrect casing when they were created using uppercase letters in AWS. This occasionally caused the AWS > RDS > DB Parameter Group > CMDB control to enter an error state due to duplicate AKAs. We have improved the handling of create and copy real-time events for parameter groups to ensure they are now upserted correctly and more reliably.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Bug fixes

• The AWS > VPC > Transit Gateway Attachment > CMDB control would sometimes go into an error state when ResourceOwnerId for the resource was not available in the CMDB data. This is fixed and the control will now work correctly, as expected.

Bug fixes

• Guardrails stack controls that created or claimed IAM roles would sometimes run unnecessarily due to a mismatch in the default value for force_detach_policies in the Terraform mapping for the resource type. We have now removed the conflicting default to prevent such unnecessary executions. You now need to explicitly define force_detach_policies to override the existing Terraform default value (if required by your use case).

What's new?

• You can now configure retention period for log groups. To get started, set the AWS > Logs > Log Group > Retention > * policies.

Control Types

• AWS > Logs > Log Group > Retention

Policy Types

• AWS > Logs > Log Group > Retention
• AWS > Logs > Log Group > Retention > Period

Action Types

• AWS > Logs > Log Group > Update Retention

What's new?

• UI
  • Added support for multiple input queries (with ability to use Nunjucks template functionality) in the calculated policy editor allowing teams to create complex calculated policies involving a pipeline of GraphQL queries.

Bug fixes

• Server

  • Turbot/ReadOnly permission is now sufficient to create, delete, and update favorites.
  • Resolved an issue that was blocking users from running quick actions due to incorrect permission checks.
  • Tightened permissions for smart folder attachments and detachments to prevent unauthorized access.
  • Account/ReadOnly users can now successfully manage favorites, including creation, deletion, and updates.

• UI

  • Policy settings can now be created by users with Account/Admin permission, as intended, instead of incorrectly requiring Account/Owner.
  • Quick action runs no longer fail for users with a single grant due to a UI permission check issue.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Users can now create and manage cloud resources using Terraform 1.x via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > CloudFront > Distribution > Stack [Native]

Policy Types

• AWS > CloudFront > Distribution > Stack [Native]
• AWS > CloudFront > Distribution > Stack [Native] > Drift Detection
• AWS > CloudFront > Distribution > Stack [Native] > Drift Detection > Interval
• AWS > CloudFront > Distribution > Stack [Native] > Modifier
• AWS > CloudFront > Distribution > Stack [Native] > Secret Variables
• AWS > CloudFront > Distribution > Stack [Native] > Source
• AWS > CloudFront > Distribution > Stack [Native] > Timeout
• AWS > CloudFront > Distribution > Stack [Native] > Variables
• AWS > CloudFront > Distribution > Stack [Native] > Version

Bug fixes

• The GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-iam rendered the real-time events filter for Project User resource type incorrectly, which caused the GCP > Logging > Sink > Configured control for Logging sinks created via Event Handlers to go into an error state. This issue is now fixed.
• The GCP > IAM > Project User > CMDB control entered an error state due to incorrect internal references introduced in the previous version of the mod (v5.17.0). This issue has been fixed, and the control now works as expected.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Types:
  • Turbot > Quick Actions > Permission Levels to allow account, azure and gcp as a permission type.
  • Added class: ACCOUNT to Turbot > Notifications > CC > Tag and Turbot > Notifications > CC > Tag > Name.

Bug fixes

• Control Types:
  • The Turbot > Workspace > Usage control will be skipped in GovCloud deployments.

Requirements

• TE: 5.35.4

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Bug fixes

• The GCP > Project > Labels control failed to apply labels to projects according to the GCP > Project > Labels > Template policy. This issue has been fixed.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Internal definitions for the AWS > Organization resource type have been updated. All functionality will continue to work smoothly as before.

Bug fixes

• We've updated internal definitions for Quick Actions on the AWS > S3 > Bucket > Public Access Block control type. All functionality will continue to work smoothly as before.

What's new?

• The AWS > EC2 > Target Group > Discovery control sometimes failed to upsert target groups under gateway load balancers that were not present in the CMDB. This occurred because Guardrails was unable to discover those gateway load balancers due to an outdated list of supported regions. The list has been refreshed for the AWS > EC2 > Gateway Load Balancer resource type, enabling Guardrails to discover and manage these resources across all supported AWS regions.

Bug fixes

• Server

  • Improved how policy values are selected for the priority queue, resulting in faster and more efficient processing.

• UI

  • Pagination and title-based sorting are now supported in policy targets, making navigation smoother.
  • The Permissions modal is more stable and won’t crash if some data is missing.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• CMDB controls for custom tables and records occasionally failed to update data in the CMDB correctly. This issue has been resolved.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Bug fixes

• Server

  • Resolved an issue that was preventing users from logging in via SAML.

• UI

  • Action buttons now show up correctly on the process logs page, whether you’re viewing control or policy.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Added support for Contactable interface in various resource types.

Bug fixes

• We've enhanced event handling to dynamically filter cloud provider events based on the CMDB policy for each resource type. If a resource's CMDB policy is not set to Enforce: Enabled, events for that resource type will be excluded from the event handling configuration. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

What's new?

• Added support to process real-time events for ServiceNow custom tables and their records.
• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

Resource Types

• ServiceNow > Custom
• ServiceNow > Custom > Record
• ServiceNow > Custom > Table

Control Types

• ServiceNow > Custom > Record > CMDB
• ServiceNow > Custom > Record > Discovery
• ServiceNow > Custom > Table > Business Rule
• ServiceNow > Custom > Table > CMDB
• ServiceNow > Custom > Table > Discovery

Policy Types

• ServiceNow > Custom > Record > CMDB
• ServiceNow > Custom > Record > CMDB > Query
• ServiceNow > Custom > Record > CMDB > Title
• ServiceNow > Custom > Table > Business Rule
• ServiceNow > Custom > Table > Business Rule > Name
• ServiceNow > Custom > Table > CMDB
• ServiceNow > Custom > Table > CMDB > Tables

Action Types

• ServiceNow > Custom > Record > Router

What's new?

• The AWS > Region > Discovery > Connection Region policy has been deprecated and will be removed in the next major version of the mod (v6.0.0). Two new policies, AWS > Account > Connection Region [Default] and AWS > Region > Connection Region, have been introduced. These policies streamline connection region management across all global resource types in various services. For the deprecated AWS > Region > Discovery > Connection Region policy, we recommend migrating existing settings to the AWS > Region > Connection Region policy if you intend to define a connection region for discovering Region resources. Alternatively, you may configure the AWS > Account > Connection Region [Default] policy, which serves as the default region for discovering all global resources across services in your account.

Policy Types

• AWS > Account > Connection Region [Default]
• AWS > Region > Connection Region

Renamed

• AWS > Region > Discovery > Connection Region to AWS > Region > Discovery > Connection Region [Deprecated]

What's new?

• You can now configure a connection region to allow Guardrails to fetch details for S3 accounts in CMDB. To get started, set the AWS > S3 > Connection Region policy. This policy defaults to the value of the AWS > Account > Connection Region [Default] policy, which can be used to define a default connection region for all global resources in an account.

Policy Types

• AWS > S3 > Connection Region

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Guardrails previously processed the organizations:MoveAccount real-time event incorrectly for individually imported management accounts, inadvertently deleting them from the CMDB. We have tightened the validation checks to prevent such deletions in these cases.

Bug fixes

• Discovery controls for various SageMaker resources previously attempted to fetch a maximum of 10 resources per API call, which occasionally led to throttling when a high number of resources existed in the account. This limit has now been increased to 100 (the maximum supported by the APIs) to enable the Discovery controls to retrieve all resources without errors and upsert them into the CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• We have improved event handling configuration to filter AWS Organization events that Guardrails listens for, based on the CMDB policies for resource types. If the CMDB policy for a resource type is not set to Enforce: Enabled, the EventBridge rule for Organizations will exclude events for that resource type.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Server
  • Introducing scoped Account/* permissions to help application teams manage their own accounts.
  • Notifications routing based on permissions.

Bug fixes

• Server

  • Controls no longer crashes when there's a parsing issue in rule-based notifications. Instead, it logs the error gracefully and continues running.
  • Fixed a problem where certain operations could trigger a "callback already called" error, improving overall reliability of caching.
  • The Type Installed control now spreads events over time to reduce the likelihood of API throttling during large-scale installations or updates.
  • Guardrails now skips storing resource tags larger than 1 KB to ensure only valid tags are saved and to avoid potential issues later.
  • The osquery worker now correctly uses the TURBOT_RDS_SSL_FILE environment variable to point to the right certificate file, fixing an issue where it previously referenced the wrong path.
  • To improve reliability and performance, Guardrails prioritizes events in the order Type Installed > Policies > Scheduled Actions > Controls.
  • Resolved an issue where authenticated users without the appropriate permissions were able to access process logs.

• UI

  • Switching between self and descendant modes no longer clears existing filter configurations — your selections will now persist as expected.

Account Permissions

Introduced a new category of permissions — Account/ — designed specifically for application teams who need limited visibility and control over resources within their own accounts. These are distinct from the Turbot/ permissions used by governance teams.

• Account levels:

  • Account/Owner
  • Account/Admin
  • Account/Operator
  • Account/ReadOnly

• These levels are now explained alongside Turbot/* levels, with clear usage guidance:

  • Turbot/* — for managing the Guardrails platform
  • Account/* — for managing resources and notifications within cloud accounts

Notification Routing to Guardrails Profiles

You can now route notifications to Guardrails user profiles dynamically based on resource permissions — a major upgrade from static email/webhook targeting. This allows for context-aware delivery to users like Account Owners or Admins.

• Supported formats:
  • Specific roles like Account/Owner, Turbot/Owner
  • Wildcards like Account/*
  • Special role Account/CC for tagging-based routing
  • Use case:
    • Automatically notify account teams responsible for a resource, based on their assigned permission

Access Controls Refined for Process Logs

Access to process logs is now restricted to users with appropriate permissions, specifically those with Turbot/Metadata or higher.

Previously, any authenticated user could retrieve process logs via the API. This behavior has been corrected to align with expected permission boundaries and prevent overexposure of operational data.

Requirements

• TEF: 1.66.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Cleaned up unnecessary help messages from AWS > VPC > Security Group Rule > CMDB control.

Bug fixes

• The GCP > IAM > Service Account > CMDB control would sometimes enter a skipped state for newly imported projects if certain required attributes were missing from the IAM service's CMDB data. The control will now go into a TBD state instead and rerun after five minutes to allow the IAM service's CMDB data to populate correctly for newly imported projects.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Guardrails would sometimes ignore the GCP > BigQuery > Table > CMDB policy set to Enforce: Disabled and still upsert table resources via real-time events in CMDB. These resources were subsequently cleaned up by the CMDB control. This issue has been resolved, and the CMDB policy will now be correctly respected before upserting resources.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Types:
  • Turbot > Notifications > Email > CC
  • Turbot > Notifications > Email > CC > Tag
  • Turbot > Notifications > Email > CC > Tag > Name
  • Updated Turbot > Workspace > Retention > Activity Retention to 90 days
  • Updated default policy for Turbot > Notifications > Rule-Based Routing updated to use Account/* as the default recipient profile.
  • Relaxed the regex for MS teams webhook URL in Turbot > Notifications > Rule-Based Routing to allow broader URL formats.

Turbot > Workspace > Retention > Activity Retention

The default retention period for activity has been updated to 90 days (previously unlimited)

Storing too much historical activity data can slow down the system and increase storage costs. By setting a 90-day default, we ensure:

• Faster queries and improved UI performance
• A better balance between data retention and storage efficiency

Need more or less retention? You can adjust based on your needs:

For self-hosted environments, the 90-day default will apply when upgrading to @turbot/turbot version 5.51.0 or higher, unless a custom retention policy is set.

Requirements

• TE: 5.35.4

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.
• Added support for af-south-1, ap-east-1, ap-southeast-3, ap-southeast-5, ap-southeast-7, ca-west-1, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1 and me-south-1 regions in the AWS > Lambda > Regions policy.
• Corrected the region in the AWS > Lambda > Function Alias > Regions policy by updating us-west-3 to the correct region, us-west-2.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated internal dependencies and now use newer Azure SDK versions to discover and manage Security Center resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing settings to refer to the updated attributes as mentioned below:

Added:

• policy.enforcementMode
• policy.nonComplianceMessages
• policy.systemData

Removed:

• policy.sku

Renamed:

• settings[*].properties.enabled to settings[*].enabled

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Real-time delete events for topics would sometimes result in the deletion of subscriptions under a different topic in the CMDB. This issue has been fixed, and subscriptions are now cleaned up more reliably than before.

Bug fixes

• The AWS > MySQL > Server > CMDB policy will now be set to Skip by default because the resource type has been deprecated and will be removed in the next major version. Please check Single Server retirement for more information.

Resource Types

Renamed

• Azure > MySQL > Server to Azure > MySQL > Server [Deprecated]

Control Types

Renamed

• Azure > MySQL > Server > Active to Azure > MySQL > Server [Deprecated] > Active
• Azure > MySQL > Server > Approved to Azure > MySQL > Server [Deprecated] > Approved
• Azure > MySQL > Server > CMDB to Azure > MySQL > Server [Deprecated] > CMDB
• Azure > MySQL > Server > Discovery to Azure > MySQL > Server [Deprecated] > Discovery
• Azure > MySQL > Server > Encryption in Transit to Azure > MySQL > Server [Deprecated] > Encryption in Transit
• Azure > MySQL > Server > Tags to Azure > MySQL > Server [Deprecated] > Tags

Policy Types

Renamed

• Azure > MySQL > Server > Active to Azure > MySQL > Server [Deprecated] > Active
• Azure > MySQL > Server > Active > Age to Azure > MySQL > Server [Deprecated] > Active > Age
• Azure > MySQL > Server > Active > Last Modified to Azure > MySQL > Server [Deprecated] > Active > Last Modified
• Azure > MySQL > Server > Approved to Azure > MySQL > Server [Deprecated] > Approved
• Azure > MySQL > Server > Approved > Custom to Azure > MySQL > Server [Deprecated] > Approved > Custom
• Azure > MySQL > Server > Approved > Regions to Azure > MySQL > Server [Deprecated] > Approved > Regions
• Azure > MySQL > Server > Approved > Usage to Azure > MySQL > Server [Deprecated] > Approved > Usage
• Azure > MySQL > Server > CMDB to Azure > MySQL > Server [Deprecated] > CMDB
• Azure > MySQL > Server > Encryption in Transit to Azure > MySQL > Server [Deprecated] > Encryption in Transit
• Azure > MySQL > Server > Regions to Azure > MySQL > Server [Deprecated] > Regions
• Azure > MySQL > Server > Tags to Azure > MySQL > Server [Deprecated] > Tags
• Azure > MySQL > Server > Tags > Template to Azure > MySQL > Server [Deprecated] > Tags > Template

Action Types

Removed

• Azure > MySQL > Server > Delete
• Azure > MySQL > Server > Router
• Azure > MySQL > Server > Set Tags
• Azure > MySQL > Server > Update Encryption in Transit

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• We have improved our event handling configuration to filter AWS SQS events that Guardrails listens for based on the AWS > SQS > Queue > CMDB policy. If the CMDB policy is not set to Enforce: Enabled, the EventBridge rule for SQS will not be configured, preventing events for that resource type. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Policy Types

• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-sqs

Removed

• AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-sqs

What's new?

• Added S3 Lifecycle rules for Hive bucket.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

Bug fixes

• The AWS > Turbot > IAM stack control occasionally encountered an error while attaching tags with special characters to Guardrails-managed users and roles. This issue is now fixed.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The Azure > Compute > Disk > Discovery control occasionally encountered an error while upserting attached disks under VMs that were not available in Guardrails CMDB. Now, all disks will be upserted under their respective resource groups, ensuring the Discovery control functions more smoothly and reliably than before.

What's new?

• Added a new SSM parameter to forward the DB logs to CloudWatch log group.
• Added support for postgres version 16.5, 16.6, 16.7 and 16.8.
• Updated defaults for database and cache instances
  • Database instance type: Default updated to db.m6g.large.
  • Allocated database storage: Default increased to 400 GB.
  • Storage throughput: Default set to 500 MB/s.
  • Database engine parameter group family: Now defaults to postgres16.
  • Database engine version: Updated to 16.4.
  • Cache node type: Default updated to cache.r6g.large.
  • Allocated IOPS: Default increased to 12,000.
  • DB parameter group: Now defaults to HiveParamGroup16.
  • Shared buffer: Default set to {DBInstanceClassMemory/20480} for optimized performance.
  • Maximum statement duration: Default updated to 600,000 ms (10 minutes) to improve query execution limits.

What's new?

• Added parameter to manage ALB timeout, allowing better control over request handling.
• Added parameter to customize API Gateway domain name. For backward compatibility, the default value remains gateway.
• Added parameter to control message rate in the queue, enabling better queue message management.
• S3 Lifecycle Rules now automatically enable ‘Expired Object Delete Markers’ for cleanup and remove incomplete multipart uploads after 7 days to prevent storage waste.
• HOP limit increased to 2 for improved request forwarding.
• Route53 Record for API Gateway now includes the GatewayPrefix to enhance routing accuracy.

Bug fixes

• Guardrails would fail to process real-time delete events for subscriptions. This is now fixed.
• Fixed pagination for Azure > Turbot > Event Poller control.
• Real-time Microsoft.Resources tagging events will now be processed only for subscriptions and resource groups, and will be ignored for other resource types. This will avoid unnecessary triggers for subscription & resource group router actions.

What's new?

• Server
  • Added multi region KMS encryption for Tenant Master Key.
  • Guardrails now provides an override parameter at the TE level to configure API and Event container memory reservations, improving ECS task scaling and resource flexibility.

Multi Region KMS Key

Starting from TEF v1.65.0 and TE v5.49.0, a new multi-region KMS key is created at the TEF level.

When workspaces are upgraded to TE v5.49.0, Guardrails use this new key to re-encrypt the existing Tenant Master Key within the workspaces. The Tenant Master Key itself remains unchanged-only its encryption is updated. The previous version, encrypted with a regional KMS key, remains available.

If a workspace is downgraded to TE v5.48.0, the multi-region encryption persists. Upon re-upgrading to TE v5.49.0, re-encryption does not occur again.

This process works seamlessly unless TEF is downgraded to a version earlier than v1.65.0.

Requirements

• TEF: 1.65.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Added contactable interface.
• New policy type classes GUARDRAIL, SETTING, and ACCOUNT have been introduced to define the scope of policies.

Requirements

• TE: 5.35.4

What's new?

• UI
  • Update controls trend graph to use the latest counts.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• You can now filter ServiceNow records using encoded query strings and discover them in Guardrails. To get started, set the CMDB > Query policy for various resource types. For more details, refer to the ServiceNow documentation on encoded query strings.

Policy Types

• ServiceNow > Application > CMDB > Query
• ServiceNow > Cost Center > CMDB > Query
• ServiceNow > User > CMDB > Query

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

Bug fixes

• Filter policies for real-time events will now evaluate correctly if CMDB policies for resource types are set to Skip or Enforce: Disabled.

Bug fixes

• The GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-storage policy now respects CMDB policy settings for resource types and filters out real-time events when the policies are set to Skip or Enforce: Disabled. We recommend upgrading the gcp mod to v5.30.2 or higher in order to process real-time events correctly.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.