What's new?

• Added the AWS > EC2 > Snapshot > CMDB > Excluded Services policy, a multi-select list (AWS Backup, AWS Elastic Disaster Recovery, AWS Application Migration Service) whose service-managed snapshots should be excluded from CMDB. Selected services are skipped at discovery and removed from CMDB on the next run, identified by the service-managed tag each one applies. This is now the recommended way to exclude service-managed snapshots; the existing Enabled for Snapshots not created with AWS Backup option still works and composes with this policy.
• Added the AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-ec2 > Excluded Roles policy. Set this to a list of IAM role names (e.g. AWS DRS or AWS MGN replication roles) to drop their aws.ec2 CloudTrail events at EventBridge before they reach Guardrails. Defaults to an empty list, so behavior is unchanged unless configured.

Policy Types

• AWS > EC2 > Snapshot > CMDB > Excluded Services
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-ec2 > Excluded Roles