Changelog

Subscribe to all changelog posts via RSS or follow #changelog on our Slack community to stay updated on everything we ship.

Bug fixes

  • The Azure > SQL > Server > CMDB control occasionally deleted servers from Guardrails CMDB when they used the SQL authentication method. This issue has been fixed, and such resources will no longer be removed from the CMDB.

What's new?

  • Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

  • Azure > Network > Virtual Network > Stack [Native] > Drift Detection
  • Azure > Network > Virtual Network > Stack [Native] > Drift Detection > Interval
  • Azure > Network > Virtual Network > Stack [Native] > Timeout
  • Azure > Network > Virtual Network > Stack [Native] > Version

What's new?

  • Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

  • AWS > VPC > Stack [Native] > Drift Detection
  • AWS > VPC > Stack [Native] > Drift Detection > Interval
  • AWS > VPC > Stack [Native] > Timeout
  • AWS > VPC > Stack [Native] > Version
  • AWS > VPC > VPC > Stack [Native] > Drift Detection
  • AWS > VPC > VPC > Stack [Native] > Drift Detection > Interval
  • AWS > VPC > VPC > Stack [Native] > Timeout
  • AWS > VPC > VPC > Stack [Native] > Version

What's new?

  • Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

  • AWS > S3 > Bucket > Stack [Native] > Drift Detection
  • AWS > S3 > Bucket > Stack [Native] > Drift Detection > Interval
  • AWS > S3 > Bucket > Stack [Native] > Timeout
  • AWS > S3 > Bucket > Stack [Native] > Version

What's new?

  • Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

  • AWS > IAM > Stack [Native] > Drift Detection
  • AWS > IAM > Stack [Native] > Drift Detection > Interval
  • AWS > IAM > Stack [Native] > Timeout
  • AWS > IAM > Stack [Native] > Version

What's new?

  • Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

  • GCP > Project > Stack [Native] > Drift Detection
  • GCP > Project > Stack [Native] > Drift Detection > Interval
  • GCP > Project > Stack [Native] > Timeout
  • GCP > Project > Stack [Native] > Version

What's new?

  • Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

  • Azure > Subscription > Stack [Native] > Drift Detection
  • Azure > Subscription > Stack [Native] > Drift Detection > Interval
  • Azure > Subscription > Stack [Native] > Timeout
  • Azure > Subscription > Stack [Native] > Version

What's new?

  • Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

  • AWS > Account > Stack [Native] > Drift Detection
  • AWS > Account > Stack [Native] > Drift Detection > Interval
  • AWS > Account > Stack [Native] > Timeout
  • AWS > Account > Stack [Native] > Version
  • AWS > Region > Stack [Native] > Drift Detection
  • AWS > Region > Stack [Native] > Drift Detection > Interval
  • AWS > Region > Stack [Native] > Timeout
  • AWS > Region > Stack [Native] > Version

Bug fixes

  • Server
    • Added support for OpenTofu 1.x (open-source Terraform) integration via Guardrail.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Server
    • Added support for OpenTofu v1.8.3 (open source Terraform) container to run Stack [Native] controls.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

  • GCP > Project > Stack [Native]

Policy Types

  • GCP > Project > Stack [Native]
  • GCP > Project > Stack [Native] > Modifier
  • GCP > Project > Stack [Native] > Secret Variables
  • GCP > Project > Stack [Native] > Source
  • GCP > Project > Stack [Native] > Variables

What's new?

  • Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

  • Azure > Subscription > Stack [Native]

Policy Types

  • Azure > Subscription > Stack [Native]
  • Azure > Subscription > Stack [Native] > Modifier
  • Azure > Subscription > Stack [Native] > Secret Variables
  • Azure > Subscription > Stack [Native] > Source
  • Azure > Subscription > Stack [Native] > Variables

What's new?

  • Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

  • Azure > Network > Virtual Network > Stack [Native]

Policy Types

  • Azure > Network > Virtual Network > Stack [Native]
  • Azure > Network > Virtual Network > Stack [Native] > Modifier
  • Azure > Network > Virtual Network > Stack [Native] > Secret Variables
  • Azure > Network > Virtual Network > Stack [Native] > Source
  • Azure > Network > Virtual Network > Stack [Native] > Variables

What's new?

  • Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

  • AWS > VPC > Stack [Native]
  • AWS > VPC > VPC > Stack [Native]

Policy Types

  • AWS > VPC > Stack [Native]
  • AWS > VPC > Stack [Native] > Modifier
  • AWS > VPC > Stack [Native] > Secret Variables
  • AWS > VPC > Stack [Native] > Source
  • AWS > VPC > Stack [Native] > Variables
  • AWS > VPC > VPC > Stack [Native]
  • AWS > VPC > VPC > Stack [Native] > Modifier
  • AWS > VPC > VPC > Stack [Native] > Secret Variables
  • AWS > VPC > VPC > Stack [Native] > Source
  • AWS > VPC > VPC > Stack [Native] > Variables

What's new?

  • Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

  • AWS > Account > Stack [Native]
  • AWS > Region > Stack [Native]

Policy Types

  • AWS > Account > Stack [Native]
  • AWS > Account > Stack [Native] > Modifier
  • AWS > Account > Stack [Native] > Secret Variables
  • AWS > Account > Stack [Native] > Source
  • AWS > Account > Stack [Native] > Variables
  • AWS > Region > Stack [Native]
  • AWS > Region > Stack [Native] > Modifier
  • AWS > Region > Stack [Native] > Secret Variables
  • AWS > Region > Stack [Native] > Source
  • AWS > Region > Stack [Native] > Variables

What's new?

  • Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

  • AWS > S3 > Bucket > Stack [Native]

Policy Types

  • AWS > S3 > Bucket [Native]
  • AWS > S3 > Bucket [Native] > Modifier
  • AWS > S3 > Bucket [Native] > Secret Variables
  • AWS > S3 > Bucket [Native] > Source
  • AWS > S3 > Bucket [Native] > Variables

What's new?

  • Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

  • AWS > IAM > Stack [Native]

Policy Types

  • AWS > IAM > Stack [Native]
  • AWS > IAM > Stack [Native] > Modifier
  • AWS > IAM > Stack [Native] > Secret Variables
  • AWS > IAM > Stack [Native] > Source
  • AWS > IAM > Stack [Native] > Variables

Bug fixes

  • The real-time Event Handlers would fail to update details for Flow Logs attached to Virtual Networks. This is now fixed.

Bug fixes

  • Guardrails would fail to update CMDB for virtual networks when flow logs were created or removed from such resources. This is now fixed.

Bug fixes

  • The AWS > VPC > VPC > Flow Logging control previously attempted to destroy and recreate flow logs with CloudWatch log groups as the destination on successive runs due to an incorrect ARN reference to the log destination. This issue is now fixed, and the control will no longer unnecessarily destroy and recreate flow logs in such cases.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

  • We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

  • We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

  • In a previous version, we resolved an issue in the Azure > Compute > Virtual Machine Scale Set > Tags control to ensure tags were updated correctly for Scale Sets launched via the Azure Marketplace. However, the control occasionally failed to update tags for Scale Sets on certain purchase plans. This issue has now been addressed, and the control will update tags correctly and reliably for all types of Scale Sets.

Bug fixes

  • We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

  • We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

  • We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

  • UI
    • Updated the filter logic on the Reports page for more accurate results.
    • Resolved an issue where resource links in the Permissions section redirected to the profile page instead of the resource page when grouped by resources.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Users can now define a list of events to filter out while polling for events using the Azure > Turbot > Event Poller. To get started, set the Azure > Turbot > Event Poller > Excluded Events policy.

Policy Types

  • Azure > Turbot > Event Poller > Excluded Events

What's new?

  • Users can now check and enforce SQS SSE for queue encryption. To get started, configure the AWS > SQS > Queue > Encryption at Rest policy to one of the following values: Check: SQS SSE, Check: SQS SSE or higher, Enforce: SQS SSE or Enforce: SQS SSE or higher.

What's new?

  • Check if Kubernetes clusters are approved for use via Guardrails. To get started, set the Kubernetes > Cluster > Approved > * policies.

Control Types

  • Kubernetes > Cluster > Approved

Policy Types

  • Kubernetes > Cluster > Approved
  • Kubernetes > Cluster > Approved > Custom

Bug fixes

  • The Azure > App Service > Function App > HTTPS Only control would sometime fail to enable the setting in Azure. This is now fixed.

Bug fixes

  • The GCP > Compute Engine > Instance > Serial Port Access and GCP > Compute Engine > Instance > Block Project Wide SSH Keys controls would sometimes go into an error state due to incorrect references to CMDB attributes. This is fixed and the controls will now work as expected.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

  • Guardrails would fail to delete unapproved ingress rules when the Azure > Network > Network Security Group > Ingress Rules > Approved policy was set to Enforce: Delete unapproved. This is now fixed.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

  • Guardrails would sometimes update the createTimestamp for Web Apps and Function Apps incorrectly when processing update events for these resources. We have updated the internal logic to ensure the createTimestamp is now updated correctly and more reliably than before.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

  • Disks created alongside VMs sometimes lacked createdBy details in their metadata. The internal logic has been updated to ensure createdBy details are added more reliably for these disks.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

  • The GCP > IAM > Service Account Key > Active control has been updated to use validAfterTime instead of metadata.createTimestamp to accurately evaluate the age of the resource.

What's new?

  • The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

  • Users can now check and delete DB clusters that are not approved for use if they lack encryption at rest. To get started, set the AWS > RDS > DB Cluster > Approved > Encryption at Rest > * policies.

Policy Types

  • AWS > RDS > DB Cluster > Approved > Encryption at Rest
  • AWS > RDS > DB Cluster > Approved > Encryption at Rest > Customer Managed Key

What's new?

  • Users can now check if their account spend is On Target per Budget. To get started, set the AWS > Account > Budget > Enabled policy to Check: Budget > State is On Target.

Bug fixes

  • UI
    • Resolved an issue where reports pages could crash if certain information was null

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Server
    • Resolved an issue where actor information was not being passed correctly during the process execution, ensuring accurate tracking and processing of actor-related data.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The AWS > VPC > Route > CMDB control would go into an error state due to an incorrect use of a function from an internal node package. This is now fixed.

Bug fixes

  • Guardrails would sometimes update the createdBy details for storage accounts due to mishandled real-time update events. This issue has been fixed, and createdBy details will now be stored more reliably and consistently than before.
  • In a previous version, we inadvertently introduced a bug that prevented the createTimestamp details from being stored in the metadata of new storage accounts upserted in Guardrails CMDB. This issue has now been resolved, and createTimestamp details are now stored correctly and reliably.

What's new?

  • Resource's metadata will now also include createdBy details in Guardrails CMDB.

Bug fixes

  • The AWS > VPC > VPC > Flow Logging control would sometimes fail to update flow logs if the Max Aggregation Interval in the stack's source policy was updated. This is fixed and the stack control will now update such resources correctly, as expected.

What's new?

  • Users can now configure the maximum aggregation interval in the AWS > VPC > VPC > Flow Logging control. To get started, set the AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval policy and/or AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval policy.

Policy Types

  • AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval
  • AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval

Resource Types

  • Azure > SQL > Managed Instance

Control Types

  • Azure > SQL > Managed Instance > Active
  • Azure > SQL > Managed Instance > Approved
  • Azure > SQL > Managed Instance > CMDB
  • Azure > SQL > Managed Instance > Discovery
  • Azure > SQL > Managed Instance > Tags

Policy Types

  • Azure > SQL > Managed Instance > Active
  • Azure > SQL > Managed Instance > Active > Age
  • Azure > SQL > Managed Instance > Active > Last Modified
  • Azure > SQL > Managed Instance > Approved
  • Azure > SQL > Managed Instance > Approved > Custom
  • Azure > SQL > Managed Instance > Approved > Regions
  • Azure > SQL > Managed Instance > Approved > Usage
  • Azure > SQL > Managed Instance > CMDB
  • Azure > SQL > Managed Instance > Regions
  • Azure > SQL > Managed Instance > Tags
  • Azure > SQL > Managed Instance > Tags > Template

Action Types

  • Azure > SQL > Managed Instance > Delete
  • Azure > SQL > Managed Instance > Router
  • Azure > SQL > Managed Instance > Set Tags

Bug fixes

  • Controls previously targeting the AWS > IAM > Credential Report resource type have now been updated to target either the AWS > IAM > Root or AWS > IAM > User resource types, depending on the specific control requirements. This adjustment more accurately aligns each control with the relevant resources, enabling more precise and targeted checks.

Bug fixes

  • The Azure > Security Center > Security Center > Auto Provisioning control is now deprecated and will now move to an Invalid state if enforcements are applied. This follows the deprecation plan announcement from Azure. The control will be removed in a future mod version.

Control Types

Renamed

  • Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]

Policy Types

Renamed

  • Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]

Action Types

Removed

  • Azure > Security Center > Security Center > Update Auto Provisioning

What's new?

Control Types

  • Kubernetes > CronJob > ServiceNow > Import Set
  • Kubernetes > DaemonSet > ServiceNow > Import Set
  • Kubernetes > Ingress > ServiceNow > Import Set
  • Kubernetes > Job > ServiceNow > Import Set
  • Kubernetes > Persistent Volume > ServiceNow > Import Set
  • Kubernetes > ReplicationController > ServiceNow > Import Set
  • Kubernetes > StatefulSet > ServiceNow > Import Set

Policy Types

  • Kubernetes > CronJob > ServiceNow > Import Set
  • Kubernetes > CronJob > ServiceNow > Import Set > Archive Columns
  • Kubernetes > CronJob > ServiceNow > Import Set > Insert Mode
  • Kubernetes > CronJob > ServiceNow > Import Set > Record
  • Kubernetes > CronJob > ServiceNow > Import Set > Table Name
  • Kubernetes > DaemonSet > ServiceNow > Import Set
  • Kubernetes > DaemonSet > ServiceNow > Import Set > Archive Columns
  • Kubernetes > DaemonSet > ServiceNow > Import Set > Insert Mode
  • Kubernetes > DaemonSet > ServiceNow > Import Set > Record
  • Kubernetes > DaemonSet > ServiceNow > Import Set > Table Name
  • Kubernetes > Ingress > ServiceNow > Import Set
  • Kubernetes > Ingress > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Ingress > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Ingress > ServiceNow > Import Set > Record
  • Kubernetes > Ingress > ServiceNow > Import Set > Table Name
  • Kubernetes > Job > ServiceNow > Import Set
  • Kubernetes > Job > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Job > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Job > ServiceNow > Import Set > Record
  • Kubernetes > Job > ServiceNow > Import Set > Table Name
  • Kubernetes > Persistent Volume > ServiceNow > Import Set
  • Kubernetes > Persistent Volume > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Persistent Volume > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Persistent Volume > ServiceNow > Import Set > Record
  • Kubernetes > Persistent Volume > ServiceNow > Import Set > Table Name
  • Kubernetes > ReplicationController > ServiceNow > Import Set
  • Kubernetes > ReplicationController > ServiceNow > Import Set > Archive Columns
  • Kubernetes > ReplicationController > ServiceNow > Import Set > Insert Mode
  • Kubernetes > ReplicationController > ServiceNow > Import Set > Record
  • Kubernetes > ReplicationController > ServiceNow > Import Set > Table Name
  • Kubernetes > StatefulSet > ServiceNow > Import Set
  • Kubernetes > StatefulSet > ServiceNow > Import Set > Archive Columns
  • Kubernetes > StatefulSet > ServiceNow > Import Set > Insert Mode
  • Kubernetes > StatefulSet > ServiceNow > Import Set > Record
  • Kubernetes > StatefulSet > ServiceNow > Import Set > Table Name

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • Removed unused node package dependencies for tenant lambda functions.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

What's new?

Policy Types

  • GCP > Compute Engine > Disk > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Health Check > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Image > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Instance > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Node Group > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Node template > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Project > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Insert Mode
  • GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Insert Mode

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In version 5.5.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Security Center resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.
  • The Azure > Security Center > Security Center > CMDB control would go into an error state if it was not able to fetch policy assignment details correctly. This issue has now been fixed.

Bug fixes

  • In version 5.8.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Monitor resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.

Bug fixes

  • In version 5.9.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing DNS resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

Bug fixes

  • In version 5.18.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Compute resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

Bug fixes

  • In version 5.4.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing API Management resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

What's new?

  • We've updated internal dependencies and now use the new authentication method to discover and manage Automation resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

  • In v5.3.1, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Key Vault resources in Guardrails. This release includes breaking changes in the CMDB data for key, and secret. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below:

KeyVault > Vault

Added :

  • enableSoftDelete
  • publicNetworkAccess
  • enableRbacAuthorization

KeyVault > Key

Added :

  • hsmPlatform

Removed:

  • key.e
  • key.n

KeyVault > Secret

Modified :

  • ID property does not contain the secret version.

Removed:

  • expires
  • updated
  • created

Bug fixes

  • The Azure > Key Vault > Key > CMDB control would go into an error state while fetching key rotation policy details for managed keys. The control will no longer attempt to fetch the key rotation policy details for such keys and will work as expected.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • Added support for PostgresSQL 16.
  • Added support for custom hive key.
  • Default database engine version changed to 15.7.
  • Default cache engine version set to 7.1.
  • M4 and R4 instance types removed from the supported database instance list due to deprecation.

What's new?

  • Server

    • Introduced Activity Retention feature for Smart Retention control to enhance version and data management.
  • UI

    • Support for downloading AWS CloudFormation templates directly from the AWS import page.

Bug fixes

  • Server

    • Resolved controls getting stuck when Notify or Ignore keywords were missing in the notification rules.
  • UI

    • The + button for adding permissions now correctly applies the appropriate attributes.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Policy Types:

    • Turbot > Workspace > Retention > Activity Purge Limit.
    • Turbot > Workspace > Retention > Activity Retention.
  • Control Types:

    • Add support to Turbot > Smart Retention control to enhance version and data management.

Requirements

  • TE: 5.35.4

What's new?

  • You can now check if flexible servers have a TLS version setting of 1.2 or higher enabled. To get started, set the Azure > MySQL > Flexible Server > Set Minimum TLS Version policy to Check: TLS 1.2 or higher.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage resources in Guardrails. This release includes breaking changes in the CMDB data for Azure. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Azure > Management Group

Modified :

  • The value of type property is updated as type: Microsoft.Management/managementGroups, earlier it was /providers/Microsoft.Management/managementGroups

What's new?

  • We've updated internal dependencies and now use the new authentication method to discover and manage SQL Virtual Machine resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage SQL resources in Guardrails. This release includes breaking changes in the CMDB data for server, database, and elasticpool. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below:

Renamed:

  • transparentDataEncryption.status to transparentDataEncryption.state
  • databaseThreatDetectionPolicy to databaseSecurityAlertPolicy

Added:

Azure SQL > Server

  • Added administrators block
  • isManagedIdentityInUse
  • autoRotationEnabled
  • externalGovernanceStatus
  • minimalTlsVersion
  • privateEndpointConnections
  • publicNetworkAccess
  • restrictOutboundNetworkAccess
  • serverAzureADAdministrator.azureADOnlyAuthentication

Azure SQL > Database

  • availabilityZone
  • currentBackupStorageRedundancy
  • databaseSecurityAlertPolicy. creationTime
  • transparentDataEncryption.location
  • isInfraEncryptionEnabled
  • isLedgerOn
  • maintenanceConfigurationId
  • requestedBackupStorageRedundancy
  • maintenanceConfigurationId

Azure SQL > ElasticPool

  • maintenanceConfigurationId

Modified:

  • The value of the attribute serverAzureADAdministrator.name has been changed from string (activeDirectory) to string (ActiveDirectory).
  • The data type of the attribute databaseThreatDetectionPolicy.disabledAlerts has been changed from string ("") to object ([]).
  • The data type of the attribute databaseThreatDetectionPolicy.emailAddresses has been changed from string ("") to object ([]).
  • The data type of the attribute databaseThreatDetectionPolicy.emailAccountAdmins has been changed from string (Disabled/Enabled) to boolean (false/true).
  • The data type of the attribute disabledAlerts has been changed from string ("") to object ([]).

Removed:

  • databaseThreatDetectionPolicy.useServerDefault

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Resource Providers in Guardrails.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Network resources in Guardrails.

Network > NetworkInterface

Added :

  • auxiliaryMode
  • auxiliarySku
  • kind
  • disableTcpStateTracking

Network > PrivateDNSZone

Added :

  • internalId

Network > VirtualNetworkGateway

Added :

  • allowVirtualWanTraffic
  • allowRemoteVnetTraffic

Modified :

  • activeActive property updated as active

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Monitor resources in Guardrails. This release includes changes in the CMDB data for action groups.

Added:

  • tags
  • kind

Resource Types

  • Azure > Monitor > Metric Alert

Control Types

  • Azure > Monitor > Action Group > Tags
  • Azure > Monitor > Metric Alert > Active
  • Azure > Monitor > Metric Alert > Approved
  • Azure > Monitor > Metric Alert > CMDB
  • Azure > Monitor > Metric Alert > Discovery
  • Azure > Monitor > Metric Alert > Tags

Policy Types

  • Azure > Monitor > Action Group > Tags
  • Azure > Monitor > Action Group > Tags > Template
  • Azure > Monitor > Metric Alert > Active
  • Azure > Monitor > Metric Alert > Active > Age
  • Azure > Monitor > Metric Alert > Active > Last Modified
  • Azure > Monitor > Metric Alert > Approved
  • Azure > Monitor > Metric Alert > Approved > Custom
  • Azure > Monitor > Metric Alert > Approved > Usage
  • Azure > Monitor > Metric Alert > CMDB
  • Azure > Monitor > Metric Alert > Tags
  • Azure > Monitor > Metric Alert > Tags > Template
  • Azure > Monitor > Tags Template [Default]

Action Types

  • Azure > Monitor > Action Group > Set Tags
  • Azure > Monitor > Metric Alert > Delete
  • Azure > Monitor > Metric Alert > Router
  • Azure > Monitor > Metric Alert > Set Tags

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Managed Identity resources in Guardrails. This release includes changes in the CMDB data as below.

Removed:

  • clientSecretUrl

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Log Analytics resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage IAM resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Firewall resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage CosmosDB resources in Guardrails.

Added:

createMode

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The AWS > Account > Budget > Budget control would enter an error state for US Gov cloud accounts because the budget APIs are not supported for these accounts. We have updated the control to avoid making these API calls and instead rely on the AWS > Account > Budget > State policy being updated periodically, allowing the control to evaluate the outcome correctly.

What's new?

  • You can now configure and manage CI Relationships for various Kubernetes resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

  • Kubernetes > Cluster > ServiceNow > Relationships
  • Kubernetes > ConfigMap > ServiceNow > Relationships
  • Kubernetes > CronJob > ServiceNow > Relationships
  • Kubernetes > DaemonSet > ServiceNow > Relationships
  • Kubernetes > Deployment > ServiceNow > Relationships
  • Kubernetes > Ingress > ServiceNow > Relationships
  • Kubernetes > Job > ServiceNow > Relationships
  • Kubernetes > Namespace > ServiceNow > Relationships
  • Kubernetes > Node > ServiceNow > Relationships
  • Kubernetes > Persistent Volume > ServiceNow > Relationships
  • Kubernetes > Pod > ServiceNow > Relationships
  • Kubernetes > ReplicaSet > ServiceNow > Relationships
  • Kubernetes > ReplicationController > ServiceNow > Relationships
  • Kubernetes > Service > ServiceNow > Relationships
  • Kubernetes > StatefulSet > ServiceNow > Relationships

Policy Types

  • Kubernetes > Cluster > ServiceNow > Relationships
  • Kubernetes > Cluster > ServiceNow > Relationships > Template
  • Kubernetes > ConfigMap > ServiceNow > Relationships
  • Kubernetes > ConfigMap > ServiceNow > Relationships > Template
  • Kubernetes > CronJob > ServiceNow > Relationships
  • Kubernetes > CronJob > ServiceNow > Relationships > Template
  • Kubernetes > DaemonSet > ServiceNow > Relationships
  • Kubernetes > DaemonSet > ServiceNow > Relationships > Template
  • Kubernetes > Deployment > ServiceNow > Relationships
  • Kubernetes > Deployment > ServiceNow > Relationships > Template
  • Kubernetes > Ingress > ServiceNow > Relationships
  • Kubernetes > Ingress > ServiceNow > Relationships > Template
  • Kubernetes > Job > ServiceNow > Relationships
  • Kubernetes > Job > ServiceNow > Relationships > Template
  • Kubernetes > Namespace > ServiceNow > Relationships
  • Kubernetes > Namespace > ServiceNow > Relationships > Template
  • Kubernetes > Node > ServiceNow > Relationships
  • Kubernetes > Node > ServiceNow > Relationships > Template
  • Kubernetes > Persistent Volume > ServiceNow > Relationships
  • Kubernetes > Persistent Volume > ServiceNow > Relationships > Template
  • Kubernetes > Pod > ServiceNow > Relationships
  • Kubernetes > Pod > ServiceNow > Relationships > Template
  • Kubernetes > ReplicaSet > ServiceNow > Relationships
  • Kubernetes > ReplicaSet > ServiceNow > Relationships > Template
  • Kubernetes > ReplicationController > ServiceNow > Relationships
  • Kubernetes > ReplicationController > ServiceNow > Relationships > Template
  • Kubernetes > Service > ServiceNow > Relationships
  • Kubernetes > Service > ServiceNow > Relationships > Template
  • Kubernetes > StatefulSet > ServiceNow > Relationships
  • Kubernetes > StatefulSet > ServiceNow > Relationships > Template

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Load Balancer resources in Guardrails.

What's new?

  • You can now configure and manage CI Relationships for projects in ServiceNow. To get started, set the GCP > Project > ServiceNow > Relationships > * policies.

Control Types

  • GCP > Project > ServiceNow > Relationships

Policy Types

  • GCP > Project > ServiceNow > Relationships
  • GCP > Project > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for subscriptions in ServiceNow. To get started, set the Azure > Subscription > ServiceNow > Relationships > * policies.

Control Types

  • Azure > Subscription > ServiceNow > Relationships

Policy Types

  • Azure > Subscription > ServiceNow > Relationships
  • Azure > Subscription > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for accounts in ServiceNow. To get started, set the AWS > Account > ServiceNow > Relationships > * policies.

Control Types

  • AWS > Account > ServiceNow > Relationships

Policy Types

  • AWS > Account > ServiceNow > Relationships
  • AWS > Account > ServiceNow > Relationships > Template

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage DNS resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Removed:

  • tTL

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Databricks resources in Guardrails.

Added:

  • createdBy
  • updatedBy
  • systemData
  • createdDateTime

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Container Registry resources in Guardrails.

Added:

  • softDeletePolicy
  • azureADAuthenticationAsArmPolicy

What's new?

  • You can now configure and manage CI Relationships for various network resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

  • GCP > Network > Firewall > ServiceNow > Relationships
  • GCP > Network > Forwarding Rule > ServiceNow > Relationships
  • GCP > Network > Network > ServiceNow > Relationships
  • GCP > Network > Route > ServiceNow > Relationships
  • GCP > Network > Router > ServiceNow > Relationships
  • GCP > Network > Subnetwork > ServiceNow > Relationships
  • GCP > Network > Target Pool > ServiceNow > Relationships
  • GCP > Network > Target VPN Gateway > ServiceNow > Relationships

Policy Types

  • GCP > Network > Firewall > ServiceNow > Relationships
  • GCP > Network > Firewall > ServiceNow > Relationships > Template
  • GCP > Network > Forwarding Rule > ServiceNow > Relationships
  • GCP > Network > Forwarding Rule > ServiceNow > Relationships > Template
  • GCP > Network > Network > ServiceNow > Relationships
  • GCP > Network > Network > ServiceNow > Relationships > Template
  • GCP > Network > Route > ServiceNow > Relationships
  • GCP > Network > Route > ServiceNow > Relationships > Template
  • GCP > Network > Router > ServiceNow > Relationships
  • GCP > Network > Router > ServiceNow > Relationships > Template
  • GCP > Network > Subnetwork > ServiceNow > Relationships
  • GCP > Network > Subnetwork > ServiceNow > Relationships > Template
  • GCP > Network > Target Pool > ServiceNow > Relationships
  • GCP > Network > Target Pool > ServiceNow > Relationships > Template
  • GCP > Network > Target VPN Gateway > ServiceNow > Relationships
  • GCP > Network > Target VPN Gateway > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for various compute engine resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

  • GCP > Compute Engine > Disk > ServiceNow > Relationships
  • GCP > Compute Engine > Image > ServiceNow > Relationships
  • GCP > Compute Engine > Instance > ServiceNow > Relationships
  • GCP > Compute Engine > Node Group > ServiceNow > Relationships
  • GCP > Compute Engine > Node template > ServiceNow > Relationships
  • GCP > Compute Engine > Snapshot > ServiceNow > Relationships

Policy Types

  • GCP > Compute Engine > Disk > ServiceNow > Relationships
  • GCP > Compute Engine > Disk > ServiceNow > Relationships > Template
  • GCP > Compute Engine > Image > ServiceNow > Relationships
  • GCP > Compute Engine > Image > ServiceNow > Relationships > Template
  • GCP > Compute Engine > Instance > ServiceNow > Relationships
  • GCP > Compute Engine > Instance > ServiceNow > Relationships > Template
  • GCP > Compute Engine > Node Group > ServiceNow > Relationships
  • GCP > Compute Engine > Node Group > ServiceNow > Relationships > Template
  • GCP > Compute Engine > Node template > ServiceNow > Relationships
  • GCP > Compute Engine > Node template > ServiceNow > Relationships > Template
  • GCP > Compute Engine > Snapshot > ServiceNow > Relationships
  • GCP > Compute Engine > Snapshot > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for various network resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

  • Azure > Network > Application Security Group > ServiceNow > Import Set
  • Azure > Network > Application Security Group > ServiceNow > Relationships
  • Azure > Network > Express Route Circuits > ServiceNow > Import Set
  • Azure > Network > Network Interface > ServiceNow > Import Set
  • Azure > Network > Network Interface > ServiceNow > Relationships
  • Azure > Network > Network Security Group > ServiceNow > Relationships
  • Azure > Network > Private DNS Zones > ServiceNow > Import Set
  • Azure > Network > Private Endpoints > ServiceNow > Import Set
  • Azure > Network > Public IP Address > ServiceNow > Import Set
  • Azure > Network > Public IP Address > ServiceNow > Relationships
  • Azure > Network > Route Table > ServiceNow > Import Set
  • Azure > Network > Route Table > ServiceNow > Relationships
  • Azure > Network > Subnet > ServiceNow > Import Set
  • Azure > Network > Subnet > ServiceNow > Relationships
  • Azure > Network > Virtual Network > ServiceNow > Import Set
  • Azure > Network > Virtual Network > ServiceNow > Relationships
  • Azure > Network > Virtual Network Gateway > ServiceNow > Import Set
  • Azure > Network > Virtual Network Gateway > ServiceNow > Relationships

Policy Types

  • Azure > Network > Application Security Group > ServiceNow > Import Set
  • Azure > Network > Application Security Group > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Application Security Group > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Application Security Group > ServiceNow > Import Set > Record
  • Azure > Network > Application Security Group > ServiceNow > Import Set > Table Name
  • Azure > Network > Application Security Group > ServiceNow > Relationships
  • Azure > Network > Application Security Group > ServiceNow > Relationships > Template
  • Azure > Network > Express Route Circuits > ServiceNow > Import Set
  • Azure > Network > Express Route Circuits > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Express Route Circuits > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Express Route Circuits > ServiceNow > Import Set > Record
  • Azure > Network > Express Route Circuits > ServiceNow > Import Set > Table Name
  • Azure > Network > Network Interface > ServiceNow > Import Set
  • Azure > Network > Network Interface > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Network Interface > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Network Interface > ServiceNow > Import Set > Record
  • Azure > Network > Network Interface > ServiceNow > Import Set > Table Name
  • Azure > Network > Network Interface > ServiceNow > Relationships
  • Azure > Network > Network Interface > ServiceNow > Relationships > Template
  • Azure > Network > Network Security Group > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Network Security Group > ServiceNow > Relationships
  • Azure > Network > Network Security Group > ServiceNow > Relationships > Template
  • Azure > Network > Private DNS Zones > ServiceNow > Import Set
  • Azure > Network > Private DNS Zones > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Private DNS Zones > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Private DNS Zones > ServiceNow > Import Set > Record
  • Azure > Network > Private DNS Zones > ServiceNow > Import Set > Table Name
  • Azure > Network > Private Endpoints > ServiceNow > Import Set
  • Azure > Network > Private Endpoints > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Private Endpoints > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Private Endpoints > ServiceNow > Import Set > Record
  • Azure > Network > Private Endpoints > ServiceNow > Import Set > Table Name
  • Azure > Network > Public IP Address > ServiceNow > Import Set
  • Azure > Network > Public IP Address > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Public IP Address > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Public IP Address > ServiceNow > Import Set > Record
  • Azure > Network > Public IP Address > ServiceNow > Import Set > Table Name
  • Azure > Network > Public IP Address > ServiceNow > Relationships
  • Azure > Network > Public IP Address > ServiceNow > Relationships > Template
  • Azure > Network > Route Table > ServiceNow > Import Set
  • Azure > Network > Route Table > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Route Table > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Route Table > ServiceNow > Import Set > Record
  • Azure > Network > Route Table > ServiceNow > Import Set > Table Name
  • Azure > Network > Route Table > ServiceNow > Relationships
  • Azure > Network > Route Table > ServiceNow > Relationships > Template
  • Azure > Network > Subnet > ServiceNow > Import Set
  • Azure > Network > Subnet > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Subnet > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Subnet > ServiceNow > Import Set > Record
  • Azure > Network > Subnet > ServiceNow > Import Set > Table Name
  • Azure > Network > Subnet > ServiceNow > Relationships
  • Azure > Network > Subnet > ServiceNow > Relationships > Template
  • Azure > Network > Virtual Network > ServiceNow > Import Set
  • Azure > Network > Virtual Network > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Virtual Network > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Virtual Network > ServiceNow > Import Set > Record
  • Azure > Network > Virtual Network > ServiceNow > Import Set > Table Name
  • Azure > Network > Virtual Network > ServiceNow > Relationships
  • Azure > Network > Virtual Network > ServiceNow > Relationships > Template
  • Azure > Network > Virtual Network Gateway > ServiceNow > Import Set
  • Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Insert Mode
  • Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Record
  • Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Table Name
  • Azure > Network > Virtual Network Gateway > ServiceNow > Relationships
  • Azure > Network > Virtual Network Gateway > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for various compute resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

  • Azure > Compute > Availability Set > ServiceNow > Relationships
  • Azure > Compute > Disk > ServiceNow > Relationships
  • Azure > Compute > Image > ServiceNow > Relationships
  • Azure > Compute > Snapshot > ServiceNow > Relationships
  • Azure > Compute > Virtual Machine > ServiceNow > Relationships

Policy Types

  • Azure > Compute > Availability Set > ServiceNow > Import Set > Insert Mode
  • Azure > Compute > Availability Set > ServiceNow > Relationships
  • Azure > Compute > Availability Set > ServiceNow > Relationships > Template
  • Azure > Compute > Disk > ServiceNow > Import Set > Insert Mode
  • Azure > Compute > Disk > ServiceNow > Relationships
  • Azure > Compute > Disk > ServiceNow > Relationships > Template
  • Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Insert Mode
  • Azure > Compute > Image > ServiceNow > Import Set > Insert Mode
  • Azure > Compute > Image > ServiceNow > Relationships
  • Azure > Compute > Image > ServiceNow > Relationships > Template
  • Azure > Compute > Snapshot > ServiceNow > Import Set > Insert Mode
  • Azure > Compute > Snapshot > ServiceNow > Relationships
  • Azure > Compute > Snapshot > ServiceNow > Relationships > Template
  • Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Insert Mode
  • Azure > Compute > Virtual Machine > ServiceNow > Import Set > Insert Mode
  • Azure > Compute > Virtual Machine > ServiceNow > Relationships
  • Azure > Compute > Virtual Machine > ServiceNow > Relationships > Template
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Insert Mode

What's new?

  • You can now configure and manage CI Relationships for global regions, multi-regions, regions and zones in ServiceNow. To get started, set the GCP > Global Region > ServiceNow > Relationships > *, GCP > Multi-Region > ServiceNow > Relationships > *, GCP > Region > ServiceNow > Relationships > * and GCP > Zone > ServiceNow > Relationships > * policies respectively.

Control Types

  • GCP > Global Region > ServiceNow > Relationships
  • GCP > Multi-Region > ServiceNow > Relationships
  • GCP > Region > ServiceNow > Relationships
  • GCP > Zone > ServiceNow > Relationships

Policy Types

  • GCP > Global Region > ServiceNow > Relationships
  • GCP > Global Region > ServiceNow > Relationships > Template
  • GCP > Multi-Region > ServiceNow > Relationships
  • GCP > Multi-Region > ServiceNow > Relationships > Template
  • GCP > Region > ServiceNow > Relationships
  • GCP > Region > ServiceNow > Relationships > Template
  • GCP > Zone > ServiceNow > Relationships
  • GCP > Zone > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for buckets and objects in ServiceNow. To get started, set the GCP > Storage > Bucket > ServiceNow > Relationships > * and GCP > Storage > Object > ServiceNow > Relationships > * policies respectively.

Control Types

  • GCP > Storage > Bucket > ServiceNow > Relationships
  • GCP > Storage > Object > ServiceNow > Relationships

Policy Types

  • GCP > Storage > Bucket > ServiceNow > Relationships
  • GCP > Storage > Bucket > ServiceNow > Relationships > Template
  • GCP > Storage > Object > ServiceNow > Relationships
  • GCP > Storage > Object > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for resource groups in ServiceNow. To get started, set the Azure > Resource Group > ServiceNow > Relationships > * policies.

Control Types

  • Azure > Resource Group > ServiceNow > Relationships

Policy Types

  • Azure > Resource Group > ServiceNow > Relationships
  • Azure > Resource Group > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for containers, file shares, queues and storage accounts in ServiceNow. To get started, set the Azure > Storage > Container > ServiceNow > Relationships > *, Azure > Storage > File Share > ServiceNow > Relationships > *, Azure > Storage > Queue > ServiceNow > Relationships > * and Azure > Storage > Storage Account > ServiceNow > Relationships > * policies respectively.

Control Types

  • Azure > Storage > Container > ServiceNow > Relationships
  • Azure > Storage > FileShare > ServiceNow > Relationships
  • Azure > Storage > Queue > ServiceNow > Relationships
  • Azure > Storage > Storage Account > ServiceNow > Relationships

Policy Types

  • Azure > Storage > Container > ServiceNow > Import Set > Insert Mode
  • Azure > Storage > Container > ServiceNow > Relationships
  • Azure > Storage > Container > ServiceNow > Relationships > Template
  • Azure > Storage > FileShare > ServiceNow > Import Set > Insert Mode
  • Azure > Storage > FileShare > ServiceNow > Relationships
  • Azure > Storage > FileShare > ServiceNow > Relationships > Template
  • Azure > Storage > Queue > ServiceNow > Import Set > Insert Mode
  • Azure > Storage > Queue > ServiceNow > Relationships
  • Azure > Storage > Queue > ServiceNow > Relationships > Template
  • Azure > Storage > Storage Account > ServiceNow > Import Set > Insert Mode
  • Azure > Storage > Storage Account > ServiceNow > Relationships
  • Azure > Storage > Storage Account > ServiceNow > Relationships > Template

What's new?

  • You can now configure and manage CI Relationships for elastic IPs, internet gateways and NAT gateways in ServiceNow. To get started, set the AWS > VPC > Elastic IP > ServiceNow > Relationships > *, AWS > VPC > Internet Gateway > ServiceNow > Relationships > * and AWS > VPC > NAT Gateway > ServiceNow > Relationships > * policies respectively.

Control Types

  • AWS > VPC > Elastic IP > ServiceNow > Relationships
  • AWS > VPC > Internet Gateway > ServiceNow
  • AWS > VPC > Internet Gateway > ServiceNow > Configuration Item
  • AWS > VPC > Internet Gateway > ServiceNow > Relationships
  • AWS > VPC > Internet Gateway > ServiceNow > Table
  • AWS > VPC > NAT Gateway > ServiceNow
  • AWS > VPC > NAT Gateway > ServiceNow > Configuration Item
  • AWS > VPC > NAT Gateway > ServiceNow > Relationships
  • AWS > VPC > NAT Gateway > ServiceNow > Table

Policy Types

  • AWS > VPC > Elastic IP > ServiceNow > Relationships
  • AWS > VPC > Elastic IP > ServiceNow > Relationships > Template
  • AWS > VPC > Internet Gateway > ServiceNow
  • AWS > VPC > Internet Gateway > ServiceNow > Configuration Item
  • AWS > VPC > Internet Gateway > ServiceNow > Configuration Item > Record
  • AWS > VPC > Internet Gateway > ServiceNow > Configuration Item > Table Definition
  • AWS > VPC > Internet Gateway > ServiceNow > Relationships
  • AWS > VPC > Internet Gateway > ServiceNow > Relationships > Template
  • AWS > VPC > Internet Gateway > ServiceNow > Table
  • AWS > VPC > Internet Gateway > ServiceNow > Table > Definition
  • AWS > VPC > NAT Gateway > ServiceNow
  • AWS > VPC > NAT Gateway > ServiceNow > Configuration Item
  • AWS > VPC > NAT Gateway > ServiceNow > Configuration Item > Record
  • AWS > VPC > NAT Gateway > ServiceNow > Configuration Item > Table Definition
  • AWS > VPC > NAT Gateway > ServiceNow > Relationships
  • AWS > VPC > NAT Gateway > ServiceNow > Relationships > Template
  • AWS > VPC > NAT Gateway > ServiceNow > Table
  • AWS > VPC > NAT Gateway > ServiceNow > Table > Definition

Control Types

  • AWS > VPC > Customer Gateway > ServiceNow
  • AWS > VPC > Customer Gateway > ServiceNow > Configuration Item
  • AWS > VPC > Customer Gateway > ServiceNow > Relationships
  • AWS > VPC > Customer Gateway > ServiceNow > Table
  • AWS > VPC > Transit Gateway > ServiceNow
  • AWS > VPC > Transit Gateway > ServiceNow > Configuration Item
  • AWS > VPC > Transit Gateway > ServiceNow > Relationships
  • AWS > VPC > Transit Gateway > ServiceNow > Table
  • AWS > VPC > VPN Gateway > ServiceNow
  • AWS > VPC > VPN Gateway > ServiceNow > Configuration Item
  • AWS > VPC > VPN Gateway > ServiceNow > Relationships
  • AWS > VPC > VPN Gateway > ServiceNow > Table

Policy Types

  • AWS > VPC > Customer Gateway > ServiceNow
  • AWS > VPC > Customer Gateway > ServiceNow > Configuration Item
  • AWS > VPC > Customer Gateway > ServiceNow > Configuration Item > Record
  • AWS > VPC > Customer Gateway > ServiceNow > Configuration Item > Table Definition
  • AWS > VPC > Customer Gateway > ServiceNow > Relationships
  • AWS > VPC > Customer Gateway > ServiceNow > Relationships > Template
  • AWS > VPC > Customer Gateway > ServiceNow > Table
  • AWS > VPC > Customer Gateway > ServiceNow > Table > Definition
  • AWS > VPC > Transit Gateway > ServiceNow
  • AWS > VPC > Transit Gateway > ServiceNow > Configuration Item
  • AWS > VPC > Transit Gateway > ServiceNow > Configuration Item > Record
  • AWS > VPC > Transit Gateway > ServiceNow > Configuration Item > Table Definition
  • AWS > VPC > Transit Gateway > ServiceNow > Relationships
  • AWS > VPC > Transit Gateway > ServiceNow > Relationships > Template
  • AWS > VPC > Transit Gateway > ServiceNow > Table
  • AWS > VPC > Transit Gateway > ServiceNow > Table > Definition
  • AWS > VPC > VPN Gateway > ServiceNow
  • AWS > VPC > VPN Gateway > ServiceNow > Configuration Item
  • AWS > VPC > VPN Gateway > ServiceNow > Configuration Item > Record
  • AWS > VPC > VPN Gateway > ServiceNow > Configuration Item > Table Definition
  • AWS > VPC > VPN Gateway > ServiceNow > Relationships
  • AWS > VPC > VPN Gateway > ServiceNow > Relationships > Template
  • AWS > VPC > VPN Gateway > ServiceNow > Table
  • AWS > VPC > VPN Gateway > ServiceNow > Table > Definition

What's new?

  • You can now configure and manage CI Relationships for AMIs, instances, key pairs, network interfaces, snapshots and volumes in ServiceNow. To get started, set the AWS > EC2 > AMI > ServiceNow > Relationships > *, AWS > EC2 > Instance > ServiceNow > Relationships > *, AWS > EC2 > Key Pair > ServiceNow > Relationships > *, AWS > EC2 > Network Interface > ServiceNow > Relationships > *, AWS > EC2 > Snapshot > ServiceNow > Relationships > * and AWS > EC2 > Volume > ServiceNow > Relationships > * policies respectively.

Control Types

  • AWS > EC2 > AMI > ServiceNow
  • AWS > EC2 > AMI > ServiceNow > Configuration Item
  • AWS > EC2 > AMI > ServiceNow > Relationships
  • AWS > EC2 > AMI > ServiceNow > Table
  • AWS > EC2 > Instance > ServiceNow > Relationships
  • AWS > EC2 > Key Pair > ServiceNow
  • AWS > EC2 > Key Pair > ServiceNow > Configuration Item
  • AWS > EC2 > Key Pair > ServiceNow > Relationships
  • AWS > EC2 > Key Pair > ServiceNow > Table
  • AWS > EC2 > Network Interface > ServiceNow
  • AWS > EC2 > Network Interface > ServiceNow > Configuration Item
  • AWS > EC2 > Network Interface > ServiceNow > Relationships
  • AWS > EC2 > Network Interface > ServiceNow > Table
  • AWS > EC2 > Snapshot > ServiceNow > Relationships
  • AWS > EC2 > Volume > ServiceNow > Relationships

Policy Types

  • AWS > EC2 > AMI > ServiceNow
  • AWS > EC2 > AMI > ServiceNow > Configuration Item
  • AWS > EC2 > AMI > ServiceNow > Configuration Item > Record
  • AWS > EC2 > AMI > ServiceNow > Configuration Item > Table Definition
  • AWS > EC2 > AMI > ServiceNow > Relationships
  • AWS > EC2 > AMI > ServiceNow > Relationships > Template
  • AWS > EC2 > AMI > ServiceNow > Table
  • AWS > EC2 > AMI > ServiceNow > Table > Definition
  • AWS > EC2 > Instance > ServiceNow > Relationships
  • AWS > EC2 > Instance > ServiceNow > Relationships > Template
  • AWS > EC2 > Key Pair > ServiceNow
  • AWS > EC2 > Key Pair > ServiceNow > Configuration Item
  • AWS > EC2 > Key Pair > ServiceNow > Configuration Item > Record
  • AWS > EC2 > Key Pair > ServiceNow > Configuration Item > Table Definition
  • AWS > EC2 > Key Pair > ServiceNow > Relationships
  • AWS > EC2 > Key Pair > ServiceNow > Relationships > Template
  • AWS > EC2 > Key Pair > ServiceNow > Table
  • AWS > EC2 > Key Pair > ServiceNow > Table > Definition
  • AWS > EC2 > Network Interface > ServiceNow
  • AWS > EC2 > Network Interface > ServiceNow > Configuration Item
  • AWS > EC2 > Network Interface > ServiceNow > Configuration Item > Record
  • AWS > EC2 > Network Interface > ServiceNow > Configuration Item > Table Definition
  • AWS > EC2 > Network Interface > ServiceNow > Relationships
  • AWS > EC2 > Network Interface > ServiceNow > Relationships > Template
  • AWS > EC2 > Network Interface > ServiceNow > Table
  • AWS > EC2 > Network Interface > ServiceNow > Table > Definition
  • AWS > EC2 > Snapshot > ServiceNow > Relationships
  • AWS > EC2 > Snapshot > ServiceNow > Relationships > Template
  • AWS > EC2 > Volume > ServiceNow > Relationships
  • AWS > EC2 > Volume > ServiceNow > Relationships > Template

What's new?

Control Types

  • GCP > Vertex AI > Endpoint > ServiceNow
  • GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item
  • GCP > Vertex AI > Endpoint > ServiceNow > Import Set
  • GCP > Vertex AI > Endpoint > ServiceNow > Table
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Table

Policy Types

  • GCP > Vertex AI > Endpoint > ServiceNow
  • GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item
  • GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item > Record
  • GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item > Table Definition
  • GCP > Vertex AI > Endpoint > ServiceNow > Import Set
  • GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Archive Columns
  • GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Insert Mode
  • GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Record
  • GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Table Name
  • GCP > Vertex AI > Endpoint > ServiceNow > Table
  • GCP > Vertex AI > Endpoint > ServiceNow > Table > Definition
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item > Record
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item > Table Definition
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Archive Columns
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Insert Mode
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Record
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Table Name
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Table
  • GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Table > Definition

What's new?

Control Types

  • GCP > Dataplex > Lake > ServiceNow
  • GCP > Dataplex > Lake > ServiceNow > Configuration Item
  • GCP > Dataplex > Lake > ServiceNow > Import Set
  • GCP > Dataplex > Lake > ServiceNow > Table
  • GCP > Dataplex > Task > ServiceNow
  • GCP > Dataplex > Task > ServiceNow > Configuration Item
  • GCP > Dataplex > Task > ServiceNow > Import Set
  • GCP > Dataplex > Task > ServiceNow > Table
  • GCP > Dataplex > Zone > ServiceNow
  • GCP > Dataplex > Zone > ServiceNow > Configuration Item
  • GCP > Dataplex > Zone > ServiceNow > Import Set
  • GCP > Dataplex > Zone > ServiceNow > Table

Policy Types

  • GCP > Dataplex > Lake > ServiceNow
  • GCP > Dataplex > Lake > ServiceNow > Configuration Item
  • GCP > Dataplex > Lake > ServiceNow > Configuration Item > Record
  • GCP > Dataplex > Lake > ServiceNow > Configuration Item > Table Definition
  • GCP > Dataplex > Lake > ServiceNow > Import Set
  • GCP > Dataplex > Lake > ServiceNow > Import Set > Archive Columns
  • GCP > Dataplex > Lake > ServiceNow > Import Set > Insert Mode
  • GCP > Dataplex > Lake > ServiceNow > Import Set > Record
  • GCP > Dataplex > Lake > ServiceNow > Import Set > Table Name
  • GCP > Dataplex > Lake > ServiceNow > Table
  • GCP > Dataplex > Lake > ServiceNow > Table > Definition
  • GCP > Dataplex > Task > ServiceNow
  • GCP > Dataplex > Task > ServiceNow > Configuration Item
  • GCP > Dataplex > Task > ServiceNow > Configuration Item > Record
  • GCP > Dataplex > Task > ServiceNow > Configuration Item > Table Definition
  • GCP > Dataplex > Task > ServiceNow > Import Set
  • GCP > Dataplex > Task > ServiceNow > Import Set > Archive Columns
  • GCP > Dataplex > Task > ServiceNow > Import Set > Insert Mode
  • GCP > Dataplex > Task > ServiceNow > Import Set > Record
  • GCP > Dataplex > Task > ServiceNow > Import Set > Table Name
  • GCP > Dataplex > Task > ServiceNow > Table
  • GCP > Dataplex > Task > ServiceNow > Table > Definition
  • GCP > Dataplex > Zone > ServiceNow
  • GCP > Dataplex > Zone > ServiceNow > Configuration Item
  • GCP > Dataplex > Zone > ServiceNow > Configuration Item > Record
  • GCP > Dataplex > Zone > ServiceNow > Configuration Item > Table Definition
  • GCP > Dataplex > Zone > ServiceNow > Import Set
  • GCP > Dataplex > Zone > ServiceNow > Import Set > Archive Columns
  • GCP > Dataplex > Zone > ServiceNow > Import Set > Insert Mode
  • GCP > Dataplex > Zone > ServiceNow > Import Set > Record
  • GCP > Dataplex > Zone > ServiceNow > Import Set > Table Name
  • GCP > Dataplex > Zone > ServiceNow > Table
  • GCP > Dataplex > Zone > ServiceNow > Table > Definition

What's new?

  • You can now configure and manage CI Relationships for flow logs, network ACLs, security groups and security group rules in ServiceNow. To get started, set the AWS > VPC > Flow Log > ServiceNow > Relationships > *, AWS > VPC > Network ACL > ServiceNow > Relationships > *, AWS > VPC > Security Group > ServiceNow > Relationships > * and AWS > VPC > Security Group Rule > ServiceNow > Relationships > * policies respectively.

Control Types

  • AWS > VPC > Flow Log > ServiceNow
  • AWS > VPC > Flow Log > ServiceNow > Configuration Item
  • AWS > VPC > Flow Log > ServiceNow > Relationships
  • AWS > VPC > Flow Log > ServiceNow > Table
  • AWS > VPC > Network ACL > ServiceNow > Relationships
  • AWS > VPC > Security Group > ServiceNow > Relationships
  • AWS > VPC > Security Group Rule > ServiceNow
  • AWS > VPC > Security Group Rule > ServiceNow > Configuration Item
  • AWS > VPC > Security Group Rule > ServiceNow > Relationships
  • AWS > VPC > Security Group Rule > ServiceNow > Table

Policy Types

  • AWS > VPC > Flow Log > ServiceNow
  • AWS > VPC > Flow Log > ServiceNow > Configuration Item
  • AWS > VPC > Flow Log > ServiceNow > Configuration Item > Record
  • AWS > VPC > Flow Log > ServiceNow > Configuration Item > Table Definition
  • AWS > VPC > Flow Log > ServiceNow > Relationships
  • AWS > VPC > Flow Log > ServiceNow > Relationships > Template
  • AWS > VPC > Flow Log > ServiceNow > Table
  • AWS > VPC > Flow Log > ServiceNow > Table > Definition
  • AWS > VPC > Network ACL > ServiceNow > Relationships
  • AWS > VPC > Network ACL > ServiceNow > Relationships > Template
  • AWS > VPC > Security Group > ServiceNow > Relationships
  • AWS > VPC > Security Group > ServiceNow > Relationships > Template
  • AWS > VPC > Security Group Rule > ServiceNow
  • AWS > VPC > Security Group Rule > ServiceNow > Configuration Item
  • AWS > VPC > Security Group Rule > ServiceNow > Configuration Item > Record
  • AWS > VPC > Security Group Rule > ServiceNow > Configuration Item > Table Definition
  • AWS > VPC > Security Group Rule > ServiceNow > Relationships
  • AWS > VPC > Security Group Rule > ServiceNow > Relationships > Template
  • AWS > VPC > Security Group Rule > ServiceNow > Table
  • AWS > VPC > Security Group Rule > ServiceNow > Table > Definition

What's new?

  • You can now configure and manage CI Relationships for route tables, subnets and VPCs in ServiceNow. To get started, set the AWS > VPC > Route Table > ServiceNow > Relationships > *, AWS > VPC > Subnet > ServiceNow > Relationships > * and AWS > VPC > VPC > ServiceNow > Relationships > * policies respectively.

Control Types

  • AWS > VPC > Route Table > ServiceNow > Relationships
  • AWS > VPC > Subnet > ServiceNow > Relationships
  • AWS > VPC > VPC > ServiceNow > Relationships

Policy Types

  • AWS > VPC > Route Table > ServiceNow > Relationships
  • AWS > VPC > Route Table > ServiceNow > Relationships > Template
  • AWS > VPC > Subnet > ServiceNow > Relationships
  • AWS > VPC > Subnet > ServiceNow > Relationships > Template
  • AWS > VPC > VPC > ServiceNow > Relationships
  • AWS > VPC > VPC > ServiceNow > Relationships > Template

What's new?

Control Types

  • AWS > Account > ServiceNow
  • AWS > Account > ServiceNow > Configuration Item
  • AWS > Account > ServiceNow > Table
  • AWS > Region > ServiceNow
  • AWS > Region > ServiceNow > Configuration Item
  • AWS > Region > ServiceNow > Relationships
  • AWS > Region > ServiceNow > Table

Policy Types

  • AWS > Account > ServiceNow
  • AWS > Account > ServiceNow > Configuration Item
  • AWS > Account > ServiceNow > Configuration Item > Record
  • AWS > Account > ServiceNow > Configuration Item > Table Definition
  • AWS > Account > ServiceNow > Table
  • AWS > Account > ServiceNow > Table > Definition
  • AWS > Region > ServiceNow
  • AWS > Region > ServiceNow > Configuration Item
  • AWS > Region > ServiceNow > Configuration Item > Record
  • AWS > Region > ServiceNow > Configuration Item > Table Definition
  • AWS > Region > ServiceNow > Relationships
  • AWS > Region > ServiceNow > Relationships > Template
  • AWS > Region > ServiceNow > Table
  • AWS > Region > ServiceNow > Table > Definition

What's new?

  • You can now configure and manage CI Relationships for buckets in ServiceNow. To get started, set the AWS > S3 > Bucket > ServiceNow > Relationships > * policies.

Control Types

  • AWS > S3 > Bucket > ServiceNow > Relationships

Policy Types

  • AWS > S3 > Bucket > ServiceNow > Import Set > Insert Mode
  • AWS > S3 > Bucket > ServiceNow > Relationships
  • AWS > S3 > Bucket > ServiceNow > Relationships > Template

What's new?

  • AWS/Billing/Admin, AWS/Billing/Metadata and AWS/Billing/Operator now also include purchase orders permissions.

Bug fixes

  • Server
    • Removed recursive loop detection logic, as this is now managed effectively by Lambda.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Added support to process enable and disable real-time events for Dataplex.

Resource Types

  • GCP > Dataplex
  • GCP > Dataplex > Lake
  • GCP > Dataplex > Task
  • GCP > Dataplex > Zone

Control Types

  • GCP > Dataplex > API Enabled
  • GCP > Dataplex > CMDB
  • GCP > Dataplex > Discovery
  • GCP > Dataplex > Lake > Active
  • GCP > Dataplex > Lake > Approved
  • GCP > Dataplex > Lake > CMDB
  • GCP > Dataplex > Lake > Discovery
  • GCP > Dataplex > Lake > Labels
  • GCP > Dataplex > Lake > Usage
  • GCP > Dataplex > Task > Active
  • GCP > Dataplex > Task > Approved
  • GCP > Dataplex > Task > CMDB
  • GCP > Dataplex > Task > Discovery
  • GCP > Dataplex > Task > Labels
  • GCP > Dataplex > Task > Usage
  • GCP > Dataplex > Zone > Active
  • GCP > Dataplex > Zone > Approved
  • GCP > Dataplex > Zone > CMDB
  • GCP > Dataplex > Zone > Discovery
  • GCP > Dataplex > Zone > Labels
  • GCP > Dataplex > Zone > Usage

Policy Types

  • GCP > Dataplex > API Enabled
  • GCP > Dataplex > Approved Regions [Default]
  • GCP > Dataplex > CMDB
  • GCP > Dataplex > Enabled
  • GCP > Dataplex > Labels Template [Default]
  • GCP > Dataplex > Lake > Active
  • GCP > Dataplex > Lake > Active > Age
  • GCP > Dataplex > Lake > Active > Last Modified
  • GCP > Dataplex > Lake > Approved
  • GCP > Dataplex > Lake > Approved > Custom
  • GCP > Dataplex > Lake > Approved > Regions
  • GCP > Dataplex > Lake > Approved > Usage
  • GCP > Dataplex > Lake > CMDB
  • GCP > Dataplex > Lake > Labels
  • GCP > Dataplex > Lake > Labels > Template
  • GCP > Dataplex > Lake > Regions
  • GCP > Dataplex > Lake > Usage
  • GCP > Dataplex > Lake > Usage > Limit
  • GCP > Dataplex > Permissions
  • GCP > Dataplex > Permissions > Levels
  • GCP > Dataplex > Permissions > Levels > Modifiers
  • GCP > Dataplex > Regions
  • GCP > Dataplex > Task > Active
  • GCP > Dataplex > Task > Active > Age
  • GCP > Dataplex > Task > Active > Last Modified
  • GCP > Dataplex > Task > Approved
  • GCP > Dataplex > Task > Approved > Custom
  • GCP > Dataplex > Task > Approved > Regions
  • GCP > Dataplex > Task > Approved > Usage
  • GCP > Dataplex > Task > CMDB
  • GCP > Dataplex > Task > Labels
  • GCP > Dataplex > Task > Labels > Template
  • GCP > Dataplex > Task > Regions
  • GCP > Dataplex > Task > Usage
  • GCP > Dataplex > Task > Usage > Limit
  • GCP > Dataplex > Zone > Active
  • GCP > Dataplex > Zone > Active > Age
  • GCP > Dataplex > Zone > Active > Last Modified
  • GCP > Dataplex > Zone > Approved
  • GCP > Dataplex > Zone > Approved > Custom
  • GCP > Dataplex > Zone > Approved > Regions
  • GCP > Dataplex > Zone > Approved > Usage
  • GCP > Dataplex > Zone > CMDB
  • GCP > Dataplex > Zone > Labels
  • GCP > Dataplex > Zone > Labels > Template
  • GCP > Dataplex > Zone > Regions
  • GCP > Dataplex > Zone > Usage
  • GCP > Dataplex > Zone > Usage > Limit
  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-dataplex
  • GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-dataplex
  • GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-dataplex

Action Types

  • GCP > Dataplex > Lake > Delete
  • GCP > Dataplex > Lake > Router
  • GCP > Dataplex > Lake > Set Labels
  • GCP > Dataplex > Set API Enabled
  • GCP > Dataplex > Task > Delete
  • GCP > Dataplex > Task > Router
  • GCP > Dataplex > Task > Set Labels
  • GCP > Dataplex > Zone > Delete
  • GCP > Dataplex > Zone > Router
  • GCP > Dataplex > Zone > Set Labels

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage compute resources in Guardrails. This release includes breaking changes in the CMDB data for virtual machine. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below

Added:

In Azure > Compute > Disk:

  • supportedCapabilities.diskControllerTypes
  • diskIopsReadWrite
  • lastOwnershipUpdateTime

In Azure > Compute > Virtual Machine:

  • resources
  • timeCreated
  • etag

In Azure > Compute > Virtual Machine Scale Set:

  • constrainedMaximumCapacity
  • etag
  • scaleInPolicy
  • timeCreated
  • upgradePolicy
  • storageProfile. diskControllerType

In Azure > Compute > Snapshot:

  • dataAccessAuthMode
  • incrementalSnapshotFamilyId

Removed:

In Azure > Compute > Virtual Machine:

  • statuses.time

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage App Service resources in Guardrails.

Added:

Azure > App Service > App Service Plan

  • elasticScaleEnabled
  • numberOfWorkers
  • zoneRedundant

Azure > App Service > Function App

  • configuration.acrUseManagedIdentityCreds
  • configuration.acrUserManagedIdentityID
  • configuration.elasticWebAppScaleLimit
  • configuration.ipSecurityRestrictionsDefaultAction
  • configuration.metadata
  • configuration.minTlsCipherSuite
  • configuration.scmIpSecurityRestrictionsDefaultAction
  • dnsConfiguration
  • publicNetworkAccess
  • vnetBackupRestoreEnabled
  • vnetContentShareEnabled
  • vnetImagePullEnabled
  • vnetRouteAllEnabled

Azure > App Service > Web App

  • configuration.acrUseManagedIdentityCreds
  • configuration.acrUserManagedIdentityID
  • configuration.elasticWebAppScaleLimit
  • configuration.ipSecurityRestrictionsDefaultAction
  • configuration.metadata
  • configuration.minTlsCipherSuite
  • configuration.scmIpSecurityRestrictionsDefaultAction
  • dnsConfiguration
  • publicNetworkAccess
  • vnetBackupRestoreEnabled
  • vnetContentShareEnabled
  • vnetImagePullEnabled
  • vnetRouteAllEnabled

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage API Management resources in Guardrails.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Security Center resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below

Renamed:

  • JitNetworkAccessPolicies to jitNetworkAccessPolicies
  • Pricing to pricing
  • Locations to locations

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage MySQL resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Front Door Service resources in Guardrails. This release includes breaking changes in the CMDB data for Front Door Service. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Added:

  • frontdoorId
  • rulesEngines
  • extendedProperties
  • backendPoolsSettings
  • backendPool.privateLinkAlias
  • backendPool.privateLinkLocation
  • backendPool.privateEndpointStatus
  • backendPool.privateLinkResourceId
  • backendPool.privateLinkApprovalMessage
  • routingRule.rulesEngine
  • routingRule.routeConfiguration.odataType
  • routingRule.routeConfiguration.cacheConfiguration.cacheDuration
  • routingRule.routeConfiguration.cacheConfiguration.queryParameters
  • routingRule.webApplicationFirewallPolicyLink

Modified:

  • routingRule.backendPool to routingRule.routeConfiguration.backendPool
  • routingRule.forwardingProtocol to routingRule.routeConfiguration.forwardingProtocol
  • routingRule.customForwardingPath to routingRule.routeConfiguration.customForwardingPath
  • routingRule.cacheConfiguration.dynamicCompression to routingRule.routeConfiguration.cacheConfiguration. dynamicCompression
  • routingRule.cacheConfiguration.queryParameterStripDirective to routingRule.routeConfiguration.cacheConfiguration. queryParameterStripDirective

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Data Factory resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage AKS resources in Guardrails.

Added:

  • networkProfile.podCidrs
  • networkProfile.ipFamilies
  • networkProfile.outboundType
  • networkProfile.serviceCidrs
  • networkProfile.networkPolicy
  • networkProfile.loadBalancerProfile.backendPoolType
  • networkProfile.loadBalancerProfile.countIPv6
  • networkProfile.loadBalancerProfile.idleTimeoutInMinutes
  • networkProfile.loadBalancerProfile.allocatedOutboundPorts
  • agentPoolProfiles.mode
  • agentPoolProfiles.osSKU
  • agentPoolProfiles.enableFips
  • agentPoolProfiles.osDiskType
  • agentPoolProfiles.spotMaxPrice
  • agentPoolProfiles.scaleDownMode
  • agentPoolProfiles.enableUltraSSD
  • agentPoolProfiles.kubeletDiskType
  • agentPoolProfiles.upgradeSettings.maxSurge
  • agentPoolProfiles.nodeImageVersion
  • agentPoolProfiles.enableEncryptionAtHost
  • agentPoolProfiles.currentOrchestratorVersion

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage SignalR resources in Guardrails.

Added:

  • hostNamePrefix
  • serverless. connectionTimeoutInSeconds

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Service Bus resources in Guardrails.

Added:

Azure > Service Bus > Namespace

  • disableLocalAuth
  • status
  • zoneRedundant

Azure > Service Bus > Queue

  • maxMessageSizeInKilobytes

Azure > Service Bus > Topic

  • maxMessageSizeInKilobytes

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Relay resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Recovery Service resources in Guardrails.

Added: Azure > Recovery Service > Vault

  • properties.backupStorageVersion
  • properties.bcdrSecurityLevel
  • properties.publicNetworkAccess
  • properties.restoreSettings
  • properties.secureScore
  • properties.securitySettings

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The AWS > RoboMaker > Robot Application > CMDB, AWS > RoboMaker > Fleet > CMDB and AWS > RoboMaker > Robot > CMDB policies will now be set to Skip by default because the resource types have been deprecated and will be removed in the next major version. Please check end of support for more information.

What's new?

  • Track and manage Fargate FIPS Mode for Gov cloud accounts via Guardrails. To get started, set the AWS > ECS > Account Settings > Fargate FIPS Mode policy.
  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Resource Types

  • AWS > ECS > Account Settings

Control Types

  • AWS > ECS > Account Settings > CMDB
  • AWS > ECS > Account Settings > Discovery
  • AWS > ECS > Account Settings > Fargate FIPS Mode

Policy Types

  • AWS > ECS > Account Settings > CMDB
  • AWS > ECS > Account Settings > Fargate FIPS Mode
  • AWS > ECS > Account Settings > Regions

Action Types

  • AWS > ECS > Account Settings > Router
  • AWS > ECS > Account Settings > Update Fargate FIPS Mode

What's new?

  • Server

    • Introduced support for multi-architecture images, now compatible with both ARM64 and x86_64.
    • Added a default resource query to the context of calculated policies.
    • Updated several node packages to newer versions for improved functionality and security.
    • Updated Lambda to support recursive loops.
  • UI

    • Now you can use the + sign to grant permissions in the context of both the identity and resource.
    • Updated several node packages to newer versions for improved functionality and security.

Bug fixes

  • Server

    • Azure Credential Resolver now respects proxy settings, adding full proxy support.
  • UI

    • Updated policy pack Terraform to correctly reference turbot_policy_pack.
    • Adjusted the Admin page layout for improved usability.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • resource/turbot_policy_pack_attachment: terraform apply failed to detect existing Policy Pack attachments. (#181)

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Application Insights resources in Guardrails. This release includes changes in the CMDB data as below.

Added:

  • flowType
  • requestSource

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Application Gateway resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Resource Types

  • AWS > Support

Policy Types

  • AWS > Support > API Enabled
  • AWS > Support > Enabled
  • AWS > Support > Permissions
  • AWS > Support > Permissions > Levels
  • AWS > Support > Permissions > Levels > Modifiers
  • AWS > Support > Permissions > Lockdown
  • AWS > Support > Permissions > Lockdown > API Boundary
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-support
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-support
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-support

What's new?

  • Users can now manage whether AWS/User grant should include support:* permissions. To get started, set the AWS > Account > Permissions > Support Level policy.

Policy Types

  • AWS > Account > Permissions > Support Level

Bug fixes

  • The AWS > Turbot > IAM stack control did not correctly evaluate user memberships in custom IAM groups when the AWS > Turbot > Permissions > Custom Group Levels [Account] policy was set, and users were granted permissions for those custom IAM groups. This issue has now been fixed.

Bug fixes

  • The AWS > EC2 > Volume > CMDB control would sometimes run unnecessarily due to a bad internal GraphQL dependency. This is now fixed.

Bug fixes

  • A precheck dependency on the Kubernetes > Cluster > CMDB > Expiration policy was inadvertently added to the Kubernetes > Cluster > CMDB control. This precheck condition has now been removed.

Resource Types

  • GCP > Vertex AI
  • GCP > Vertex AI > Endpoint
  • GCP > Vertex AI > Notebook Runtime Template

Control Types

  • GCP > Vertex AI > API Enabled
  • GCP > Vertex AI > CMDB
  • GCP > Vertex AI > Discovery
  • GCP > Vertex AI > Endpoint > Active
  • GCP > Vertex AI > Endpoint > Approved
  • GCP > Vertex AI > Endpoint > CMDB
  • GCP > Vertex AI > Endpoint > Discovery
  • GCP > Vertex AI > Endpoint > Labels
  • GCP > Vertex AI > Endpoint > Usage
  • GCP > Vertex AI > Notebook Runtime Template > Active
  • GCP > Vertex AI > Notebook Runtime Template > Approved
  • GCP > Vertex AI > Notebook Runtime Template > CMDB
  • GCP > Vertex AI > Notebook Runtime Template > Discovery
  • GCP > Vertex AI > Notebook Runtime Template > Router
  • GCP > Vertex AI > Notebook Runtime Template > Usage

Policy Types

  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-vertexai
  • GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-vertexai
  • GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-vertexai
  • GCP > Vertex AI > API Enabled
  • GCP > Vertex AI > Approved Regions [Default]
  • GCP > Vertex AI > CMDB
  • GCP > Vertex AI > Enabled
  • GCP > Vertex AI > Endpoint > Active
  • GCP > Vertex AI > Endpoint > Active > Age
  • GCP > Vertex AI > Endpoint > Active > Last Modified
  • GCP > Vertex AI > Endpoint > Approved
  • GCP > Vertex AI > Endpoint > Approved > Custom
  • GCP > Vertex AI > Endpoint > Approved > Regions
  • GCP > Vertex AI > Endpoint > Approved > Usage
  • GCP > Vertex AI > Endpoint > CMDB
  • GCP > Vertex AI > Endpoint > Labels
  • GCP > Vertex AI > Endpoint > Labels > Template
  • GCP > Vertex AI > Endpoint > Regions
  • GCP > Vertex AI > Endpoint > Usage
  • GCP > Vertex AI > Endpoint > Usage > Limit
  • GCP > Vertex AI > Labels Template [Default]
  • GCP > Vertex AI > Notebook Runtime Template > Active
  • GCP > Vertex AI > Notebook Runtime Template > Active > Age
  • GCP > Vertex AI > Notebook Runtime Template > Active > Last Modified
  • GCP > Vertex AI > Notebook Runtime Template > Approved
  • GCP > Vertex AI > Notebook Runtime Template > Approved > Custom
  • GCP > Vertex AI > Notebook Runtime Template > Approved > Regions
  • GCP > Vertex AI > Notebook Runtime Template > Approved > Usage
  • GCP > Vertex AI > Notebook Runtime Template > CMDB
  • GCP > Vertex AI > Notebook Runtime Template > Regions
  • GCP > Vertex AI > Notebook Runtime Template > Usage
  • GCP > Vertex AI > Notebook Runtime Template > Usage > Limit
  • GCP > Vertex AI > Permissions
  • GCP > Vertex AI > Permissions > Levels
  • GCP > Vertex AI > Permissions > Levels > Modifiers
  • GCP > Vertex AI > Regions

Action Types

  • GCP > Vertex AI > Endpoint > Delete
  • GCP > Vertex AI > Endpoint > Router
  • GCP > Vertex AI > Endpoint > Set Labels
  • GCP > Vertex AI > Notebook Runtime Template > Delete
  • GCP > Vertex AI > Set API Enabled

What's new?

  • Added support to process real-time enable and disable events for Vertex AI API via Service Usage APIs.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Search Management resources in Guardrails.

Added:

  • authOptions
  • disableLocalAuth
  • encryptionWithCmk
  • networkRuleSet
  • privateEndpointConnections
  • publicNetworkAccess
  • semanticSearch
  • sharedPrivateLinkResources

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

Action Types

  • GCP > Storage > Bucket > Set Fine-grained Access Control
  • GCP > Storage > Bucket > Set Uniform Access Control

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Synapse Analytics resources in Guardrails.

Added: Azure > Synapse Analytics > Workspace

  • azureADOnlyAuthentication
  • createManagedPrivateEndpoint
  • encryption
  • extraProperties
  • publicNetworkAccess
  • settings
  • trustedServiceBypassEnabled
  • workspaceUID

Azure > Synapse Analytics > SQL Pool

  • storageAccountType

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

Action Types

  • Azure > Storage > Storage Account > Set Minimum TLS Version

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage PostgreSQL resources in Guardrails. This release includes breaking changes in the CMDB data for server and flexible server. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below

Added:

  • authConfig

  • dataEncryption

  • standbyAvailabilityZone

  • network. delegatedSubnetResourceId

  • network. privateDnsZoneArmResourceId

  • replicaCapacity

  • replicationRole

  • systemData

  • configurations.documentationLink

  • configurations.isConfigPendingRestart

  • configurations.isDynamicConfig

  • configurations.isReadOnly

  • configurations.unit

Modified:

  • The data type of the attribute firewallRules has been changed from array ([]) to object ({}).

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Network Watcher resources in Guardrails.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The serviceProperties.table.clientRequestId and serviceProperties.table.requestId properties for storage accounts have now been made dynamic to avoid unnecessary notifications in the activity tab.

Bug fixes

  • Fixed incorrect references to various Quick Actions.

What's new?

Policy Types

  • Kubernetes > Cluster > ServiceNow > Import Set > Insert Mode
  • Kubernetes > ConfigMap > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Deployment > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Namespace > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Node > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Pod > ServiceNow > Import Set > Insert Mode
  • Kubernetes > ReplicaSet > ServiceNow > Import Set > Insert Mode
  • Kubernetes > Service > ServiceNow > Import Set > Insert Mode

Bug fixes

  • Improved error handling for osquery error events.

Bug fixes

  • Query controls for various resource types will now go into an invalid state if we receive an error from the osquery agent.

What's new?

Policy Types

  • GCP > Storage > Bucket > ServiceNow > Import Set > Insert Mode
  • GCP > Storage > Object > ServiceNow > Import Set > Insert Mode

Control Types

  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set

Policy Types

  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Archive Columns
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Insert Mode
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Record
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Table Name
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Archive Columns
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Insert Mode
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Record
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Table Name
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Archive Columns
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Insert Mode
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Record
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Table Name
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Archive Columns
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Insert Mode
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Record
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Table Name

What's new?

Policy Types

  • GCP > Global Region > ServiceNow > Import Set > Insert Mode
  • GCP > Multi-Region > ServiceNow > Import Set > Insert Mode
  • GCP > Project > ServiceNow > Import Set > Insert Mode
  • GCP > Region > ServiceNow > Import Set > Insert Mode
  • GCP > Zone > ServiceNow > Import Set > Insert Mode

Control Types

  • Azure > AKS > Managed Cluster > ServiceNow > Import Set

Policy Types

  • Azure > AKS > Managed Cluster > ServiceNow > Import Set
  • Azure > AKS > Managed Cluster > ServiceNow > Import Set > Archive Columns
  • Azure > AKS > Managed Cluster > ServiceNow > Import Set > Insert Mode
  • Azure > AKS > Managed Cluster > ServiceNow > Import Set > Record
  • Azure > AKS > Managed Cluster > ServiceNow > Import Set > Table Name

What's new?

Policy Types

  • Azure > Subscription > ServiceNow > Import Set > Insert Mode

What's new?

Policy Types

  • ServiceNow > Import Set > Insert Mode [Default]

Bug fixes

  • Guardrails did not correctly raise the real-time modifyVolume event for EBS Volume Notifications. This issue is now fixed.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

Action Types

  • AWS > SWF > Domain > Delete from AWS

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

Bug fixes

  • Fixed incorrect references to various Quick Actions.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

What's new?

  • Volume's metadata will now also include createdBy details in Guardrails CMDB.
  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • The AWS > EC2 > Volume > Performance Configuration control would sometimes fail to set the expected configuration per AWS > EC2 > Volume > Performance Configuration > * policies and move to an Invalid state if the required data was not available for new volumes in the CMDB. The control will now move to TBD instead and retry after 5 minutes to fetch the required data correctly and set the performance configuration as expected.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed incorrect references to various Quick Actions.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • The Azure > Storage> Storage Account > CMDB control will now also fetch diagnostic settings details and store them in CMDB.
  • Track and manage storage account access keys in Guardrails CMDB.

Resource Types

  • Azure > Storage > Access Key

Control Types

  • Azure > Storage > Access Key > CMDB
  • Azure > Storage > Access Key > Discovery

Policy Types

  • Azure > Storage > Access Key > CMDB

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.
  • Fixed the AKA format for rule group v2 global and regional resource types.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Control Types

  • GCP > Global Region > ServiceNow
  • GCP > Global Region > ServiceNow > Configuration Item
  • GCP > Global Region > ServiceNow > Import Set
  • GCP > Global Region > ServiceNow > Table
  • GCP > Multi-Region > ServiceNow
  • GCP > Multi-Region > ServiceNow > Configuration Item
  • GCP > Multi-Region > ServiceNow > Import Set
  • GCP > Multi-Region > ServiceNow > Table
  • GCP > Region > ServiceNow
  • GCP > Region > ServiceNow > Configuration Item
  • GCP > Region > ServiceNow > Import Set
  • GCP > Region > ServiceNow > Table
  • GCP > Zone > ServiceNow
  • GCP > Zone > ServiceNow > Configuration Item
  • GCP > Zone > ServiceNow > Import Set
  • GCP > Zone > ServiceNow > Table

Policy Types

  • GCP > Global Region > ServiceNow
  • GCP > Global Region > ServiceNow > Configuration Item
  • GCP > Global Region > ServiceNow > Configuration Item > Record
  • GCP > Global Region > ServiceNow > Configuration Item > Table Definition
  • GCP > Global Region > ServiceNow > Import Set
  • GCP > Global Region > ServiceNow > Import Set > Archive Columns
  • GCP > Global Region > ServiceNow > Import Set > Record
  • GCP > Global Region > ServiceNow > Import Set > Table Name
  • GCP > Global Region > ServiceNow > Table
  • GCP > Global Region > ServiceNow > Table > Definition
  • GCP > Multi-Region > ServiceNow
  • GCP > Multi-Region > ServiceNow > Configuration Item
  • GCP > Multi-Region > ServiceNow > Configuration Item > Record
  • GCP > Multi-Region > ServiceNow > Configuration Item > Table Definition
  • GCP > Multi-Region > ServiceNow > Import Set
  • GCP > Multi-Region > ServiceNow > Import Set > Archive Columns
  • GCP > Multi-Region > ServiceNow > Import Set > Record
  • GCP > Multi-Region > ServiceNow > Import Set > Table Name
  • GCP > Multi-Region > ServiceNow > Table
  • GCP > Multi-Region > ServiceNow > Table > Definition
  • GCP > Region > ServiceNow
  • GCP > Region > ServiceNow > Configuration Item
  • GCP > Region > ServiceNow > Configuration Item > Record
  • GCP > Region > ServiceNow > Configuration Item > Table Definition
  • GCP > Region > ServiceNow > Import Set
  • GCP > Region > ServiceNow > Import Set > Archive Columns
  • GCP > Region > ServiceNow > Import Set > Record
  • GCP > Region > ServiceNow > Import Set > Table Name
  • GCP > Region > ServiceNow > Table
  • GCP > Region > ServiceNow > Table > Definition
  • GCP > Zone > ServiceNow
  • GCP > Zone > ServiceNow > Configuration Item
  • GCP > Zone > ServiceNow > Configuration Item > Record
  • GCP > Zone > ServiceNow > Configuration Item > Table Definition
  • GCP > Zone > ServiceNow > Import Set
  • GCP > Zone > ServiceNow > Import Set > Archive Columns
  • GCP > Zone > ServiceNow > Import Set > Record
  • GCP > Zone > ServiceNow > Import Set > Table Name
  • GCP > Zone > ServiceNow > Table
  • GCP > Zone > ServiceNow > Table > Definition

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

  • The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

What's new?

  • You can now configure parameter groups for DB clusters. To get started, set the AWS > RDS > DB Cluster > Parameter Group > * policies.

Control Types

  • AWS > RDS > DB Cluster > Parameter Group

Policy Types

  • AWS > RDS > DB Cluster > Parameter Group
  • AWS > RDS > DB Cluster > Parameter Group > Name

Action Types

  • AWS > RDS > DB Cluster > Update Parameter Group

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • Server

    • Resolved an issue where policy values were not being terminated due to a race condition.
    • The ServiceNow credentials resolver will now display a clear message when the instance is hibernate or unavailable state.
  • UI

    • Fixed an issue where filters on the Resource Explorer page were not functioning correctly.
    • The Import button on the Connect page has been updated to Connect.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • We have updated various policies set during project imports to allow for a smoother import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • You can now configure Master Authorized Networks for region and zone clusters via Guardrails. To get started, set the GCP > Kubernetes Engine > Region Cluster > Master Authorized Networks Config and GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config policies respectively.

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Control Types

  • GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config

Policy Types

  • GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config

Action Types

  • GCP > Kubernetes Engine > Region Cluster > Set Desired Master Authorized Network Config
  • GCP > Kubernetes Engine > Zone Cluster > Set Desired Master Authorized Network Config

What's new?

  • We have updated various policies set during subscription imports to allow for a smoother import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Resource Types

  • Azure > Network > Private Link Service

Control Types

  • Azure > Network > Private Link Service > Active
  • Azure > Network > Private Link Service > Approved
  • Azure > Network > Private Link Service > CMDB
  • Azure > Network > Private Link Service > Discovery
  • Azure > Network > Private Link Service > Tags

Policy Types

  • Azure > Network > Private Link Service > Active
  • Azure > Network > Private Link Service > Active > Age
  • Azure > Network > Private Link Service > Active > Last Modified
  • Azure > Network > Private Link Service > Approved
  • Azure > Network > Private Link Service > Approved > Custom
  • Azure > Network > Private Link Service > Approved > Regions
  • Azure > Network > Private Link Service > Approved > Usage
  • Azure > Network > Private Link Service > CMDB
  • Azure > Network > Private Link Service > Regions
  • Azure > Network > Private Link Service > Tags
  • Azure > Network > Private Link Service > Tags > Template

Action Types

  • Azure > Network > Private Link Service > Delete
  • Azure > Network > Private Link Service > Router
  • Azure > Network > Private Link Service > Set Tags

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

  • In version 5.25.0, we added support to ignore permission errors on a bucket via the CMDB policy Enforce: Enabled but ignore permission errors. However, the CMDB control previously ignored permission errors only on the HeadBucket operation and still entered an error state for permission errors on sub-API calls. The CMDB control will now ignore all sub-API calls if the HeadBucket operation is denied access. If the HeadBucket operation is successful, the control will attempt to make all sub-API calls and ignore access denied errors if encountered.

What's new?

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Resource Types

  • Azure > Provider > Container Registry

Control Types

  • Azure > Provider > Container Registry > CMDB
  • Azure > Provider > Container Registry > Discovery
  • Azure > Provider > Container Registry > Registered

Policy Types

  • Azure > Provider > Container Registry > CMDB
  • Azure > Provider > Container Registry > Registered

Action Types

  • Azure > Provider > Container Registry > Set Registered

Resource Types

  • Azure > Container Registry
  • Azure > Container Registry > Registry

Control Types

  • Azure > Container Registry > Registry > Active
  • Azure > Container Registry > Registry > Approved
  • Azure > Container Registry > Registry > CMDB
  • Azure > Container Registry > Registry > Discovery
  • Azure > Container Registry > Registry > Tags

Policy Types

  • Azure > Container Registry > Approved Regions [Default]
  • Azure > Container Registry > Enabled
  • Azure > Container Registry > Permissions
  • Azure > Container Registry > Permissions > Levels
  • Azure > Container Registry > Permissions > Levels > Modifiers
  • Azure > Container Registry > Regions
  • Azure > Container Registry > Registry > Active
  • Azure > Container Registry > Registry > Active > Age
  • Azure > Container Registry > Registry > Active > Last Modified
  • Azure > Container Registry > Registry > Approved
  • Azure > Container Registry > Registry > Approved > Custom
  • Azure > Container Registry > Registry > Approved > Regions
  • Azure > Container Registry > Registry > Approved > Usage
  • Azure > Container Registry > Registry > CMDB
  • Azure > Container Registry > Registry > Regions
  • Azure > Container Registry > Registry > Tags
  • Azure > Container Registry > Registry > Tags > Template
  • Azure > Container Registry > Tags Template [Default]
  • Azure > Turbot > Permissions > Compiled > Levels > @turbot/azure-containerregistry
  • Azure > Turbot > Permissions > Compiled > Service Permissions > @turbot/azure-containerregistry

Action Types

  • Azure > Container Registry > Registry > Delete
  • Azure > Container Registry > Registry > Router
  • Azure > Container Registry > Registry > Set Tags

What's new?

  • The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • The AWS > VPC > VPC > Stack control would sometimes go into an error state while upserting newly created flow logs in Guardrails due to incorrect mapping of its parent resource. This issue has now been fixed, and the control will upsert flow logs more consistently and reliably than before.

Bug fixes

  • The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

What's new?

  • Added support for Postgres versions 13.14, 13.15, 13.16, 14.11, 14.12, 14.13 and 15.8.
  • Updated Default value for the RDS certificate to rds-ca-rsa4096-g1.

5.0.0 (2024-08-13)

Resource Types

  • Azure > Managed Identity
  • Azure > Managed Identity > User Assigned Identity

Control Types

  • Azure > Managed Identity > User Assigned Identity > Active
  • Azure > Managed Identity > User Assigned Identity > Approved
  • Azure > Managed Identity > User Assigned Identity > CMDB
  • Azure > Managed Identity > User Assigned Identity > Discovery
  • Azure > Managed Identity > User Assigned Identity > Tags

Policy Types

  • Azure > Managed Identity > Approved Regions [Default]
  • Azure > Managed Identity > Enabled
  • Azure > Managed Identity > Permissions
  • Azure > Managed Identity > Permissions > Levels
  • Azure > Managed Identity > Permissions > Levels > Modifiers
  • Azure > Managed Identity > Regions
  • Azure > Managed Identity > Tags Template [Default]
  • Azure > Managed Identity > User Assigned Identity > Active
  • Azure > Managed Identity > User Assigned Identity > Active > Age
  • Azure > Managed Identity > User Assigned Identity > Active > Last Modified
  • Azure > Managed Identity > User Assigned Identity > Approved
  • Azure > Managed Identity > User Assigned Identity > Approved > Custom
  • Azure > Managed Identity > User Assigned Identity > Approved > Regions
  • Azure > Managed Identity > User Assigned Identity > Approved > Usage
  • Azure > Managed Identity > User Assigned Identity > CMDB
  • Azure > Managed Identity > User Assigned Identity > Regions
  • Azure > Managed Identity > User Assigned Identity > Tags
  • Azure > Managed Identity > User Assigned Identity > Tags > Template
  • Azure > Turbot > Permissions > Compiled > Levels > @turbot/azure-managedidentity
  • Azure > Turbot > Permissions > Compiled > Service Permissions > @turbot/azure-managedidentity

Action Types

  • Azure > Managed Identity > User Assigned Identity > Delete
  • Azure > Managed Identity > User Assigned Identity > Router
  • Azure > Managed Identity > User Assigned Identity > Set Tags

What's new?

  • The AWS > Turbot > Logging > Bucket > Default Encryption policy is now deprecated because all buckets are now encrypted by default in AWS. As a result, all buckets created and managed via the AWS > Turbot > Logging > Bucket stack control will now be encrypted by AWS SSE by default. We've also removed ACL settings for buckets and now apply bucket ownership controls instead via the stack control to align with the latest AWS recommendations. Please upgrade the @turbot/aws-s3 mod to v5.26.0 for the stack control to work reliably as before.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Policy Types

Renamed

  • AWS > Turbot > Logging > Bucket > Default Encryption to AWS > Turbot > Logging > Bucket > Default Encryption [Deprecated]

What's new?

  • Added support for aws_s3_bucket_ownership_controls Terraform resource for buckets.
  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now configure the Terraform version for the AWS > Config > Configuration Recording stack control. To get started, set the AWS > Config > Configuration Recording > Terraform Version policy. We recommend using versions 0.11, 0.12, or 0.15 for this control to create and manage resources effectively and reliably.

Policy Types

  • AWS > Config > Configuration Recording > Terraform Version

What's new?

  • Users can now create and manage labels on Pub/Sub topics created via the GCP > Turbot > Event Handlers > Pub/Sub control. To get started, set the GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels policy.

Policy Types

  • GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Labels > Ignore Changes
  • GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels
  • GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels > Ignore Changes

Bug fixes

  • Guardrails failed to cleanup deleted security group rules via the real-time ec2:RevokeSecurityGroupEgress and ec2:RevokeSecurityGroupIngress events. This issue is now fixed.

Bug fixes

  • The AWS > Turbot > Event Handlers control did not correctly raise the real-time CreateTags and DeleteTags events for VPC security group rules. This issue is now fixed.

What's new?

  • Users can now configure flow logging for subnetworks. To get started, set the GCP > Network > Subnetwork > Flow Log policy.

Control Types

  • GCP > Network > Subnetwork > Flow Log

Policy Types

  • GCP > Network > Subnetwork > Flow Log

Action Types

  • GCP > Network > Subnetwork > Set Flow Log

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Resource Types

  • Azure > Provider > Elastic
  • Azure > Provider > Managed Identity

Control Types

  • Azure > Provider > Elastic > CMDB
  • Azure > Provider > Elastic > Discovery
  • Azure > Provider > Elastic > Registered
  • Azure > Provider > Managed Identity > CMDB
  • Azure > Provider > Managed Identity > Discovery
  • Azure > Provider > Managed Identity > Registered

Policy Types

  • Azure > Provider > Elastic > CMDB
  • Azure > Provider > Elastic > Registered
  • Azure > Provider > Managed Identity > CMDB
  • Azure > Provider > Managed Identity > Registered

Action Types

  • Azure > Provider > Elastic > Set Registered
  • Azure > Provider > Managed Identity > Set Registered

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • You can now disable inactive or unapproved service accounts via Guardrails. To get started, set the GCP > IAM > Service Account > Active or GCP > IAM > Service Account > Approved policy to Enforce: Disable inactive with <x> days warning or Enforce: Disable unapproved respectively.

Action Types

  • GCP > IAM > Service Account > Disable

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

  • The AWS > ECR > Repository > CMDB control went into an error state for shared repositories upserted incorrectly in Guardrails CMDB. Shared repositories will now not be upserted under shared accounts or regions, but will only be upserted under their owner accounts and regions.

Bug fixes

  • Guardrails failed to process the real-time event ec2:CreateReplaceRootVolumeTask for instances. This is now fixed.

What's new?

  • Server

    • Made notifications faster by improving the query, which enhances the performance of the resource activity tab.
  • UI

    • Fixed a bug where policy pack creation would fail if the AKA was not provided from the user interface.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Azure > Resource Group > ServiceNow > Configuration Item control would fail to fetch instance credentials internally and did not process the data correctly in ServiceNow. This issue has now been fixed.

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Control Types

  • GCP > Project > ServiceNow > Import Set

Policy Types

  • GCP > Project > ServiceNow > Import Set
  • GCP > Project > ServiceNow > Import Set > Archive Columns
  • GCP > Project > ServiceNow > Import Set > Record
  • GCP > Project > ServiceNow > Import Set > Table Name

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

  • The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to poll events from Azure Monitor and process them in Guardrails. You won't notice any difference, and things will continue to work smoothly as before.

What's new?

  • AWS/DynamoDB/Admin, AWS/DynamoDB/Metadata and AWS/DynamoDB/Operator now include permissions for Resource Policy, Imports, Time to Live and Global Table Version.

What's new?

Control Types

  • Azure > Network > Network Security Group > ServiceNow > Import Set

Policy Types

  • Azure > Network > Network Security Group > ServiceNow > Import Set
  • Azure > Network > Network Security Group > ServiceNow > Import Set > Archive Columns
  • Azure > Network > Network Security Group > ServiceNow > Import Set > Record
  • Azure > Network > Network Security Group > ServiceNow > Import Set > Table Name

What's new?

Control Types

  • Azure > Subscription > ServiceNow > Import Set

Policy Types

  • Azure > Subscription > ServiceNow > Import Set
  • Azure > Subscription > ServiceNow > Import Set > Archive Columns
  • Azure > Subscription > ServiceNow > Import Set > Record
  • Azure > Subscription > ServiceNow > Import Set > Table Name

What's new?

  • Users can now enable/disable Table logging for Storage Accounts via Azure > Storage > Storage Account > Table > Logging control. To get started, set the Azure > Storage > Storage Account > Table > Logging policy.

Control Types

  • Azure > Storage > Storage Account > Encryption at Rest
  • Azure > Storage > Storage Account > Table
  • Azure > Storage > Storage Account > Table > Logging

Policy Types

  • Azure > Storage > Storage Account > Encryption at Rest
  • Azure > Storage > Storage Account > Encryption at Rest > Customer Managed Key
  • Azure > Storage > Storage Account > Table
  • Azure > Storage > Storage Account > Table > Logging
  • Azure > Storage > Storage Account > Table > Logging > Properties
  • Azure > Storage > Storage Account > Table > Logging > Retention Days

Action Types

  • Azure > Storage > Storage Account > Update Encryption at Rest

  • Azure > Storage > Storage Account > Update Storage Account Table Logging

  • The Storage Account CMDB data will now also include information about the account's table service properties.

  • We've removed the dependency on listKeys permission for Azure > Storage Account > Container > Discovery to run its course to completion. This release includes breaking changes in the CMDB data for containers. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Renamed: isImmutableStorageWithVersioningEnabled to isImmutableStorageWithVersioning.enabled

Removed: preventEncryptionScopeOverride

Bug fixes

  • The Azure > Storage > Storage Account > CMDB control would go into an error state while trying to fetch default Queue and Blob properties if Guardrails did not have permission to list the storage account keys. The control will now not attempt to fetch default Queue and Blob properties if Guardrails does not have the required access for listKeys, and will run its course to completion without going into an error state.

Bug fixes

  • Improved error message for the AWS > S3 > Bucket > CMDB control if it would go into an error state due to insufficient permissions for the headBucket operation.

What's new?

  • Server
    • Migrated from Node.js 18 to Node.js 20 for improved performance and security.
    • Updated the Mod Lambda architecture to ARM64 for better efficiency.
    • Added support for Node.js 20 in the Lambda runtime.

Bug fixes

  • Server
    • Resolved an issue where the next tick timestamp was not being set for large commands

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • UI
    • Resolved deletion issue from UI for Policy Packs with latest Turbot Mod(5.45.0) and TE 5.45.0.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

Control Types

  • Kubernetes > CronJob > ServiceNow
  • Kubernetes > CronJob > ServiceNow > Configuration Item
  • Kubernetes > CronJob > ServiceNow > Table
  • Kubernetes > DaemonSet > ServiceNow
  • Kubernetes > DaemonSet > ServiceNow > Configuration Item
  • Kubernetes > DaemonSet > ServiceNow > Table
  • Kubernetes > Ingress > ServiceNow
  • Kubernetes > Ingress > ServiceNow > Configuration Item
  • Kubernetes > Ingress > ServiceNow > Table
  • Kubernetes > Job > ServiceNow
  • Kubernetes > Job > ServiceNow > Configuration Item
  • Kubernetes > Job > ServiceNow > Table
  • Kubernetes > Persistent Volume > ServiceNow
  • Kubernetes > Persistent Volume > ServiceNow > Configuration Item
  • Kubernetes > Persistent Volume > ServiceNow > Table
  • Kubernetes > ReplicationController > ServiceNow
  • Kubernetes > ReplicationController > ServiceNow > Configuration Item
  • Kubernetes > ReplicationController > ServiceNow > Table
  • Kubernetes > StatefulSet > ServiceNow
  • Kubernetes > StatefulSet > ServiceNow > Configuration Item
  • Kubernetes > StatefulSet > ServiceNow > Table

Policy Types

  • Kubernetes > CronJob > ServiceNow
  • Kubernetes > CronJob > ServiceNow > Configuration Item
  • Kubernetes > CronJob > ServiceNow > Configuration Item > Record
  • Kubernetes > CronJob > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > CronJob > ServiceNow > Table
  • Kubernetes > CronJob > ServiceNow > Table > Definition
  • Kubernetes > DaemonSet > ServiceNow
  • Kubernetes > DaemonSet > ServiceNow > Configuration Item
  • Kubernetes > DaemonSet > ServiceNow > Configuration Item > Record
  • Kubernetes > DaemonSet > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > DaemonSet > ServiceNow > Table
  • Kubernetes > DaemonSet > ServiceNow > Table > Definition
  • Kubernetes > Ingress > ServiceNow
  • Kubernetes > Ingress > ServiceNow > Configuration Item
  • Kubernetes > Ingress > ServiceNow > Configuration Item > Record
  • Kubernetes > Ingress > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Ingress > ServiceNow > Table
  • Kubernetes > Ingress > ServiceNow > Table > Definition
  • Kubernetes > Job > ServiceNow
  • Kubernetes > Job > ServiceNow > Configuration Item
  • Kubernetes > Job > ServiceNow > Configuration Item > Record
  • Kubernetes > Job > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Job > ServiceNow > Table
  • Kubernetes > Job > ServiceNow > Table > Definition
  • Kubernetes > Persistent Volume > ServiceNow
  • Kubernetes > Persistent Volume > ServiceNow > Configuration Item
  • Kubernetes > Persistent Volume > ServiceNow > Configuration Item > Record
  • Kubernetes > Persistent Volume > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Persistent Volume > ServiceNow > Table
  • Kubernetes > Persistent Volume > ServiceNow > Table > Definition
  • Kubernetes > ReplicationController > ServiceNow
  • Kubernetes > ReplicationController > ServiceNow > Configuration Item
  • Kubernetes > ReplicationController > ServiceNow > Configuration Item > Record
  • Kubernetes > ReplicationController > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > ReplicationController > ServiceNow > Table
  • Kubernetes > ReplicationController > ServiceNow > Table > Definition
  • Kubernetes > StatefulSet > ServiceNow
  • Kubernetes > StatefulSet > ServiceNow > Configuration Item
  • Kubernetes > StatefulSet > ServiceNow > Configuration Item > Record
  • Kubernetes > StatefulSet > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > StatefulSet > ServiceNow > Table
  • Kubernetes > StatefulSet > ServiceNow > Table > Definition

What's new?

Resource Types

  • Kubernetes > CronJob
  • Kubernetes > DaemonSet
  • Kubernetes > Ingress
  • Kubernetes > Job
  • Kubernetes > Persistent Volume
  • Kubernetes > ReplicationController
  • Kubernetes > StatefulSet

Control Types

  • Kubernetes > ConfigMap > Active
  • Kubernetes > CronJob > Active
  • Kubernetes > CronJob > Annotations
  • Kubernetes > CronJob > Approved
  • Kubernetes > CronJob > CMDB
  • Kubernetes > CronJob > Labels
  • Kubernetes > CronJob > Query
  • Kubernetes > DaemonSet > Active
  • Kubernetes > DaemonSet > Annotations
  • Kubernetes > DaemonSet > Approved
  • Kubernetes > DaemonSet > CMDB
  • Kubernetes > DaemonSet > Labels
  • Kubernetes > DaemonSet > Query
  • Kubernetes > Deployment > Active
  • Kubernetes > Ingress > Active
  • Kubernetes > Ingress > Annotations
  • Kubernetes > Ingress > Approved
  • Kubernetes > Ingress > CMDB
  • Kubernetes > Ingress > Labels
  • Kubernetes > Ingress > Query
  • Kubernetes > Job > Active
  • Kubernetes > Job > Annotations
  • Kubernetes > Job > Approved
  • Kubernetes > Job > CMDB
  • Kubernetes > Job > Labels
  • Kubernetes > Job > Query
  • Kubernetes > Namespace > Active
  • Kubernetes > Node > Active
  • Kubernetes > Persistent Volume > Active
  • Kubernetes > Persistent Volume > Annotations
  • Kubernetes > Persistent Volume > Approved
  • Kubernetes > Persistent Volume > CMDB
  • Kubernetes > Persistent Volume > Labels
  • Kubernetes > Persistent Volume > Query
  • Kubernetes > Pod > Active
  • Kubernetes > ReplicaSet > Active
  • Kubernetes > ReplicationController > Active
  • Kubernetes > ReplicationController > Annotations
  • Kubernetes > ReplicationController > Approved
  • Kubernetes > ReplicationController > CMDB
  • Kubernetes > ReplicationController > Labels
  • Kubernetes > ReplicationController > Query
  • Kubernetes > Service > Active
  • Kubernetes > StatefulSet > Active
  • Kubernetes > StatefulSet > Annotations
  • Kubernetes > StatefulSet > Approved
  • Kubernetes > StatefulSet > CMDB
  • Kubernetes > StatefulSet > Labels
  • Kubernetes > StatefulSet > Query

Policy Types

  • Kubernetes > Cluster > CMDB > Expiration
  • Kubernetes > Cluster > CMDB > Expiration > Expiration Days
  • Kubernetes > Cluster > osquery
  • Kubernetes > Cluster > osquery > Configuration
  • Kubernetes > ConfigMap > Active
  • Kubernetes > ConfigMap > Active > Age
  • Kubernetes > ConfigMap > Active > Last Modified
  • Kubernetes > CronJob > Active
  • Kubernetes > CronJob > Active > Age
  • Kubernetes > CronJob > Active > Last Modified
  • Kubernetes > CronJob > Annotations
  • Kubernetes > CronJob > Annotations > Template
  • Kubernetes > CronJob > Approved
  • Kubernetes > CronJob > Approved > Custom
  • Kubernetes > CronJob > CMDB
  • Kubernetes > CronJob > Labels
  • Kubernetes > CronJob > Labels > Template
  • Kubernetes > CronJob > osquery
  • Kubernetes > CronJob > osquery > Configuration
  • Kubernetes > CronJob > osquery > Configuration > Columns
  • Kubernetes > CronJob > osquery > Configuration > Interval
  • Kubernetes > CronJob > osquery > Configuration > Name
  • Kubernetes > DaemonSet > Active
  • Kubernetes > DaemonSet > Active > Age
  • Kubernetes > DaemonSet > Active > Last Modified
  • Kubernetes > DaemonSet > Annotations
  • Kubernetes > DaemonSet > Annotations > Template
  • Kubernetes > DaemonSet > Approved
  • Kubernetes > DaemonSet > Approved > Custom
  • Kubernetes > DaemonSet > CMDB
  • Kubernetes > DaemonSet > Labels
  • Kubernetes > DaemonSet > Labels > Template
  • Kubernetes > DaemonSet > osquery
  • Kubernetes > DaemonSet > osquery > Configuration
  • Kubernetes > DaemonSet > osquery > Configuration > Columns
  • Kubernetes > DaemonSet > osquery > Configuration > Interval
  • Kubernetes > DaemonSet > osquery > Configuration > Name
  • Kubernetes > Deployment > Active
  • Kubernetes > Deployment > Active > Age
  • Kubernetes > Deployment > Active > Last Modified
  • Kubernetes > Ingress > Active
  • Kubernetes > Ingress > Active > Age
  • Kubernetes > Ingress > Active > Last Modified
  • Kubernetes > Ingress > Annotations
  • Kubernetes > Ingress > Annotations > Template
  • Kubernetes > Ingress > Approved
  • Kubernetes > Ingress > Approved > Custom
  • Kubernetes > Ingress > CMDB
  • Kubernetes > Ingress > Labels
  • Kubernetes > Ingress > Labels > Template
  • Kubernetes > Ingress > osquery
  • Kubernetes > Ingress > osquery > Configuration
  • Kubernetes > Ingress > osquery > Configuration > Columns
  • Kubernetes > Ingress > osquery > Configuration > Interval
  • Kubernetes > Ingress > osquery > Configuration > Name
  • Kubernetes > Job > Active
  • Kubernetes > Job > Active > Age
  • Kubernetes > Job > Active > Last Modified
  • Kubernetes > Job > Annotations
  • Kubernetes > Job > Annotations > Template
  • Kubernetes > Job > Approved
  • Kubernetes > Job > Approved > Custom
  • Kubernetes > Job > CMDB
  • Kubernetes > Job > Labels
  • Kubernetes > Job > Labels > Template
  • Kubernetes > Job > osquery
  • Kubernetes > Job > osquery > Configuration
  • Kubernetes > Job > osquery > Configuration > Columns
  • Kubernetes > Job > osquery > Configuration > Interval
  • Kubernetes > Job > osquery > Configuration > Name
  • Kubernetes > Namespace > Active
  • Kubernetes > Namespace > Active > Age
  • Kubernetes > Namespace > Active > Last Modified
  • Kubernetes > Node > Active
  • Kubernetes > Node > Active > Age
  • Kubernetes > Node > Active > Last Modified
  • Kubernetes > Persistent Volume > Active
  • Kubernetes > Persistent Volume > Active > Age
  • Kubernetes > Persistent Volume > Active > Last Modified
  • Kubernetes > Persistent Volume > Annotations
  • Kubernetes > Persistent Volume > Annotations > Template
  • Kubernetes > Persistent Volume > Approved
  • Kubernetes > Persistent Volume > Approved > Custom
  • Kubernetes > Persistent Volume > CMDB
  • Kubernetes > Persistent Volume > Labels
  • Kubernetes > Persistent Volume > Labels > Template
  • Kubernetes > Persistent Volume > osquery
  • Kubernetes > Persistent Volume > osquery > Configuration
  • Kubernetes > Persistent Volume > osquery > Configuration > Columns
  • Kubernetes > Persistent Volume > osquery > Configuration > Interval
  • Kubernetes > Persistent Volume > osquery > Configuration > Name
  • Kubernetes > Pod > Active
  • Kubernetes > Pod > Active > Age
  • Kubernetes > Pod > Active > Last Modified
  • Kubernetes > ReplicaSet > Active
  • Kubernetes > ReplicaSet > Active > Age
  • Kubernetes > ReplicaSet > Active > Last Modified
  • Kubernetes > ReplicationController > Active
  • Kubernetes > ReplicationController > Active > Age
  • Kubernetes > ReplicationController > Active > Last Modified
  • Kubernetes > ReplicationController > Annotations
  • Kubernetes > ReplicationController > Annotations > Template
  • Kubernetes > ReplicationController > Approved
  • Kubernetes > ReplicationController > Approved > Custom
  • Kubernetes > ReplicationController > CMDB
  • Kubernetes > ReplicationController > Labels
  • Kubernetes > ReplicationController > Labels > Template
  • Kubernetes > ReplicationController > osquery
  • Kubernetes > ReplicationController > osquery > Configuration
  • Kubernetes > ReplicationController > osquery > Configuration > Columns
  • Kubernetes > ReplicationController > osquery > Configuration > Interval
  • Kubernetes > ReplicationController > osquery > Configuration > Name
  • Kubernetes > Service > Active
  • Kubernetes > Service > Active > Age
  • Kubernetes > Service > Active > Last Modified
  • Kubernetes > StatefulSet > Active
  • Kubernetes > StatefulSet > Active > Age
  • Kubernetes > StatefulSet > Active > Last Modified
  • Kubernetes > StatefulSet > Annotations
  • Kubernetes > StatefulSet > Annotations > Template
  • Kubernetes > StatefulSet > Approved
  • Kubernetes > StatefulSet > Approved > Custom
  • Kubernetes > StatefulSet > CMDB
  • Kubernetes > StatefulSet > Labels
  • Kubernetes > StatefulSet > Labels > Template
  • Kubernetes > StatefulSet > osquery
  • Kubernetes > StatefulSet > osquery > Configuration
  • Kubernetes > StatefulSet > osquery > Configuration > Columns
  • Kubernetes > StatefulSet > osquery > Configuration > Interval
  • Kubernetes > StatefulSet > osquery > Configuration > Name

Action Types

  • Kubernetes > Cluster > Router
  • Kubernetes > CronJob > Router
  • Kubernetes > DaemonSet > Router
  • Kubernetes > Ingress > Router
  • Kubernetes > Job > Router
  • Kubernetes > Persistent Volume > Router
  • Kubernetes > ReplicationController > Router
  • Kubernetes > StatefulSet > Router

Bug fixes

  • CMDB controls for various resources sometimes failed to process a large number of updates that occurred in quick succession via Cluster events. We’ve improved our GraphQL queries to handle such a load, and the controls will now be able to process such events more smoothly and reliably than before.

What's new?

  • The AWS > S3 > Bucket > CMDB control would go into an error state if Guardrails did not have permissions to call the headBucket operation on a bucket. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > S3 > Bucket > CMDB policy to Enforce: Enabled but ignore permission errors.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • In the previous version, we fixed an issue with the Azure > App Service > Web App > Client Certificate Mode control, ensuring that the Client Certificate Mode is set to Require correctly. However, we missed an edge case where the control wouldn’t enforce any mode other than the default setting of Ignore. We have now addressed all cases, and the control will work more reliably and consistently than before.

What's new?

  • Updated AWS Lambda function architecture to ARM64 for improved performance and cost efficiency.

What's new?

  • Server

    • Improved memory optimization for Redis.
    • Updated all AWS Lambda functions in the TE environment to use ARM64 architecture for improved performance and cost efficiency.
    • Allow notifications rules to accept nunjucks for Email address.
    • Updated several node packages to newer versions for improved functionality and security.
  • UI

    • Smart Folders are now called Policy Packs.
    • Now you can add AKA while creating Policy Packs from UI.

Bug fixes

  • Server

    • Fixed an issue where controls remained in TBD state for accounts imported without an External ID.
  • UI

    • Removed the unsupported feature for rearranging Policy Packs from the UI.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Import Set policies for various Kubernetes resources will no longer include the Enforce: Sync policy value for integrating Import Sets in ServiceNow.

Control Types

  • GCP > Storage > Object > ServiceNow > Import Set

Policy Types

  • GCP > Storage > Object > ServiceNow > Import Set
  • GCP > Storage > Object > ServiceNow > Import Set > Archive Columns
  • GCP > Storage > Object > ServiceNow > Import Set > Record
  • GCP > Storage > Object > ServiceNow > Import Set > Table Name

Control Types

  • GCP > Compute Engine > Disk > ServiceNow > Import Set
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > Image > ServiceNow > Import Set
  • GCP > Compute Engine > Instance > ServiceNow > Import Set
  • GCP > Compute Engine > Instance Template > ServiceNow > Import Set
  • GCP > Compute Engine > Node Group > ServiceNow > Import Set
  • GCP > Compute Engine > Node template > ServiceNow > Import Set
  • GCP > Compute Engine > Project > ServiceNow > Import Set
  • GCP > Compute Engine > Region Disk > ServiceNow > Import Set
  • GCP > Compute Engine > Region Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > Snapshot > ServiceNow > Import Set

Policy Types

  • GCP > Compute Engine > Disk > ServiceNow > Import Set
  • GCP > Compute Engine > Disk > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Disk > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Disk > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Record
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Record
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > Health Check > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Health Check > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Health Check > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Image > ServiceNow > Import Set
  • GCP > Compute Engine > Image > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Image > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Image > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Instance > ServiceNow > Import Set
  • GCP > Compute Engine > Instance > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Instance > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Instance > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Instance Template > ServiceNow > Import Set
  • GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Node Group > ServiceNow > Import Set
  • GCP > Compute Engine > Node Group > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Node Group > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Node Group > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Node template > ServiceNow > Import Set
  • GCP > Compute Engine > Node template > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Node template > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Node template > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Project > ServiceNow > Import Set
  • GCP > Compute Engine > Project > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Project > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Project > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Region Disk > ServiceNow > Import Set
  • GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Region Health Check > ServiceNow > Import Set
  • GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Table Name
  • GCP > Compute Engine > Snapshot > ServiceNow > Import Set
  • GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Archive Columns
  • GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Record
  • GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Table Name

Control Types

  • Azure > Storage > Container > ServiceNow > Import Set
  • Azure > Storage > FileShare > ServiceNow > Import Set
  • Azure > Storage > Queue > ServiceNow > Import Set

Policy Types

  • Azure > Storage > Container > ServiceNow > Import Set
  • Azure > Storage > Container > ServiceNow > Import Set > Archive Columns
  • Azure > Storage > Container > ServiceNow > Import Set > Record
  • Azure > Storage > Container > ServiceNow > Import Set > Table Name
  • Azure > Storage > FileShare > ServiceNow > Import Set
  • Azure > Storage > FileShare > ServiceNow > Import Set > Archive Columns
  • Azure > Storage > FileShare > ServiceNow > Import Set > Record
  • Azure > Storage > FileShare > ServiceNow > Import Set > Table Name
  • Azure > Storage > Queue > ServiceNow > Import Set
  • Azure > Storage > Queue > ServiceNow > Import Set > Archive Columns
  • Azure > Storage > Queue > ServiceNow > Import Set > Record
  • Azure > Storage > Queue > ServiceNow > Import Set > Table Name

Control Types

  • Azure > Compute > Availability Set > ServiceNow > Import Set
  • Azure > Compute > Disk > ServiceNow > Import Set
  • Azure > Compute > Disk Encryption Set > ServiceNow > Import Set
  • Azure > Compute > Image > ServiceNow > Import Set
  • Azure > Compute > Snapshot > ServiceNow > Import Set
  • Azure > Compute > Ssh Public Key > ServiceNow > Import Set
  • Azure > Compute > Virtual Machine > ServiceNow > Import Set
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set

Policy Types

  • Azure > Compute > Availability Set > ServiceNow > Import Set
  • Azure > Compute > Availability Set > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Availability Set > ServiceNow > Import Set > Record
  • Azure > Compute > Availability Set > ServiceNow > Import Set > Table Name
  • Azure > Compute > Disk > ServiceNow > Import Set
  • Azure > Compute > Disk > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Disk > ServiceNow > Import Set > Record
  • Azure > Compute > Disk > ServiceNow > Import Set > Table Name
  • Azure > Compute > Disk Encryption Set > ServiceNow > Import Set
  • Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Record
  • Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Table Name
  • Azure > Compute > Image > ServiceNow > Import Set
  • Azure > Compute > Image > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Image > ServiceNow > Import Set > Record
  • Azure > Compute > Image > ServiceNow > Import Set > Table Name
  • Azure > Compute > Snapshot > ServiceNow > Import Set
  • Azure > Compute > Snapshot > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Snapshot > ServiceNow > Import Set > Record
  • Azure > Compute > Snapshot > ServiceNow > Import Set > Table Name
  • Azure > Compute > Ssh Public Key > ServiceNow > Import Set
  • Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Record
  • Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Table Name
  • Azure > Compute > Virtual Machine > ServiceNow > Import Set
  • Azure > Compute > Virtual Machine > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Virtual Machine > ServiceNow > Import Set > Record
  • Azure > Compute > Virtual Machine > ServiceNow > Import Set > Table Name
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Archive Columns
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Record
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Table Name

Control Types

  • AWS > S3 > Bucket > ServiceNow > Import Set

Policy Types

  • AWS > S3 > Bucket > ServiceNow > Import Set
  • AWS > S3 > Bucket > ServiceNow > Import Set > Archive Columns
  • AWS > S3 > Bucket > ServiceNow > Import Set > Record
  • AWS > S3 > Bucket > ServiceNow > Import Set > Table Name

What's new?

  • Added support to archive Import Sets in ServiceNow.

Bug fixes

  • The Azure > App Service > Web App > Client Certificate Mode control did not apply Enforce: Require settings correctly. This is now fixed.

What's new?

  • Added support for google_monitoring_alert_policy and google_monitoring_notification_channel Terraform resources.

Control Types

  • GCP > Monitoring > Alert Policy > Configured
  • GCP > Monitoring > Notification Channel > Configured

Policy Types

  • GCP > Monitoring > Alert Policy > Configured
  • GCP > Monitoring > Alert Policy > Configured > Claim Precedence
  • GCP > Monitoring > Alert Policy > Configured > Source
  • GCP > Monitoring > Notification Channel > Configured
  • GCP > Monitoring > Notification Channel > Configured > Claim Precedence
  • GCP > Monitoring > Notification Channel > Configured > Source

What's new?

  • Added support for google_logging_metric Terraform resource.

Control Types

  • GCP > Logging > Metric > Configured

Policy Types

  • GCP > Logging > Metric > Configured
  • GCP > Logging > Metric > Configured > Claim Precedence
  • GCP > Logging > Metric > Configured > Source

Bug fixes

  • The Azure > Storage > Storage Account > Queue > Logging control failed to set queue logging properties correctly. This issue has been fixed, and the control will now function correctly as intended.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

  • Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

  • Users can now configure Shielded Instance Configuration for instances. To get started, set GCP > Compute > Instance > Shielded Instance Configuration > * policies.

Control Types

  • GCP > Compute Engine > Instance > Shielded Instance Configuration

Policy Types

  • GCP > Compute Engine > Instance > Shielded Instance Configuration
  • GCP > Compute Engine > Instance > Shielded Instance Configuration > Integrity Monitoring
  • GCP > Compute Engine > Instance > Shielded Instance Configuration > Secure Boot
  • GCP > Compute Engine > Instance > Shielded Instance Configuration > vTPM

Action Types

  • GCP > Compute Engine > Instance > Set Shielded Instance Configuration

What's new?

  • The Azure > CIS v2.0 > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) control will also evaluate SQL databases for SKU Basic/Consumption.

Control Types

  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics

Policy Types

  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group flow logs are captured and sent to Log Analytics

Bug fixes

  • The Azure > CIS v2.0 > 4 - Database Services > 01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key control did not evaluate the result correctly, as expected. This is now fixed.

What's new?

DOCUMENTATION:

  • resource/turbot_policy_pack: Added documentation for akas attribute for the resource. (#179)

What's new?

  • Users can now configure Encryption In Transit for instances. To get started, set the GCP > SQL > Instance > Encryption In Transit policy.

Control Types

  • GCP > SQL > Instance > Encryption In Transit

Policy Types

  • GCP > SQL > Instance > Encryption In Transit

Action Types

  • GCP > SQL > Instance > Update Encryption in Transit

What's new?

Control Types

  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure API Keys Only Exist for Active Services
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure API Keys Are Restricted to Only APIs That Application Needs Access
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure API Keys Are Rotated Every 90 Days

Policy Types

  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure API Keys Only Exist for Active Services
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure API Keys Are Restricted to Only APIs That Application Needs Access
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure API Keys Are Rotated Every 90 Days

What's new?

  • Users can now upgrade the SKU from Basic to Standard for Public IP Addresss via Azure > Network > Public IP Address > Standard SKU control. To get started, set the Azure > Network > Public IP Address > Standard SKU policy.

Control Types

  • Azure > Network > Public IP Address > Standard SKU

Policy Types

  • Azure > Network > Public IP Address > Standard SKU
  • Azure > Network > Public IP Address > Standard SKU > SKU Tier

Action Types

  • Azure > Network > Public IP Address > Update SKU to Standard

What's new?

  • We've added guardrails to help secure access to your database accounts' public endpoints. All database accounts have public endpoints that are accessible through the internet by default. This access can be limited to specific IP ranges, virtual network subnets, and trusted Microsoft services by defining firewall and virtual network rules.

To get started configuring these rules through Guardrails, the following policies should set according to your desired firewall rules configuration:

Azure > Cosmos DB > Database Account > Firewall - Configure default access rules for the public endpoint Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved - Remove unapproved IP ranges Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required - Grant access to specific IP ranges Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved - Remove unapproved virtual network subnets Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required - Grant access to specific virtual network subnets Please note that if the Azure > Cosmos DB > Database Account > Firewall policy is set to Enforce: Allow only approved virtual networks and IP ranges, only applications in the configured IP ranges, virtual network subnets, and trusted Microsoft services will be allowed to access the database accounts. If these boundaries are not properly configured beforehand or an application is outside of these boundaries, it will lose access to the database accounts.

Control Types

  • Azure > Cosmos DB > Database Account > Firewall
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required

Policy Types

  • Azure > Cosmos DB > Database Account > Firewall
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved > CIDR Ranges
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved > Rules
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required > Compiled Items
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required > Exceptions
  • Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required > Items
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved > Compiled Rules
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved > Rules
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved > Subnets
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required
  • Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required > Items

Action Types

  • Azure > Cosmos DB > Database Account > Update Firewall Default Access Rule
  • Azure > Cosmos DB > Database Account > Update Firewall IP Ranges
  • Azure > Cosmos DB > Database Account > Update Firewall Virtual Networks

Bug fixes

  • Various Discovery and CMDB controls entered an error state because they used outdated APIs that no longer functioned as expected. We have updated internal package dependencies, and those controls now operate smoothly as intended.

Bug fixes

  • Resolved an issue where an empty outbound_cidr_ranges SSM parameter caused a validation error. Now, if the outbound_cidr_ranges parameter is empty, it will be set to None.

What's new?

  • Added M7i and M7i-flex instance type.
  • Updated the HealthCheckProxy lambda function to use python 3.10.

Bug fixes

  • The GCP > Project > CMDB control went into an error state while fetching Access Approval settings for the project if Access Transparency was disabled at the organization level. We have now handled such cases gracefully, and the control will fetch all available details without going into an error state.

What's new?

  • Users can now configure authorized networks for instances in Guardrails. To get started, set the GCP > SQL > Instance > Authorized Network > * policies.
  • Users can now configure Database Flags for instances in Guardrails. To get started, set the GCP > SQL > Instance > Database Flags policy.
  • Users can now clean up and stop tracking SQL resources in Guardrails. To get started, set the GCP > SQL > CMDB policy to Enforce: Disabled.

Control Types

  • GCP > SQL > Instance > Authorized Network
  • GCP > SQL > Instance > Authorized Network > Approved
  • GCP > SQL > Instance > Database Flags

Policy Types

  • GCP > SQL > Instance > Authorized Network
  • GCP > SQL > Instance > Authorized Network > Approved
  • GCP > SQL > Instance > Authorized Network > Approved > CIDR Ranges
  • GCP > SQL > Instance > Database Flags
  • GCP > SQL > Instance > Database Flags > MySQL
  • GCP > SQL > Instance > Database Flags > MySQL > Template
  • GCP > SQL > Instance > Database Flags > PostgreSQL
  • GCP > SQL > Instance > Database Flags > PostgreSQL > Template
  • GCP > SQL > Instance > Database Flags > SQL Server
  • GCP > SQL > Instance > Database Flags > SQL Server > Template

Action Types

  • GCP > SQL > Instance > Update Authorized Network
  • GCP > SQL > Instance > Update Database Flags

What's new?

  • We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Storage resources in Guardrails. This release includes breaking changes in the CMDB data for storage accounts. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

    Renamed:

    • serviceProperties.blob.DeleteRetentionPolicy to serviceProperties.blob.deleteRetentionPolicy
    • serviceProperties.blob.DeleteRetentionPolicy.Days to serviceProperties.blob.deleteRetentionPolicy.days
    • serviceProperties.blob.DeleteRetentionPolicy.Enabled to serviceProperties.blob.deleteRetentionPolicy.enabled
    • serviceProperties.blob.StaticWebsite to serviceProperties.blob.staticWebsite
    • serviceProperties.blob.StaticWebsite.Enabled to serviceProperties.blob.staticWebsite.enabled
    • serviceProperties.blob.logging to serviceProperties.blob.blobAnalyticsLogging
    • serviceProperties.queue.logging to serviceProperties.queue.queueAnalyticsLogging

    Added:

    • serviceProperties.blob.deleteRetentionPolicy.AllowPermanentDelete

    Modified:

    • The data type of the attribute serviceProperties.blob.cors has been changed from string ("") to array ([]).
    • The data type of the attribute serviceProperties.queue.cors has been changed from string ("") to array ([]).
  • Users can now enable/disable Blob logging for storage accounts. To get started, set the Azure > Storage > Storage Account > Blob > Logging > * policies.

  • Users can now check if storage accounts are approved for use based on Infrastructure Encryption settings. To get started, set the Azure > Storage > Storage Account > Approved > Infrastructure Encryption policy.

Control Types

  • Azure > Storage > Storage Account > Blob
  • Azure > Storage > Storage Account > Blob > Logging

Renamed

  • Azure > Storage > Storage Account > Public Access to Azure > Storage > Storage Account > Blob Public Access

Policy Types

  • Azure > Storage > Storage Account > Approved > Infrastructure Encryption
  • Azure > Storage > Storage Account > Blob
  • Azure > Storage > Storage Account > Blob > Logging
  • Azure > Storage > Storage Account > Blob > Logging > Properties
  • Azure > Storage > Storage Account > Blob > Logging > Retention Days

Renamed

  • Azure > Storage > Storage Account > Public Access to Azure > Storage > Storage Account > Blob Public Access

Action Types

  • Azure > Storage > Storage Account > Update Storage Account Blob Logging

Renamed

  • Azure > Storage > Storage Account > Set Public Access to Azure > Storage > Storage Account > Set Blob Public Access

What's new?

  • Users can now configure Client Certificate Mode for web apps. To get started, set the Azure > App Service > Web App > Client Certificate Mode policy.

Control Types

  • Azure > App Service > Web App > Client Certificate Mode

Policy Types

  • Azure > App Service > Web App > Client Certificate Mode

Action Types

  • Azure > App Service > Web App > Set Client Certificate Mode

What's new?

FEATURES:

  • New Resource: turbot_policy_pack (#171)
  • New Resource: turbot_policy_pack_attachment (#173)

ENHANCEMENTS:

  • resource/turbot_smart_folder: The parent argument is now optional and defaults to tmod:@turbot/turbot#/. (#177)

What's new?

Resource Types

  • GCP > IAM > API Key

Control Types

  • GCP > IAM > API Key > Active
  • GCP > IAM > API Key > Approved
  • GCP > IAM > API Key > CMDB
  • GCP > IAM > API Key > Discovery
  • GCP > IAM > API Key > Usage

Policy Types

  • GCP > IAM > API Key > Active
  • GCP > IAM > API Key > Active > Age
  • GCP > IAM > API Key > Active > Last Modified
  • GCP > IAM > API Key > Approved
  • GCP > IAM > API Key > Approved > Custom
  • GCP > IAM > API Key > Approved > Usage
  • GCP > IAM > API Key > CMDB
  • GCP > IAM > API Key > Usage
  • GCP > IAM > API Key > Usage > Limit

Action Types

  • GCP > IAM > API Key > Delete
  • GCP > IAM > API Key > Router

What's new?

  • You can now configure Encryption at Rest for datasets. To get started, set the GCP > BigQuery > Dataset > Encryption at Rest > * policies.

Control Types

  • GCP > BigQuery > Dataset > Encryption at Rest

Policy Types

  • GCP > BigQuery > Dataset > Encryption at Rest
  • GCP > BigQuery > Dataset > Encryption at Rest > Customer Managed Key

Action Types

  • GCP > BigQuery > Dataset > Update Encryption At Rest

What's new?

Control Types

  • Kubernetes > Cluster > ServiceNow > Import Set
  • Kubernetes > ConfigMap > ServiceNow > Import Set
  • Kubernetes > Deployment > ServiceNow > Import Set
  • Kubernetes > Namespace > ServiceNow > Import Set
  • Kubernetes > Node > ServiceNow > Import Set
  • Kubernetes > Pod > ServiceNow > Import Set
  • Kubernetes > ReplicaSet > ServiceNow > Import Set
  • Kubernetes > Service > ServiceNow > Import Set

Policy Types

  • Kubernetes > Cluster > ServiceNow > Import Set
  • Kubernetes > Cluster > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Cluster > ServiceNow > Import Set > Record
  • Kubernetes > Cluster > ServiceNow > Import Set > Table Name
  • Kubernetes > ConfigMap > ServiceNow > Import Set
  • Kubernetes > ConfigMap > ServiceNow > Import Set > Archive Columns
  • Kubernetes > ConfigMap > ServiceNow > Import Set > Record
  • Kubernetes > ConfigMap > ServiceNow > Import Set > Table Name
  • Kubernetes > Deployment > ServiceNow > Import Set
  • Kubernetes > Deployment > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Deployment > ServiceNow > Import Set > Record
  • Kubernetes > Deployment > ServiceNow > Import Set > Table Name
  • Kubernetes > Namespace > ServiceNow > Import Set
  • Kubernetes > Namespace > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Namespace > ServiceNow > Import Set > Record
  • Kubernetes > Namespace > ServiceNow > Import Set > Table Name
  • Kubernetes > Node > ServiceNow > Import Set
  • Kubernetes > Node > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Node > ServiceNow > Import Set > Record
  • Kubernetes > Node > ServiceNow > Import Set > Table Name
  • Kubernetes > Pod > ServiceNow > Import Set
  • Kubernetes > Pod > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Pod > ServiceNow > Import Set > Record
  • Kubernetes > Pod > ServiceNow > Import Set > Table Name
  • Kubernetes > ReplicaSet > ServiceNow > Import Set
  • Kubernetes > ReplicaSet > ServiceNow > Import Set > Archive Columns
  • Kubernetes > ReplicaSet > ServiceNow > Import Set > Record
  • Kubernetes > ReplicaSet > ServiceNow > Import Set > Table Name
  • Kubernetes > Service > ServiceNow > Import Set
  • Kubernetes > Service > ServiceNow > Import Set > Archive Columns
  • Kubernetes > Service > ServiceNow > Import Set > Record
  • Kubernetes > Service > ServiceNow > Import Set > Table Name

Bug fixes

  • Guardrails failed to process real-time snapshot events if the AWS > EC2 > Snapshot > CMDB policy was set to Enforce: Enabled for Snapshots not created with AWS Backup. This issue has now been fixed.

What's new?

  • Users can now configure DNSSEC for managed zones via Guardrails. To get started, set theGCP > DNS > Managed Zone > DNSSEC Configuration policy.
  • Users can now configure logging for DNS policies. To get started, set the GCP > DNS > Policy > Logging policy.

Control Types

  • GCP > DNS > Managed Zone > DNSSEC Configuration
  • GCP > DNS > Policy > Logging

Policy Types

  • GCP > DNS > Managed Zone > DNSSEC Configuration
  • GCP > DNS > Policy > Logging

Action Types

  • GCP > DNS > Managed Zone > Update DNSSEC Configuration
  • GCP > DNS > Policy > Update Logging

Bug fixes

  • Discovery controls for various resource types would go into an error state without discovering resources and upserting them in Guardrails CMDB due to a bad internal build. This issue has been fixed, and those controls will now work correctly as expected.

What's new?

  • Users can now enable/disable Trusted Launch for all second generation virtual machines. To get started, set the Azure > Compute > Virtual Machine > Trusted launch policy.
  • You can now configure Encryption at Rest for Disks. To get started, set the Azure > Compute > Disk > Encryption at Rest > * policies.

Control Types

  • Azure > Compute > Disk > Encryption at Rest
  • Azure > Compute > Virtual Machine > Trusted Launch

Policy Types

  • Azure > Compute > Disk > Encryption at Rest
  • Azure > Compute > Disk > Encryption at Rest > Disk Encryption Set
  • Azure > Compute > Virtual Machine > Trusted launch

Action Types

  • Azure > Compute > Disk > Update Encryption at Rest
  • Azure > Compute > Virtual Machine > Update Trusted Luanch

What's new?

  • User can now register web apps with Entra ID to connect to other Azure services securely without the need for usernames and passwords. To get started, set the Azure > App Service > Web App > System Assigned Identity policy.
  • Diagnostic Settings details will now also be available for Web Apps in Guardrails CMDB.

Control Types

  • Azure > App Service > Web App > System Assigned Identity

Policy Types

  • Azure > App Service > Web App > System Assigned Identity

Action Types

  • Azure > App Service > Web App > Set System Assigned Identity

Bug fixes

  • The Azure > App Service > Web App > FTPS State control failed to set the FTPS State correctly for web apps. This issue is now fixed.

What's new?

Policy Types

  • GCP > BigQuery > Dataset > Approved > Custom

What's new?

  • Users can now configure retention policy for flow logs. To get started, set the Azure > Network Watcher > Flow Log > Retention Policy > * policies.

Control Types

  • Azure > Network Watcher > Flow Log > Retention Policy

Policy Types

  • Azure > Network Watcher > Flow Log > Retention Policy
  • Azure > Network Watcher > Flow Log > Retention Policy > Days

Action Types

  • Azure > Network Watcher > Flow Log > Update Retention Policy

What's new?

  • The Azure > Active Directory > Directory > CMDB control will now also fetch named locations and authorization policy details and store them in CMDB.

Bug fixes

  • Account Password Policy details did not refresh correctly in Guardrails CMDB if those settings were reset to defaults in AWS. This resulted in the AWS > IAM > Account Password Policy > Settings control not applying custom settings correctly. This issue is fixed, and the CMDB details will now refresh correctly, allowing the corresponding Settings control to work as expected.

What's new?

  • The Azure > Security Center > Security Center > CMDB control will now also fetch security settings details and store them in CMDB.

Bug fixes

  • Discovery controls for various resource types would go into an error state without discovering resources and upserting them in Guardrails CMDB due to a bad internal build. This issue has been fixed, and those controls will now work correctly as expected.

Bug fixes

  • Server
    • Resolved an issue that caused control targeting to accounts fail when AWS Gov accounts were imported in commercial environment.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

The default value for GCP > Storage > Bucket > ServiceNow > Import Set now shows the resource_type_uri correctly.

Control Types

Added

  • GCP > Storage > Bucket > ServiceNow > Import Set

Policy Types

Added

  • GCP > Storage > Bucket > ServiceNow > Import Set
  • GCP > Storage > Bucket > ServiceNow > Import Set > Archive Columns
  • GCP > Storage > Bucket > ServiceNow > Import Set > Record
  • GCP > Storage > Bucket > ServiceNow > Import Set > Table Name

What's new?

  • ServiceNow > Turbot > Watches > GCP Archive and Delete Record action now supports archiving Import Set records.

Control Types

Added

  • Azure > Storage > Storage Account > ServiceNow > Import Set

Policy Types

Added

  • Azure > Storage > Storage Account > ServiceNow > Import Set
  • Azure > Storage > Storage Account > ServiceNow > Import Set > Archive Columns
  • Azure > Storage > Storage Account > ServiceNow > Import Set > Record
  • Azure > Storage > Storage Account > ServiceNow > Import Set > Table Name

What's new?

  • ServiceNow > Turbot > Watches > Azure Archive and Delete Record action now supports archiving Import Set records.

Bug fixes

  • Default policy values for ServiceNow > Application > CMDB, ServiceNow > Cost Center > CMDB & ServiceNow > User > CMDB have been updated from Enforce: Enabled to Skip.

Policy Types

Added

  • ServiceNow > Import Set
  • ServiceNow > Import Set > Table Name [Default]

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Server
    • The OUTBOUND_SECURITY_GROUP_ID environment variable in Lambda functions now defaults to using the TEF outbound security group when there is no override specified in TEF and TE.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Azure > Network > Network Security Group > Ingress Rules > Approved and Azure > Network > Network Security Group > Egress Rules > Approved controls previously deleted an entire rule if at least one of the corresponding port prefixes was rejected, even if the others were approved. These controls will now revoke only the rejected port prefixes instead of deleting the entire rule in such cases.

Bug fixes

  • The AWS > RDS > DB Instance > Approved control will now be skipped for instances that belong to a cluster. To check if a cluster is approved for use, please set the AWS > RDS > DB Cluster > Approved > * policies.
  • The AWS > RDS > DB Instance > Approved control did not stop an unapproved instance if the corresponding policy was set to Enforce: Stop unapproved or Enforce: Stop unapproved if new, and deletion protection for the instance was enabled. The control will now stop instances correctly in such cases.

What's new?

  • Server
    • The creation of the EncryptionInTransit TopicPolicy has shifted from a custom resource to AWS CloudFormation’s AWS::SNS::TopicPolicy.

Bug fixes

  • Server
    • Changes to notifications introduced in version 5.44.2 have been rolled back due to issues with specific queries. This action restores previous functionality and ensures stability across the platform.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Server

    • Made notifications faster by improving the query, which enhances the performance of the activity tab.
  • UI

    • The Depends-on tab on the controls page has been renamed to Related. It now includes the information from the Depends-on tab along with additional related controls information.

Bug fixes

  • Server
    • Fixed an issue where sometimes an older mod version was used instead of the latest one after a mod upgrade. Now, the cache is properly updated to always use the latest version.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Azure > Network > Network Security Group > Ingress Rules > Approved control would sometimes fail to revoke rejected rules when the corresponding policy was set to Enforce: Delete unapproved. This has been fixed, and the control will now work more reliably and consistently than before.

Bug fixes

  • Turbot > osquery > Event Handler action was not able to handle events for large payloads. This issue is now fixed.

Bug fixes

  • The GCP > Project > CMDB control would incorrectly delete a project from Guardrails CMDB if it was unable to fetch Access Approval settings for the project. This issue has been fixed and the control will now attempt to fetch all available details and will not delete the project from CMDB.

Bug fixes

  • Users can now configure Auto Provisioning for Azure Security Center in Guardrails. To get started, set the Azure > Security Center > Security Center > Auto Provisioning policy.

Control Types

  • Azure > Security Center > Security Center > Auto Provisioning

Policy Types

  • Azure > Security Center > Security Center > Auto Provisioning

Action Types

  • Azure > Security Center > Security Center > Update Auto Provisioning

What's new?

  • Subscription CMDB data will now also include tagging details for the subscription.

What's new?

  • The Azure > Security Center > Security Center > Defender Plan control now also supports services like Cloud Posture, Containers and Cosmos DB.

What's new?

  • Server

    • Added support for newer auth mechanism to fetch temporary Azure credentials via the @azure/msal-node package.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Users can now skip upserting snapshots in Guardrails CMDB if they are created via the AWS Backup service. To get started, set the AWS > EC2 > Snapshot > CMDB policy to Enforce: Enabled for Snapshots not created with AWS Backup.

Bug fixes

  • The AWS > Turbot > Service Roles > Source policy went to an invalid state if all but the AWS > Turbot > Service Roles > Event Handlers [Global] policy was enabled. This issue impacted the AWS > Turbot > Service Roles stack control, preventing the role from being created correctly. This has been fixed, and the AWS > Turbot > Service Roles > Source policy will now work as expected.

Bug fixes

  • The AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered control did not evaluate the result correctly, as expected. This is now fixed.

What's new?

  • Updated the existing Flags attribute to include new specific flags that control the operation of Mod Lambda functions within a Virtual Private Cloud (VPC). This update allows Lambdas to use static IP addresses, improving network stability and predictability across different cloud environments. New flags Added to Flags Attribute:

    • LAMBDA_IN_VPC_AWS
    • LAMBDA_IN_VPC_AZURE
    • LAMBDA_IN_VPC_GCP
    • LAMBDA_IN_VPC_SERVICENOW
  • Introduced a new SSM parameter outbound_cidr_ranges to retrieve the Elastic IPs associated with the NAT gateways.

What's new?

  • Server

    • You can now configure Mod Lambda functions to run within a VPC across various providers including AWS, Azure, ServiceNow, and GCP. This update ensures Lambdas operate with static CIDR ranges.
    • Enhanced osquery/logger API to support payloads up to 10MB.

Requirements

  • TEF: 1.59.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Minor fixes and improvements.

Bug fixes

  • The AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered control did not evaluate the result correctly, as expected. This is now fixed.

Bug fixes

  • The Azure > Network > Network Security Group > Ingress Rules > Approved and Azure > Network > Network Security Group > Egress Rules > Approved controls previously deleted an entire rule if at least one of the corresponding address prefixes was rejected, even if the others were approved. These controls will now revoke only the rejected address prefix instead of deleting the entire rule in such cases.

Bug fixes

  • The GCP > Turbot > Event Handlers > Logging would go into an Invalid state because of incorrect filter patterns defined in the GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-bigquerydatatransfer policy. This is fixed and the control will now work as expected.

Bug fixes

  • Guardrails would sometimes process the real-time event compute.networks.delete for default networks incorrectly, resulting in the inadvertent deletion of those networks from CMDB. This is now fixed.

What's new?

Resource Types

  • AWS > AppFabric

Policy Types

  • AWS > AppFabric > API Enabled
  • AWS > AppFabric > Approved Regions [Default]
  • AWS > AppFabric > Enabled
  • AWS > AppFabric > Permissions
  • AWS > AppFabric > Permissions > Levels
  • AWS > AppFabric > Permissions > Levels > Modifiers
  • AWS > AppFabric > Permissions > Lockdown
  • AWS > AppFabric > Permissions > Lockdown > API Boundary
  • AWS > AppFabric > Regions
  • AWS > AppFabric > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-appfabric
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-appfabric
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-appfabric

What's new?

Control Types

  • GCP > IAM > Project User > Approved

Policy Types

  • GCP > IAM > Project User > Approved
  • GCP > IAM > Project User > Approved > Custom
  • GCP > IAM > Project User > Approved > Usage

Bug fixes

  • Guardrails failed to process the real-time event s3:PutBucketReplication for buckets. This is now fixed.
  • The AWS > S3 > Bucket > Access Logging control would sometimes go into an error state if the target bucket name started with a number. This is fixed and the control will now work more smoothly and consistently than before.

Bug fixes

  • Guardrails failed to discover system storage containers (e.g. $logs) for storage accounts. This is now fixed.

Bug fixes

  • Added support to process enable and disable real-time events for BigQuery Data Transfer API via Service Usage APIs.

5.0.0 (2024-05-15)

What's new?

Resource Types

  • GCP > BigQuery Data Transfer
  • GCP > BigQuery Data Transfer > Transfer Config

Control Types

  • GCP > BigQuery Data Transfer > API Enabled
  • GCP > BigQuery Data Transfer > CMDB
  • GCP > BigQuery Data Transfer > Discovery
  • GCP > BigQuery Data Transfer > Transfer Config > Active
  • GCP > BigQuery Data Transfer > Transfer Config > Approved
  • GCP > BigQuery Data Transfer > Transfer Config > CMDB
  • GCP > BigQuery Data Transfer > Transfer Config > Discovery
  • GCP > BigQuery Data Transfer > Transfer Config > Usage

Policy Types

  • GCP > BigQuery Data Transfer > API Enabled
  • GCP > BigQuery Data Transfer > Approved Regions [Default]
  • GCP > BigQuery Data Transfer > CMDB
  • GCP > BigQuery Data Transfer > Enabled
  • GCP > BigQuery Data Transfer > Permissions
  • GCP > BigQuery Data Transfer > Permissions > Levels
  • GCP > BigQuery Data Transfer > Permissions > Levels > Modifiers
  • GCP > BigQuery Data Transfer > Regions
  • GCP > BigQuery Data Transfer > Transfer Config > Active
  • GCP > BigQuery Data Transfer > Transfer Config > Active > Age
  • GCP > BigQuery Data Transfer > Transfer Config > Active > Last Modified
  • GCP > BigQuery Data Transfer > Transfer Config > Approved
  • GCP > BigQuery Data Transfer > Transfer Config > Approved > Custom
  • GCP > BigQuery Data Transfer > Transfer Config > Approved > Usage
  • GCP > BigQuery Data Transfer > Transfer Config > CMDB
  • GCP > BigQuery Data Transfer > Transfer Config > Regions
  • GCP > BigQuery Data Transfer > Transfer Config > Usage
  • GCP > BigQuery Data Transfer > Transfer Config > Usage > Limit
  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-bigquerydatatransfer
  • GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-bigquerydatatransfer
  • GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-bigquerydatatransfer

Action Types

  • GCP > BigQuery Data Transfer > Set API Enabled
  • GCP > BigQuery Data Transfer > Transfer Config > Delete
  • GCP > BigQuery Data Transfer > Transfer Config > Router

Bug fixes

  • Fixed control category titles to use osquery instead of Osquery.

Bug fixes

  • Kubernetes > Node resources will no longer include the conditions.lastHeartbeatTime or resource_version properties to avoid unnecessary notifications in the activity tab.

What's new?

Resource Types

  • AWS > EventBridge Scheduler

Policy Types

  • AWS > EventBridge Scheduler > API Enabled
  • AWS > EventBridge Scheduler > Approved Regions [Default]
  • AWS > EventBridge Scheduler > Enabled
  • AWS > EventBridge Scheduler > Permissions
  • AWS > EventBridge Scheduler > Permissions > Levels
  • AWS > EventBridge Scheduler > Permissions > Levels > Modifiers
  • AWS > EventBridge Scheduler > Permissions > Lockdown
  • AWS > EventBridge Scheduler > Permissions > Lockdown > API Boundary
  • AWS > EventBridge Scheduler > Regions
  • AWS > EventBridge Scheduler > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-eventbridgescheduler
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-eventbridgescheduler
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-eventbridgescheduler

What's new?

Resource Types

  • AWS > EventBridge Pipes

Policy Types

  • AWS > EventBridge Pipes > API Enabled
  • AWS > EventBridge Pipes > Approved Regions [Default]
  • AWS > EventBridge Pipes > Enabled
  • AWS > EventBridge Pipes > Permissions
  • AWS > EventBridge Pipes > Permissions > Levels
  • AWS > EventBridge Pipes > Permissions > Levels > Modifiers
  • AWS > EventBridge Pipes > Permissions > Lockdown
  • AWS > EventBridge Pipes > Permissions > Lockdown > API Boundary
  • AWS > EventBridge Pipes > Regions
  • AWS > EventBridge Pipes > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-eventbridgepipes
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-eventbridgepipes
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-eventbridgepipes

What's new?

  • Server

    • Added a new GraphQL resolver for osquery to generate an enrollSecret.
    • Added new REST APIs for osquery management, which includes:
      • api/latest/osquery/enroll
      • api/latest/osquery/config
      • api/latest/osquery/logger
    • Introduced a dedicated worker, along with SQS FIFO queue and SNS topic FIFO, to run osquery operations.
    • Implemented a new serviceNowCredential resolver specifically for Kubernetes clusters.
    • Upgraded our SDK (@turbot/sdk) to version 5.15.0 and our fn toolkit (@turbot/fn) to version 5.22.0, to support FIFO queues.
  • UI

    • Added support for connecting to Kubernetes, facilitating easier integration and management.
    • Added report for AWS CIS v2.0.
    • Added report for AWS CIS v3.0.
    • Added report for Azure CIS v2.0.
    • Added report for GCP CIS v2.0.

Requirements

  • TEF: 1.58.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

Control Types

  • Kubernetes > Cluster > ServiceNow
  • Kubernetes > Cluster > ServiceNow > Configuration Item
  • Kubernetes > Cluster > ServiceNow > Table
  • Kubernetes > ConfigMap > ServiceNow
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item
  • Kubernetes > ConfigMap > ServiceNow > Table
  • Kubernetes > Deployment > ServiceNow
  • Kubernetes > Deployment > ServiceNow > Configuration Item
  • Kubernetes > Deployment > ServiceNow > Table
  • Kubernetes > Namespace > ServiceNow
  • Kubernetes > Namespace > ServiceNow > Configuration Item
  • Kubernetes > Namespace > ServiceNow > Table
  • Kubernetes > Node > ServiceNow
  • Kubernetes > Node > ServiceNow > Configuration Item
  • Kubernetes > Node > ServiceNow > Table
  • Kubernetes > Pod > ServiceNow
  • Kubernetes > Pod > ServiceNow > Configuration Item
  • Kubernetes > Pod > ServiceNow > Table
  • Kubernetes > ReplicaSet > ServiceNow
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item
  • Kubernetes > ReplicaSet > ServiceNow > Table
  • Kubernetes > Service > ServiceNow
  • Kubernetes > Service > ServiceNow > Configuration Item
  • Kubernetes > Service > ServiceNow > Table
  • ServiceNow > Turbot > Watches > Kubernetes

Policy Types

  • Kubernetes > Cluster > ServiceNow
  • Kubernetes > Cluster > ServiceNow > Configuration Item
  • Kubernetes > Cluster > ServiceNow > Configuration Item > Record
  • Kubernetes > Cluster > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Cluster > ServiceNow > Table
  • Kubernetes > Cluster > ServiceNow > Table > Definition
  • Kubernetes > ConfigMap > ServiceNow
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item > Record
  • Kubernetes > ConfigMap > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > ConfigMap > ServiceNow > Table
  • Kubernetes > ConfigMap > ServiceNow > Table > Definition
  • Kubernetes > Deployment > ServiceNow
  • Kubernetes > Deployment > ServiceNow > Configuration Item
  • Kubernetes > Deployment > ServiceNow > Configuration Item > Record
  • Kubernetes > Deployment > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Deployment > ServiceNow > Table
  • Kubernetes > Deployment > ServiceNow > Table > Definition
  • Kubernetes > Namespace > ServiceNow
  • Kubernetes > Namespace > ServiceNow > Configuration Item
  • Kubernetes > Namespace > ServiceNow > Configuration Item > Record
  • Kubernetes > Namespace > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Namespace > ServiceNow > Table
  • Kubernetes > Namespace > ServiceNow > Table > Definition
  • Kubernetes > Node > ServiceNow
  • Kubernetes > Node > ServiceNow > Configuration Item
  • Kubernetes > Node > ServiceNow > Configuration Item > Record
  • Kubernetes > Node > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Node > ServiceNow > Table
  • Kubernetes > Node > ServiceNow > Table > Definition
  • Kubernetes > Pod > ServiceNow
  • Kubernetes > Pod > ServiceNow > Configuration Item
  • Kubernetes > Pod > ServiceNow > Configuration Item > Record
  • Kubernetes > Pod > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Pod > ServiceNow > Table
  • Kubernetes > Pod > ServiceNow > Table > Definition
  • Kubernetes > ReplicaSet > ServiceNow
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item > Record
  • Kubernetes > ReplicaSet > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > ReplicaSet > ServiceNow > Table
  • Kubernetes > ReplicaSet > ServiceNow > Table > Definition
  • Kubernetes > Service > ServiceNow
  • Kubernetes > Service > ServiceNow > Configuration Item
  • Kubernetes > Service > ServiceNow > Configuration Item > Record
  • Kubernetes > Service > ServiceNow > Configuration Item > Table Definition
  • Kubernetes > Service > ServiceNow > Table
  • Kubernetes > Service > ServiceNow > Table > Definition
  • ServiceNow > Turbot > Watches > Kubernetes

Action Types

  • ServiceNow > Turbot > Watches > Kubernetes Archive And Delete Record

What's new?

Resource Types

  • osquery

Control Types

  • Turbot > Workspace > osquery
  • Turbot > Workspace > osquery > Secret Rotation

Policy Types

  • Turbot > Workspace > osquery
  • Turbot > Workspace > osquery > Enroll Secret Expiration
  • Turbot > Workspace > osquery > Secrets
  • Turbot > Workspace > osquery > Secrets > Expiration Period
  • Turbot > Workspace > osquery > Secrets > Rotation
  • osquery > Configuration

Action Types

  • Turbot > Rotate osquery Secret
  • osquery > Event Handler

What's new?

Resource Types

  • Kubernetes
  • Kubernetes > Cluster
  • Kubernetes > ConfigMap
  • Kubernetes > Deployment
  • Kubernetes > Namespace
  • Kubernetes > Node
  • Kubernetes > Pod
  • Kubernetes > ReplicaSet
  • Kubernetes > Service

Control Types

  • Kubernetes > Cluster > CMDB
  • Kubernetes > ConfigMap > Annotations
  • Kubernetes > ConfigMap > Approved
  • Kubernetes > ConfigMap > CMDB
  • Kubernetes > ConfigMap > Labels
  • Kubernetes > ConfigMap > Query
  • Kubernetes > Deployment > Annotations
  • Kubernetes > Deployment > Approved
  • Kubernetes > Deployment > CMDB
  • Kubernetes > Deployment > Labels
  • Kubernetes > Deployment > Query
  • Kubernetes > Namespace > Annotations
  • Kubernetes > Namespace > Approved
  • Kubernetes > Namespace > CMDB
  • Kubernetes > Namespace > Labels
  • Kubernetes > Namespace > Query
  • Kubernetes > Node > Annotations
  • Kubernetes > Node > Approved
  • Kubernetes > Node > CMDB
  • Kubernetes > Node > Labels
  • Kubernetes > Node > Query
  • Kubernetes > Pod > Annotations
  • Kubernetes > Pod > Approved
  • Kubernetes > Pod > CMDB
  • Kubernetes > Pod > Labels
  • Kubernetes > Pod > Query
  • Kubernetes > ReplicaSet > Annotations
  • Kubernetes > ReplicaSet > Approved
  • Kubernetes > ReplicaSet > CMDB
  • Kubernetes > ReplicaSet > Labels
  • Kubernetes > ReplicaSet > Query
  • Kubernetes > Service > Annotations
  • Kubernetes > Service > Approved
  • Kubernetes > Service > CMDB
  • Kubernetes > Service > Labels
  • Kubernetes > Service > Query

Policy Types

  • Kubernetes > Cluster > CMDB
  • Kubernetes > ConfigMap > Annotations
  • Kubernetes > ConfigMap > Annotations > Template
  • Kubernetes > ConfigMap > Approved
  • Kubernetes > ConfigMap > Approved > Custom
  • Kubernetes > ConfigMap > CMDB
  • Kubernetes > ConfigMap > Labels
  • Kubernetes > ConfigMap > Labels > Template
  • Kubernetes > ConfigMap > osquery
  • Kubernetes > ConfigMap > osquery > Configuration
  • Kubernetes > ConfigMap > osquery > Configuration > Columns
  • Kubernetes > ConfigMap > osquery > Configuration > Interval
  • Kubernetes > ConfigMap > osquery > Configuration > Name
  • Kubernetes > Deployment > Annotations
  • Kubernetes > Deployment > Annotations > Template
  • Kubernetes > Deployment > Approved
  • Kubernetes > Deployment > Approved > Custom
  • Kubernetes > Deployment > CMDB
  • Kubernetes > Deployment > Labels
  • Kubernetes > Deployment > Labels > Template
  • Kubernetes > Deployment > osquery
  • Kubernetes > Deployment > osquery > Configuration
  • Kubernetes > Deployment > osquery > Configuration > Columns
  • Kubernetes > Deployment > osquery > Configuration > Interval
  • Kubernetes > Deployment > osquery > Configuration > Name
  • Kubernetes > Namespace > Annotations
  • Kubernetes > Namespace > Annotations > Template
  • Kubernetes > Namespace > Approved
  • Kubernetes > Namespace > Approved > Custom
  • Kubernetes > Namespace > CMDB
  • Kubernetes > Namespace > Labels
  • Kubernetes > Namespace > Labels > Template
  • Kubernetes > Namespace > osquery
  • Kubernetes > Namespace > osquery > Configuration
  • Kubernetes > Namespace > osquery > Configuration > Columns
  • Kubernetes > Namespace > osquery > Configuration > Interval
  • Kubernetes > Namespace > osquery > Configuration > Name
  • Kubernetes > Node > Annotations
  • Kubernetes > Node > Annotations > Template
  • Kubernetes > Node > Approved
  • Kubernetes > Node > Approved > Custom
  • Kubernetes > Node > CMDB
  • Kubernetes > Node > Labels
  • Kubernetes > Node > Labels > Template
  • Kubernetes > Node > osquery
  • Kubernetes > Node > osquery > Configuration
  • Kubernetes > Node > osquery > Configuration > Columns
  • Kubernetes > Node > osquery > Configuration > Interval
  • Kubernetes > Node > osquery > Configuration > Name
  • Kubernetes > Pod > Annotations
  • Kubernetes > Pod > Annotations > Template
  • Kubernetes > Pod > Approved
  • Kubernetes > Pod > Approved > Custom
  • Kubernetes > Pod > CMDB
  • Kubernetes > Pod > Labels
  • Kubernetes > Pod > Labels > Template
  • Kubernetes > Pod > osquery
  • Kubernetes > Pod > osquery > Configuration
  • Kubernetes > Pod > osquery > Configuration > Columns
  • Kubernetes > Pod > osquery > Configuration > Interval
  • Kubernetes > Pod > osquery > Configuration > Name
  • Kubernetes > ReplicaSet > Annotations
  • Kubernetes > ReplicaSet > Annotations > Template
  • Kubernetes > ReplicaSet > Approved
  • Kubernetes > ReplicaSet > Approved > Custom
  • Kubernetes > ReplicaSet > CMDB
  • Kubernetes > ReplicaSet > Labels
  • Kubernetes > ReplicaSet > Labels > Template
  • Kubernetes > ReplicaSet > osquery
  • Kubernetes > ReplicaSet > osquery > Configuration
  • Kubernetes > ReplicaSet > osquery > Configuration > Columns
  • Kubernetes > ReplicaSet > osquery > Configuration > Interval
  • Kubernetes > ReplicaSet > osquery > Configuration > Name
  • Kubernetes > Service > Annotations
  • Kubernetes > Service > Annotations > Template
  • Kubernetes > Service > Approved
  • Kubernetes > Service > Approved > Custom
  • Kubernetes > Service > CMDB
  • Kubernetes > Service > Labels
  • Kubernetes > Service > Labels > Template
  • Kubernetes > Service > osquery
  • Kubernetes > Service > osquery > Configuration
  • Kubernetes > Service > osquery > Configuration > Columns
  • Kubernetes > Service > osquery > Configuration > Interval
  • Kubernetes > Service > osquery > Configuration > Name
  • Kubernetes > osquery
  • Kubernetes > osquery > Decorators

Action Types

  • Kubernetes > ConfigMap > Router
  • Kubernetes > Deployment > Router
  • Kubernetes > Namespace > Router
  • Kubernetes > Node > Router
  • Kubernetes > Pod > Router
  • Kubernetes > ReplicaSet > Router
  • Kubernetes > Service > Router

Bug fixes

  • The GCP > IAM > Service Account Key > Active control will no longer attempt to delete a system-managed service account key deemed inactive by the control.

What's new?

  • You can now determine if an IAM access key for a user is latest and deactivate or delete any keys that are not, using Guardrails. To get started, set the AWS > IAM > Access Key > Active > Latest policy.
  • You can now determine if an IAM server certificate is active based on its expiration. To get started, set the AWS > IAM > Server Certificate > Active > Expired policy.

Policy Types

  • AWS > IAM > Access Key > Active > Latest
  • AWS > IAM > Server Certificate > Active > Expired

Bug fixes

  • The GCP > Project > CMDB control would go into an error state if Access Approval API was disabled in GCP. This is now fixed.

What's new?

  • Implemented SNS topic to handle critical alarms notifications.
  • Added Product, Vendor Tags to the IAM Role resources created by the TEF stack.
  • Introduced a new SSM parameter to manage the reserved concurrency settings for the osquery worker lambda function.
  • Updated Log Bucket Lifecycle Policies:
    • Increased Retention Period: Extended the retention period of the lifecycle policy for logs in the log bucket with the /processes prefix from 1 day to 2 days.
    • New Policy Addition: Implemented a new lifecycle policy for managing log retention in the log bucket for logs with the /osquery prefix.

What's new?

  • Implemented critical alarms for RDS DB CPU utilization, DB Max Connections and Redis ElastiCache Memory utilization.
  • Added Product, Vendor Tags to the IAM Role resources created by the TED stack.

Bug fixes

  • The Azure > Compute > Virtual Machine Scale Set > Tags control would sometimes fail to update tags correctly for Scale Sets launched via Azure marketplace. This is fixed and the control will now update tags correctly, as expected.

What's new?

  • Revoke ingress rules that are unapproved for use in Network ACLs. To get started, set the AWS > VPC > Network ACL > Ingress Rules > Approved > * policies.

Bug fixes

  • Minor fixes and improvements.

What's new?

  • You can now delete existing Mount Targets which are unapproved for use in the account. To get started, set the AWS > EFS > Mount Target > Approved policy to Enforce: Delete unapproved.

What's new?

  • Create and manage aws_cloudwatch_metric_alarm resources via Guardrails stacks.

Control Types

  • AWS > CloudWatch > Alarm > Configured

Policy Types

  • AWS > CloudWatch > Alarm > Configured
  • AWS > CloudWatch > Alarm > Configured > Claim Precedence
  • AWS > CloudWatch > Alarm > Configured > Source

Bug fixes

  • Added support for aws_securityhub_account Terraform resource.

What's new?

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

Control Types

  • AWS > CIS v3.0
  • AWS > CIS v3.0 > 1 - Identity and Access Management
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v3.0 > 2 - Storage
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v3.0 > 3 - Logging
  • AWS > CIS v3.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.03 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.04 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.05 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v3.0 > 3 - Logging > 3.06 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.07 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.09 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v3.0 > 4 - Monitoring
  • AWS > CIS v3.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v3.0 > 5 - Networking
  • AWS > CIS v3.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v3.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2

Policy Types

  • AWS > CIS v3.0
  • AWS > CIS v3.0 > 1 - Identity and Access Management
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v3.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
  • AWS > CIS v3.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • AWS > CIS v3.0 > 2 - Storage
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
  • AWS > CIS v3.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v3.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v3.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v3.0 > 2 - Storage > Maximum Attestation Duration
  • AWS > CIS v3.0 > 3 - Logging
  • AWS > CIS v3.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.03 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v3.0 > 3 - Logging > 3.04 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.05 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v3.0 > 3 - Logging > 3.06 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v3.0 > 3 - Logging > 3.07 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v3.0 > 3 - Logging > 3.08 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > 3.09 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v3.0 > 3 - Logging > Maximum Attestation Duration
  • AWS > CIS v3.0 > 4 - Monitoring
  • AWS > CIS v3.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v3.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v3.0 > 4 - Monitoring > Maximum Attestation Duration
  • AWS > CIS v3.0 > 5 - Networking
  • AWS > CIS v3.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v3.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v3.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
  • AWS > CIS v3.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
  • AWS > CIS v3.0 > 5 - Networking > Maximum Attestation Duration
  • AWS > CIS v3.0 > Maximum Attestation Duration

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Resource Types:

    • GCP > DNS > Policy
  • Control Types:

    • GCP > DNS > Policy > Active
    • GCP > DNS > Policy > Approved
    • GCP > DNS > Policy > CMDB
    • GCP > DNS > Policy > Discovery
    • GCP > DNS > Policy > Usage
  • Policy Types:

    • GCP > DNS > Policy > Active
    • GCP > DNS > Policy > Active > Age
    • GCP > DNS > Policy > Active > Last Modified
    • GCP > DNS > Policy > Approved
    • GCP > DNS > Policy > Approved > Custom
    • GCP > DNS > Policy > Approved > Usage
    • GCP > DNS > Policy > CMDB
    • GCP > DNS > Policy > Usage
    • GCP > DNS > Policy > Usage > Limit
  • Action Types:

    • GCP > DNS > Policy > Delete
    • GCP > DNS > Policy > Router

What's new?

Control Types

  • GCP > CIS v2.0
  • GCP > CIS v2.0 > 1 - Identity and Access Management
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
  • GCP > CIS v2.0 > 2 - Logging and Monitoring
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
  • GCP > CIS v2.0 > 3 - Networking
  • GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
  • GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
  • GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
  • GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
  • GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
  • GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
  • GCP > CIS v2.0 > 4 - Virtual Machines
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
  • GCP > CIS v2.0 > 5 - Storage
  • GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
  • GCP > CIS v2.0 > 7 - BigQuery
  • GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
  • GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets

Policy Types

  • GCP > CIS v2.0
  • GCP > CIS v2.0 > 1 - Identity and Access Management
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure that Security Key Enforcement is Enabled for All Admin Accounts > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure Essential Contacts is Configured for Organization > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager > Attestation
  • GCP > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • GCP > CIS v2.0 > 2 - Logging and Monitoring
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.01 - Ensure That Cloud Audit Logging Is Configured Properly
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.02 - Ensure That Sinks Are Configured for All Log Entries
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.04 - Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.05 - Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.06 - Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.07 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.08 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.09 - Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.10 - Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.11 - Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.12 - Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.13 - Ensure Cloud Asset Inventory Is Enabled
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.14 - Ensure 'Access Transparency' is 'Enabled' > Attestation
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.15 - Ensure 'Access Approval' is 'Enabled'
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.16 - Ensure Logging is enabled for HTTP(S) Load Balancer
  • GCP > CIS v2.0 > 2 - Logging and Monitoring > Maximum Attestation Duration
  • GCP > CIS v2.0 > 3 - Networking
  • GCP > CIS v2.0 > 3 - Networking > 3.01 - Ensure That the Default Network Does Not Exist in a Project
  • GCP > CIS v2.0 > 3 - Networking > 3.02 - Ensure Legacy Networks Do Not Exist for Older Projects
  • GCP > CIS v2.0 > 3 - Networking > 3.03 - Ensure That DNSSEC Is Enabled for Cloud DNS
  • GCP > CIS v2.0 > 3 - Networking > 3.04 - Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.05 - Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC
  • GCP > CIS v2.0 > 3 - Networking > 3.06 - Ensure That SSH Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.07 - Ensure That RDP Access Is Restricted From the Internet
  • GCP > CIS v2.0 > 3 - Networking > 3.08 - Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network
  • GCP > CIS v2.0 > 3 - Networking > 3.09 - Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
  • GCP > CIS v2.0 > 3 - Networking > 3.10 - Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
  • GCP > CIS v2.0 > 4 - Virtual Machines
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections > Attestation
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
  • GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects > Attestation
  • GCP > CIS v2.0 > 4 - Virtual Machines > Maximum Attestation Duration
  • GCP > CIS v2.0 > 5 - Storage
  • GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.01 - Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges > Attestation
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.02 - Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.01 - MySQL Database > 6.01.03 - Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.01 - Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.02 - Ensure 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.03 - Ensure 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.04 - Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.05 - Ensure 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.06 - Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.07 - Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.08 - Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.02 - PostgreSQL Database > 6.02.09 - Ensure Instance IP assignment is set to private
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.01 - Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.02 - Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.03 - Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.04 - Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.05 - Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.06 - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.03 - SQL Server > 6.03.07 - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.04 - Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.05 - Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.06 - Ensure That Cloud SQL Database Instances Do Not Have Public IPs
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > 6.07 - Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
  • GCP > CIS v2.0 > 6 - Cloud SQL Database Services > Maximum Attestation Duration
  • GCP > CIS v2.0 > 7 - BigQuery
  • GCP > CIS v2.0 > 7 - BigQuery > 7.01 - Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible
  • GCP > CIS v2.0 > 7 - BigQuery > 7.02 - Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
  • GCP > CIS v2.0 > 7 - BigQuery > 7.03 - Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
  • GCP > CIS v2.0 > Maximum Attestation Duration

Bug fixes

  • Minor fixes and improvements.

What's new?

  • Access approval setting details for projects is now be available in Project CMDB.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Action Type for Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved control did not render correctly on mod inspect. This is now fixed.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Azure > Storage > Storage Account > Data Protection control would go into an error state when container delete retention policy data was not available in CMDB. This issue is fixed and the control will now work as expected.

What's new?

  • You can now removed unapproved Firewall IP Ranges on PostgreSQL servers and flexi servers. To get started, set the Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > * and Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > * policies respectively.
  • You can now stop unapproved flexi servers. To get started, set the Azure > PostgreSQL > Flexible Server > Approved policy to Enforce: Stop unapproved or Enforce: Stop unapproved if new.

Control Types

  • Azure > PostgreSQL > Flexible Server > Firewall
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Server > Firewall
  • Azure > PostgreSQL > Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved

Policy Types

  • Azure > PostgreSQL > Flexible Server > Firewall
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Rules
  • Azure > PostgreSQL > Server > Firewall
  • Azure > PostgreSQL > Server > Firewall > IP Ranges
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

  • Azure > PostgreSQL > Flexible Server > Stop
  • Azure > PostgreSQL > Server > Update Firewall IP Ranges

Bug fixes

  • Fixed control category names for v7.2.10, v7.7.10 and v7.14.1.

What's new?

Control Types

  • Azure > CIS v2.0
  • Azure > CIS v2.0 > 01 - Identity and Access Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 Ensure That 'Number of methods required to reset' is set to '2'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
  • Azure > CIS v2.0 > 02 - Microsoft Defender
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
  • Azure > CIS v2.0 > 03 - Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
  • Azure > CIS v2.0 > 04 - Database Services
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
  • Azure > CIS v2.0 > 06 - Networking
  • Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
  • Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
  • Azure > CIS v2.0 > 07 - Virtual Machines
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
  • Azure > CIS v2.0 > 08 - Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
  • Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
  • Azure > CIS v2.0 > 09 - Application Services
  • Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
  • Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
  • Azure > CIS v2.0 > 10 - Miscellaneous
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources

Policy Types

  • Azure > CIS v2.0
  • Azure > CIS v2.0 > 01 - Identity and Access Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One' > Attestation
  • Azure > CIS v2.0 > 01 - Identity and Access Management > Maximum Attestation Duration
  • Azure > CIS v2.0 > 02 - Microsoft Defender
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On' > Attestation
  • Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
  • Azure > CIS v2.0 > 02 - Microsoft Defender > Maximum Attestation Duration
  • Azure > CIS v2.0 > 03 - Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour > Attestation
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
  • Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
  • Azure > CIS v2.0 > 03 - Storage Accounts > Maximum Attestation Duration
  • Azure > CIS v2.0 > 04 - Database Services
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
  • Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
  • Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
  • Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible > Attestation
  • Azure > CIS v2.0 > 04 - Database Services > Maximum Attestation Duration
  • Azure > CIS v2.0 > 05 - Logging and Monitoring
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it > Attestation
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > Maximum Attestation Duration
  • Azure > CIS v2.0 > 06 - Networking
  • Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
  • Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
  • Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
  • Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis > Attestation
  • Azure > CIS v2.0 > 06 - Networking > Maximum Attestation Duration
  • Azure > CIS v2.0 > 07 - Virtual Machines
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
  • Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted > Attestation
  • Azure > CIS v2.0 > 07 - Virtual Machines > Maximum Attestation Duration
  • Azure > CIS v2.0 > 08 - Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
  • Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
  • Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
  • Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services > Attestation
  • Azure > CIS v2.0 > 08 - Key Vault > Maximum Attestation Duration
  • Azure > CIS v2.0 > 09 - Application Services
  • Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
  • Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
  • Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets > Attestation
  • Azure > CIS v2.0 > 09 - Application Services > Maximum Attestation Duration
  • Azure > CIS v2.0 > 10 - Miscellaneous
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources
  • Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources > Attestation
  • Azure > CIS v2.0 > 10 - Miscellaneous > Maximum Attestation Duration
  • Azure > CIS v2.0 > Maximum Attestation Duration

What's new?

  • Server
    • Implemented monitoring for worker_factory in the CloudWatch Dashboard widgets "Events Queue Activity" and "Events Queue Backlog".
    • Established a CloudWatch Alarm for the _worker_factory queue.
    • Product, Vendor Tags to the IAM Role resources created by the TE stack.
    • Adjusted the threshold for the CloudWatch Alarm monitoring the _worker queue.

Bug fixes

  • Server

    • Now, users with only Turbot/User access will no longer see grants or active grants belonging to other users. This ensures that you only view grants that are relevant to your permissions.
    • Control will move to error if it fails to determine the state at precheck.
    • System resilience has been enhanced through extended TTL settings and refined management of suspended processes, aiming to improve stability and reduce backlog issues.
    • Refined management of various processes to improve stability and reduce backlog issues.
  • UI

    • Converted the template_input property of the policy setting in the Terraform plan to YAML format, improving clarity and manageability.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Moved the Turbot > Process Monitor control to operate within the priority queue, ensuring more timely and efficient processing of critical tasks.
  • Updated the Turbot > Workspace > Background Tasks control to modify the next_tick_timestamp for any policy values that previously had incorrect defaults.

Bug fixes

  • Minor fixes and improvements.

What's new?

  • You can now configure rotation reminders for access keys and soft delete for blobs and containers in storage accounts. To get started, set the Azure > Storage > Storage Account > Access Keys > Rotation Reminder > * and Azure > Storage > Storage Account > Data Protection > Soft Delete > * policies respectively.

Control Types

  • Azure > Storage > Storage Account > Access Keys
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder
  • Azure > Storage > Storage Account > Data Protection
  • Azure > Storage > Storage Account > Data Protection > Soft Delete

Policy Types

  • Azure > Storage > Storage Account > Access Keys
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder
  • Azure > Storage > Storage Account > Access Keys > Rotation Reminder > Days
  • Azure > Storage > Storage Account > Data Protection
  • Azure > Storage > Storage Account > Data Protection > Soft Delete
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs > Retention Days
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers
  • Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers > Retention Days

Action Types

  • Azure > Storage > Storage Account > Set Data Protection Soft Delete
  • Azure > Storage > Storage Account > Update Rotation Reminder

What's new?

  • You can now removed unapproved Firewall IP Ranges on SQL servers. To get started, set the Azure > SQL > Server > Firewall > IP Ranges > Approved > * policies.

Control Types

  • Azure > SQL > Server > Firewall
  • Azure > SQL > Server > Firewall > IP Ranges
  • Azure > SQL > Server > Firewall > IP Ranges > Approved

Policy Types

  • Azure > SQL > Server > Firewall
  • Azure > SQL > Server > Firewall > IP Ranges
  • Azure > SQL > Server > Firewall > IP Ranges > Approved
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses
  • Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

  • Azure > SQL > Server > Update Firewall IP Ranges

Bug fixes

  • The rotationPeriod and nextRotationTime attributes for Crypto Keys did not update correctly in CMDB when the rotation policy for such keys was removed. This is now fixed.

What's new?

  • You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Encryption in Transit > * policies.
  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Control Types

  • Azure > MySQL > Flexible Server > Encryption in Transit

Policy Types

  • Azure > MySQL > Flexible Server > Encryption in Transit

Action Types

  • Azure > MySQL > Flexible Server > Update Encryption in Transit

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Policy Types

  • Azure > App Service > App Service Plan > Approved > Custom
  • Azure > App Service > Function App > Approved > Custom
  • Azure > App Service > Web App > Approved > Custom

Bug fixes

  • The AWS > VPC > Flow Log > Configured control would sometimes go into an error state for flow logs created via the AWS console, even though they were correctly claimed by a Guardrails stack. This is now fixed.

What's new?

  • You can now configure log checkpoints for Flexi Servers. To get started, set the Azure > PostgreSQL > Flexible Server > Audit Logging > * policies.
  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Control Types

  • Azure > PostgreSQL > Flexible Server > Audit Logging

Policy Types

  • Azure > PostgreSQL > Flexible Server > Audit Logging
  • Azure > PostgreSQL > Flexible Server > Audit Logging > Log Checkpoints

Action Types

  • Azure > PostgreSQL > Flexible Server > Update Audit Logging

What's new?

  • You can now configure expiration for Key Vault Keys and Secrets. To get started, set the Azure > Key Vault > Key > Expiration > * and Azure > Key Vault > Secret > Expiration > * policies respectively.

Control Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Secret > Expiration

Policy Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Key > Expiration > Days [Default]
  • Azure > Key Vault > Secret > Expiration
  • Azure > Key Vault > Secret > Expiration > Days [Default]

Action Types

  • Azure > Key Vault > Key > Set Expiration
  • Azure > Key Vault > Secret > Set Expiration

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

  • The Azure > Storage > Storage Account > Queue > Logging control would go into a skipped state for storage accounts, irrespective of any policy setting for Logging. This issue is fixed and the control will now work as expected.

What's new?

  • You can now delete existing Public IP Addresses which are unapproved for use in the Subscription. To get started, set the Azure > Network > Public IP Address > Approved policy to Enforce: Delete unapproved.

What's new?

  • You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > PostgresSql > Flexible Server > Encryption in Transit > * policies.

Control Types

  • Azure > PostgreSQL > Flexible Server > Encryption in Transit

Policy Types

  • Azure > PostgreSQL > Flexible Server > Encryption in Transit

Action Types

  • Azure > PostgreSQL > Flexible Server > Update Encryption in Transit

What's new?

  • You can now delete existing Entra ID users which are unapproved to be used in the Tenant. To get started, set the Azure > Active Directory > User > Approved policy to Enforce: Delete unapproved.

Policy Types

  • Azure > Active Directory > User > Approved > Custom

What's new?

  • You can now configure TLS version for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Minimum TLS Version > * policies.

What's new?

  • Account CMDB data will now also include alternate security contact details.

What's new?

Control Types

  • AWS > CIS v2.0
  • AWS > CIS v2.0 > 1 - Identity and Access Management
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v2.0 > 2 - Storage
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v2.0 > 3 - Logging
  • AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
  • AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
  • AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v2.0 > 4 - Monitoring
  • AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v2.0 > 5 - Networking
  • AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2

Policy Types

  • AWS > CIS v2.0
  • AWS > CIS v2.0 > 1 - Identity and Access Management
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
  • AWS > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
  • AWS > CIS v2.0 > 2 - Storage
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
  • AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
  • AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
  • AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
  • AWS > CIS v2.0 > 2 - Storage > Maximum Attestation Duration
  • AWS > CIS v2.0 > 3 - Logging
  • AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
  • AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
  • AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
  • AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
  • AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
  • AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
  • AWS > CIS v2.0 > 3 - Logging > Maximum Attestation Duration
  • AWS > CIS v2.0 > 4 - Monitoring
  • AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
  • AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
  • AWS > CIS v2.0 > 4 - Monitoring > Maximum Attestation Duration
  • AWS > CIS v2.0 > 5 - Networking
  • AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
  • AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
  • AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
  • AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
  • AWS > CIS v2.0 > 5 - Networking > Maximum Attestation Duration
  • AWS > CIS v2.0 > Maximum Attestation Duration

Bug fixes

  • SQL Instances were sometimes not updated/cleaned up correctly via real-time events in Guardrails. This is now fixed.

What's new?

  • You can now manage IMDS defaults for EC2 per region. To get started, set the AWS > EC2 > Account Attributes > Instance Metadata Service Defaults > * policies.

Bug fixes

  • The AWS > EC2 > Instance > Approved control would sometimes fail to stop instances that were discovered in Guardrails via real-time events if the AWS > EC2 > Instance > Approved policy was set to Enforce: Stop unapproved if new. This is now fixed.

What's new?

  • Storage Account CMDB data will now also include details about the account's blob service properties.

What's new?

  • You can now configure connection_throttling parameter for PostgreSQL servers. To get started, set the Azure > PostgreSQL > Server > Audit Logging > Connection Throttling policy.

What's new?

  • TLS version and audit log details will now be available in CMDB for Flexi Servers.

What's new?

  • Users can now disable unapproved Keys in AWS. To get started, set the AWS > KMS > Key > Approved policy to Enforce: Disable unapproved.

Bug fixes

  • In v5.15.1, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > SNS > Subscription > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of real-time events for Subscription from the SNS EventBridge rule created by the Event Handlers. This issue has now been fixed.

Bug fixes

  • In v5.13.0, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > KMS > Key > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of the EventBridge Rule for KMS by the Event Handlers. This issue has now been fixed.

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • AWS > ECR > Repository > Policy
    • AWS > ECR > Repository > Policy > Required
  • Policy Types:

    • AWS > ECR > Repository > Policy
    • AWS > ECR > Repository > Policy > Required
    • AWS > ECR > Repository > Policy > Required > Items
  • Action Types:

    • AWS > ECR > Repository > Update Repository policy

Bug fixes

  • Server
    • Account import will be smoother and more consistent than before.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • The AWS > VPC > VPC > Stack control failed to claim security group rules correctly if the protocol for such rules was set to All or TCP in the stack's source policy. This issue has been fixed, and the control will now claim such rules correctly.

Bug fixes

  • We have updated various policy definitions set during account imports to allow for a smoother account import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.

Bug fixes

  • UI
    • Fixed the AWS login dropdown button to accurately display both existing and new grants.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Unsupported US Gov cloud regions were inadvertently included in the AWS > SageMaker > Code Repository > Regions policy, which led to the AWS > SageMaker > Code Repository > Discovery control being in an error state for those regions. We've now removed the unsupported US Gov cloud regions from the Regions policy.

What's new?

  • Policy Types:
    • AWS > SageMaker > Notebook Instance > Approved > Custom

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
  • In the previous version, we fixed an issue with the AWS > VPC > VPC > Stack control that prevented it from recognizing security group rules with the port range set to 0 correctly. However, the control still failed to claim existing security group rules available in Guardrails CMDB, due to an inadvertent bug introduced in v5.9.2. This issue has now been fixed, and the control will correctly claim existing security group rules.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Previously, Guardrails unnecessarily listened to and processed real-time lists events for various storage resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
  • The AWS > EC2 > Snapshot > Active and AWS > EC2 > Snapshot > Approved controls will now not attempt to delete a snapshot if it has one or more AMIs attached to it.
  • In the previous version, although we fixed a bug to prevent upserting volumes and snapshots with incorrect AKAs, there was still a provision for instances to be upserted with incorrect AKAs. We have now addressed this issue as well, ensuring instances are upserted more correctly and consistently than before.
  • The deprecated ec2-reports:* permissions are now removed from the mod.

Bug fixes

  • Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
  • In the previous version, we believed we had resolved an issue with Internet Gateways not being upserted into the CMDB while processing real-time CreateDefaultVpc events. However, we overlooked an edge case in the fix. We have now addressed this issue, ensuring that Internet Gateways will be reliably discovered and upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to version 5.17.1 or higher to enable Guardrails to correctly process real-time CreateDefaultVpc events for Internet Gateways.
  • Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

  • The AWS > VPC > VPC > Stack control would sometimes go into an error state after creating security group rules with port range set to 0. This occurred because the control failed to recognize the existing rule in Guardrails CMDB and attempted to create a new rule instead. This issue has been fixed, and the stack control will now work correctly as expected.
  • The AWS > VPC > Security Group > CMDB control would sometimes go into an error state for security groups shared from other AWS accounts. We will now exclude shared security groups and only upsert security groups that belong to the owner account.

What's new?

  • You can now also manage the IAM Permissions model for Guardrails Users via the AWS > Turbot > IAM > Managed control. The AWS > Turbot > IAM > Managed control is faster and more efficient than the existing AWS > Turbot > IAM control because it utilizes Native AWS APIs rather than Terraform to manage IAM resources. Please note that this feature will work as intended only on TE v5.42.19 or higher and turbot-iam mod v5.11.0 or higher.

  • Control Types

    • AWS > Turbot > IAM > Group
    • AWS > Turbot > IAM > Group > Managed
    • AWS > Turbot > IAM > Managed
    • AWS > Turbot > IAM > Policy
    • AWS > Turbot > IAM > Policy > Managed
    • AWS > Turbot > IAM > Role
    • AWS > Turbot > IAM > Role > Managed
    • AWS > Turbot > IAM > User
    • AWS > Turbot > IAM > User > Managed
  • Policy Types

    • AWS > Turbot > IAM > Managed
  • Policy Types Renamed

    • AWS > IAM > Turbot to AWS > Turbot > IAM
  • Action Types

    • AWS > Account > Provision Managed Resources
    • AWS > IAM > Group > Detach and delete
    • AWS > IAM > Group > IAM Group Managed
    • AWS > IAM > Policy > Detach and delete
    • AWS > IAM > Role > IAM Role Managed
    • AWS > IAM > User > IAM User Managed

Bug fixes

The AWS > IAM > Group > CMDB, AWS > IAM > Role > CMDB, and AWS > IAM > User > CMDB controls previously failed to fetch all attachments for groups, roles, and users, respectively, due to the lack of pagination support. This issue has been fixed, and the controls will now correctly fetch all respective attachments.

Bug fixes

  • Server

    • Updated the tier for the SSM parameter /tenant/${workspaceFullId} to Advanced.
    • Delete operations for resources is now faster and more efficient than before.
    • Auto mod update control for mods will now look only for recommended versions instead of available and recommended.
    • Fixed policy value resolution to default to the value of resolvedSchema if not available in the schema.
  • UI

    • Fixed a table typo in the Steampipe query used in the resources developer tab.
    • Display the AWS login button when setting permissions via the AWS > Turbot > IAM > Managed control.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The default value for Turbot > IAM > Permissions > Compiled > Levels > Turbot policy will now be evaluated correctly and consistently.

Bug fixes

  • SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB. This issue has now been fixed.

What's new?

  • The AWS > S3 > Bucket CMDB data will now also include information about Bucket Intelligent Tiering Configuration.

  • A few policy values in the AWS > S3 > Bucket > Encyprion at Rest policy have now been deprecated and will be removed in the next major mod version (v6.0.0) because they are no longer supported by AWS.

    | Deprecated Values
    |- | Check: None
    | Check: None or higher
    | Enforce: None
    | Enforce: None or higher

Bug fixes

  • Previously, Guardrails did not upsert Internet Gateways into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and Internet Gateways will now be more reliably upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to v5.17.1 or higher to allow Guardrails to process the CreateDefaultVpc event for Internet Gateways correctly.

Bug fixes

  • Previously, Guardrails did not upsert DHCP Options into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and DHCP Options will now be more reliably upserted into the Guardrails CMDB.

Bug fixes

  • Previously, Guardrails unnecessarily listened to and processed real-time lists events for various Dataproc resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

Bug fixes

  • The GCP > Turbot > Event Handlers > Pub/Sub stack control previously attempted to create a topic and its IAM member incorrectly when the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy was set to Enforce: Unique Identity, but the project number for the project was not available. This is fixed and the control will transition to an Invalid state until Guardrails can correctly fetch the project number.

What's new?

  • Control Types:

    • GCP > Pub/Sub > Topic > Labels
  • Policy Types:

    • GCP > Pub/Sub > Topic > Labels
    • GCP > Pub/Sub > Topic > Labels > Template
  • Action Types

    • GCP > Pub/Sub > Topic > Set Labels

Bug fixes

  • In a previous version (v5.6.2), we introduced a change in the AWS > S3 > Bucket > Encryption in Transit and AWS > S3 > Bucket > Encryption at Rest control to wait for a few minutes before applying the respective policies to new buckets created via Cloudformation Stacks. We've now extended this feature to all buckets regardless of how they were created, to ensure that IaC changes can be correctly applied to buckets without interference from immediate policy enforcements.

What's new?

  • Added support for Advanced Tier for SSM Parameters.
  • Increased the visibility timeout from 60 seconds to 7200 seconds and decreased the message retention period to 7 days for runnable DLQ.

What's new?

  • Added: Support for Postgres versions 14.9, 14.10, 15.4 and 15.5.
  • Added: Support for Redis 7.1.
  • Added: m6gd.medium to instance type parameter for RDS.
  • Added: Support for Advanced Tier for SSM Parameters.
  • Removed: t4.micro and t4.small from instance type parameter for RDS.

Note

To use the latest RDS certificate in commercial cloud, please upgrade TE to 5.42.3 or higher and update the RDS CA Certificate for Commercial Cloud parameter.

Bug fixes

  • Server

    • Added: Support for AWS Custom Group Levels.
    • Updated: The DLQ lambda timeout has been updated to 2 minutes instead of 1 minute.
    • Updated: The Events DLQ visibility timeout has been increased from 15 minutes to 4 hours.
    • Updated: The Events DLQ MessageRetentionPeriod has been decreased from 14 days to 7 days.
  • UI

    • Added: Action button to run immediate policy value.

Requirements

  • TEF: 1.57.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Added support for group permission levels.

What's new?

  • Control Types:

    • GCP > Firebase > Android App > ServiceNow
    • GCP > Firebase > Android App > ServiceNow > Configuration Item
    • GCP > Firebase > Android App > ServiceNow > Table
    • GCP > Firebase > Firebase Project > ServiceNow
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
    • GCP > Firebase > Firebase Project > ServiceNow > Table
    • GCP > Firebase > Web App > ServiceNow
    • GCP > Firebase > Web App > ServiceNow > Configuration Item
    • GCP > Firebase > Web App > ServiceNow > Table
    • GCP > Firebase > iOS App > ServiceNow
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item
    • GCP > Firebase > iOS App > ServiceNow > Table
  • Policy Types:

    • GCP > Firebase > Android App > ServiceNow
    • GCP > Firebase > Android App > ServiceNow > Configuration Item
    • GCP > Firebase > Android App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Android App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Android App > ServiceNow > Table
    • GCP > Firebase > Android App > ServiceNow > Table > Definition
    • GCP > Firebase > Firebase Project > ServiceNow
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Firebase Project > ServiceNow > Table
    • GCP > Firebase > Firebase Project > ServiceNow > Table > Definition
    • GCP > Firebase > Web App > ServiceNow
    • GCP > Firebase > Web App > ServiceNow > Configuration Item
    • GCP > Firebase > Web App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > Web App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > Web App > ServiceNow > Table
    • GCP > Firebase > Web App > ServiceNow > Table > Definition
    • GCP > Firebase > iOS App > ServiceNow
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Record
    • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Table Definition
    • GCP > Firebase > iOS App > ServiceNow > Table
    • GCP > Firebase > iOS App > ServiceNow > Table > Definition

What's new?

  • The AWS > Secrets Manager > Secret > CMDB control would go into an error state if Guardrails did not have permissions to describe a secret. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > Secrets Manager > Secret > CMDB policy to Enforce: Enabled but ignore permission errors.

What's new?

  • You can now attach custom IAM Groups to Guardrails users if the AWS > Turbot > Permissions policy is set to Enforce: User Mode. To get started, set the AWS > Turbot > Permissions > Custom Group Levels [Account] policy and then attach the custom group to a user via the Grant Permission button on the Permissions page. Please note that this feature will work as intended only on TE v5.42.18 or higher and turbot-iam mod v5.11.0 or higher.

  • Policy Types:

    • AWS > Turbot > Permissions > Custom Group Levels [Account]
  • Policy Types renamed:

    • AWS > Turbot > Permissions > Custom Levels [Account] to AWS > Turbot > Permissions > Custom Role Levels [Account]
    • AWS > Turbot > Permissions > Custom Levels [Folder] to AWS > Turbot > Permissions > Custom Role Levels [Folder]

What's new?

  • Control Types:

    • GCP > Network > Address > ServiceNow
    • GCP > Network > Address > ServiceNow > Configuration Item
    • GCP > Network > Address > ServiceNow > Table
    • GCP > Network > Backend Bucket > ServiceNow
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
    • GCP > Network > Backend Bucket > ServiceNow > Table
    • GCP > Network > Backend Service > ServiceNow
    • GCP > Network > Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Backend Service > ServiceNow > Table
    • GCP > Network > Firewall > ServiceNow
    • GCP > Network > Firewall > ServiceNow > Configuration Item
    • GCP > Network > Firewall > ServiceNow > Table
    • GCP > Network > Forwarding Rule > ServiceNow
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Forwarding Rule > ServiceNow > Table
    • GCP > Network > Global Address > ServiceNow
    • GCP > Network > Global Address > ServiceNow > Configuration Item
    • GCP > Network > Global Address > ServiceNow > Table
    • GCP > Network > Global Forwarding Rule > ServiceNow
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table
    • GCP > Network > Interconnect > ServiceNow
    • GCP > Network > Interconnect > ServiceNow > Configuration Item
    • GCP > Network > Interconnect > ServiceNow > Table
    • GCP > Network > Packet Mirroring > ServiceNow
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
    • GCP > Network > Packet Mirroring > ServiceNow > Table
    • GCP > Network > Region Backend Service > ServiceNow
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Region Backend Service > ServiceNow > Table
    • GCP > Network > Region SSL Certificate > ServiceNow
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > Region SSL Certificate > ServiceNow > Table
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Region URL Map > ServiceNow
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item
    • GCP > Network > Region URL Map > ServiceNow > Table
    • GCP > Network > Route > ServiceNow
    • GCP > Network > Route > ServiceNow > Configuration Item
    • GCP > Network > Route > ServiceNow > Table
    • GCP > Network > Router > ServiceNow
    • GCP > Network > Router > ServiceNow > Configuration Item
    • GCP > Network > Router > ServiceNow > Table
    • GCP > Network > SSL Certificate > ServiceNow
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > SSL Certificate > ServiceNow > Table
    • GCP > Network > SSL Policy > ServiceNow
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item
    • GCP > Network > SSL Policy > ServiceNow > Table
    • GCP > Network > Target HTTPS Proxy > ServiceNow
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Target Pool > ServiceNow
    • GCP > Network > Target Pool > ServiceNow > Configuration Item
    • GCP > Network > Target Pool > ServiceNow > Table
    • GCP > Network > Target SSL Proxy > ServiceNow
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target SSL Proxy > ServiceNow > Table
    • GCP > Network > Target TCP Proxy > ServiceNow
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target TCP Proxy > ServiceNow > Table
    • GCP > Network > Target VPN Gateway > ServiceNow
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
    • GCP > Network > Target VPN Gateway > ServiceNow > Table
    • GCP > Network > URL Map > ServiceNow
    • GCP > Network > URL Map > ServiceNow > Configuration Item
    • GCP > Network > URL Map > ServiceNow > Table
    • GCP > Network > VPN Tunnel > ServiceNow
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
    • GCP > Network > VPN Tunnel > ServiceNow > Table
  • Policy Types:

    • GCP > Network > Address > ServiceNow
    • GCP > Network > Address > ServiceNow > Configuration Item
    • GCP > Network > Address > ServiceNow > Configuration Item > Record
    • GCP > Network > Address > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Address > ServiceNow > Table
    • GCP > Network > Address > ServiceNow > Table > Definition
    • GCP > Network > Backend Bucket > ServiceNow
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Record
    • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Backend Bucket > ServiceNow > Table
    • GCP > Network > Backend Bucket > ServiceNow > Table > Definition
    • GCP > Network > Backend Service > ServiceNow
    • GCP > Network > Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Backend Service > ServiceNow > Configuration Item > Record
    • GCP > Network > Backend Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Backend Service > ServiceNow > Table
    • GCP > Network > Backend Service > ServiceNow > Table > Definition
    • GCP > Network > Firewall > ServiceNow
    • GCP > Network > Firewall > ServiceNow > Configuration Item
    • GCP > Network > Firewall > ServiceNow > Configuration Item > Record
    • GCP > Network > Firewall > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Firewall > ServiceNow > Table
    • GCP > Network > Firewall > ServiceNow > Table > Definition
    • GCP > Network > Forwarding Rule > ServiceNow
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Record
    • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Forwarding Rule > ServiceNow > Table
    • GCP > Network > Forwarding Rule > ServiceNow > Table > Definition
    • GCP > Network > Global Address > ServiceNow
    • GCP > Network > Global Address > ServiceNow > Configuration Item
    • GCP > Network > Global Address > ServiceNow > Configuration Item > Record
    • GCP > Network > Global Address > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Global Address > ServiceNow > Table
    • GCP > Network > Global Address > ServiceNow > Table > Definition
    • GCP > Network > Global Forwarding Rule > ServiceNow
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Record
    • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table
    • GCP > Network > Global Forwarding Rule > ServiceNow > Table > Definition
    • GCP > Network > Interconnect > ServiceNow
    • GCP > Network > Interconnect > ServiceNow > Configuration Item
    • GCP > Network > Interconnect > ServiceNow > Configuration Item > Record
    • GCP > Network > Interconnect > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Interconnect > ServiceNow > Table
    • GCP > Network > Interconnect > ServiceNow > Table > Definition
    • GCP > Network > Packet Mirroring > ServiceNow
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Record
    • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Packet Mirroring > ServiceNow > Table
    • GCP > Network > Packet Mirroring > ServiceNow > Table > Definition
    • GCP > Network > Region Backend Service > ServiceNow
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Record
    • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region Backend Service > ServiceNow > Table
    • GCP > Network > Region Backend Service > ServiceNow > Table > Definition
    • GCP > Network > Region SSL Certificate > ServiceNow
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Record
    • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region SSL Certificate > ServiceNow > Table
    • GCP > Network > Region SSL Certificate > ServiceNow > Table > Definition
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table > Definition
    • GCP > Network > Region URL Map > ServiceNow
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Record
    • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Region URL Map > ServiceNow > Table
    • GCP > Network > Region URL Map > ServiceNow > Table > Definition
    • GCP > Network > Route > ServiceNow
    • GCP > Network > Route > ServiceNow > Configuration Item
    • GCP > Network > Route > ServiceNow > Configuration Item > Record
    • GCP > Network > Route > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Route > ServiceNow > Table
    • GCP > Network > Route > ServiceNow > Table > Definition
    • GCP > Network > Router > ServiceNow
    • GCP > Network > Router > ServiceNow > Configuration Item
    • GCP > Network > Router > ServiceNow > Configuration Item > Record
    • GCP > Network > Router > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Router > ServiceNow > Table
    • GCP > Network > Router > ServiceNow > Table > Definition
    • GCP > Network > SSL Certificate > ServiceNow
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Record
    • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > SSL Certificate > ServiceNow > Table
    • GCP > Network > SSL Certificate > ServiceNow > Table > Definition
    • GCP > Network > SSL Policy > ServiceNow
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Record
    • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > SSL Policy > ServiceNow > Table
    • GCP > Network > SSL Policy > ServiceNow > Table > Definition
    • GCP > Network > Target HTTPS Proxy > ServiceNow
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
    • GCP > Network > Target HTTPS Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target Pool > ServiceNow
    • GCP > Network > Target Pool > ServiceNow > Configuration Item
    • GCP > Network > Target Pool > ServiceNow > Configuration Item > Record
    • GCP > Network > Target Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target Pool > ServiceNow > Table
    • GCP > Network > Target Pool > ServiceNow > Table > Definition
    • GCP > Network > Target SSL Proxy > ServiceNow
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target SSL Proxy > ServiceNow > Table
    • GCP > Network > Target SSL Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target TCP Proxy > ServiceNow
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Record
    • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target TCP Proxy > ServiceNow > Table
    • GCP > Network > Target TCP Proxy > ServiceNow > Table > Definition
    • GCP > Network > Target VPN Gateway > ServiceNow
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Record
    • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Target VPN Gateway > ServiceNow > Table
    • GCP > Network > Target VPN Gateway > ServiceNow > Table > Definition
    • GCP > Network > URL Map > ServiceNow
    • GCP > Network > URL Map > ServiceNow > Configuration Item
    • GCP > Network > URL Map > ServiceNow > Configuration Item > Record
    • GCP > Network > URL Map > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > URL Map > ServiceNow > Table
    • GCP > Network > URL Map > ServiceNow > Table > Definition
    • GCP > Network > VPN Tunnel > ServiceNow
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Record
    • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > VPN Tunnel > ServiceNow > Table
    • GCP > Network > VPN Tunnel > ServiceNow > Table > Definition

Bug fixes

  • The AWS > VPC > VPC > Stack control would sometimes fail to claim existing Flow Logs in Guardrails CMDB. This is now fixed.

What's new?

  • Control Types:

    • GCP > IAM > Project Role > ServiceNow
    • GCP > IAM > Project Role > ServiceNow > Configuration Item
    • GCP > IAM > Project Role > ServiceNow > Table
    • GCP > IAM > Project User > ServiceNow
    • GCP > IAM > Project User > ServiceNow > Configuration Item
    • GCP > IAM > Project User > ServiceNow > Table
    • GCP > IAM > Service Account > ServiceNow
    • GCP > IAM > Service Account > ServiceNow > Configuration Item
    • GCP > IAM > Service Account > ServiceNow > Table
    • GCP > IAM > Service Account Key > ServiceNow
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
    • GCP > IAM > Service Account Key > ServiceNow > Table
    • GCP > Project > Policy > ServiceNow
    • GCP > Project > Policy > ServiceNow > Configuration Item
    • GCP > Project > Policy > ServiceNow > Table
  • Policy Types:

    • GCP > IAM > Project Role > ServiceNow
    • GCP > IAM > Project Role > ServiceNow > Configuration Item
    • GCP > IAM > Project Role > ServiceNow > Configuration Item > Record
    • GCP > IAM > Project Role > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Project Role > ServiceNow > Table
    • GCP > IAM > Project Role > ServiceNow > Table > Definition
    • GCP > IAM > Project User > ServiceNow
    • GCP > IAM > Project User > ServiceNow > Configuration Item
    • GCP > IAM > Project User > ServiceNow > Configuration Item > Record
    • GCP > IAM > Project User > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Project User > ServiceNow > Table
    • GCP > IAM > Project User > ServiceNow > Table > Definition
    • GCP > IAM > Service Account > ServiceNow
    • GCP > IAM > Service Account > ServiceNow > Configuration Item
    • GCP > IAM > Service Account > ServiceNow > Configuration Item > Record
    • GCP > IAM > Service Account > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Service Account > ServiceNow > Table
    • GCP > IAM > Service Account > ServiceNow > Table > Definition
    • GCP > IAM > Service Account Key > ServiceNow
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Record
    • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Table Definition
    • GCP > IAM > Service Account Key > ServiceNow > Table
    • GCP > IAM > Service Account Key > ServiceNow > Table > Definition
    • GCP > Project > Policy > ServiceNow
    • GCP > Project > Policy > ServiceNow > Configuration Item
    • GCP > Project > Policy > ServiceNow > Configuration Item > Record
    • GCP > Project > Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Project > Policy > ServiceNow > Table
    • GCP > Project > Policy > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Functions > Function > ServiceNow
    • GCP > Functions > Function > ServiceNow > Configuration Item
    • GCP > Functions > Function > ServiceNow > Table
  • Policy Types:

    • GCP > Functions > Function > ServiceNow
    • GCP > Functions > Function > ServiceNow > Configuration Item
    • GCP > Functions > Function > ServiceNow > Configuration Item > Record
    • GCP > Functions > Function > ServiceNow > Configuration Item > Table Definition
    • GCP > Functions > Function > ServiceNow > Table
    • GCP > Functions > Function > ServiceNow > Table > Definition

Bug fixes

  • The AWS > SNS > Subscription > CMDB control would go into an error state if Guardrails did not have permissions to describe a subscription. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > SNS > Subscription > CMDB policy to Enforce: Enabled but ignore permission errors.

What's new?

  • Control Types:

    • GCP > Project > ServiceNow
    • GCP > Project > ServiceNow > Configuration Item
    • GCP > Project > ServiceNow > Table
  • Policy Types:

    • GCP > Project > ServiceNow
    • GCP > Project > ServiceNow > Configuration Item
    • GCP > Project > ServiceNow > Configuration Item > Record
    • GCP > Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Project > ServiceNow > Table
    • GCP > Project > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Memorystore > Instance > ServiceNow
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item
    • GCP > Memorystore > Instance > ServiceNow > Table
  • Policy Types:

    • GCP > Memorystore > Instance > ServiceNow
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Record
    • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Memorystore > Instance > ServiceNow > Table
    • GCP > Memorystore > Instance > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Storage > Object > ServiceNow
    • GCP > Storage > Object > ServiceNow > Configuration Item
    • GCP > Storage > Object > ServiceNow > Table
  • Policy Types:

    • GCP > Storage > Object > ServiceNow
    • GCP > Storage > Object > ServiceNow > Configuration Item
    • GCP > Storage > Object > ServiceNow > Configuration Item > Record
    • GCP > Storage > Object > ServiceNow > Configuration Item > Table Definition
    • GCP > Storage > Object > ServiceNow > Table
    • GCP > Storage > Object > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Secret Manager > Secret > ServiceNow
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
    • GCP > Secret Manager > Secret > ServiceNow > Table
  • Policy Types:

    • GCP > Secret Manager > Secret > ServiceNow
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Record
    • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Table Definition
    • GCP > Secret Manager > Secret > ServiceNow > Table
    • GCP > Secret Manager > Secret > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Scheduler > Job > ServiceNow
    • GCP > Scheduler > Job > ServiceNow > Configuration Item
    • GCP > Scheduler > Job > ServiceNow > Table
  • Policy Types:

    • GCP > Scheduler > Job > ServiceNow
    • GCP > Scheduler > Job > ServiceNow > Configuration Item
    • GCP > Scheduler > Job > ServiceNow > Configuration Item > Record
    • GCP > Scheduler > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Scheduler > Job > ServiceNow > Table
    • GCP > Scheduler > Job > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Dataproc > Cluster > ServiceNow
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
    • GCP > Dataproc > Cluster > ServiceNow > Table
    • GCP > Dataproc > Job > ServiceNow
    • GCP > Dataproc > Job > ServiceNow > Configuration Item
    • GCP > Dataproc > Job > ServiceNow > Table
    • GCP > Dataproc > Workflow Template > ServiceNow
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
    • GCP > Dataproc > Workflow Template > ServiceNow > Table
  • Policy Types:

    • GCP > Dataproc > Cluster > ServiceNow
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Cluster > ServiceNow > Table
    • GCP > Dataproc > Cluster > ServiceNow > Table > Definition
    • GCP > Dataproc > Job > ServiceNow
    • GCP > Dataproc > Job > ServiceNow > Configuration Item
    • GCP > Dataproc > Job > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Job > ServiceNow > Table
    • GCP > Dataproc > Job > ServiceNow > Table > Definition
    • GCP > Dataproc > Workflow Template > ServiceNow
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Record
    • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataproc > Workflow Template > ServiceNow > Table
    • GCP > Dataproc > Workflow Template > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Composer > Environment > ServiceNow
    • GCP > Composer > Environment > ServiceNow > Configuration Item
    • GCP > Composer > Environment > ServiceNow > Table
  • Policy Types:

    • GCP > Composer > Environment > ServiceNow
    • GCP > Composer > Environment > ServiceNow > Configuration Item
    • GCP > Composer > Environment > ServiceNow > Configuration Item > Record
    • GCP > Composer > Environment > ServiceNow > Configuration Item > Table Definition
    • GCP > Composer > Environment > ServiceNow > Table
    • GCP > Composer > Environment > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Monitoring > Alert Policy > ServiceNow
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
    • GCP > Monitoring > Alert Policy > ServiceNow > Table
    • GCP > Monitoring > Group > ServiceNow
    • GCP > Monitoring > Group > ServiceNow > Configuration Item
    • GCP > Monitoring > Group > ServiceNow > Table
    • GCP > Monitoring > Notification Channel > ServiceNow
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
    • GCP > Monitoring > Notification Channel > ServiceNow > Table
  • Policy Types:

    • GCP > Monitoring > Alert Policy > ServiceNow
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Alert Policy > ServiceNow > Table
    • GCP > Monitoring > Alert Policy > ServiceNow > Table > Definition
    • GCP > Monitoring > Group > ServiceNow
    • GCP > Monitoring > Group > ServiceNow > Configuration Item
    • GCP > Monitoring > Group > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Group > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Group > ServiceNow > Table
    • GCP > Monitoring > Group > ServiceNow > Table > Definition
    • GCP > Monitoring > Notification Channel > ServiceNow
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Record
    • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Table Definition
    • GCP > Monitoring > Notification Channel > ServiceNow > Table
    • GCP > Monitoring > Notification Channel > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > DNS > Managed Zone > ServiceNow
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
    • GCP > DNS > Managed Zone > ServiceNow > Table
  • Policy Types:

    • GCP > DNS > Managed Zone > ServiceNow
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Record
    • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Table Definition
    • GCP > DNS > Managed Zone > ServiceNow > Table
    • GCP > DNS > Managed Zone > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Datapipeline > Pipeline > ServiceNow
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
    • GCP > Datapipeline > Pipeline > ServiceNow > Table
  • Policy Types:

    • GCP > Datapipeline > Pipeline > ServiceNow
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Record
    • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Table Definition
    • GCP > Datapipeline > Pipeline > ServiceNow > Table
    • GCP > Datapipeline > Pipeline > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Dataflow > Job > ServiceNow
    • GCP > Dataflow > Job > ServiceNow > Configuration Item
    • GCP > Dataflow > Job > ServiceNow > Table
  • Policy Types:

    • GCP > Dataflow > Job > ServiceNow
    • GCP > Dataflow > Job > ServiceNow > Configuration Item
    • GCP > Dataflow > Job > ServiceNow > Configuration Item > Record
    • GCP > Dataflow > Job > ServiceNow > Configuration Item > Table Definition
    • GCP > Dataflow > Job > ServiceNow > Table
    • GCP > Dataflow > Job > ServiceNow > Table > Definition

Bug fixes

  • The GCP > Compute Engine > Instance Template > CMDB control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.

Bug fixes

  • Due to an inadvertently introduced issue with an internal build for Azure > Subscription, importing subscriptions encountered schema validation problems. This issue has been resolved, and you can now successfully import subscriptions as before.

Bug fixes

  • In the previous version, while we improved on the way we discovered missing Snapshots and Volumes while processing their update events, we inadvertently introduced a bug where some resources were upserted with incorrect AKAs. Such resources with malformed AKAs should now be cleaned up automatically from the environment, and Guardrails will now discover resources more correctly and consistently than before.
  • In a previous version (v5.31.4), we implemented a feature to Discover Instances while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

What's new?

  • Added support for ap-northeast-3 in the AWS > Account > Regions policy.

What's new?

  • Added support for af-south-1, ap-northeast-3, ap-south-2, ap-southeast-3, ap-southeast-4, ca-west-1, eu-central-2, eu-south-1, eu-south-2, il-central-1 and me-central-1 regions in the AWS > Logs > Regions policy.

What's new?

  • You can now configure Block Public Access for Snapshots. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for Snapshots policy.

  • You can now also disable Block Public Access for AMIs. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for AMIs policy.

  • AWS/EC2/Admin, AWS/EC2/Metadata and AWS/EC2/Operator now includes permissions for Verified Access Endpoints, Verified Access Groups and Verified Access Trust Providers.

  • Control Types:

    • AWS > EC2 > Account Attributes > Block Public Access for Snapshots
  • Policy Types:

    • AWS > EC2 > Account Attributes > Block Public Access for Snapshots
  • Action Types:

    • AWS > EC2 > Account Attributes > Update Block Public Access for Snapshots

Bug fixes

  • In a previous version (v5.31.4), we implemented a feature to Discover Snapshots and Volumes while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

What's new?

  • Updated: MaxPalyloadSize parameter description.
  • Updated: Turbot Policy Parameter to add back Deny: * for HTTP in SNS Policy.

What's new?

  • Added: Postgres versions 13.12 and 13.13.
  • Updated: CloudWatch Alarms will now use TEF SNS topic.

Bug fixes

  • Server
    • Added the Deny:* policy for HTTP traffic back to the turbot-policy-parameter custom lambda code.
    • Event DLQ should not set the control or policy value to error if there has been a new process started for the control or policy value.
    • Run next should drop the events in case of recursive loop.
    • Add additional retryable throttling codes for actions.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

v1.10.1 of the Terraform Provider for Guardrails is now available.

Bug fixes

  • resource/turbot_file: terraform apply failed to update content of an existing File in Guardrails. This is now fixed.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • GCP > Logging > Exclusion > Approved > Custom
    • GCP > Logging > Metric > Approved > Custom
    • GCP > Logging > Sink > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • GCP > Kubernetes Engine > Region Cluster > Approved > Custom
    • GCP > Kubernetes Engine > Region Node Pool > Approved > Custom
    • GCP > Kubernetes Engine > Zone Cluster > Approved > Custom
    • GCP > Kubernetes Engine > Zone Node Pool > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • GCP > Dataflow > Job > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

  • The AWS > EC2 > Key Pair > Discovery control would sometimes go into an error state if a Key Pair alias included escape characters. This is now fixed.

  • Control Types renamed:

    • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration
  • Policy Types renamed:

    • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration
    • AWS > EC2 > Volume > Configuration > IOPS Capacity to AWS > EC2 > Volume > Performance Configuration > IOPS Capacity
    • AWS > EC2 > Volume > Configuration > Throughput to AWS > EC2 > Volume > Performance Configuration > Throughput
    • AWS > EC2 > Volume > Configuration > Type to AWS > EC2 > Volume > Performance Configuration > Type
  • Action Types renamed:

    • AWS > EC2 > Volume > Update Configuration to AWS > EC2 > Volume > Update Performance Configuration

Bug fixes

  • The Turbot > Policy Setting Expiration control will now run every 12 hours to manage policy setting expirations more consistently than before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

  • The Org policy details in the Project CMDB data will now be properly and consistently sorted.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • GCP > Scheduler > Job > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Control Types:

    • GCP > Cloud Run > Service > ServiceNow
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item
    • GCP > Cloud Run > Service > ServiceNow > Table
  • Policy Types:

    • GCP > Cloud Run > Service > ServiceNow
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Record
    • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Table Definition
    • GCP > Cloud Run > Service > ServiceNow > Table
    • GCP > Cloud Run > Service > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Spanner > Database > ServiceNow
    • GCP > Spanner > Database > ServiceNow > Configuration Item
    • GCP > Spanner > Database > ServiceNow > Table
    • GCP > Spanner > Instance > ServiceNow
    • GCP > Spanner > Instance > ServiceNow > Configuration Item
    • GCP > Spanner > Instance > ServiceNow > Table
  • Policy Types:

    • GCP > Spanner > Database > ServiceNow
    • GCP > Spanner > Database > ServiceNow > Configuration Item
    • GCP > Spanner > Database > ServiceNow > Configuration Item > Record
    • GCP > Spanner > Database > ServiceNow > Configuration Item > Table Definition
    • GCP > Spanner > Database > ServiceNow > Table
    • GCP > Spanner > Database > ServiceNow > Table > Definition
    • GCP > Spanner > Instance > ServiceNow
    • GCP > Spanner > Instance > ServiceNow > Configuration Item
    • GCP > Spanner > Instance > ServiceNow > Configuration Item > Record
    • GCP > Spanner > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Spanner > Instance > ServiceNow > Table
    • GCP > Spanner > Instance > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > EC2 > Volume > Configuration
  • Policy Types:

    • AWS > EC2 > Volume > Configuration
    • AWS > EC2 > Volume > Configuration > IOPS Capacity
    • AWS > EC2 > Volume > Configuration > Throughput
    • AWS > EC2 > Volume > Configuration > Type
  • Action Types:

    • AWS > EC2 > Volume > Update Configuration

What's new?

  • Server
    • You can now update API size limit via the MAX_PAYLOAD_SIZE parameter.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Resource Types:

    • AWS > Kinesis > Kinesis Video Stream
  • Control Types:

    • AWS > Kinesis > Kinesis Video Stream > Active
    • AWS > Kinesis > Kinesis Video Stream > Approved
    • AWS > Kinesis > Kinesis Video Stream > CMDB
    • AWS > Kinesis > Kinesis Video Stream > Discovery
    • AWS > Kinesis > Kinesis Video Stream > Tags
  • Policy Types:

    • AWS > Kinesis > Kinesis Video Stream > Active
    • AWS > Kinesis > Kinesis Video Stream > Active > Age
    • AWS > Kinesis > Kinesis Video Stream > Active > Budget
    • AWS > Kinesis > Kinesis Video Stream > Active > Last Modified
    • AWS > Kinesis > Kinesis Video Stream > Approved
    • AWS > Kinesis > Kinesis Video Stream > Approved > Budget
    • AWS > Kinesis > Kinesis Video Stream > Approved > Custom
    • AWS > Kinesis > Kinesis Video Stream > Approved > Regions
    • AWS > Kinesis > Kinesis Video Stream > Approved > Usage
    • AWS > Kinesis > Kinesis Video Stream > CMDB
    • AWS > Kinesis > Kinesis Video Stream > Regions
    • AWS > Kinesis > Kinesis Video Stream > Tags
    • AWS > Kinesis > Kinesis Video Stream > Tags > Template
  • Action Types:

    • AWS > Kinesis > Kinesis Video Stream > Delete
    • AWS > Kinesis > Kinesis Video Stream > Delete from AWS
    • AWS > Kinesis > Kinesis Video Stream > Router
    • AWS > Kinesis > Kinesis Video Stream > Set Tags
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control
    • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control [90 days]
    • AWS > Kinesis > Kinesis Video Stream > Update Tags

What's new?

  • Control Types:

    • GCP > Logging > Exclusion > ServiceNow
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item
    • GCP > Logging > Exclusion > ServiceNow > Table
    • GCP > Logging > Metric > ServiceNow
    • GCP > Logging > Metric > ServiceNow > Configuration Item
    • GCP > Logging > Metric > ServiceNow > Table
    • GCP > Logging > Sink > ServiceNow
    • GCP > Logging > Sink > ServiceNow > Configuration Item
    • GCP > Logging > Sink > ServiceNow > Table
  • Policy Types:

    • GCP > Logging > Exclusion > ServiceNow
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Record
    • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Exclusion > ServiceNow > Table
    • GCP > Logging > Exclusion > ServiceNow > Table > Definition
    • GCP > Logging > Metric > ServiceNow
    • GCP > Logging > Metric > ServiceNow > Configuration Item
    • GCP > Logging > Metric > ServiceNow > Configuration Item > Record
    • GCP > Logging > Metric > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Metric > ServiceNow > Table
    • GCP > Logging > Metric > ServiceNow > Table > Definition
    • GCP > Logging > Sink > ServiceNow
    • GCP > Logging > Sink > ServiceNow > Configuration Item
    • GCP > Logging > Sink > ServiceNow > Configuration Item > Record
    • GCP > Logging > Sink > ServiceNow > Configuration Item > Table Definition
    • GCP > Logging > Sink > ServiceNow > Table
    • GCP > Logging > Sink > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Compute Engine > HTTP Health Check > ServiceNow
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
    • GCP > Compute Engine > Health Check > ServiceNow
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Health Check > ServiceNow > Table
    • GCP > Compute Engine > Instance Template > ServiceNow
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance Template > ServiceNow > Table
    • GCP > Compute Engine > Node Group > ServiceNow
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Group > ServiceNow > Table
    • GCP > Compute Engine > Node Template > ServiceNow
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Template > ServiceNow > Table
    • GCP > Compute Engine > Project > ServiceNow
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item
    • GCP > Compute Engine > Project > ServiceNow > Table
    • GCP > Compute Engine > Region Disk > ServiceNow
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Disk > ServiceNow > Table
    • GCP > Compute Engine > Region Health Check > ServiceNow
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table
  • Policy Types:

    • GCP > Compute Engine > HTTP Health Check > ServiceNow
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
    • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > Health Check > ServiceNow
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Health Check > ServiceNow > Table
    • GCP > Compute Engine > Health Check > ServiceNow > Table > Definition
    • GCP > Compute Engine > Instance Template > ServiceNow
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Instance Template > ServiceNow > Table
    • GCP > Compute Engine > Instance Template > ServiceNow > Table > Definition
    • GCP > Compute Engine > Node Group > ServiceNow
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Node Group > ServiceNow > Table
    • GCP > Compute Engine > Node Group > ServiceNow > Table > Definition
    • GCP > Compute Engine > Node Template > ServiceNow
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Node Template > ServiceNow > Table
    • GCP > Compute Engine > Node Template > ServiceNow > Table > Definition
    • GCP > Compute Engine > Project > ServiceNow
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Project > ServiceNow > Table
    • GCP > Compute Engine > Project > ServiceNow > Table > Definition
    • GCP > Compute Engine > Region Disk > ServiceNow
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Region Disk > ServiceNow > Table
    • GCP > Compute Engine > Region Disk > ServiceNow > Table > Definition
    • GCP > Compute Engine > Region Health Check > ServiceNow
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table
    • GCP > Compute Engine > Region Health Check > ServiceNow > Table > Definition

What's new?

  • Policy Types:
    • Turbot > Stack > Native Stack Version [Default]

Requirements

  • TE: 5.35.4

What's new?

  • Control Types:

    • GCP > SQL > Backup > ServiceNow
    • GCP > SQL > Backup > ServiceNow > Configuration Item
    • GCP > SQL > Backup > ServiceNow > Table
    • GCP > SQL > Database > ServiceNow
    • GCP > SQL > Database > ServiceNow > Configuration Item
    • GCP > SQL > Database > ServiceNow > Table
  • Policy Types:

    • GCP > SQL > Backup > ServiceNow
    • GCP > SQL > Backup > ServiceNow > Configuration Item
    • GCP > SQL > Backup > ServiceNow > Configuration Item > Record
    • GCP > SQL > Backup > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Backup > ServiceNow > Table
    • GCP > SQL > Backup > ServiceNow > Table > Definition
    • GCP > SQL > Database > ServiceNow
    • GCP > SQL > Database > ServiceNow > Configuration Item
    • GCP > SQL > Database > ServiceNow > Configuration Item > Record
    • GCP > SQL > Database > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Database > ServiceNow > Table
    • GCP > SQL > Database > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > KMS > Crypto Key > ServiceNow
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
    • GCP > KMS > Crypto Key > ServiceNow > Table
    • GCP > KMS > Key Ring > ServiceNow
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item
    • GCP > KMS > Key Ring > ServiceNow > Table
  • Policy Types:

    • GCP > KMS > Crypto Key > ServiceNow
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Record
    • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Table Definition
    • GCP > KMS > Crypto Key > ServiceNow > Table
    • GCP > KMS > Crypto Key > ServiceNow > Table > Definition
    • GCP > KMS > Key Ring > ServiceNow
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Record
    • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Table Definition
    • GCP > KMS > Key Ring > ServiceNow > Table
    • GCP > KMS > Key Ring > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > BigQuery > Dataset > ServiceNow
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
    • GCP > BigQuery > Dataset > ServiceNow > Table
    • GCP > BigQuery > Table > ServiceNow
    • GCP > BigQuery > Table > ServiceNow > Configuration Item
    • GCP > BigQuery > Table > ServiceNow > Table
  • Policy Types:

    • GCP > BigQuery > Dataset > ServiceNow
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Record
    • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Table Definition
    • GCP > BigQuery > Dataset > ServiceNow > Table
    • GCP > BigQuery > Dataset > ServiceNow > Table > Definition
    • GCP > BigQuery > Table > ServiceNow
    • GCP > BigQuery > Table > ServiceNow > Configuration Item
    • GCP > BigQuery > Table > ServiceNow > Configuration Item > Record
    • GCP > BigQuery > Table > ServiceNow > Configuration Item > Table Definition
    • GCP > BigQuery > Table > ServiceNow > Table
    • GCP > BigQuery > Table > ServiceNow > Table > Definition

Bug fixes

  • Server
    • Updated: Enhanced IAM policy for tighter access around custom Lambda.
    • Fixed: Turbot > Workspace > Health Control should not break if there is no input.

Requirements

  • TEF: 1.55.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • GCP > Bigtable > Cluster > ServiceNow
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
    • GCP > Bigtable > Cluster > ServiceNow > Table
    • GCP > Bigtable > Instance > ServiceNow
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item
    • GCP > Bigtable > Instance > ServiceNow > Table
    • GCP > Bigtable > Table > ServiceNow
    • GCP > Bigtable > Table > ServiceNow > Configuration Item
    • GCP > Bigtable > Table > ServiceNow > Table
  • Policy Types:

    • GCP > Bigtable > Cluster > ServiceNow
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Cluster > ServiceNow > Table
    • GCP > Bigtable > Cluster > ServiceNow > Table > Definition
    • GCP > Bigtable > Instance > ServiceNow
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Instance > ServiceNow > Table
    • GCP > Bigtable > Instance > ServiceNow > Table > Definition
    • GCP > Bigtable > Table > ServiceNow
    • GCP > Bigtable > Table > ServiceNow > Configuration Item
    • GCP > Bigtable > Table > ServiceNow > Configuration Item > Record
    • GCP > Bigtable > Table > ServiceNow > Configuration Item > Table Definition
    • GCP > Bigtable > Table > ServiceNow > Table
    • GCP > Bigtable > Table > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > App Engine > Application > ServiceNow
    • GCP > App Engine > Application > ServiceNow > Configuration Item
    • GCP > App Engine > Application > ServiceNow > Table
    • GCP > App Engine > Firewall Rule > ServiceNow
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
    • GCP > App Engine > Firewall Rule > ServiceNow > Table
    • GCP > App Engine > Instance > ServiceNow
    • GCP > App Engine > Instance > ServiceNow > Configuration Item
    • GCP > App Engine > Instance > ServiceNow > Table
    • GCP > App Engine > Service > ServiceNow
    • GCP > App Engine > Service > ServiceNow > Configuration Item
    • GCP > App Engine > Service > ServiceNow > Table
    • GCP > App Engine > Version > ServiceNow
    • GCP > App Engine > Version > ServiceNow > Configuration Item
    • GCP > App Engine > Version > ServiceNow > Table
  • Policy Types:

    • GCP > App Engine > Application > ServiceNow
    • GCP > App Engine > Application > ServiceNow > Configuration Item
    • GCP > App Engine > Application > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Application > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Application > ServiceNow > Table
    • GCP > App Engine > Application > ServiceNow > Table > Definition
    • GCP > App Engine > Firewall Rule > ServiceNow
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Firewall Rule > ServiceNow > Table
    • GCP > App Engine > Firewall Rule > ServiceNow > Table > Definition
    • GCP > App Engine > Instance > ServiceNow
    • GCP > App Engine > Instance > ServiceNow > Configuration Item
    • GCP > App Engine > Instance > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Instance > ServiceNow > Table
    • GCP > App Engine > Instance > ServiceNow > Table > Definition
    • GCP > App Engine > Service > ServiceNow
    • GCP > App Engine > Service > ServiceNow > Configuration Item
    • GCP > App Engine > Service > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Service > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Service > ServiceNow > Table
    • GCP > App Engine > Service > ServiceNow > Table > Definition
    • GCP > App Engine > Version > ServiceNow
    • GCP > App Engine > Version > ServiceNow > Configuration Item
    • GCP > App Engine > Version > ServiceNow > Configuration Item > Record
    • GCP > App Engine > Version > ServiceNow > Configuration Item > Table Definition
    • GCP > App Engine > Version > ServiceNow > Table
    • GCP > App Engine > Version > ServiceNow > Table > Definition

Bug fixes

  • The GCP > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the GCP > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

Bug fixes

  • The Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller controls now include a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller policies are set to Disabled respectively. You won’t notice any difference and the controls should run lighter and quicker than before.

Bug fixes

  • The Azure > Turbot > Directory Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Directory Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

Bug fixes

  • The AWS > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the AWS > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

What's new?

  • Resource Types:

    • AWS > OpenSearch
  • Policy Types:

    • AWS > OpenSearch > API Enabled
    • AWS > OpenSearch > Approved Regions [Default]
    • AWS > OpenSearch > Enabled
    • AWS > OpenSearch > Permissions
    • AWS > OpenSearch > Permissions > Levels
    • AWS > OpenSearch > Permissions > Levels > Modifiers
    • AWS > OpenSearch > Permissions > Lockdown
    • AWS > OpenSearch > Permissions > Lockdown > API Boundary
    • AWS > OpenSearch > Regions
    • AWS > OpenSearch > Tags Template [Default]
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-opensearch
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-opensearch
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-opensearch

What's new?

  • Control Types:

    • Azure > Resource Group > ServiceNow
    • Azure > Resource Group > ServiceNow > Configuration Item
    • Azure > Resource Group > ServiceNow > Table
    • Azure > Subscription > ServiceNow
    • Azure > Subscription > ServiceNow > Configuration Item
    • Azure > Subscription > ServiceNow > Table
    • Azure > Tenant > ServiceNow
    • Azure > Tenant > ServiceNow > Configuration Item
    • Azure > Tenant > ServiceNow > Table
  • Policy Types:

    • Azure > Resource Group > ServiceNow
    • Azure > Resource Group > ServiceNow > Configuration Item
    • Azure > Resource Group > ServiceNow > Configuration Item > Record
    • Azure > Resource Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Resource Group > ServiceNow > Table
    • Azure > Resource Group > ServiceNow > Table > Definition
    • Azure > Subscription > ServiceNow
    • Azure > Subscription > ServiceNow > Configuration Item
    • Azure > Subscription > ServiceNow > Configuration Item > Record
    • Azure > Subscription > ServiceNow > Configuration Item > Table Definition
    • Azure > Subscription > ServiceNow > Table
    • Azure > Subscription > ServiceNow > Table > Definition
    • Azure > Tenant > ServiceNow
    • Azure > Tenant > ServiceNow > Configuration Item
    • Azure > Tenant > ServiceNow > Configuration Item > Record
    • Azure > Tenant > ServiceNow > Configuration Item > Table Definition
    • Azure > Tenant > ServiceNow > Table
    • Azure > Tenant > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Network > Private Endpoints > ServiceNow
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
    • Azure > Network > Private Endpoints > ServiceNow > Table
  • Policy Types:

    • Azure > Network > Private Endpoints > ServiceNow
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Record
    • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Private Endpoints > ServiceNow > Table
    • Azure > Network > Private Endpoints > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Automation > Automation Account > ServiceNow
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item
    • Azure > Automation > Automation Account > ServiceNow > Table
    • Azure > Automation > Runbook > ServiceNow
    • Azure > Automation > Runbook > ServiceNow > Configuration Item
    • Azure > Automation > Runbook > ServiceNow > Table
  • Policy Types:

    • Azure > Automation > Automation Account > ServiceNow
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Record
    • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Automation > Automation Account > ServiceNow > Table
    • Azure > Automation > Automation Account > ServiceNow > Table > Definition
    • Azure > Automation > Runbook > ServiceNow
    • Azure > Automation > Runbook > ServiceNow > Configuration Item
    • Azure > Automation > Runbook > ServiceNow > Configuration Item > Record
    • Azure > Automation > Runbook > ServiceNow > Configuration Item > Table Definition
    • Azure > Automation > Runbook > ServiceNow > Table
    • Azure > Automation > Runbook > ServiceNow > Table > Definition

What's new?

  • Added support for aws_network_interface_sg_attachment Terraform resource for AWS > EC2 > Network Interface.

Bug fixes

  • The AWS > EC2 > Instance > CMDB control would sometimes trigger multiple times if EnclaveOptions was not set as part of the AWS > EC2 > Instance > CMDB > Attributes policy. This would result in unnecessary Lambda runs for the control. The EnclaveOptions attribute is now available in the CMDB data by default and the EnclaveOptions policy value in AWS > EC2 > Instance > CMDB > Attributes policy has now been deprecated, and will be removed in the next major version.

What's new?

  • Updated: Launch Template to prevent association of Network Interface with public IPs.

What's new?

  • Control Types:

    • Azure > Storage > Container > ServiceNow
    • Azure > Storage > Container > ServiceNow > Configuration Item
    • Azure > Storage > Container > ServiceNow > Table
    • Azure > Storage > FileShare > ServiceNow
    • Azure > Storage > FileShare > ServiceNow > Configuration Item
    • Azure > Storage > FileShare > ServiceNow > Table
    • Azure > Storage > Queue > ServiceNow
    • Azure > Storage > Queue > ServiceNow > Configuration Item
    • Azure > Storage > Queue > ServiceNow > Table
  • Policy Types:

    • Azure > Storage > Container > ServiceNow
    • Azure > Storage > Container > ServiceNow > Configuration Item
    • Azure > Storage > Container > ServiceNow > Configuration Item > Record
    • Azure > Storage > Container > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Container > ServiceNow > Table
    • Azure > Storage > Container > ServiceNow > Table > Definition
    • Azure > Storage > FileShare > ServiceNow
    • Azure > Storage > FileShare > ServiceNow > Configuration Item
    • Azure > Storage > FileShare > ServiceNow > Configuration Item > Record
    • Azure > Storage > FileShare > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > FileShare > ServiceNow > Table
    • Azure > Storage > FileShare > ServiceNow > Table > Definition
    • Azure > Storage > Queue > ServiceNow
    • Azure > Storage > Queue > ServiceNow > Configuration Item
    • Azure > Storage > Queue > ServiceNow > Configuration Item > Record
    • Azure > Storage > Queue > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Queue > ServiceNow > Table
    • Azure > Storage > Queue > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Recovery Service > Backup > ServiceNow
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
    • Azure > Recovery Service > Backup > ServiceNow > Table
    • Azure > Recovery Service > Vault > ServiceNow
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
    • Azure > Recovery Service > Vault > ServiceNow > Table
  • Policy Types:

    • Azure > Recovery Service > Backup > ServiceNow
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Record
    • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Table Definition
    • Azure > Recovery Service > Backup > ServiceNow > Table
    • Azure > Recovery Service > Backup > ServiceNow > Table > Definition
    • Azure > Recovery Service > Vault > ServiceNow
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Record
    • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Table Definition
    • Azure > Recovery Service > Vault > ServiceNow > Table
    • Azure > Recovery Service > Vault > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Monitor > Action Group > ServiceNow
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item
    • Azure > Monitor > Action Group > ServiceNow > Table
    • Azure > Monitor > Alerts > ServiceNow
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item
    • Azure > Monitor > Alerts > ServiceNow > Table
    • Azure > Monitor > Log Profile > ServiceNow
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
    • Azure > Monitor > Log Profile > ServiceNow > Table
  • Policy Types:

    • Azure > Monitor > Action Group > ServiceNow
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Action Group > ServiceNow > Table
    • Azure > Monitor > Action Group > ServiceNow > Table > Definition
    • Azure > Monitor > Alerts > ServiceNow
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Alerts > ServiceNow > Table
    • Azure > Monitor > Alerts > ServiceNow > Table > Definition
    • Azure > Monitor > Log Profile > ServiceNow
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Record
    • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Table Definition
    • Azure > Monitor > Log Profile > ServiceNow > Table
    • Azure > Monitor > Log Profile > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Kubernetes Engine > Region Cluster > ServiceNow
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
  • Policy Types:

    • GCP > Kubernetes Engine > Region Cluster > ServiceNow
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table > Definition
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Record
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Table Definition
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
    • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > IAM > Role Assignment > ServiceNow
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
    • Azure > IAM > Role Assignment > ServiceNow > Table
    • Azure > IAM > Role Definition > ServiceNow
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item
    • Azure > IAM > Role Definition > ServiceNow > Table
  • Policy Types:

    • Azure > IAM > Role Assignment > ServiceNow
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Record
    • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Table Definition
    • Azure > IAM > Role Assignment > ServiceNow > Table
    • Azure > IAM > Role Assignment > ServiceNow > Table > Definition
    • Azure > IAM > Role Definition > ServiceNow
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Record
    • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Table Definition
    • Azure > IAM > Role Definition > ServiceNow > Table
    • Azure > IAM > Role Definition > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Data Factory > Dataset > ServiceNow
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
    • Azure > Data Factory > Dataset > ServiceNow > Table
    • Azure > Data Factory > Factory > ServiceNow
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item
    • Azure > Data Factory > Factory > ServiceNow > Table
    • Azure > Data Factory > Pipeline > ServiceNow
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
    • Azure > Data Factory > Pipeline > ServiceNow > Table
  • Policy Types:

    • Azure > Data Factory > Dataset > ServiceNow
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Dataset > ServiceNow > Table
    • Azure > Data Factory > Dataset > ServiceNow > Table > Definition
    • Azure > Data Factory > Factory > ServiceNow
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Factory > ServiceNow > Table
    • Azure > Data Factory > Factory > ServiceNow > Table > Definition
    • Azure > Data Factory > Pipeline > ServiceNow
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Record
    • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Table Definition
    • Azure > Data Factory > Pipeline > ServiceNow > Table
    • Azure > Data Factory > Pipeline > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Databricks > Workspace > ServiceNow
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item
    • Azure > Databricks > Workspace > ServiceNow > Table
  • Policy Types:

    • Azure > Databricks > Workspace > ServiceNow
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Record
    • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Databricks > Workspace > ServiceNow > Table
    • Azure > Databricks > Workspace > ServiceNow > Table > Definition

Bug fixes

  • Server
    • Minor internal improvements.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • Server
    • The scheduled actions would sometimes fail to work for the firehose-aws-sns mod due an inadvertent bug introduced in TE v5.42.10. This is now fixed.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • Azure > Active Directory > Application > ServiceNow
    • Azure > Active Directory > Application > ServiceNow > Configuration Item
    • Azure > Active Directory > Application > ServiceNow > Table
    • Azure > Active Directory > Client Secret > ServiceNow
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
    • Azure > Active Directory > Client Secret > ServiceNow > Table
    • Azure > Active Directory > Custom Domain > ServiceNow
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
    • Azure > Active Directory > Custom Domain > ServiceNow > Table
    • Azure > Active Directory > Directory > ServiceNow
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item
    • Azure > Active Directory > Directory > ServiceNow > Table
    • Azure > Active Directory > Group > ServiceNow
    • Azure > Active Directory > Group > ServiceNow > Configuration Item
    • Azure > Active Directory > Group > ServiceNow > Table
    • Azure > Active Directory > Service Principal > ServiceNow
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
    • Azure > Active Directory > Service Principal > ServiceNow > Table
    • Azure > Active Directory > User > ServiceNow
    • Azure > Active Directory > User > ServiceNow > Configuration Item
    • Azure > Active Directory > User > ServiceNow > Table
  • Policy Types:

    • Azure > Active Directory > Application > ServiceNow
    • Azure > Active Directory > Application > ServiceNow > Configuration Item
    • Azure > Active Directory > Application > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Application > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Application > ServiceNow > Table
    • Azure > Active Directory > Application > ServiceNow > Table > Definition
    • Azure > Active Directory > Client Secret > ServiceNow
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Client Secret > ServiceNow > Table
    • Azure > Active Directory > Client Secret > ServiceNow > Table > Definition
    • Azure > Active Directory > Custom Domain > ServiceNow
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Custom Domain > ServiceNow > Table
    • Azure > Active Directory > Custom Domain > ServiceNow > Table > Definition
    • Azure > Active Directory > Directory > ServiceNow
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Directory > ServiceNow > Table
    • Azure > Active Directory > Directory > ServiceNow > Table > Definition
    • Azure > Active Directory > Group > ServiceNow
    • Azure > Active Directory > Group > ServiceNow > Configuration Item
    • Azure > Active Directory > Group > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Group > ServiceNow > Table
    • Azure > Active Directory > Group > ServiceNow > Table > Definition
    • Azure > Active Directory > Service Principal > ServiceNow
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > Service Principal > ServiceNow > Table
    • Azure > Active Directory > Service Principal > ServiceNow > Table > Definition
    • Azure > Active Directory > User > ServiceNow
    • Azure > Active Directory > User > ServiceNow > Configuration Item
    • Azure > Active Directory > User > ServiceNow > Configuration Item > Record
    • Azure > Active Directory > User > ServiceNow > Configuration Item > Table Definition
    • Azure > Active Directory > User > ServiceNow > Table
    • Azure > Active Directory > User > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • GCP > Pub/Sub > Snapshot > ServiceNow
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table
    • GCP > Pub/Sub > Subscription > ServiceNow
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Subscription > ServiceNow > Table
    • GCP > Pub/Sub > Topic > ServiceNow
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Topic > ServiceNow > Table
  • Policy Types:

    • GCP > Pub/Sub > Snapshot > ServiceNow
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table
    • GCP > Pub/Sub > Snapshot > ServiceNow > Table > Definition
    • GCP > Pub/Sub > Subscription > ServiceNow
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Subscription > ServiceNow > Table
    • GCP > Pub/Sub > Subscription > ServiceNow > Table > Definition
    • GCP > Pub/Sub > Topic > ServiceNow
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Record
    • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Table Definition
    • GCP > Pub/Sub > Topic > ServiceNow > Table
    • GCP > Pub/Sub > Topic > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Synapse Analytics > SQL Pool > ServiceNow
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
    • Azure > Synapse Analytics > Workspace > ServiceNow
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table
  • Policy Types:

    • Azure > Synapse Analytics > SQL Pool > ServiceNow
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Record
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Table Definition
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
    • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table > Definition
    • Azure > Synapse Analytics > Workspace > ServiceNow
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Record
    • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table
    • Azure > Synapse Analytics > Workspace > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Table
  • Policy Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
    • Azure > Search Management > Search Service > ServiceNow > Table
    • Azure > Search Management > Search Service > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Service Bus > Namespace > ServiceNow
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
    • Azure > Service Bus > Namespace > ServiceNow > Table
    • Azure > Service Bus > Queue > ServiceNow
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item
    • Azure > Service Bus > Queue > ServiceNow > Table
    • Azure > Service Bus > Topic > ServiceNow
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item
    • Azure > Service Bus > Topic > ServiceNow > Table
  • Policy Types:

    • Azure > Service Bus > Namespace > ServiceNow
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Namespace > ServiceNow > Table
    • Azure > Service Bus > Namespace > ServiceNow > Table > Definition
    • Azure > Service Bus > Queue > ServiceNow
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Queue > ServiceNow > Table
    • Azure > Service Bus > Queue > ServiceNow > Table > Definition
    • Azure > Service Bus > Topic > ServiceNow
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Record
    • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Table Definition
    • Azure > Service Bus > Topic > ServiceNow > Table
    • Azure > Service Bus > Topic > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Load Balancer > Load Balance > ServiceNow
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
    • Azure > Load Balancer > Load Balance > ServiceNow > Table
  • Policy Types:

    • Azure > Load Balancer > Load Balance > ServiceNow
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Record
    • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Table Definition
    • Azure > Load Balancer > Load Balance > ServiceNow > Table
    • Azure > Load Balancer > Load Balance > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > DNS > Record Set > ServiceNow
    • Azure > DNS > Record Set > ServiceNow > Configuration Item
    • Azure > DNS > Record Set > ServiceNow > Table
    • Azure > DNS > Zone > ServiceNow
    • Azure > DNS > Zone > ServiceNow > Configuration Item
    • Azure > DNS > Zone > ServiceNow > Table
  • Policy Types:

    • Azure > DNS > Record Set > ServiceNow
    • Azure > DNS > Record Set > ServiceNow > Configuration Item
    • Azure > DNS > Record Set > ServiceNow > Configuration Item > Record
    • Azure > DNS > Record Set > ServiceNow > Configuration Item > Table Definition
    • Azure > DNS > Record Set > ServiceNow > Table
    • Azure > DNS > Record Set > ServiceNow > Table > Definition
    • Azure > DNS > Zone > ServiceNow
    • Azure > DNS > Zone > ServiceNow > Configuration Item
    • Azure > DNS > Zone > ServiceNow > Configuration Item > Record
    • Azure > DNS > Zone > ServiceNow > Configuration Item > Table Definition
    • Azure > DNS > Zone > ServiceNow > Table
    • Azure > DNS > Zone > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Cosmos DB > Database Account > ServiceNow
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
    • Azure > Cosmos DB > Database Account > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Database > ServiceNow
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
    • Azure > Cosmos DB > SQL Container > ServiceNow
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table
    • Azure > Cosmos DB > SQL Database > ServiceNow
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table
  • Policy Types:

    • Azure > Cosmos DB > Database Account > ServiceNow
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > Database Account > ServiceNow > Table
    • Azure > Cosmos DB > Database Account > ServiceNow > Table > Definition
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table > Definition
    • Azure > Cosmos DB > MongoDB Database > ServiceNow
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
    • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table > Definition
    • Azure > Cosmos DB > SQL Container > ServiceNow
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table
    • Azure > Cosmos DB > SQL Container > ServiceNow > Table > Definition
    • Azure > Cosmos DB > SQL Database > ServiceNow
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Record
    • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Table Definition
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table
    • Azure > Cosmos DB > SQL Database > ServiceNow > Table > Definition

What's new?

  • Server
    • Updated: Enhanced IAM policy for tighter access around Mod Lambda SNS topic.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Control Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Table
  • Policy Types:

    • Azure > Search Management > Search Service > ServiceNow
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
    • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
    • Azure > Search Management > Search Service > ServiceNow > Table
    • Azure > Search Management > Search Service > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Network Watcher > Flow Log > ServiceNow
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
    • Azure > Network Watcher > Flow Log > ServiceNow > Table
    • Azure > Network Watcher > Network Watcher > ServiceNow
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table
  • Policy Types:

    • Azure > Network Watcher > Flow Log > ServiceNow
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Record
    • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Table Definition
    • Azure > Network Watcher > Flow Log > ServiceNow > Table
    • Azure > Network Watcher > Flow Log > ServiceNow > Table > Definition
    • Azure > Network Watcher > Network Watcher > ServiceNow
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Record
    • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Table Definition
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table
    • Azure > Network Watcher > Network Watcher > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Front Door > Front Door > ServiceNow
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item
    • Azure > Front Door > Front Door > ServiceNow > Table
  • Policy Types:

    • Azure > Front Door > Front Door > ServiceNow
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Record
    • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Table Definition
    • Azure > Front Door > Front Door > ServiceNow > Table
    • Azure > Front Door > Front Door > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Application Insights > Application Insight > ServiceNow
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
    • Azure > Application Insights > Application Insight > ServiceNow > Table
  • Policy Types:

    • Azure > Application Insights > Application Insight > ServiceNow
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Record
    • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Table Definition
    • Azure > Application Insights > Application Insight > ServiceNow > Table
    • Azure > Application Insights > Application Insight > ServiceNow > Table > Definition

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Control Types:

    • Azure > Security Center > Security Center > ServiceNow
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item
    • Azure > Security Center > Security Center > ServiceNow > Table
  • Policy Types:

    • Azure > Security Center > Security Center > ServiceNow
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Record
    • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Table Definition
    • Azure > Security Center > Security Center > ServiceNow > Table
    • Azure > Security Center > Security Center > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Firewall > Firewall > ServiceNow
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item
    • Azure > Firewall > Firewall > ServiceNow > Table
  • Policy Types:

    • Azure > Firewall > Firewall > ServiceNow
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Record
    • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Table Definition
    • Azure > Firewall > Firewall > ServiceNow > Table
    • Azure > Firewall > Firewall > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Application Gateway Service > Application Gateway > ServiceNow
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
  • Policy Types:

    • Azure > Application Gateway Service > Application Gateway > ServiceNow
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Record
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Table Definition
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
    • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > API Management > API Management Service > ServiceNow
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item
    • Azure > API Management > API Management Service > ServiceNow > Table
  • Policy Types:

    • Azure > API Management > API Management Service > ServiceNow
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Record
    • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Table Definition
    • Azure > API Management > API Management Service > ServiceNow > Table
    • Azure > API Management > API Management Service > ServiceNow > Table > Definition

What's new?

  • Server

    • Updated: The directory API to support Require Signed Assertion Response.
  • UI:

    • Added: Introduced UI options for Require Signed Assertion Response for enhanced security in SAML authentication.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Enhanced Security and Compatibility Guide for SAML Authentication

Description: The recent update to @node-saml/passport-saml mandates the signing of the assertion response. To ensure backward compatibility, we have introduced a new configuration option in the UI:

  • Require Signed Assertion Response

By default, this option is set to Disabled to maintain compatibility with existing setups.

Recommendations: We recommend enabling this option as it adds an additional layer of security. However, please be aware that enabling this setting might impact the SAML login functionality.

What's new?

  • Control Types:

    • Azure > Relay > Namespace > ServiceNow
    • Azure > Relay > Namespace > ServiceNow > Configuration Item
    • Azure > Relay > Namespace > ServiceNow > Table
  • Policy Types:

    • Azure > Relay > Namespace > ServiceNow
    • Azure > Relay > Namespace > ServiceNow > Configuration Item
    • Azure > Relay > Namespace > ServiceNow > Configuration Item > Record
    • Azure > Relay > Namespace > ServiceNow > Configuration Item > Table Definition
    • Azure > Relay > Namespace > ServiceNow > Table
    • Azure > Relay > Namespace > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
  • Policy Types:

    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Record
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Table Definition
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
    • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > App Service > App Service Plan > ServiceNow
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
    • Azure > App Service > App Service Plan > ServiceNow > Table
    • Azure > App Service > Function App > ServiceNow
    • Azure > App Service > Function App > ServiceNow > Configuration Item
    • Azure > App Service > Function App > ServiceNow > Table
    • Azure > App Service > Web App > ServiceNow
    • Azure > App Service > Web App > ServiceNow > Configuration Item
    • Azure > App Service > Web App > ServiceNow > Table
  • Policy Types:

    • Azure > App Service > App Service Plan > ServiceNow
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Record
    • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > App Service Plan > ServiceNow > Table
    • Azure > App Service > App Service Plan > ServiceNow > Table > Definition
    • Azure > App Service > Function App > ServiceNow
    • Azure > App Service > Function App > ServiceNow > Configuration Item
    • Azure > App Service > Function App > ServiceNow > Configuration Item > Record
    • Azure > App Service > Function App > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > Function App > ServiceNow > Table
    • Azure > App Service > Function App > ServiceNow > Table > Definition
    • Azure > App Service > Web App > ServiceNow
    • Azure > App Service > Web App > ServiceNow > Configuration Item
    • Azure > App Service > Web App > ServiceNow > Configuration Item > Record
    • Azure > App Service > Web App > ServiceNow > Configuration Item > Table Definition
    • Azure > App Service > Web App > ServiceNow > Table
    • Azure > App Service > Web App > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > SignalR Service > SignalR > ServiceNow
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
    • Azure > SignalR Service > SignalR > ServiceNow > Table
  • Policy Types:

    • Azure > SignalR Service > SignalR > ServiceNow
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Record
    • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Table Definition
    • Azure > SignalR Service > SignalR > ServiceNow > Table
    • Azure > SignalR Service > SignalR > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > AKS > Managed Cluster > ServiceNow
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
    • Azure > AKS > Managed Cluster > ServiceNow > Table
  • Policy Types:

    • Azure > AKS > Managed Cluster > ServiceNow
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Record
    • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Table Definition
    • Azure > AKS > Managed Cluster > ServiceNow > Table
    • Azure > AKS > Managed Cluster > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > SQL > Database > ServiceNow
    • Azure > SQL > Database > ServiceNow > Configuration Item
    • Azure > SQL > Database > ServiceNow > Table
    • Azure > SQL > Elastic Pool > ServiceNow
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
    • Azure > SQL > Elastic Pool > ServiceNow > Table
  • Policy Types:

    • Azure > SQL > Database > ServiceNow
    • Azure > SQL > Database > ServiceNow > Configuration Item
    • Azure > SQL > Database > ServiceNow > Configuration Item > Record
    • Azure > SQL > Database > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Database > ServiceNow > Table
    • Azure > SQL > Database > ServiceNow > Table > Definition
    • Azure > SQL > Elastic Pool > ServiceNow
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Record
    • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Elastic Pool > ServiceNow > Table
    • Azure > SQL > Elastic Pool > ServiceNow > Table > Definition

What's new?

  • Control Types:
    • Azure > Network > Application Security Group > ServiceNow
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item
    • Azure > Network > Application Security Group > ServiceNow > Table
    • Azure > Network > Express Route Circuits > ServiceNow
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
    • Azure > Network > Express Route Circuits > ServiceNow > Table
    • Azure > Network > Network Interface > ServiceNow
    • Azure > Network > Network Interface > ServiceNow > Configuration Item
    • Azure > Network > Network Interface > ServiceNow > Table
    • Azure > Network > Private DNS Zones > ServiceNow
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
    • Azure > Network > Private DNS Zones > ServiceNow > Table
    • Azure > Network > Public IP Address > ServiceNow
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item
    • Azure > Network > Public IP Address > ServiceNow > Table
    • Azure > Network > Route Table > ServiceNow
    • Azure > Network > Route Table > ServiceNow > Configuration Item
    • Azure > Network > Route Table > ServiceNow > Table
    • Azure > Network > Virtual Network Gateway > ServiceNow
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table
  • Policy Types:
    • Azure > Network > Application Security Group > ServiceNow
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Record
    • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Application Security Group > ServiceNow > Table
    • Azure > Network > Application Security Group > ServiceNow > Table > Definition
    • Azure > Network > Express Route Circuits > ServiceNow
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Record
    • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Express Route Circuits > ServiceNow > Table
    • Azure > Network > Express Route Circuits > ServiceNow > Table > Definition
    • Azure > Network > Network Interface > ServiceNow
    • Azure > Network > Network Interface > ServiceNow > Configuration Item
    • Azure > Network > Network Interface > ServiceNow > Configuration Item > Record
    • Azure > Network > Network Interface > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Network Interface > ServiceNow > Table
    • Azure > Network > Network Interface > ServiceNow > Table > Definition
    • Azure > Network > Private DNS Zones > ServiceNow
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Record
    • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Private DNS Zones > ServiceNow > Table
    • Azure > Network > Private DNS Zones > ServiceNow > Table > Definition
    • Azure > Network > Public IP Address > ServiceNow
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Record
    • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Public IP Address > ServiceNow > Table
    • Azure > Network > Public IP Address > ServiceNow > Table > Definition
    • Azure > Network > Route Table > ServiceNow
    • Azure > Network > Route Table > ServiceNow > Configuration Item
    • Azure > Network > Route Table > ServiceNow > Configuration Item > Record
    • Azure > Network > Route Table > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Route Table > ServiceNow > Table
    • Azure > Network > Route Table > ServiceNow > Table > Definition
    • Azure > Network > Virtual Network Gateway > ServiceNow
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Record
    • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table
    • Azure > Network > Virtual Network Gateway > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > Key Vault > Key > ServiceNow
    • Azure > Key Vault > Key > ServiceNow > Configuration Item
    • Azure > Key Vault > Key > ServiceNow > Table
    • Azure > Key Vault > Secret > ServiceNow
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item
    • Azure > Key Vault > Secret > ServiceNow > Table
    • Azure > Key Vault > Vault > ServiceNow
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item
    • Azure > Key Vault > Vault > ServiceNow > Table
  • Policy Types:

    • Azure > Key Vault > Key > ServiceNow
    • Azure > Key Vault > Key > ServiceNow > Configuration Item
    • Azure > Key Vault > Key > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Key > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Key > ServiceNow > Table
    • Azure > Key Vault > Key > ServiceNow > Table > Definition
    • Azure > Key Vault > Secret > ServiceNow
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Secret > ServiceNow > Table
    • Azure > Key Vault > Secret > ServiceNow > Table > Definition
    • Azure > Key Vault > Vault > ServiceNow
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Record
    • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Table Definition
    • Azure > Key Vault > Vault > ServiceNow > Table
    • Azure > Key Vault > Vault > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > PostgreSQL > Flexible Server > ServiceNow
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table
  • Policy Types:

    • Azure > PostgreSQL > Flexible Server > ServiceNow
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Record
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table
    • Azure > PostgreSQL > Flexible Server > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • Azure > MySQL > Flexible Server > ServiceNow
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > MySQL > Flexible Server > ServiceNow > Table
  • Policy Types:

    • Azure > MySQL > Flexible Server > ServiceNow
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Record
    • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
    • Azure > MySQL > Flexible Server > ServiceNow > Table
    • Azure > MySQL > Flexible Server > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > KMS > Key > ServiceNow
    • AWS > KMS > Key > ServiceNow > Configuration Item
    • AWS > KMS > Key > ServiceNow > Table
  • Policy Types:

    • AWS > KMS > Key > ServiceNow
    • AWS > KMS > Key > ServiceNow > Configuration Item
    • AWS > KMS > Key > ServiceNow > Configuration Item > Record
    • AWS > KMS > Key > ServiceNow > Configuration Item > Table Definition
    • AWS > KMS > Key > ServiceNow > Table
    • AWS > KMS > Key > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > CloudWatch > Alarm > ServiceNow
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
    • AWS > CloudWatch > Alarm > ServiceNow > Table
  • Policy Types:

    • AWS > CloudWatch > Alarm > ServiceNow
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Record
    • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Table Definition
    • AWS > CloudWatch > Alarm > ServiceNow > Table
    • AWS > CloudWatch > Alarm > ServiceNow > Table > Definition

What's new?

  • Control Types:

    • AWS > CloudTrail > Trail > ServiceNow
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
    • AWS > CloudTrail > Trail > ServiceNow > Table
  • Policy Types:

    • AWS > CloudTrail > Trail > ServiceNow
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Record
    • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Table Definition
    • AWS > CloudTrail > Trail > ServiceNow > Table
    • AWS > CloudTrail > Trail > ServiceNow > Table > Definition

Bug fixes

  • The AWS > RDS > DB Instance > Discovery control would sometimes upsert DocumentDB Instances as RDS Instances in Guardrails CMDB. This is fixed and the control will now filter out DocumentDB Instances while upserting resources in CMDB.

What's new?

  • Added support for latest lambda runtimes in the AWS > Lambda > Function > Allowed Runtime > Values policy.

What's new?

  • Control Types:

    • AWS > IAM > Root > Approved
  • Policy Types:

    • AWS > IAM > Root > Approved
    • AWS > IAM > Root > Approved > Custom
    • AWS > IAM > Root > Approved > Usage
  • Action Types:

    • AWS > IAM > Root > Skip alarm for Approved control
    • AWS > IAM > Root > Skip alarm for Approved control [90 days]

Bug fixes

  • The AWS > IAM > Account Password Policy > CMDB control would incorrectly go into an Alarm state when Guardrails was denied access to fetch the Account Password Policy data. This is fixed and the control will now move to an Error state instead for such cases.
  • Guardrails stack controls would sometimes fail to update IAM resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

Bug fixes

  • README.md file is now available for users to check details about resource types that the mod covers.

What's new?

  • AWS/CloudFront/Admin and AWS/CloudFront/Metadata will now also include permissions for CloudFront KeyValueStore.

Bug fixes

  • Server
    • Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > GCP
  • Control Types:

    • ServiceNow > Turbot > Watches > GCP
  • Action Types:

    • ServiceNow > Turbot > Watches > GCP Archive And Delete Record

What's new?

  • Policy Types:

    • GCP > Storage > Bucket > ServiceNow
    • GCP > Storage > Bucket > ServiceNow > Configuration Item
    • GCP > Storage > Bucket > ServiceNow > Configuration Item > Record
    • GCP > Storage > Bucket > ServiceNow > Configuration Item > Table Definition
    • GCP > Storage > Bucket > ServiceNow > Table
    • GCP > Storage > Bucket > ServiceNow > Table > Definition
  • Control Types:

    • GCP > Storage > Bucket > ServiceNow
    • GCP > Storage > Bucket > ServiceNow > Configuration Item
    • GCP > Storage > Bucket > ServiceNow > Table

What's new?

  • Policy Types:

    • GCP > SQL > Instance > ServiceNow
    • GCP > SQL > Instance > ServiceNow > Configuration Item
    • GCP > SQL > Instance > ServiceNow > Configuration Item > Record
    • GCP > SQL > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > SQL > Instance > ServiceNow > Table
    • GCP > SQL > Instance > ServiceNow > Table > Definition
  • Control Types:

    • GCP > SQL > Instance > ServiceNow
    • GCP > SQL > Instance > ServiceNow > Configuration Item
    • GCP > SQL > Instance > ServiceNow > Table

What's new?

  • Policy Types:

    • GCP > Network > Network > ServiceNow
    • GCP > Network > Network > ServiceNow > Configuration Item
    • GCP > Network > Network > ServiceNow > Configuration Item > Record
    • GCP > Network > Network > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Network > ServiceNow > Table
    • GCP > Network > Network > ServiceNow > Table > Definition
    • GCP > Network > Subnetwork > ServiceNow
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Record
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Table Definition
    • GCP > Network > Subnetwork > ServiceNow > Table
    • GCP > Network > Subnetwork > ServiceNow > Table > Definition
  • Control Types:

    • GCP > Network > Network > ServiceNow
    • GCP > Network > Network > ServiceNow > Configuration Item
    • GCP > Network > Network > ServiceNow > Table
    • GCP > Network > Subnetwork > ServiceNow
    • GCP > Network > Subnetwork > ServiceNow > Configuration Item
    • GCP > Network > Subnetwork > ServiceNow > Table

What's new?

  • Policy Types:

    • GCP > Compute Engine > Disk > ServiceNow
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Disk > ServiceNow > Table
    • GCP > Compute Engine > Disk > ServiceNow > Table > Definition
    • GCP > Compute Engine > Image > ServiceNow
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Image > ServiceNow > Table
    • GCP > Compute Engine > Image > ServiceNow > Table > Definition
    • GCP > Compute Engine > Instance > ServiceNow
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Instance > ServiceNow > Table
    • GCP > Compute Engine > Instance > ServiceNow > Table > Definition
    • GCP > Compute Engine > Snapshot > ServiceNow
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Record
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Table Definition
    • GCP > Compute Engine > Snapshot > ServiceNow > Table
    • GCP > Compute Engine > Snapshot > ServiceNow > Table > Definition
  • Control Types:

    • GCP > Compute Engine > Disk > ServiceNow
    • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
    • GCP > Compute Engine > Disk > ServiceNow > Table
    • GCP > Compute Engine > Image > ServiceNow
    • GCP > Compute Engine > Image > ServiceNow > Configuration Item
    • GCP > Compute Engine > Image > ServiceNow > Table
    • GCP > Compute Engine > Instance > ServiceNow
    • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
    • GCP > Compute Engine > Instance > ServiceNow > Table
    • GCP > Compute Engine > Snapshot > ServiceNow
    • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
    • GCP > Compute Engine > Snapshot > ServiceNow > Table

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > Azure
  • Control Types:

    • ServiceNow > Turbot > Watches > Azure
  • Action Types:

    • ServiceNow > Turbot > Watches > Azure Archive And Delete Record

What's new?

  • Policy Types:

    • Azure > Storage > Storage Account > ServiceNow
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Record
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Table Definition
    • Azure > Storage > Storage Account > ServiceNow > Table
    • Azure > Storage > Storage Account > ServiceNow > Table > Definition
  • Control Types:

    • Azure > Storage > Storage Account > ServiceNow
    • Azure > Storage > Storage Account > ServiceNow > Configuration Item
    • Azure > Storage > Storage Account > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > SQL > Server > ServiceNow
    • Azure > SQL > Server > ServiceNow > Configuration Item
    • Azure > SQL > Server > ServiceNow > Configuration Item > Record
    • Azure > SQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > SQL > Server > ServiceNow > Table
    • Azure > SQL > Server > ServiceNow > Table > Definition
  • Control Types:

    • Azure > SQL > Server > ServiceNow
    • Azure > SQL > Server > ServiceNow > Configuration Item
    • Azure > SQL > Server > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > PostgreSQL > Server > ServiceNow
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Record
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > PostgreSQL > Server > ServiceNow > Table
    • Azure > PostgreSQL > Server > ServiceNow > Table > Definition
  • Control Types:

    • Azure > PostgreSQL > Server > ServiceNow
    • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
    • Azure > PostgreSQL > Server > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > Network > Network Security Group > ServiceNow
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Record
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Network Security Group > ServiceNow > Table
    • Azure > Network > Network Security Group > ServiceNow > Table > Definition
    • Azure > Network > Subnet > ServiceNow
    • Azure > Network > Subnet > ServiceNow > Configuration Item
    • Azure > Network > Subnet > ServiceNow > Configuration Item > Record
    • Azure > Network > Subnet > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Subnet > ServiceNow > Table
    • Azure > Network > Subnet > ServiceNow > Table > Definition
    • Azure > Network > Virtual Network > ServiceNow
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Record
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Table Definition
    • Azure > Network > Virtual Network > ServiceNow > Table
    • Azure > Network > Virtual Network > ServiceNow > Table > Definition
  • Control Types:

    • Azure > Network > Network Security Group > ServiceNow
    • Azure > Network > Network Security Group > ServiceNow > Configuration Item
    • Azure > Network > Network Security Group > ServiceNow > Table
    • Azure > Network > Subnet > ServiceNow
    • Azure > Network > Subnet > ServiceNow > Configuration Item
    • Azure > Network > Subnet > ServiceNow > Table
    • Azure > Network > Virtual Network > ServiceNow
    • Azure > Network > Virtual Network > ServiceNow > Configuration Item
    • Azure > Network > Virtual Network > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > MySQL > Server > ServiceNow
    • Azure > MySQL > Server > ServiceNow > Configuration Item
    • Azure > MySQL > Server > ServiceNow > Configuration Item > Record
    • Azure > MySQL > Server > ServiceNow > Configuration Item > Table Definition
    • Azure > MySQL > Server > ServiceNow > Table
    • Azure > MySQL > Server > ServiceNow > Table > Definition
  • Control Types:

    • Azure > MySQL > Server > ServiceNow
    • Azure > MySQL > Server > ServiceNow > Configuration Item
    • Azure > MySQL > Server > ServiceNow > Table

What's new?

  • Policy Types:

    • Azure > Compute > Availability Set > ServiceNow
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Availability Set > ServiceNow > Table
    • Azure > Compute > Availability Set > ServiceNow > Table > Definition
    • Azure > Compute > Disk > ServiceNow
    • Azure > Compute > Disk > ServiceNow > Configuration Item
    • Azure > Compute > Disk > ServiceNow > Configuration Item > Record
    • Azure > Compute > Disk > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Disk > ServiceNow > Table
    • Azure > Compute > Disk > ServiceNow > Table > Definition
    • Azure > Compute > Disk Encryption Set > ServiceNow
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table > Definition
    • Azure > Compute > Image > ServiceNow
    • Azure > Compute > Image > ServiceNow > Configuration Item
    • Azure > Compute > Image > ServiceNow > Configuration Item > Record
    • Azure > Compute > Image > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Image > ServiceNow > Table
    • Azure > Compute > Image > ServiceNow > Table > Definition
    • Azure > Compute > Snapshot > ServiceNow
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Record
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Snapshot > ServiceNow > Table
    • Azure > Compute > Snapshot > ServiceNow > Table > Definition
    • Azure > Compute > Ssh Public Key > ServiceNow
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Record
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Ssh Public Key > ServiceNow > Table
    • Azure > Compute > Ssh Public Key > ServiceNow > Table > Definition
    • Azure > Compute > Virtual Machine > ServiceNow
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Record
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Virtual Machine > ServiceNow > Table
    • Azure > Compute > Virtual Machine > ServiceNow > Table > Definition
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Record
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Table Definition
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table > Definition
  • Control Types:

    • Azure > Compute > Availability Set > ServiceNow
    • Azure > Compute > Availability Set > ServiceNow > Configuration Item
    • Azure > Compute > Availability Set > ServiceNow > Table
    • Azure > Compute > Disk > ServiceNow
    • Azure > Compute > Disk > ServiceNow > Configuration Item
    • Azure > Compute > Disk > ServiceNow > Table
    • Azure > Compute > Disk Encryption Set > ServiceNow
    • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
    • Azure > Compute > Disk Encryption Set > ServiceNow > Table
    • Azure > Compute > Image > ServiceNow
    • Azure > Compute > Image > ServiceNow > Configuration Item
    • Azure > Compute > Image > ServiceNow > Table
    • Azure > Compute > Snapshot > ServiceNow
    • Azure > Compute > Snapshot > ServiceNow > Configuration Item
    • Azure > Compute > Snapshot > ServiceNow > Table
    • Azure > Compute > Ssh Public Key > ServiceNow
    • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
    • Azure > Compute > Ssh Public Key > ServiceNow > Table
    • Azure > Compute > Virtual Machine > ServiceNow
    • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine > ServiceNow > Table
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
    • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table

Bug fixes

  • The ServiceNow > Turbot > Watches > AWS control would fail to delete/archive records in ServiceNow. This is now fixed.

Bug fixes

  • Server
    • Updated TE stack to enable propagation of custom tags to ECS tasks.
    • Updated @turbot/aws-sdk to 5.13.0, @turbot/fn to 5.21.0 and aws-sdk to 2.922.

Requirements

  • TEF: 1.51.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
  • The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
  • The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

  • The Discovery controls for Application, Cost Center and User would sometimes upsert resources with incorrect AKAs for a freshly imported ServiceNow Instance in Guardrails CMDB. This is fixed and the controls will now work as expected.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

  • The AWS > Turbot > Event Poller policy will now be automatically set to Disabled if any of the AWS > Turbot > Event Handlers or AWS > Turbot > Event Handlers [Global] policies is set to Enforce: Configured.

Bug fixes

  • Server
    • ServiceNow Instance Client Secret and Password were processed incorrectly while fetching credentials for the Instance.

Bug fixes

  • Server
    • Create mutation for ServiceNow instance failed if no instances were available in a Guardrails workspace.

What's new?

  • Resource Types:

    • ServiceNow
    • ServiceNow > Application
    • ServiceNow > Cost Center
    • ServiceNow > Instance
    • ServiceNow > User
  • Policy Types:

    • ServiceNow > Application > Business Rule
    • ServiceNow > Application > Business Rule > Name
    • ServiceNow > Application > CMDB
    • ServiceNow > Config
    • ServiceNow > Config > Application Scope
    • ServiceNow > Config > Client ID
    • ServiceNow > Config > Client Secret
    • ServiceNow > Config > Instance URL
    • ServiceNow > Config > Password
    • ServiceNow > Config > System Properties
    • ServiceNow > Config > System Properties > Template
    • ServiceNow > Config > Username
    • ServiceNow > Cost Center > Business Rule
    • ServiceNow > Cost Center > Business Rule > Name
    • ServiceNow > Cost Center > CMDB
    • ServiceNow > Instance > CMDB
    • ServiceNow > Login Names
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches
    • ServiceNow > User > Business Rule
    • ServiceNow > User > Business Rule > Name
    • ServiceNow > User > CMDB
  • Control Types:

    • ServiceNow > Application > Business Rule
    • ServiceNow > Application > CMDB
    • ServiceNow > Application > Discovery
    • ServiceNow > Config
    • ServiceNow > Config > System Properties
    • ServiceNow > Cost Center > Business Rule
    • ServiceNow > Cost Center > CMDB
    • ServiceNow > Cost Center > Discovery
    • ServiceNow > Instance > CMDB
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches
    • ServiceNow > User > Business Rule
    • ServiceNow > User > CMDB
    • ServiceNow > User > Discovery
  • Action Types:

    • ServiceNow > Instance > Event Handler
    • ServiceNow > Turbot
    • ServiceNow > Turbot > Watches

What's new?

  • Policy Types:

    • AWS > VPC > Network ACL > ServiceNow
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item > Record
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Network ACL > ServiceNow > Table
    • AWS > VPC > Network ACL > ServiceNow > Table > Definition
    • AWS > VPC > Security Group > ServiceNow
    • AWS > VPC > Security Group > ServiceNow > Configuration Item
    • AWS > VPC > Security Group > ServiceNow > Configuration Item > Record
    • AWS > VPC > Security Group > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Security Group > ServiceNow > Table
    • AWS > VPC > Security Group > ServiceNow > Table > Definition
  • Control Types:

    • AWS > VPC > Network ACL > ServiceNow
    • AWS > VPC > Network ACL > ServiceNow > Configuration Item
    • AWS > VPC > Network ACL > ServiceNow > Table
    • AWS > VPC > Security Group > ServiceNow
    • AWS > VPC > Security Group > ServiceNow > Configuration Item
    • AWS > VPC > Security Group > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > VPC > Elastic IP > ServiceNow
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Record
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Elastic IP > ServiceNow > Table
    • AWS > VPC > Elastic IP > ServiceNow > Table > Definition
  • Control Types:

    • AWS > VPC > Elastic IP > ServiceNow
    • AWS > VPC > Elastic IP > ServiceNow > Configuration Item
    • AWS > VPC > Elastic IP > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > VPC > Route Table > ServiceNow
    • AWS > VPC > Route Table > ServiceNow > Configuration Item
    • AWS > VPC > Route Table > ServiceNow > Configuration Item > Record
    • AWS > VPC > Route Table > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Route Table > ServiceNow > Table
    • AWS > VPC > Route Table > ServiceNow > Table > Definition
    • AWS > VPC > Subnet > ServiceNow
    • AWS > VPC > Subnet > ServiceNow > Configuration Item
    • AWS > VPC > Subnet > ServiceNow > Configuration Item > Record
    • AWS > VPC > Subnet > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > Subnet > ServiceNow > Table
    • AWS > VPC > Subnet > ServiceNow > Table > Definition
    • AWS > VPC > VPC > ServiceNow
    • AWS > VPC > VPC > ServiceNow > Configuration Item
    • AWS > VPC > VPC > ServiceNow > Configuration Item > Record
    • AWS > VPC > VPC > ServiceNow > Configuration Item > Table Definition
    • AWS > VPC > VPC > ServiceNow > Table
    • AWS > VPC > VPC > ServiceNow > Table > Definition
  • Control Types:

    • AWS > VPC > Route Table > ServiceNow
    • AWS > VPC > Route Table > ServiceNow > Configuration Item
    • AWS > VPC > Route Table > ServiceNow > Table
    • AWS > VPC > Subnet > ServiceNow
    • AWS > VPC > Subnet > ServiceNow > Configuration Item
    • AWS > VPC > Subnet > ServiceNow > Table
    • AWS > VPC > VPC > ServiceNow
    • AWS > VPC > VPC > ServiceNow > Configuration Item
    • AWS > VPC > VPC > ServiceNow > Table

What's new?

  • Policy Types:

    • ServiceNow > Turbot > Watches > AWS
  • Control Types:

    • ServiceNow > Turbot > Watches > AWS
  • Action Types:

    • ServiceNow > Turbot > Watches > AWS Archive And Delete Record

What's new?

  • Policy Types:

    • AWS > S3 > Bucket > ServiceNow
    • AWS > S3 > Bucket > ServiceNow > Configuration Item
    • AWS > S3 > Bucket > ServiceNow > Configuration Item > Record
    • AWS > S3 > Bucket > ServiceNow > Configuration Item > Table Definition
    • AWS > S3 > Bucket > ServiceNow > Table
    • AWS > S3 > Bucket > ServiceNow > Table > Definition
  • Control Types:

    • AWS > S3 > Bucket > ServiceNow
    • AWS > S3 > Bucket > ServiceNow > Configuration Item
    • AWS > S3 > Bucket > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > IAM > Group > ServiceNow
    • AWS > IAM > Group > ServiceNow > Configuration Item
    • AWS > IAM > Group > ServiceNow > Configuration Item > Record
    • AWS > IAM > Group > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > Group > ServiceNow > Table
    • AWS > IAM > Group > ServiceNow > Table > Definition
    • AWS > IAM > Role > ServiceNow
    • AWS > IAM > Role > ServiceNow > Configuration Item
    • AWS > IAM > Role > ServiceNow > Configuration Item > Record
    • AWS > IAM > Role > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > Role > ServiceNow > Table
    • AWS > IAM > Role > ServiceNow > Table > Definition
    • AWS > IAM > User > ServiceNow
    • AWS > IAM > User > ServiceNow > Configuration Item
    • AWS > IAM > User > ServiceNow > Configuration Item > Record
    • AWS > IAM > User > ServiceNow > Configuration Item > Table Definition
    • AWS > IAM > User > ServiceNow > Table
    • AWS > IAM > User > ServiceNow > Table > Definition
  • Control Types:

    • AWS > IAM > Group > ServiceNow
    • AWS > IAM > Group > ServiceNow > Configuration Item
    • AWS > IAM > Group > ServiceNow > Table
    • AWS > IAM > Role > ServiceNow
    • AWS > IAM > Role > ServiceNow > Configuration Item
    • AWS > IAM > Role > ServiceNow > Table
    • AWS > IAM > User > ServiceNow
    • AWS > IAM > User > ServiceNow > Configuration Item
    • AWS > IAM > User > ServiceNow > Table

What's new?

  • Policy Types:

    • AWS > EC2 > Instance > ServiceNow
    • AWS > EC2 > Instance > ServiceNow > Configuration Item
    • AWS > EC2 > Instance > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Instance > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Instance > ServiceNow > Table
    • AWS > EC2 > Instance > ServiceNow > Table > Definition
    • AWS > EC2 > Snapshot > ServiceNow
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Snapshot > ServiceNow > Table
    • AWS > EC2 > Snapshot > ServiceNow > Table > Definition
    • AWS > EC2 > Volume > ServiceNow
    • AWS > EC2 > Volume > ServiceNow > Configuration Item
    • AWS > EC2 > Volume > ServiceNow > Configuration Item > Record
    • AWS > EC2 > Volume > ServiceNow > Configuration Item > Table Definition
    • AWS > EC2 > Volume > ServiceNow > Table
    • AWS > EC2 > Volume > ServiceNow > Table > Definition
  • Control Types:

    • AWS > EC2 > Instance > ServiceNow
    • AWS > EC2 > Instance > ServiceNow > Configuration Item
    • AWS > EC2 > Instance > ServiceNow > Table
    • AWS > EC2 > Snapshot > ServiceNow
    • AWS > EC2 > Snapshot > ServiceNow > Configuration Item
    • AWS > EC2 > Snapshot > ServiceNow > Table
    • AWS > EC2 > Volume > ServiceNow
    • AWS > EC2 > Volume > ServiceNow > Configuration Item
    • AWS > EC2 > Volume > ServiceNow > Table

What's new?

  • Server

    • Added: Support for creating and deleting watches using @turbot/sdk.
    • Updated: @turbot/fn, @turbot/aws-sdk, aws-sdk, @turbot/utils, @turbot/errors, @turbot/log, @turbot/responses packages.
    • Added: Support for ServiceNow credentials.
  • UI:

    • Added: Support to import ServiceNow Instance in Guardrails.

What's new?

  • Control Category Types:
    • CMDB > External
    • Cloud > Integration

What's new?

  • Resource Types:

    • AWS > Kendra
  • Policy Types:

    • AWS > Kendra > API Enabled
    • AWS > Kendra > Approved Regions [Default]
    • AWS > Kendra > Enabled
    • AWS > Kendra > Permissions
    • AWS > Kendra > Permissions > Levels
    • AWS > Kendra > Permissions > Levels > Modifiers
    • AWS > Kendra > Permissions > Lockdown
    • AWS > Kendra > Permissions > Lockdown > API Boundary
    • AWS > Kendra > Regions
    • AWS > Kendra > Tags Template [Default]
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-kendra
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-kendra
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-kendra

What's new?

  • Category Types:
    • Turbot > Resource > Category > Business Application
    • Turbot > Resource > Category > Cloud > Api
    • Turbot > Resource > Category > Cloud > Provider
    • Turbot > Resource > Category > Cloud > Resource Group
    • Turbot > Resource > Category > Container
    • Turbot > Resource > Category > Cost Management
    • Turbot > Resource > Category > End User Computing
    • Turbot > Resource > Category > Migration
    • Turbot > Resource > Category > Robotics

What's new?

  • Added support to process enable and disable real-time events for Firebase Management APIs.

What's new?

  • You can now Enable/Disable Firebase Management API via Guardrails. To get started, set the GCP > Firebase > API Enabled policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • GCP > Firebase > API Enabled
  • Policy Types:

    • GCP > Firebase > API Enabled
    • GCP > Firebase > Android App > Approved > Custom
    • GCP > Firebase > Web App > Approved > Custom
    • GCP > Firebase > iOS App > Approved > Custom
  • Action Types:

    • GCP > Firebase > Set API Enabled

What's new?

  • Added support for newer US, Europe, India and US Government regions in the Azure > Synapse Analytics > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Synapse Analytics > SQL Pool > Approved > Custom
    • Azure > Synapse Analytics > SQL Pool > Regions
    • Azure > Synapse Analytics > Workspace > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > API Management > API Management Service > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > AKS > Managed Cluster > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Network Watcher > Flow Log > Approved > Custom
    • Azure > Network Watcher > Network Watcher > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Data Factory > Dataset > Approved > Custom
    • Azure > Data Factory > Factory > Approved > Custom
    • Azure > Data Factory > Pipeline > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Firewall > Firewall > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Front Door > Front Door > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Databricks > Workspace > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Policy Types:
    • GCP > Compute Engine > Image > Policy > Trusted Access > All Authenticated
    • GCP > Compute Engine > Image > Policy > Trusted Access > All Users

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > SignalR Service > SignalR > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Relay > Namespace > Approved > Custom

What's new?

  • Policy Types:
    • GCP > Functions > Function > Policy > Trusted Access > All Authenticated
    • GCP > Functions > Function > Policy > Trusted Access > All Users

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Search Management > Search Service > Approved > Custom

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • Azure > Recovery Service > Vault > Approved > Custom

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > SWF > Domain > Approved > Custom
  • Action Types:

    • AWS > SWF > Domain > Set Tags
    • AWS > SWF > Domain > Skip alarm for Active control
    • AWS > SWF > Domain > Skip alarm for Active control [90 days]
    • AWS > SWF > Domain > Skip alarm for Approved control
    • AWS > SWF > Domain > Skip alarm for Approved control [90 days]
    • AWS > SWF > Domain > Skip alarm for Tags control
    • AWS > SWF > Domain > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > QLDB > Ledger > Approved > Custom
  • Action Types:

    • AWS > QLDB > Ledger > Delete from AWS
    • AWS > QLDB > Ledger > Set Tags
    • AWS > QLDB > Ledger > Skip alarm for Active control
    • AWS > QLDB > Ledger > Skip alarm for Active control [90 days]
    • AWS > QLDB > Ledger > Skip alarm for Approved control
    • AWS > QLDB > Ledger > Skip alarm for Approved control [90 days]
    • AWS > QLDB > Ledger > Skip alarm for Tags control
    • AWS > QLDB > Ledger > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Neptune > DB Cluster > Approved > Custom
    • AWS > Neptune > DB Instance > Approved > Custom
  • Action Types:

    • AWS > Neptune > DB Cluster > Delete from AWS
    • AWS > Neptune > DB Cluster > Set Tags
    • AWS > Neptune > DB Cluster > Skip alarm for Active control
    • AWS > Neptune > DB Cluster > Skip alarm for Active control [90 days]
    • AWS > Neptune > DB Cluster > Skip alarm for Approved control
    • AWS > Neptune > DB Cluster > Skip alarm for Approved control [90 days]
    • AWS > Neptune > DB Cluster > Skip alarm for Tags control
    • AWS > Neptune > DB Cluster > Skip alarm for Tags control [90 days]
    • AWS > Neptune > DB Instance > Delete from AWS
    • AWS > Neptune > DB Instance > Set Tags
    • AWS > Neptune > DB Instance > Skip alarm for Active control
    • AWS > Neptune > DB Instance > Skip alarm for Active control [90 days]
    • AWS > Neptune > DB Instance > Skip alarm for Approved control
    • AWS > Neptune > DB Instance > Skip alarm for Approved control [90 days]
    • AWS > Neptune > DB Instance > Skip alarm for Tags control
    • AWS > Neptune > DB Instance > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Inspector > Assessment Target > Approved > Custom
    • AWS > Inspector > Assessment Template > Approved > Custom
  • Action Types:

    • AWS > Inspector > Assessment Target > Delete from AWS
    • AWS > Inspector > Assessment Target > Skip alarm for Active control
    • AWS > Inspector > Assessment Target > Skip alarm for Active control [90 days]
    • AWS > Inspector > Assessment Target > Skip alarm for Approved control
    • AWS > Inspector > Assessment Target > Skip alarm for Approved control [90 days]
    • AWS > Inspector > Assessment Template > Delete from AWS
    • AWS > Inspector > Assessment Template > Set Tags
    • AWS > Inspector > Assessment Template > Skip alarm for Active control
    • AWS > Inspector > Assessment Template > Skip alarm for Active control [90 days]
    • AWS > Inspector > Assessment Template > Skip alarm for Approved control
    • AWS > Inspector > Assessment Template > Skip alarm for Approved control [90 days]
    • AWS > Inspector > Assessment Template > Skip alarm for Tags control
    • AWS > Inspector > Assessment Template > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > DAX > Cluster > Approved > Custom
  • Action Types:

    • AWS > DAX > Cluster > Delete from AWS
    • AWS > DAX > Cluster > Set Tags
    • AWS > DAX > Cluster > Skip alarm for Active control
    • AWS > DAX > Cluster > Skip alarm for Active control [90 days]
    • AWS > DAX > Cluster > Skip alarm for Approved control
    • AWS > DAX > Cluster > Skip alarm for Approved control [90 days]
    • AWS > DAX > Cluster > Skip alarm for Tags control
    • AWS > DAX > Cluster > Skip alarm for Tags control [90 days]

What's new?

  • Server

    • Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4
    • Updated: The directory API to support Require Signed Authentication Response and Strict Audience Validation.
  • UI:

    • Added: Introduced UI options for Require Signed Authentication Response and Strict Audience Validation for enhanced security in SAML authentication.

Enhanced Security and Compatibility Guide for SAML Authentication

Description

The recent package change for @node-saml/passport-saml has made it mandatory to sign the audience response and perform audience validation. To maintain backward compatibility, we have introduced two new options in the UI:

  1. Require Signed Authentication Response
  2. Strict Audience Validation

To make it backward compatible, both of these options are initially set to Disabled by default.

Important Note: This change ensures that the audience response is signed and audience validation is enforced. These checks were not available in earlier versions of the package.

Recommendations

We recommend customers enable both of these properties as they add an additional layer of security. However, it's important to be aware that enabling these properties might potentially break SAML login functionality. Therefore, certain steps need to be taken before enabling them.

Here are specific recommendations for popular Identity Providers (IDPs):

Okta

  • Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience Restriction."

OneLogin

  • Require Signed Authentication Response: This feature should be disabled in OneLogin, as OneLogin does not support it.
  • Strict Audience Validation: If enabled, ensure that the "Issuer ID" matches the "Audience".

Azure Entra ID (Previously Known as Azure AD)

  • Require Signed Authentication Response: If enabled, make sure you choose the Signing option to be "SIGN SAML response and assertion". The Signing option is available on the Signing Certificate page of Entra ID

Please follow these recommendations carefully to make sure you're able to transition smoothly to the updated SAML package.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > Lightsail > Instance > Approved > Custom
    • AWS > Lightsail > Load Balancer > Approved > Custom
    • AWS > Lightsail > Relational Database > Approved > Custom
  • Action Types:

    • AWS > Lightsail > Instance > Delete from AWS
    • AWS > Lightsail > Instance > Set Tags
    • AWS > Lightsail > Instance > Skip alarm for Active control
    • AWS > Lightsail > Instance > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Instance > Skip alarm for Approved control
    • AWS > Lightsail > Instance > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Instance > Skip alarm for Tags control
    • AWS > Lightsail > Instance > Skip alarm for Tags control [90 days]
    • AWS > Lightsail > Load Balancer > Delete from AWS
    • AWS > Lightsail > Load Balancer > Set Tags
    • AWS > Lightsail > Load Balancer > Skip alarm for Active control
    • AWS > Lightsail > Load Balancer > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Load Balancer > Skip alarm for Approved control
    • AWS > Lightsail > Load Balancer > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Load Balancer > Skip alarm for Tags control
    • AWS > Lightsail > Load Balancer > Skip alarm for Tags control [90 days]
    • AWS > Lightsail > Relational Database > Delete from AWS
    • AWS > Lightsail > Relational Database > Set Tags
    • AWS > Lightsail > Relational Database > Skip alarm for Active control
    • AWS > Lightsail > Relational Database > Skip alarm for Active control [90 days]
    • AWS > Lightsail > Relational Database > Skip alarm for Approved control
    • AWS > Lightsail > Relational Database > Skip alarm for Approved control [90 days]
    • AWS > Lightsail > Relational Database > Skip alarm for Tags control
    • AWS > Lightsail > Relational Database > Skip alarm for Tags control [90 days]

What's new?

  • Resource Types:

    • AWS > Bedrock
  • Policy Types:

    • AWS > Bedrock > API Enabled
    • AWS > Bedrock > Approved Regions [Default]
    • AWS > Bedrock > Enabled
    • AWS > Bedrock > Permissions
    • AWS > Bedrock > Permissions > Levels
    • AWS > Bedrock > Permissions > Levels > Modifiers
    • AWS > Bedrock > Permissions > Lockdown
    • AWS > Bedrock > Permissions > Lockdown > API Boundary
    • AWS > Bedrock > Regions
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-bedrock
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-bedrock
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-bedrock

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > App Mesh > Mesh > Approved > Custom
  • Action Types:

    • AWS > App Mesh > Mesh > Delete from AWS
    • AWS > App Mesh > Mesh > Set Tags
    • AWS > App Mesh > Mesh > Skip alarm for Active control
    • AWS > App Mesh > Mesh > Skip alarm for Active control [90 days]
    • AWS > App Mesh > Mesh > Skip alarm for Approved control
    • AWS > App Mesh > Mesh > Skip alarm for Approved control [90 days]
    • AWS > App Mesh > Mesh > Skip alarm for Tags control
    • AWS > App Mesh > Mesh > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

  • The AWS > ElastiCache > Snapshot > CMDB control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Glue > Crawler > Delete from AWS
    • AWS > Glue > Crawler > Set Tags
    • AWS > Glue > Crawler > Skip alarm for Active control
    • AWS > Glue > Crawler > Skip alarm for Active control [90 days]
    • AWS > Glue > Crawler > Skip alarm for Approved control
    • AWS > Glue > Crawler > Skip alarm for Approved control [90 days]
    • AWS > Glue > Crawler > Skip alarm for Tags control
    • AWS > Glue > Crawler > Skip alarm for Tags control [90 days]
    • AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control
    • AWS > Glue > Data Catalog > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Glue > Database > Delete from AWS
    • AWS > Glue > Database > Skip alarm for Active control
    • AWS > Glue > Database > Skip alarm for Active control [90 days]
    • AWS > Glue > Database > Skip alarm for Approved control
    • AWS > Glue > Database > Skip alarm for Approved control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Delete from AWS
    • AWS > Glue > Development Endpoint [Deprecated] > Set Tags
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Active control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Approved control [90 days]
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control
    • AWS > Glue > Development Endpoint [Deprecated] > Skip alarm for Tags control [90 days]
    • AWS > Glue > Job > Delete from AWS
    • AWS > Glue > Job > Set Tags
    • AWS > Glue > Job > Skip alarm for Active control
    • AWS > Glue > Job > Skip alarm for Active control [90 days]
    • AWS > Glue > Job > Skip alarm for Approved control
    • AWS > Glue > Job > Skip alarm for Approved control [90 days]
    • AWS > Glue > Job > Skip alarm for Tags control
    • AWS > Glue > Job > Skip alarm for Tags control [90 days]
    • AWS > Glue > ML Transform > Delete from AWS
    • AWS > Glue > ML Transform > Set Tags
    • AWS > Glue > ML Transform > Skip alarm for Active control
    • AWS > Glue > ML Transform > Skip alarm for Active control [90 days]
    • AWS > Glue > ML Transform > Skip alarm for Approved control
    • AWS > Glue > ML Transform > Skip alarm for Approved control [90 days]
    • AWS > Glue > ML Transform > Skip alarm for Tags control
    • AWS > Glue > ML Transform > Skip alarm for Tags control [90 days]
    • AWS > Glue > Security Configuration > Delete from AWS
    • AWS > Glue > Security Configuration > Skip alarm for Active control
    • AWS > Glue > Security Configuration > Skip alarm for Active control [90 days]
    • AWS > Glue > Security Configuration > Skip alarm for Approved control
    • AWS > Glue > Security Configuration > Skip alarm for Approved control [90 days]
    • AWS > Glue > Table > Delete from AWS
    • AWS > Glue > Table > Skip alarm for Active control
    • AWS > Glue > Table > Skip alarm for Active control [90 days]
    • AWS > Glue > Table > Skip alarm for Approved control
    • AWS > Glue > Table > Skip alarm for Approved control [90 days]
    • AWS > Glue > Trigger > Delete from AWS
    • AWS > Glue > Trigger > Set Tags
    • AWS > Glue > Trigger > Skip alarm for Active control
    • AWS > Glue > Trigger > Skip alarm for Active control [90 days]
    • AWS > Glue > Trigger > Skip alarm for Approved control
    • AWS > Glue > Trigger > Skip alarm for Approved control [90 days]
    • AWS > Glue > Trigger > Skip alarm for Tags control
    • AWS > Glue > Trigger > Skip alarm for Tags control [90 days]
    • AWS > Glue > Workflow > Delete from AWS
    • AWS > Glue > Workflow > Set Tags
    • AWS > Glue > Workflow > Skip alarm for Active control
    • AWS > Glue > Workflow > Skip alarm for Active control [90 days]
    • AWS > Glue > Workflow > Skip alarm for Approved control
    • AWS > Glue > Workflow > Skip alarm for Approved control [90 days]
    • AWS > Glue > Workflow > Skip alarm for Tags control
    • AWS > Glue > Workflow > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CodeCommit > Repository > Approved > Custom
  • Action Types:

    • AWS > CodeCommit > Repository > Delete from AWS
    • AWS > CodeCommit > Repository > Set Tags
    • AWS > CodeCommit > Repository > Skip alarm for Active control
    • AWS > CodeCommit > Repository > Skip alarm for Active control [90 days]
    • AWS > CodeCommit > Repository > Skip alarm for Approved control
    • AWS > CodeCommit > Repository > Skip alarm for Approved control [90 days]
    • AWS > CodeCommit > Repository > Skip alarm for Tags control
    • AWS > CodeCommit > Repository > Skip alarm for Tags control [90 days]

What's new?

  • Users can now set a Unique Writer Identity for Logging Sink created via the GCP > Turbot > Event Handlers stack. To get started, set the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy.

Bug fixes

  • Guardrails stack controls would sometimes fail to update Pub/Sub Topic resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

Bug fixes

  • Guardrails stack controls would sometimes fail to update Logging Sink resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Well-Architected Tool > Workload > Approved > Custom
  • Action Types:

    • AWS > Well-Architected Tool > Workload > Delete from AWS
    • AWS > Well-Architected Tool > Workload > Set Tags
    • AWS > Well-Architected Tool > Workload > Skip alarm for Active control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Active control [90 days]
    • AWS > Well-Architected Tool > Workload > Skip alarm for Approved control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Approved control [90 days]
    • AWS > Well-Architected Tool > Workload > Skip alarm for Tags control
    • AWS > Well-Architected Tool > Workload > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Secrets Manager > Secret > Approved > Custom
  • Action Types:

    • AWS > Secrets Manager > Secret > Delete from AWS
    • AWS > Secrets Manager > Secret > Set Tags
    • AWS > Secrets Manager > Secret > Skip alarm for Active control
    • AWS > Secrets Manager > Secret > Skip alarm for Active control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Approved control
    • AWS > Secrets Manager > Secret > Skip alarm for Approved control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control
    • AWS > Secrets Manager > Secret > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Secrets Manager > Secret > Skip alarm for Tags control
    • AWS > Secrets Manager > Secret > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Glacier > Vault > Approved > Custom
  • Action Types:

    • AWS > Glacier > Vault > Delete from AWS
    • AWS > Glacier > Vault > Set Tags
    • AWS > Glacier > Vault > Skip alarm for Active control
    • AWS > Glacier > Vault > Skip alarm for Active control [90 days]
    • AWS > Glacier > Vault > Skip alarm for Approved control
    • AWS > Glacier > Vault > Skip alarm for Approved control [90 days]
    • AWS > Glacier > Vault > Skip alarm for Tags control
    • AWS > Glacier > Vault > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Elastic Beanstalk > Application > Approved > Custom
  • Action Types:

    • AWS > Elastic Beanstalk > Application > Delete from AWS
    • AWS > Elastic Beanstalk > Application > Set Tags
    • AWS > Elastic Beanstalk > Application > Skip alarm for Active control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Active control [90 days]
    • AWS > Elastic Beanstalk > Application > Skip alarm for Approved control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Approved control [90 days]
    • AWS > Elastic Beanstalk > Application > Skip alarm for Tags control
    • AWS > Elastic Beanstalk > Application > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > WAF Regional > Rule > Approved > Custom
  • Action Types:

    • AWS > WAF Regional > Rule > Delete from AWS
    • AWS > WAF Regional > Rule > Skip alarm for Active control
    • AWS > WAF Regional > Rule > Skip alarm for Active control [90 days]
    • AWS > WAF Regional > Rule > Skip alarm for Approved control
    • AWS > WAF Regional > Rule > Skip alarm for Approved control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > VPC > Egress Only Internet Gateway > Delete from AWS
    • AWS > VPC > Egress Only Internet Gateway > Set Tags
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control
    • AWS > VPC > Egress Only Internet Gateway > Skip alarm for Tags control [90 days]
    • AWS > VPC > Elastic IP > Delete from AWS
    • AWS > VPC > Elastic IP > Set Tags
    • AWS > VPC > Elastic IP > Skip alarm for Active control
    • AWS > VPC > Elastic IP > Skip alarm for Active control [90 days]
    • AWS > VPC > Elastic IP > Skip alarm for Approved control
    • AWS > VPC > Elastic IP > Skip alarm for Approved control [90 days]
    • AWS > VPC > Elastic IP > Skip alarm for Tags control
    • AWS > VPC > Elastic IP > Skip alarm for Tags control [90 days]
    • AWS > VPC > Endpoint > Delete from AWS
    • AWS > VPC > Endpoint > Set Tags
    • AWS > VPC > Endpoint > Skip alarm for Active control
    • AWS > VPC > Endpoint > Skip alarm for Active control [90 days]
    • AWS > VPC > Endpoint > Skip alarm for Approved control
    • AWS > VPC > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > VPC > Endpoint > Skip alarm for Tags control
    • AWS > VPC > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > VPC > Endpoint Service > Delete from AWS
    • AWS > VPC > Endpoint Service > Set Tags
    • AWS > VPC > Endpoint Service > Skip alarm for Active control
    • AWS > VPC > Endpoint Service > Skip alarm for Active control [90 days]
    • AWS > VPC > Endpoint Service > Skip alarm for Approved control
    • AWS > VPC > Endpoint Service > Skip alarm for Approved control [90 days]
    • AWS > VPC > Endpoint Service > Skip alarm for Tags control
    • AWS > VPC > Endpoint Service > Skip alarm for Tags control [90 days]
    • AWS > VPC > Internet Gateway > Delete from AWS
    • AWS > VPC > Internet Gateway > Set Tags
    • AWS > VPC > Internet Gateway > Skip alarm for Active control
    • AWS > VPC > Internet Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > Internet Gateway > Skip alarm for Approved control
    • AWS > VPC > Internet Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > Internet Gateway > Skip alarm for Tags control
    • AWS > VPC > Internet Gateway > Skip alarm for Tags control [90 days]
    • AWS > VPC > NAT Gateway > Delete from AWS
    • AWS > VPC > NAT Gateway > Set Tags
    • AWS > VPC > NAT Gateway > Skip alarm for Active control
    • AWS > VPC > NAT Gateway > Skip alarm for Active control [90 days]
    • AWS > VPC > NAT Gateway > Skip alarm for Approved control
    • AWS > VPC > NAT Gateway > Skip alarm for Approved control [90 days]
    • AWS > VPC > NAT Gateway > Skip alarm for Tags control
    • AWS > VPC > NAT Gateway > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > VPC > DHCP Options > Delete from AWS
    • AWS > VPC > DHCP Options > Set Tags
    • AWS > VPC > DHCP Options > Skip alarm for Active control
    • AWS > VPC > DHCP Options > Skip alarm for Active control [90 days]
    • AWS > VPC > DHCP Options > Skip alarm for Tags control
    • AWS > VPC > DHCP Options > Skip alarm for Tags control [90 days]
    • AWS > VPC > Route Table > Delete from AWS
    • AWS > VPC > Route Table > Set Tags
    • AWS > VPC > Route Table > Skip alarm for Active control
    • AWS > VPC > Route Table > Skip alarm for Active control [90 days]
    • AWS > VPC > Route Table > Skip alarm for Tags control
    • AWS > VPC > Route Table > Skip alarm for Tags control [90 days]
    • AWS > VPC > Subnet > Delete from AWS
    • AWS > VPC > Subnet > Set Tags
    • AWS > VPC > Subnet > Skip alarm for Active control
    • AWS > VPC > Subnet > Skip alarm for Active control [90 days]
    • AWS > VPC > Subnet > Skip alarm for Tags control
    • AWS > VPC > Subnet > Skip alarm for Tags control [90 days]
    • AWS > VPC > VPC > Delete from AWS
    • AWS > VPC > VPC > Set Tags
    • AWS > VPC > VPC > Skip alarm for Active control
    • AWS > VPC > VPC > Skip alarm for Active control [90 days]
    • AWS > VPC > VPC > Skip alarm for Tags control
    • AWS > VPC > VPC > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Elasticsearch > Domain > Approved > Custom
  • Action Types:

    • AWS > Elasticsearch > Domain > Delete from AWS
    • AWS > Elasticsearch > Domain > Set Tags
    • AWS > Elasticsearch > Domain > Skip alarm for Active control
    • AWS > Elasticsearch > Domain > Skip alarm for Active control [90 days]
    • AWS > Elasticsearch > Domain > Skip alarm for Approved control
    • AWS > Elasticsearch > Domain > Skip alarm for Approved control [90 days]
    • AWS > Elasticsearch > Domain > Skip alarm for Tags control
    • AWS > Elasticsearch > Domain > Skip alarm for Tags control [90 days]

Bug fixes

  • The AWS > EC2 > Account Attributes > CMDB control would go into an error state due to a bad internal build. This is fixed and the control will now work correctly as expected.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > ElastiCache > Cache Cluster > Delete from AWS
    • AWS > ElastiCache > Cache Cluster > Set Tags
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Active control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for Tags control [90 days]
    • AWS > ElastiCache > Cache Parameter Group > Delete from AWS
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Replication Group > Delete from AWS
    • AWS > ElastiCache > Replication Group > Skip alarm for Active control
    • AWS > ElastiCache > Replication Group > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Snapshot > Delete from AWS
    • AWS > ElastiCache > Snapshot > Set Tags
    • AWS > ElastiCache > Snapshot > Skip alarm for Active control
    • AWS > ElastiCache > Snapshot > Skip alarm for Active control [90 days]
    • AWS > ElastiCache > Snapshot > Skip alarm for Tags control
    • AWS > ElastiCache > Snapshot > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Data Pipeline > Pipeline > Approved > Custom
  • Action Types:

    • AWS > Data Pipeline > Pipeline > Delete from AWS
    • AWS > Data Pipeline > Pipeline > Set Tags
    • AWS > Data Pipeline > Pipeline > Skip alarm for Active control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Active control [90 days]
    • AWS > Data Pipeline > Pipeline > Skip alarm for Approved control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Approved control [90 days]
    • AWS > Data Pipeline > Pipeline > Skip alarm for Tags control
    • AWS > Data Pipeline > Pipeline > Skip alarm for Tags control [90 days]

Bug fixes

  • Recovery Points deleted in AWS were not cleaned up automatically via real-time events in Guardrails. This is now fixed.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Added support for ap-northeast-3 and us-gov-east-1 regions in the AWS > SageMaker > Regions policy.

  • Policy Types:

    • AWS > SageMaker > Code Repository > Approved > Custom
    • AWS > SageMaker > Endpoint > Approved > Custom
    • AWS > SageMaker > Endpoint Configuration > Approved > Custom
    • AWS > SageMaker > Lifecycle Configuration > Approved > Custom
    • AWS > SageMaker > Model > Approved > Custom
    • AWS > SageMaker > Training Job > Approved > Custom
  • Action Types:

    • AWS > SageMaker > Code Repository > Delete from AWS
    • AWS > SageMaker > Code Repository > Skip alarm for Active control
    • AWS > SageMaker > Code Repository > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Code Repository > Skip alarm for Approved control
    • AWS > SageMaker > Code Repository > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Domain > Delete from AWS
    • AWS > SageMaker > Endpoint > Delete from AWS
    • AWS > SageMaker > Endpoint > Set Tags
    • AWS > SageMaker > Endpoint > Skip alarm for Active control
    • AWS > SageMaker > Endpoint > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Endpoint > Skip alarm for Approved control
    • AWS > SageMaker > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Endpoint > Skip alarm for Tags control
    • AWS > SageMaker > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Delete from AWS
    • AWS > SageMaker > Endpoint Configuration > Set Tags
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control
    • AWS > SageMaker > Endpoint Configuration > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Lifecycle Configuration > Delete from AWS
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control
    • AWS > SageMaker > Lifecycle Configuration > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Model > Delete from AWS
    • AWS > SageMaker > Model > Set Tags
    • AWS > SageMaker > Model > Skip alarm for Active control
    • AWS > SageMaker > Model > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Model > Skip alarm for Approved control
    • AWS > SageMaker > Model > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Model > Skip alarm for Tags control
    • AWS > SageMaker > Model > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Notebook Instance > Delete from AWS
    • AWS > SageMaker > Notebook Instance > Set Tags
    • AWS > SageMaker > Notebook Instance > Skip alarm for Active control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Notebook Instance > Skip alarm for Approved control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Notebook Instance > Skip alarm for Tags control
    • AWS > SageMaker > Notebook Instance > Skip alarm for Tags control [90 days]
    • AWS > SageMaker > Training Job > Set Tags
    • AWS > SageMaker > Training Job > Skip alarm for Active control
    • AWS > SageMaker > Training Job > Skip alarm for Active control [90 days]
    • AWS > SageMaker > Training Job > Skip alarm for Approved control
    • AWS > SageMaker > Training Job > Skip alarm for Approved control [90 days]
    • AWS > SageMaker > Training Job > Skip alarm for Tags control
    • AWS > SageMaker > Training Job > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Route 53 Resolver > Resolver Endpoint > Approved > Custom
    • AWS > Route 53 Resolver > Resolver Rule > Approved > Custom
  • Action Types:

    • AWS > Route 53 Resolver > Resolver Endpoint > Delete from AWS
    • AWS > Route 53 Resolver > Resolver Endpoint > Set Tags
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Active control [90 days]
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Approved control [90 days]
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control
    • AWS > Route 53 Resolver > Resolver Endpoint > Skip alarm for Tags control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Delete from AWS
    • AWS > Route 53 Resolver > Resolver Rule > Set Tags
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Active control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Approved control [90 days]
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control
    • AWS > Route 53 Resolver > Resolver Rule > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > Events > Rule > Skip alarm for Approved control
    • AWS > Events > Rule > Skip alarm for Approved control [90 days]
    • AWS > Events > Target > Skip alarm for Active control
    • AWS > Events > Target > Skip alarm for Active control [90 days]
    • AWS > Events > Target > Skip alarm for Approved control
    • AWS > Events > Target > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > WAF > IP Set > Delete from AWS
    • AWS > WAF > IP Set > Skip alarm for Active control
    • AWS > WAF > IP Set > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set > Skip alarm for Approved control
    • AWS > WAF > IP Set > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Global > Delete from AWS
    • AWS > WAF > IP Set v2 Global > Set Tags
    • AWS > WAF > IP Set v2 Global > Skip alarm for Active control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set v2 Global > Skip alarm for Approved control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Global > Skip alarm for Tags control
    • AWS > WAF > IP Set v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > IP Set v2 Regional > Delete from AWS
    • AWS > WAF > IP Set v2 Regional > Set Tags
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Active control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control
    • AWS > WAF > IP Set v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rate Based Rule > Delete from AWS
    • AWS > WAF > Rate Based Rule > Skip alarm for Active control
    • AWS > WAF > Rate Based Rule > Skip alarm for Active control [90 days]
    • AWS > WAF > Rate Based Rule > Skip alarm for Approved control
    • AWS > WAF > Rate Based Rule > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Delete from AWS
    • AWS > WAF > Regex Pattern Set v2 Global > Set Tags
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control
    • AWS > WAF > Regex Pattern Set v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Delete from AWS
    • AWS > WAF > Regex Pattern Set v2 Regional > Set Tags
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Regex Pattern Set v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rule > Delete from AWS
    • AWS > WAF > Rule > Skip alarm for Active control
    • AWS > WAF > Rule > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule > Skip alarm for Approved control
    • AWS > WAF > Rule > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Global > Delete from AWS
    • AWS > WAF > Rule Group v2 Global > Set Tags
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Active control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control
    • AWS > WAF > Rule Group v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Delete from AWS
    • AWS > WAF > Rule Group v2 Regional > Set Tags
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Rule Group v2 Regional > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL > Delete from AWS
    • AWS > WAF > Web ACL > Set Tags
    • AWS > WAF > Web ACL > Skip alarm for Active control
    • AWS > WAF > Web ACL > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL > Skip alarm for Approved control
    • AWS > WAF > Web ACL > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL > Skip alarm for Tags control
    • AWS > WAF > Web ACL > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL v2 Global > Delete from AWS
    • AWS > WAF > Web ACL v2 Global > Set Tags
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Active control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control
    • AWS > WAF > Web ACL v2 Global > Skip alarm for Tags control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Delete from AWS
    • AWS > WAF > Web ACL v2 Regional > Set Tags
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Active control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Approved control [90 days]
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control
    • AWS > WAF > Web ACL v2 Regional > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > Backup > Backup Plan > Delete from AWS
    • AWS > Backup > Backup Plan > Set Tags
    • AWS > Backup > Backup Plan > Skip alarm for Active control
    • AWS > Backup > Backup Plan > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Plan > Skip alarm for Tags control
    • AWS > Backup > Backup Plan > Skip alarm for Tags control [90 days]
    • AWS > Backup > Backup Selection > Delete from AWS
    • AWS > Backup > Backup Selection > Skip alarm for Active control
    • AWS > Backup > Backup Selection > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Vault > Delete from AWS
    • AWS > Backup > Backup Vault > Set Tags
    • AWS > Backup > Backup Vault > Skip alarm for Active control
    • AWS > Backup > Backup Vault > Skip alarm for Active control [90 days]
    • AWS > Backup > Backup Vault > Skip alarm for Tags control
    • AWS > Backup > Backup Vault > Skip alarm for Tags control [90 days]
    • AWS > Backup > Recovery Point > Delete from AWS
    • AWS > Backup > Recovery Point > Set Tags
    • AWS > Backup > Recovery Point > Skip alarm for Active control
    • AWS > Backup > Recovery Point > Skip alarm for Active control [90 days]
    • AWS > Backup > Recovery Point > Skip alarm for Tags control
    • AWS > Backup > Recovery Point > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for ap-south-1, af-south-1, cn-north-1 and us-gov-east-1 regions in the AWS > WorkSpaces > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > WorkSpaces > WorkSpace > Approved > Custom
  • Action Types:

    • AWS > WorkSpaces > WorkSpace > Delete from AWS
    • AWS > WorkSpaces > WorkSpace > Set Tags
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Active control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Active control [90 days]
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Approved control [90 days]
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control
    • AWS > WorkSpaces > WorkSpace > Skip alarm for Tags control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for cn-north-1, cn-northwest-1, us-gov-east-1 and us-gov-west-1 regions in the AWS > MQ > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Amazon MQ > Broker > Approved > Custom
  • Action Types:

    • AWS > Amazon MQ > Broker > Delete from AWS
    • AWS > Amazon MQ > Broker > Set Tags
    • AWS > Amazon MQ > Broker > Skip alarm for Active control
    • AWS > Amazon MQ > Broker > Skip alarm for Active control [90 days]
    • AWS > Amazon MQ > Broker > Skip alarm for Approved control
    • AWS > Amazon MQ > Broker > Skip alarm for Approved control [90 days]
    • AWS > Amazon MQ > Broker > Skip alarm for Tags control
    • AWS > Amazon MQ > Broker > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Logs > Log Group > Delete from AWS
    • AWS > Logs > Log Group > Set Tags
    • AWS > Logs > Log Group > Skip alarm for Active control
    • AWS > Logs > Log Group > Skip alarm for Active control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Approved control
    • AWS > Logs > Log Group > Skip alarm for Approved control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Encryption at Rest control
    • AWS > Logs > Log Group > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Logs > Log Group > Skip alarm for Tags control
    • AWS > Logs > Log Group > Skip alarm for Tags control [90 days]
    • AWS > Logs > Log Stream > Delete from AWS
    • AWS > Logs > Log Stream > Skip alarm for Active control
    • AWS > Logs > Log Stream > Skip alarm for Active control [90 days]
    • AWS > Logs > Log Stream > Skip alarm for Approved control
    • AWS > Logs > Log Stream > Skip alarm for Approved control [90 days]
    • AWS > Logs > Metric Filter > Delete from AWS
    • AWS > Logs > Metric Filter > Skip alarm for Active control
    • AWS > Logs > Metric Filter > Skip alarm for Active control [90 days]
    • AWS > Logs > Metric Filter > Skip alarm for Approved control
    • AWS > Logs > Metric Filter > Skip alarm for Approved control [90 days]
    • AWS > Logs > Resource Policy > Delete from AWS
    • AWS > Logs > Resource Policy > Skip alarm for Active control
    • AWS > Logs > Resource Policy > Skip alarm for Active control [90 days]
    • AWS > Logs > Resource Policy > Skip alarm for Approved control
    • AWS > Logs > Resource Policy > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for cn-north-1, cn-northwest-1, us-gov-east-1 and us-gov-west-1 regions in the AWS > FSx > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > FSx > Backup > Approved > Custom
    • AWS > FSx > File System > Approved > Custom
  • Action Types:

    • AWS > FSx > Backup > Delete from AWS
    • AWS > FSx > Backup > Set Tags
    • AWS > FSx > Backup > Skip alarm for Active control
    • AWS > FSx > Backup > Skip alarm for Active control [90 days]
    • AWS > FSx > Backup > Skip alarm for Approved control
    • AWS > FSx > Backup > Skip alarm for Approved control [90 days]
    • AWS > FSx > Backup > Skip alarm for Tags control
    • AWS > FSx > Backup > Skip alarm for Tags control [90 days]
    • AWS > FSx > File System > Delete from AWS
    • AWS > FSx > File System > Set Tags
    • AWS > FSx > File System > Skip alarm for Active control
    • AWS > FSx > File System > Skip alarm for Active control [90 days]
    • AWS > FSx > File System > Skip alarm for Approved control
    • AWS > FSx > File System > Skip alarm for Approved control [90 days]
    • AWS > FSx > File System > Skip alarm for Tags control
    • AWS > FSx > File System > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Action Types:

    • AWS > CloudWatch > Alarm > Delete from AWS
    • AWS > CloudWatch > Alarm > Set Tags
    • AWS > CloudWatch > Alarm > Skip alarm for Active control
    • AWS > CloudWatch > Alarm > Skip alarm for Active control [90 days]
    • AWS > CloudWatch > Alarm > Skip alarm for Approved control
    • AWS > CloudWatch > Alarm > Skip alarm for Approved control [90 days]
    • AWS > CloudWatch > Alarm > Skip alarm for Tags control
    • AWS > CloudWatch > Alarm > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • Added support for ca-central-1, eu-west-2, sa-east-1, us-east-2 and us-gov-east-1 regions in the AWS > AppStream > Regions policy.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > AppStream > Fleet > Approved > Custom
    • AWS > AppStream > Image > Approved > Custom
    • AWS > AppStream > Image Builder > Approved > Custom
    • AWS > AppStream > User > Approved > Custom
  • Action Types:

    • AWS > AppStream > Fleet > Delete from AWS
    • AWS > AppStream > Fleet > Set Tags
    • AWS > AppStream > Fleet > Skip alarm for Active control
    • AWS > AppStream > Fleet > Skip alarm for Active control [90 days]
    • AWS > AppStream > Fleet > Skip alarm for Approved control
    • AWS > AppStream > Fleet > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Fleet > Skip alarm for Tags control
    • AWS > AppStream > Fleet > Skip alarm for Tags control [90 days]
    • AWS > AppStream > Image > Delete from AWS
    • AWS > AppStream > Image > Set Tags
    • AWS > AppStream > Image > Skip alarm for Active control
    • AWS > AppStream > Image > Skip alarm for Active control [90 days]
    • AWS > AppStream > Image > Skip alarm for Approved control
    • AWS > AppStream > Image > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Image > Skip alarm for Tags control
    • AWS > AppStream > Image > Skip alarm for Tags control [90 days]
    • AWS > AppStream > Image Builder > Delete from AWS
    • AWS > AppStream > Image Builder > Set Tags
    • AWS > AppStream > Image Builder > Skip alarm for Active control
    • AWS > AppStream > Image Builder > Skip alarm for Active control [90 days]
    • AWS > AppStream > Image Builder > Skip alarm for Approved control
    • AWS > AppStream > Image Builder > Skip alarm for Approved control [90 days]
    • AWS > AppStream > Image Builder > Skip alarm for Tags control
    • AWS > AppStream > Image Builder > Skip alarm for Tags control [90 days]
    • AWS > AppStream > User > Delete from AWS
    • AWS > AppStream > User > Skip alarm for Active control
    • AWS > AppStream > User > Skip alarm for Active control [90 days]
    • AWS > AppStream > User > Skip alarm for Approved control
    • AWS > AppStream > User > Skip alarm for Approved control [90 days]

What's new?

  • Server:
    • Updated: Downgrade passport-saml Node package to 1.3.5.

Bug fixes

  • The AWS > EC2 > Volume > Discovery control would go into an error state because of an unintended GraphQL query bug. This is fixed and the control will now work correctly as expected.

What's new?

  • Updated: Hive manager code to include the new certificate.

What's new?

  • Added: parameter for RDS certificate for commercial cloud.

What's new?

  • Server:

    • Updated: RDS CA Certificate to use the latest bundled certificate.
    • Updated: Updated the package passport-saml to @node-saml/passport-saml: 4.0.4
    • Updated: Steampipe query in developer section now points to the correct table.
  • UI:

    • Added: Option to view Changelogs in the Help dropdown menu.

Bug fixes

  • Server:
    • Fixed: Stack control failed to run when a large number of resources were being managed by a stack control.

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > GuardDuty > Detector > Delete from AWS
    • AWS > GuardDuty > Detector > Set Tags
    • AWS > GuardDuty > Detector > Skip alarm for Active control
    • AWS > GuardDuty > Detector > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > Detector > Skip alarm for Approved control
    • AWS > GuardDuty > Detector > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > Detector > Skip alarm for Tags control
    • AWS > GuardDuty > Detector > Skip alarm for Tags control [90 days]
    • AWS > GuardDuty > IPSet > Delete from AWS
    • AWS > GuardDuty > IPSet > Set Tags
    • AWS > GuardDuty > IPSet > Skip alarm for Active control
    • AWS > GuardDuty > IPSet > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > IPSet > Skip alarm for Approved control
    • AWS > GuardDuty > IPSet > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > IPSet > Skip alarm for Tags control
    • AWS > GuardDuty > IPSet > Skip alarm for Tags control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Delete from AWS
    • AWS > GuardDuty > ThreatIntelSet > Set Tags
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Active control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Approved control [90 days]
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control
    • AWS > GuardDuty > ThreatIntelSet > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > EMR > Cluster > Delete from AWS
    • AWS > EMR > Cluster > Set Tags
    • AWS > EMR > Cluster > Skip alarm for Active control
    • AWS > EMR > Cluster > Skip alarm for Active control [90 days]
    • AWS > EMR > Cluster > Skip alarm for Approved control
    • AWS > EMR > Cluster > Skip alarm for Approved control [90 days]
    • AWS > EMR > Cluster > Skip alarm for Tags control
    • AWS > EMR > Cluster > Skip alarm for Tags control [90 days]
    • AWS > EMR > Security Configuration > Delete from AWS
    • AWS > EMR > Security Configuration > Skip alarm for Active control
    • AWS > EMR > Security Configuration > Skip alarm for Active control [90 days]
    • AWS > EMR > Security Configuration > Skip alarm for Approved control
    • AWS > EMR > Security Configuration > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > ECS > Cluster > Delete from AWS
    • AWS > ECS > Cluster > Set Tags
    • AWS > ECS > Cluster > Skip alarm for Active control
    • AWS > ECS > Cluster > Skip alarm for Active control [90 days]
    • AWS > ECS > Cluster > Skip alarm for Approved control
    • AWS > ECS > Cluster > Skip alarm for Approved control [90 days]
    • AWS > ECS > Cluster > Skip alarm for Tags control
    • AWS > ECS > Cluster > Skip alarm for Tags control [90 days]
    • AWS > ECS > Container Instance > Delete from AWS
    • AWS > ECS > Container Instance > Skip alarm for Active control
    • AWS > ECS > Container Instance > Skip alarm for Active control [90 days]
    • AWS > ECS > Container Instance > Skip alarm for Approved control
    • AWS > ECS > Container Instance > Skip alarm for Approved control [90 days]
    • AWS > ECS > Service > Delete from AWS
    • AWS > ECS > Service > Set Tags
    • AWS > ECS > Service > Skip alarm for Active control
    • AWS > ECS > Service > Skip alarm for Active control [90 days]
    • AWS > ECS > Service > Skip alarm for Approved control
    • AWS > ECS > Service > Skip alarm for Approved control [90 days]
    • AWS > ECS > Service > Skip alarm for Tags control
    • AWS > ECS > Service > Skip alarm for Tags control [90 days]
    • AWS > ECS > Task Definition > Delete from AWS
    • AWS > ECS > Task Definition > Set Tags
    • AWS > ECS > Task Definition > Skip alarm for Active control
    • AWS > ECS > Task Definition > Skip alarm for Active control [90 days]
    • AWS > ECS > Task Definition > Skip alarm for Approved control
    • AWS > ECS > Task Definition > Skip alarm for Approved control [90 days]
    • AWS > ECS > Task Definition > Skip alarm for Tags control
    • AWS > ECS > Task Definition > Skip alarm for Tags control [90 days]

What's new?

  • You can now configure Block Public Access for AMIs. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for AMIs policy to Enforce: Enable Block Public Access for AMIs.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • AWS > EC2 > Account Attributes > Block Public Access for AMIs
  • Policy Types:

    • AWS > EC2 > Account Attributes > Block Public Access for AMIs
  • Action Types:

    • AWS > EC2 > Account Attributes > Update Block Public Access for AMIs

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > DMS > Endpoint > Approved > Custom
    • AWS > DMS > Replication Instance > Approved > Custom
  • Action Types:

    • AWS > DMS > Endpoint > Delete from AWS
    • AWS > DMS > Endpoint > Set Tags
    • AWS > DMS > Endpoint > Skip alarm for Active control
    • AWS > DMS > Endpoint > Skip alarm for Active control [90 days]
    • AWS > DMS > Endpoint > Skip alarm for Approved control
    • AWS > DMS > Endpoint > Skip alarm for Approved control [90 days]
    • AWS > DMS > Endpoint > Skip alarm for Tags control
    • AWS > DMS > Endpoint > Skip alarm for Tags control [90 days]
    • AWS > DMS > Replication Instance > Delete from AWS
    • AWS > DMS > Replication Instance > Set Tags
    • AWS > DMS > Replication Instance > Skip alarm for Active control
    • AWS > DMS > Replication Instance > Skip alarm for Active control [90 days]
    • AWS > DMS > Replication Instance > Skip alarm for Approved control
    • AWS > DMS > Replication Instance > Skip alarm for Approved control [90 days]
    • AWS > DMS > Replication Instance > Skip alarm for Tags control
    • AWS > DMS > Replication Instance > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > SES > Identity > Delete from AWS
    • AWS > SES > Identity > Skip alarm for Active control
    • AWS > SES > Identity > Skip alarm for Active control [90 days]
    • AWS > SES > Identity > Skip alarm for Approved control
    • AWS > SES > Identity > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Security Hub > Hub > Approved > Custom
  • Action Types:

    • AWS > Security Hub > Hub > Delete from AWS
    • AWS > Security Hub > Hub > Set Tags
    • AWS > Security Hub > Hub > Skip alarm for Approved control
    • AWS > Security Hub > Hub > Skip alarm for Approved control [90 days]
    • AWS > Security Hub > Hub > Skip alarm for Tags control
    • AWS > Security Hub > Hub > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > Kinesis > Consumer > Delete from AWS
    • AWS > Kinesis > Consumer > Skip alarm for Active control
    • AWS > Kinesis > Consumer > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Consumer > Skip alarm for Approved control
    • AWS > Kinesis > Consumer > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Stream > Delete from AWS
    • AWS > Kinesis > Stream > Set Tags
    • AWS > Kinesis > Stream > Skip alarm for Active control
    • AWS > Kinesis > Stream > Skip alarm for Active control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Approved control
    • AWS > Kinesis > Stream > Skip alarm for Approved control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control
    • AWS > Kinesis > Stream > Skip alarm for Encryption at Rest control [90 days]
    • AWS > Kinesis > Stream > Skip alarm for Tags control
    • AWS > Kinesis > Stream > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > DynamoDB > Backup > Delete from AWS
    • AWS > DynamoDB > Backup > Skip alarm for Active control
    • AWS > DynamoDB > Backup > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Backup > Skip alarm for Approved control
    • AWS > DynamoDB > Backup > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Global Table > Delete from AWS
    • AWS > DynamoDB > Global Table > Skip alarm for Active control
    • AWS > DynamoDB > Global Table > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Global Table > Skip alarm for Approved control
    • AWS > DynamoDB > Global Table > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Table > Delete from AWS
    • AWS > DynamoDB > Table > Set Tags
    • AWS > DynamoDB > Table > Skip alarm for Active control
    • AWS > DynamoDB > Table > Skip alarm for Active control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Approved control
    • AWS > DynamoDB > Table > Skip alarm for Approved control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control
    • AWS > DynamoDB > Table > Skip alarm for Encryption at Rest control [90 days]
    • AWS > DynamoDB > Table > Skip alarm for Tags control
    • AWS > DynamoDB > Table > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Step Functions > State Machine > Approved > Custom
  • Action Types:

    • AWS > Step Functions > State Machine > Delete from AWS
    • AWS > Step Functions > State Machine > Set Tags
    • AWS > Step Functions > State Machine > Skip alarm for Active control
    • AWS > Step Functions > State Machine > Skip alarm for Active control [90 days]
    • AWS > Step Functions > State Machine > Skip alarm for Approved control
    • AWS > Step Functions > State Machine > Skip alarm for Approved control [90 days]
    • AWS > Step Functions > State Machine > Skip alarm for Tags control
    • AWS > Step Functions > State Machine > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Shield > Protection > Approved > Custom
  • Action Types:

    • AWS > Shield > Protection > Delete from AWS
    • AWS > Shield > Protection > Skip alarm for Active control
    • AWS > Shield > Protection > Skip alarm for Active control [90 days]
    • AWS > Shield > Protection > Skip alarm for Approved control
    • AWS > Shield > Protection > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Directory Service > Directory > Approved > Custom
  • Action Types:

    • AWS > Directory Service > Directory > Delete from AWS
    • AWS > Directory Service > Directory > Skip alarm for Active control
    • AWS > Directory Service > Directory > Skip alarm for Active control [90 days]
    • AWS > Directory Service > Directory > Skip alarm for Approved control
    • AWS > Directory Service > Directory > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > CodeBuild > Build > Delete from AWS
    • AWS > CodeBuild > Build > Skip alarm for Active control
    • AWS > CodeBuild > Build > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Build > Skip alarm for Approved control
    • AWS > CodeBuild > Build > Skip alarm for Approved control [90 days]
    • AWS > CodeBuild > Project > Delete from AWS
    • AWS > CodeBuild > Project > Set Tags
    • AWS > CodeBuild > Project > Skip alarm for Active control
    • AWS > CodeBuild > Project > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Project > Skip alarm for Approved control
    • AWS > CodeBuild > Project > Skip alarm for Approved control [90 days]
    • AWS > CodeBuild > Project > Skip alarm for Tags control
    • AWS > CodeBuild > Project > Skip alarm for Tags control [90 days]
    • AWS > CodeBuild > Source Credential > Delete from AWS
    • AWS > CodeBuild > Source Credential > Skip alarm for Active control
    • AWS > CodeBuild > Source Credential > Skip alarm for Active control [90 days]
    • AWS > CodeBuild > Source Credential > Skip alarm for Approved control
    • AWS > CodeBuild > Source Credential > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CloudFormation > Stack > Approved > Custom
    • AWS > CloudFormation > StackSet > Approved > Custom
  • Action Types:

    • AWS > CloudFormation > Stack > Delete from AWS
    • AWS > CloudFormation > Stack > Set Tags
    • AWS > CloudFormation > Stack > Skip alarm for Active control
    • AWS > CloudFormation > Stack > Skip alarm for Active control [90 days]
    • AWS > CloudFormation > Stack > Skip alarm for Approved control
    • AWS > CloudFormation > Stack > Skip alarm for Approved control [90 days]
    • AWS > CloudFormation > Stack > Skip alarm for Tags control
    • AWS > CloudFormation > Stack > Skip alarm for Tags control [90 days]
    • AWS > CloudFormation > StackSet > Delete from AWS
    • AWS > CloudFormation > StackSet > Set Tags
    • AWS > CloudFormation > StackSet > Skip alarm for Active control
    • AWS > CloudFormation > StackSet > Skip alarm for Active control [90 days]
    • AWS > CloudFormation > StackSet > Skip alarm for Approved control
    • AWS > CloudFormation > StackSet > Skip alarm for Approved control [90 days]
    • AWS > CloudFormation > StackSet > Skip alarm for Tags control
    • AWS > CloudFormation > StackSet > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Athena > NamedQuery > Approved > Custom
    • AWS > Athena > Workgroup > Approved > Custom
  • Action Types:

    • AWS > Athena > NamedQuery > Delete from AWS
    • AWS > Athena > NamedQuery > Set Tags
    • AWS > Athena > NamedQuery > Skip alarm for Active control
    • AWS > Athena > NamedQuery > Skip alarm for Active control [90 days]
    • AWS > Athena > NamedQuery > Skip alarm for Approved control
    • AWS > Athena > NamedQuery > Skip alarm for Approved control [90 days]
    • AWS > Athena > NamedQuery > Skip alarm for Tags control
    • AWS > Athena > NamedQuery > Skip alarm for Tags control [90 days]
    • AWS > Athena > Workgroup > Delete from AWS
    • AWS > Athena > Workgroup > Set Tags
    • AWS > Athena > Workgroup > Skip alarm for Active control
    • AWS > Athena > Workgroup > Skip alarm for Active control [90 days]
    • AWS > Athena > Workgroup > Skip alarm for Approved control
    • AWS > Athena > Workgroup > Skip alarm for Approved control [90 days]
    • AWS > Athena > Workgroup > Skip alarm for Tags control
    • AWS > Athena > Workgroup > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > CloudSearch > Domain > Skip alarm for Active control
    • AWS > CloudSearch > Domain > Skip alarm for Active control [90 days]
    • AWS > CloudSearch > Domain > Skip alarm for Approved control
    • AWS > CloudSearch > Domain > Skip alarm for Approved control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > CloudFront > CloudFront Origin Access Identity > Approved > Custom
    • AWS > CloudFront > Distribution > Approved > Custom
    • AWS > CloudFront > Streaming Distribution > Approved > Custom
  • Action Types:

    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control [90 days]
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control
    • AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Distribution > Set Tags
    • AWS > CloudFront > Distribution > Skip alarm for Active control
    • AWS > CloudFront > Distribution > Skip alarm for Active control [90 days]
    • AWS > CloudFront > Distribution > Skip alarm for Approved control
    • AWS > CloudFront > Distribution > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Distribution > Skip alarm for Tags control
    • AWS > CloudFront > Distribution > Skip alarm for Tags control [90 days]
    • AWS > CloudFront > Streaming Distribution > Set Tags
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Active control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Active control [90 days]
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control [90 days]
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control
    • AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Action Types:

    • AWS > API Gateway > API > Delete from AWS
    • AWS > API Gateway > API > Set Tags
    • AWS > API Gateway > API > Skip alarm for Active control
    • AWS > API Gateway > API > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API > Skip alarm for Approved control
    • AWS > API Gateway > API > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API > Skip alarm for Tags control
    • AWS > API Gateway > API > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > API Key > Delete from AWS
    • AWS > API Gateway > API Key > Set Tags
    • AWS > API Gateway > API Key > Skip alarm for Active control
    • AWS > API Gateway > API Key > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API Key > Skip alarm for Approved control
    • AWS > API Gateway > API Key > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API Key > Skip alarm for Tags control
    • AWS > API Gateway > API Key > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > API V2 > Delete from AWS
    • AWS > API Gateway > API V2 > Set Tags
    • AWS > API Gateway > API V2 > Skip alarm for Active control
    • AWS > API Gateway > API V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > API V2 > Skip alarm for Approved control
    • AWS > API Gateway > API V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > API V2 > Skip alarm for Tags control
    • AWS > API Gateway > API V2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Authorizer > Delete from AWS
    • AWS > API Gateway > Authorizer > Skip alarm for Active control
    • AWS > API Gateway > Authorizer > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Authorizer > Skip alarm for Approved control
    • AWS > API Gateway > Authorizer > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Authorizer V2 > Delete from AWS
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Active control
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control
    • AWS > API Gateway > Authorizer V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Domain Name V2 > Delete from AWS
    • AWS > API Gateway > Domain Name V2 > Set Tags
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Active control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control
    • AWS > API Gateway > Domain Name V2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Integration V2 > Delete from AWS
    • AWS > API Gateway > Integration V2 > Skip alarm for Active control
    • AWS > API Gateway > Integration V2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Integration V2 > Skip alarm for Approved control
    • AWS > API Gateway > Integration V2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Resource > Delete from AWS
    • AWS > API Gateway > Resource > Skip alarm for Active control
    • AWS > API Gateway > Resource > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Resource > Skip alarm for Approved control
    • AWS > API Gateway > Resource > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage > Delete from AWS
    • AWS > API Gateway > Stage > Set Tags
    • AWS > API Gateway > Stage > Skip alarm for Active control
    • AWS > API Gateway > Stage > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Stage > Skip alarm for Approved control
    • AWS > API Gateway > Stage > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage > Skip alarm for Tags control
    • AWS > API Gateway > Stage > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Stage v2 > Delete from AWS
    • AWS > API Gateway > Stage v2 > Set Tags
    • AWS > API Gateway > Stage v2 > Skip alarm for Active control
    • AWS > API Gateway > Stage v2 > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Stage v2 > Skip alarm for Approved control
    • AWS > API Gateway > Stage v2 > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Stage v2 > Skip alarm for Tags control
    • AWS > API Gateway > Stage v2 > Skip alarm for Tags control [90 days]
    • AWS > API Gateway > Usage Plan > Delete from AWS
    • AWS > API Gateway > Usage Plan > Set Tags
    • AWS > API Gateway > Usage Plan > Skip alarm for Active control
    • AWS > API Gateway > Usage Plan > Skip alarm for Active control [90 days]
    • AWS > API Gateway > Usage Plan > Skip alarm for Approved control
    • AWS > API Gateway > Usage Plan > Skip alarm for Approved control [90 days]
    • AWS > API Gateway > Usage Plan > Skip alarm for Tags control
    • AWS > API Gateway > Usage Plan > Skip alarm for Tags control [90 days]

What's new?

  • AWS/Amplify/Admin and AWS/Amplify/Metadata now also include permissions for Deployment, WebHook and Artifacts.

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > Amplify > App > Approved > Custom
  • Action Types:

    • AWS > Amplify > App > Delete from AWS
    • AWS > Amplify > App > Set Tags
    • AWS > Amplify > App > Skip alarm for Active control
    • AWS > Amplify > App > Skip alarm for Active control [90 days]
    • AWS > Amplify > App > Skip alarm for Approved control
    • AWS > Amplify > App > Skip alarm for Approved control [90 days]
    • AWS > Amplify > App > Skip alarm for Tags control
    • AWS > Amplify > App > Skip alarm for Tags control [90 days]

What's new?

  • Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Policy Types:

    • AWS > ACM > Certificate > Approved > Custom
  • Action Types:

    • AWS > ACM > Certificate > Delete from AWS
    • AWS > ACM > Certificate > Set Tags
    • AWS > ACM > Certificate > Skip alarm for Active control
    • AWS > ACM > Certificate > Skip alarm for Active control [90 days]
    • AWS > ACM > Certificate > Skip alarm for Approved control
    • AWS > ACM > Certificate > Skip alarm for Approved control [90 days]
    • AWS > ACM > Certificate > Skip alarm for Tags control
    • AWS > ACM > Certificate > Skip alarm for Tags control [90 days]

What's new?

  • Added: t4g, m7g, m6gd, r7g, r6gd, c6g and c6gd to instance type parameter for RDS.
  • Added: new hive parameter group for Postgres 14 and 15.

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Resource Types:

    • AWS > Route 53 > Record
  • Control Types:

    • AWS > Route 53 > Record > Active
    • AWS > Route 53 > Record > Approved
    • AWS > Route 53 > Record > CMDB
    • AWS > Route 53 > Record > Discovery
  • Policy Types:

    • AWS > Route 53 > Record > Active
    • AWS > Route 53 > Record > Active > Age
    • AWS > Route 53 > Record > Active > Budget
    • AWS > Route 53 > Record > Active > Last Modified
    • AWS > Route 53 > Record > Approved
    • AWS > Route 53 > Record > Approved > Budget
    • AWS > Route 53 > Record > Approved > Custom
    • AWS > Route 53 > Record > Approved > Usage
    • AWS > Route 53 > Record > CMDB
  • Action Types:

    • AWS > Route 53 > Record > Delete
    • AWS > Route 53 > Record > Delete from AWS
    • AWS > Route 53 > Record > Router
    • AWS > Route 53 > Record > Skip alarm for Active control
    • AWS > Route 53 > Record > Skip alarm for Active control [90 days]
    • AWS > Route 53 > Record > Skip alarm for Approved control
    • AWS > Route 53 > Record > Skip alarm for Approved control [90 days]

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Control Types:

    • AWS > Organizations > Organization Root > Active
    • AWS > Organizations > Organization Root > Approved
    • AWS > Organizations > Organizational Account > Active
    • AWS > Organizations > Organizational Account > Approved
  • Policy Types:

    • AWS > Organizations > Organization Root > Active
    • AWS > Organizations > Organization Root > Active > Age
    • AWS > Organizations > Organization Root > Active > Last Modified
    • AWS > Organizations > Organization Root > Approved
    • AWS > Organizations > Organization Root > Approved > Custom
    • AWS > Organizations > Organization Root > Approved > Usage
    • AWS > Organizations > Organizational Account > Active
    • AWS > Organizations > Organizational Account > Active > Age
    • AWS > Organizations > Organizational Account > Active > Last Modified
    • AWS > Organizations > Organizational Account > Approved
    • AWS > Organizations > Organizational Account > Approved > Custom
    • AWS > Organizations > Organizational Account > Approved > Usage
  • Action Types:

    • AWS > Organizations > Organization Root > Skip alarm for Active control
    • AWS > Organizations > Organization Root > Skip alarm for Active control [90 days]
    • AWS > Organizations > Organization Root > Skip alarm for Approved control
    • AWS > Organizations > Organization Root > Skip alarm for Approved control [90 days]
    • AWS > Organizations > Organizational Account > Skip alarm for Active control
    • AWS > Organizations > Organizational Account > Skip alarm for Active control [90 days]
    • AWS > Organizations > Organizational Account > Skip alarm for Approved control
    • AWS > Organizations > Organizational Account > Skip alarm for Approved control [90 days]

What's new?

  • AWS/MSK/Admin, AWS/MSK/Metadata and AWS/MSK/Operator now also include permissions for Cluster V2, Scram Secrets and Kafka VPC Connections.

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Resource's metadata will now also include createdBy details in Turbot CMDB.

  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

  • Policy Types:

    • AWS > MSK > Cluster > Approved > Custom
    • AWS > MSK > Cluster > Approved > Instance Types
  • Action Types:

    • AWS > MSK > Cluster > Delete from AWS
    • AWS > MSK > Cluster > Set Tags
    • AWS > MSK > Cluster > Skip alarm for Active control
    • AWS > MSK > Cluster > Skip alarm for Active control [90 days]
    • AWS > MSK > Cluster > Skip alarm for Approved control
    • AWS > MSK > Cluster > Skip alarm for Approved control [90 days]
    • AWS > MSK > Cluster > Skip alarm for Tags control
    • AWS > MSK > Cluster > Skip alarm for Tags control [90 days]

Bug fixes

  • Guardrails would sometimes fail to upsert clusters correctly in CMDB. This is now fixed.

What's new?

  • Control Types:

    • AWS > ElastiCache > Replication Group > Backup
  • Policy Types:

    • AWS > ElastiCache > Replication Group > Backup
    • AWS > ElastiCache > Replication Group > Backup > Retention Period
    • AWS > ElastiCache > Replication Group > Backup > Window
  • Action Types:

    • AWS > ElastiCache > Cache Cluster > Skip alarm for approved control
    • AWS > ElastiCache > Cache Cluster > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control
    • AWS > ElastiCache > Cache Parameter Group > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Replication Group > Skip alarm for approved control
    • AWS > ElastiCache > Replication Group > Skip alarm for approved control [90 days]
    • AWS > ElastiCache > Replication Group > Update Backup
    • AWS > ElastiCache > Snapshot > Skip alarm for approved control
    • AWS > ElastiCache > Snapshot > Skip alarm for approved control [90 days]

What's new?

  • Added support for Global Event Handlers. This release contains new Guardrails policies and controls to support deployment of Global Event Handlers for AWS.

  • Control Types:

    • AWS > Turbot > Event Handlers [Global]
  • Policy Types:

    • AWS > Turbot > Event Handlers [Global]
    • AWS > Turbot > Event Handlers [Global] > Events
    • AWS > Turbot > Event Handlers [Global] > Events > Rules
    • AWS > Turbot > Event Handlers [Global] > Events > Rules > Name Prefix
    • AWS > Turbot > Event Handlers [Global] > Events > Rules > Tags
    • AWS > Turbot > Event Handlers [Global] > Events > Target
    • AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN
    • AWS > Turbot > Event Handlers [Global] > Primary Region
    • AWS > Turbot > Event Handlers [Global] > SNS
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Customer Managed Key
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Name Prefix
    • AWS > Turbot > Event Handlers [Global] > SNS > Topic > Tags
    • AWS > Turbot > Event Handlers [Global] > Source
    • AWS > Turbot > Event Handlers [Global] > Terraform Version
    • AWS > Turbot > Service Roles > Event Handlers [Global]
    • AWS > Turbot > Service Roles > Event Handlers [Global] > Name

What's new?

  • AWS/RDS/Admin, AWS/RDS/Metadata and AWS/RDS/Operator now include permissions for Performance Insights.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Added support for new multi-regions NAM8, NAM9, NAM10, NAM11, NAM12, NAM13, NAM14, NAM15, NAM-EUR-ASIA1, NAM-EUR-ASIA3, IN, EUR5, EUR6, EUROPE and EMEA in the GCP > Project > Regions policy.

  • Policy Types Removed:

    • GCP > Project > Multi-Regions [Deprecated]

Bug fixes

  • The AWS > VPC > Security Group > CMDB control would sometimes go into an error state if the TE version installed on the workspace was 5.42.1 or lower. This is fixed and the control will now work as expected.

What's new?

  • Added: m7g instance types for Elasticache.

Bug fixes

  • User group name for hive names with _ in it.
  • Hive manager code to add access grant to public schema for postgres 15.

Requirements

  • TEF: 1.52.0

What's new?

  • Added support for new europe-west10 region in the GCP > Project > Regions policy.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • Added support for new asia-northeast3, asia-south2, asia-southeast2, australia-southeast2, europe-central2, europe-southwest1, europe-west10, europe-west12, europe-west8, europe-west9, me-central1, me-west1, northamerica-northeast2, southamerica-west1, us-east5, us-south1, us-west3 and us-west4 regions in the GCP > Compute Engine > Regions policy.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

Bug fixes

  • The real-time Event Handlers would sometimes fail to upsert data disks attached to instances in Guardrails CMDB. This is now fixed.

Bug fixes

  • Guardrails stack controls would fail to claim any existing Security Group if the Security Group was available in Guardrails CMDB and the stack's Source policy included the Terraform plan for the Security Group. This is fixed and stack control will now be able to claim existing Security Groups correctly. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.
  • Guardrails stack controls would sometimes fail to update Security Groups and Security Group Rules if the Terraform plan in the stack's source policy included changes to attributes which force replaced the resource. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.2 or higher.

What's new?

  • Policy Types:
    • AWS > EC2 > Instance > Schedule Tag > Name

Bug fixes

  • After starting/stopping an instance successfully, the AWS > EC2 > Instance > Schedule control would try and perform the same start/stop action again if the state of the instance was changed outside of the control within 1 hour of the successful start/stop run. This is fixed and the control will now not trigger a start/stop action again for a minimum of 1 hour of the previous successful run.

What's new?

  • Updated: Hive manager code to include access grant for public schema for postgres 15.

What's new?

  • Server:
    • Updated: Now supports creating multiple AKAs starting with arn, azure, and gcp via APIs.
    • Updated: Add mod version check for workspace upgrade.

Bug fixes

  • Server:
    • Fixed: Ensure successful workspace creation on fresh PostgreSQL 15 installations.
    • Fixed: The stack should claim the Security Group (SG) or Security Group Rule (SGR) if the resource already exists.
    • Removed: vm2 node package.

What's new?

  • Resource Types:

    • Azure > Network > Express Route Circuits
  • Control Types:

    • Azure > Network > Express Route Circuits > Active
    • Azure > Network > Express Route Circuits > Approved
    • Azure > Network > Express Route Circuits > CMDB
    • Azure > Network > Express Route Circuits > Discovery
    • Azure > Network > Express Route Circuits > Tags
  • Policy Types:

    • Azure > Network > Express Route Circuits > Active
    • Azure > Network > Express Route Circuits > Active > Age
    • Azure > Network > Express Route Circuits > Active > Last Modified
    • Azure > Network > Express Route Circuits > Approved
    • Azure > Network > Express Route Circuits > Approved > Custom
    • Azure > Network > Express Route Circuits > Approved > Regions
    • Azure > Network > Express Route Circuits > Approved > Usage
    • Azure > Network > Express Route Circuits > CMDB
    • Azure > Network > Express Route Circuits > Regions
    • Azure > Network > Express Route Circuits > Tags
    • Azure > Network > Express Route Circuits > Tags > Template
  • Action Types:

    • Azure > Network > Express Route Circuits > Delete
    • Azure > Network > Express Route Circuits > Router
    • Azure > Network > Express Route Circuits > Set Tags

What's new?

Users can now delete Login Profiles for IAM Users.

  • Control Types:

    • AWS > IAM > User > Login Profile
  • Policy Types:

    • AWS > IAM > User > Login Profile
  • Action Types:

    • AWS > IAM > User > Delete Login Profile

What's new?

  • Resource Types:

    • Azure > Network > Private DNS Zones
    • Azure > Network > Private Endpoints
  • Control Types:

    • Azure > Network > Private DNS Zones > Active
    • Azure > Network > Private DNS Zones > Approved
    • Azure > Network > Private DNS Zones > CMDB
    • Azure > Network > Private DNS Zones > Discovery
    • Azure > Network > Private DNS Zones > Tags
    • Azure > Network > Private Endpoints > Active
    • Azure > Network > Private Endpoints > Approved
    • Azure > Network > Private Endpoints > CMDB
    • Azure > Network > Private Endpoints > Discovery
    • Azure > Network > Private Endpoints > Tags
  • Policy Types:

    • Azure > Network > Private DNS Zones > Active
    • Azure > Network > Private DNS Zones > Active > Age
    • Azure > Network > Private DNS Zones > Active > Last Modified
    • Azure > Network > Private DNS Zones > Approved
    • Azure > Network > Private DNS Zones > Approved > Custom
    • Azure > Network > Private DNS Zones > Approved > Usage
    • Azure > Network > Private DNS Zones > CMDB
    • Azure > Network > Private DNS Zones > Tags
    • Azure > Network > Private DNS Zones > Tags > Template
    • Azure > Network > Private Endpoints > Active
    • Azure > Network > Private Endpoints > Active > Age
    • Azure > Network > Private Endpoints > Active > Last Modified
    • Azure > Network > Private Endpoints > Approved
    • Azure > Network > Private Endpoints > Approved > Custom
    • Azure > Network > Private Endpoints > Approved > Regions
    • Azure > Network > Private Endpoints > Approved > Usage
    • Azure > Network > Private Endpoints > CMDB
    • Azure > Network > Private Endpoints > Regions
    • Azure > Network > Private Endpoints > Tags
    • Azure > Network > Private Endpoints > Tags > Template
  • Action Types:

    • Azure > Network > Private DNS Zones > Delete
    • Azure > Network > Private DNS Zones > Router
    • Azure > Network > Private DNS Zones > Set Tags
    • Azure > Network > Private Endpoints > Delete
    • Azure > Network > Private Endpoints > Router
    • Azure > Network > Private Endpoints > Set Tags

Bug fixes

  • A few policy values would sometimes fail to evaluate correctly if the mod was installed on TE v5.42.1. We've fixed this issue and such policy values will now be evaluated correctly.

Bug fixes

  • The AWS > Turbot > Event Handlers now support real-time events for AWS S3 Multi-Region Access Point.

What's new?

  • Resource Types:

    • AWS > S3 > Multi-Region Access Point
  • Control Types:

    • AWS > S3 > Multi-Region Access Point > Active
    • AWS > S3 > Multi-Region Access Point > Approved
    • AWS > S3 > Multi-Region Access Point > CMDB
    • AWS > S3 > Multi-Region Access Point > Discovery
    • AWS > S3 > Multi-Region Access Point > Usage
  • Policy Types:

    • AWS > S3 > Multi-Region Access Point > Active
    • AWS > S3 > Multi-Region Access Point > Active > Age
    • AWS > S3 > Multi-Region Access Point > Active > Budget
    • AWS > S3 > Multi-Region Access Point > Active > Last Modified
    • AWS > S3 > Multi-Region Access Point > Approved
    • AWS > S3 > Multi-Region Access Point > Approved > Budget
    • AWS > S3 > Multi-Region Access Point > Approved > Custom
    • AWS > S3 > Multi-Region Access Point > Approved > Usage
    • AWS > S3 > Multi-Region Access Point > CMDB
    • AWS > S3 > Multi-Region Access Point > Usage
    • AWS > S3 > Multi-Region Access Point > Usage > Limit
    • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-s3multiregionaccesspoint
  • Action Types:

    • AWS > S3 > Multi-Region Access Point > Delete
    • AWS > S3 > Multi-Region Access Point > Delete from AWS
    • AWS > S3 > Multi-Region Access Point > Router
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Active control
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Active control [90 days]
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control
    • AWS > S3 > Multi-Region Access Point > Skip alarm for Approved control [90 days]

What's new?

  • AWS/S3/Admin and AWS/S3/Metadata now include permissions for Multi-Region Access Point Routes.

What's new?

  • We've updated the runtime for lambda functions in the aws-efs mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
  • Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

  • We've updated the runtime for lambda functions in the aws-config mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

  • Policy Types:

    • AWS > Config > Configuration Recorder > Approved > Custom
    • AWS > Config > Delivery Channel > Approved > Custom
    • AWS > Config > Rule > Approved > Custom
  • Action Types

    • AWS > Config > Configuration Recorder > Skip alarm for Active control
    • AWS > Config > Configuration Recorder > Skip alarm for Active control [90 days]
    • AWS > Config > Configuration Recorder > Skip alarm for Approved control
    • AWS > Config > Configuration Recorder > Skip alarm for Approved control [90 days]
    • AWS > Config > Delivery Channel > Skip alarm for Active control
    • AWS > Config > Delivery Channel > Skip alarm for Active control [90 days]
    • AWS > Config > Delivery Channel > Skip alarm for Approved control
    • AWS > Config > Delivery Channel > Skip alarm for Approved control [90 days]
    • AWS > Config > Rule > Skip alarm for Active control
    • AWS > Config > Rule > Skip alarm for Active control [90 days]
    • AWS > Config > Rule > Skip alarm for Approved control
    • AWS > Config > Rule > Skip alarm for Approved control [90 days]

What's new?

  • We've updated the runtime for lambda functions in the aws-cloudtrail mod to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

  • Resource Types:

    • AWS > Elastic Inference
  • Policy Types:

    • AWS > Elastic Inference > API Enabled
    • AWS > Elastic Inference > Approved Regions [Default]
    • AWS > Elastic Inference > Enabled
    • AWS > Elastic Inference > Permissions
    • AWS > Elastic Inference > Permissions > Levels
    • AWS > Elastic Inference > Permissions > Levels > Modifiers
    • AWS > Elastic Inference > Permissions > Lockdown
    • AWS > Elastic Inference > Permissions > Lockdown > API Boundary
    • AWS > Elastic Inference > Regions
    • AWS > Elastic Inference > Tags Template [Default]
    • AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-elasticinference
    • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-elasticinference

What's new?

  • Server:
    • Cloudwatch dashboard query for View AWS External Messages by AWS Account ID and Events to exclude restriction on AWS.
    • Allow sending notifications for same state change.
    • Replaced vm2 with eval for inline and trustedInline execution of policies, controls, and actions.

What's new?

  • GCP/OAuth/Admin and GCP/OAuth/Metadata now also include oauthconfig:* permissions. Click here for more details.

What's new?

  • Added: Parameter for restricting untrusted code upload to Turbot Guardrails.
  • Removed: Alb Waf support.

What's new?

  • Server:
    • Added: worker, sqs queue, sns topic for factory.
    • Updated: Allow upload of mod based on the value of TURBOT_CUSTOM_MOD_UPLOAD.
    • Added: Environment variable for custom mod upload.
    • Removed: Support for ALB WAF.

Bug fixes

  • Server:
    • Stack will not fail to delete and recreate resources.

Requirements

  • TEF: 1.51.0

What's new?

  • Added: Postgres version 11.19, 11.20, 12.14, 12.15, 13.10, 13.11, 14.8, 15.2 and 15.3.

What's new?

  • UI
    • Added: Inactive Users report.

Bug fixes

  • Server:
    • The actor information for attach and detach smart folder.
    • Disable notification feature if Redis is not being used.

What's new?

  • Added: Support for Factory worker.
  • Updated: Descriptions and names to Turbot Guardrails Enterprise Foundation from Turbot Enterprise Foundation.

What's new?

  • Updated: descriptions and names from Turbot Enterprise Database to Turbot Guardrails Enterprise Database.

What's new?

  • Server:

    • Added: Added support for control/action update notifications.
    • Added: Support for interface in control types.
    • Added: Turbot Installation Type environment variable.
    • Added: SES SendEmail permission to Worker Lambda Role.
    • Added: Add notification index to improve performance of notifications.
    • Updated: Improve policy value create/update with a more efficient database design.
    • Updated: Description of TE stack from Turbot Enterprise to Turbot Guardrails Enterprise.
    • Updated: @slack/web-api to 6.8.1. @wry/equality to 0.5.6. anymatch to 3.1.3. archiver to 5.3.1. body-parser to 1.20.2. chai to 4.3.7. chokidar to 3.5.3. classnames to 2.3.2. cli-progress to 3.12.0. copy-to-clipboard to 3.3.3. dataloader to 2.2.2. diff to 5.1.0. express to 4.18.2. generate-password to 1.7.0. graphql-2-json-schema to 0.10.0. http-status-codes to 2.2.0. lodash-match-pattern to 2.3.1. micromatch to 4.0.5. mockserver-client to 5.15.0. moment-timezone to 0.5.43. nconf to 0.12.0. nodemailer to 6.9.2. nunjucks to 3.2.4. passport to 0.6.0. pg to 8.10.0. performant-array-to-tree to 1.11.0. prismjs to 1.29.0. prompt to 1.3.0. prompts to 2.4.2. recursive-readdir to 2.2.3. redux to 4.2.1. resolve to 1.22.2. semver to 7.5.1. simple-git to 3.18.0. unzipper to 0.10.14. uri-js to 4.4.1. vm2 to 3.9.19 and other dev dependencies. Removed aws-appsync and aws-xray-sdk. ioredis to 5.3.1.
  • UI

    • Updated: Updated new login logo and home page logo.
    • Updated: Turbot directory should be created in guardrails.turbot.com.
    • Updated: Turbot directory SSO login should be redirected to there respective guardrails domain.

Note

IAM change in this release:

  • Updated worker lambda to include SES SendEmail permissions.

What's new?

  • Rebrand to Turbot Guardrails CLI. We recommend using the new guardrails registries guardrails.turbot.com, guardrails.turbot-stg.com or guardrails.turbot-dev.com to publish a guardrails mod. To maintain compatibility, none of the existing commands have changed, your existing configuration and commands will continue to work as before.

What's new?

  • Policy Types:

    • Turbot > Workspace > Retention > Process Cache Retention.
  • Resource Types:

    • Smart Folders are now called Policy Packs.

Requirements

  • TE: 5.35.4

v1.10.0 of the Terraform Provider for Guardrails is now available.

Documentation

Rebrand to Turbot Guardrails provider. Resource and data source names in this provider have not changed to maintain compatibility. Existing templates will continue to work as-is without need to change anything.

What's new?

  • Fixed: Resource details are now correctly included when doing a csv download of the Resources Deleted by Turbot report.

Requires

Container Info

Bug fixes

  • Policy Types:
    • Improved pattern validation for slackWebhookUrl in Turbot > Notifications > Rule-Based Routing policy.

Requirements

  • TE: 5.35.4

What's new?

  • Added: Tagging details now included in CSV download for GCP Compute Engine VM Instances, Azure Compute Virtual Machines, Azure Compute Disks and EBS Volumes report.
  • Added: New filters for Turbot Files and Smart Folders in the resource browser.
  • Updated: Editing a Turbot File via the UI no longer requires the resource AKA to be specified.
  • Fixed: Resource deletion will no longer trigger an increase the count of active controls.

Requires

  • TEF v1.49.0

Container Info

What's new?

  • Added: Quick actions are now available for users that only have permission at the account level.
  • Fixed: The resource import page will now function correctly if the AWS mod is not installed.
  • Fixed: Resource deletion will no longer trigger an increase the count of active controls.

Requires

  • TEF v1.49.0

Container Info

What's new?

  • Added: Postgres version 14.6 and 14.7.

What's new?

  • Added: Ability to specify AKA when creating Turbot File.
  • Updated: Turbot explorer search will show results for Smart Folders and Turbot Files.
  • Fixed: Terraform stack control should not end in error if the data size for command is too large.
  • Fixed: Turbot actions will now be visible for users with grants at the cloud account level.

Enterprise

  • Updated: Added debug statements for createGrant mutations.

Requires

  • TEF v1.49.0

Container Info

Enterprise

  • Changed: Removed long debug statements from stack controls to improve performance of large stacks.
  • Added: Additional logging information emmited while preparing stack container.

Requires

  • TEF v1.49.0

Container Info

What's new?

  • Fixed: Smart retention controls are now a bit smarter.

Enterprise

  • Updated: Resource policy of Events SQS queues now require encryption in transit.
  • Updated: Resource policy of Events SNS topics now require encryption in transit.

Requires

  • TEF v1.49.0

Container Info

  • Ubuntu 22.04, jammy-20230425
  • Alpine: 3.18.0

What's new?

  • Added: debug statement for Smart Retention control.

Requires

  • TEF v1.49.0

Server

What's new?

  • Added support for version v5.10.0 of the Turbot IAM mod.
  • Fixed: Adding grants to group profile now works as expected.

Requires

  • TEF v1.49.0

What's new?

  • Added: New parameter that allows selection of the TLS policy for application load balancers.

What's new?

  • Added: Parameter to manage KMS Key for RDS Performance Insights.

What's new?

  • Updated: Accounts Summary Report now includes resource AKA(s) in the CSV output.
  • Updated: The Turbot auth token cookie SameSite configuration to strict.
  • Updated: The policy setting page to now render HTML content as string.

Enterprise

  • Added: Parameter for TLS Policy for ALB HTTPS Listener.
  • Added: Rate limits to the login directories APIs.

Requires

  • TEF v1.49.0

What's new?

  • Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.

What's new?

  • Added: AWS Lambda Functions report.
  • Updated: Turbot will now use AWS Terraform provider version 3.75.0 when Turbot > Stack Terraform Version [Default] is set to 0.15.*

Bug fixes

  • Fixed: Timestamp display in the console now updates correctly for recently deleted mods.
  • Fixed: When an Action fails due to cloud provider throttling, Turbot will now reschedule the control that triggered the action, those actions should now be more consistently applied under heavy loads.

Note AWS IAM permissions change in this release:

  • Updated: Worker Lambda to include Elasticache permissions to support the Turbot > Cache > Health Check control.
  • Updated: Hive Manager no longer manages the authentication configuration for ElastiCache. This responsibility has shifted to Turbot Guardrails Enterprise Database.

What's new?

  • Added: Parameter to modify Lambda trigger concurrency.

What's new?

  • Control Types:
    • Unused Turbot > Type Installed > Background Tasks is now removed

Requirements

  • TE: 5.35.4

What's new?

  • Added: New parameter for attaching a custom security group to each ECS host.
  • Added: New parameter for attaching a custom security group to the TE ALB. Requires TE > v5.40.0.
  • Added: Option added to enable IMDSv2 for ECS hosts.
  • Added: New parameters to specify the size and type of EBS volumes attached to ECS Hosts.
  • Added: New parameter to specify a port for outbound SMTP (if needed).
  • Updated: The db_pair security group now includes Elasticache rules, when Elasticache is enabled.

Deprecation

  • As a result of this change to the db_pair security group, the Elasticache cache_pair security group is no longer required. It will be removed in a future release.

Bug fixes

  • Fixed: Improved handling of HTTP "Too Many Requests" (429) errors.

Enterprise

  • Updated: TE Management Lambdas, and ECS Containers will be deployed with the NodeJS 16.x runtime. This change is independent of Mod Lambda runtime versions.
  • Added: If specified in TEF, a custom security group may be assigned to the TE ALB.

Requires

  • TEF v1.47.0

What's new?

  • Added: Parameter to modify Lambda trigger concurrency

Enterprise

  • Added: Parameter for Lambda trigger concurrency.

Requires TEF: v1.46.0 TED: v1.9.1

What's new?

  • Added: SSM parameter for events DLQ and worker retry reserved concurrency.

Bug fixes

  • Fixed: Issue that could prevent indexes from being recreated after being dropped.
  • Fixed: Issue with safeGet() function that could prevent reports from rendering in the UI.
  • Fixed: Ansible task and service now created correctly created for Ansible version 2.10.7.

Enterprise

  • Added: Support for trigger concurrency in worker and events lamda functions.

Requires TEF: v1.45.0 TED: v1.9.1

What's new?

  • New: Turbot's autoscale group configuration has switched from launch templates to launch configurations.
  • Added: Parameter to select Lambda function runtime version.
  • Added: Encryption in transit policy for SNS topics and SQS queues.
  • Updated: Changed EBS volume storage type to gp3.

What's new?

  • Fixed: Activity page should display alternatePersona in the actor field if available.

Bug fixes

  • Fixed: AWS EC2 Instance report now runs more reliably.
  • Updated: Improved the performance of the Activity page.

Enterprise

  • Added: Encryption in transit policy for SNS topics and SQS queues in the Turbot Master account.
  • Updated: Removed the deleted control historical records from control_usage table.
  • Updated: vm2 package to 3.9.11 in the ECS containers.

What's new?

  • Added: Support to import Azure China Cloud subscriptions.
  • Added: Support for Azure China Cloud endpoints.

Bug fixes

  • Updated: Increased reliability of policy value application when attaching a smartfolder.

Enterprise

  • Updated: Removed Xray configuration from Postgres pool, as it was not being used.
  • Updated: vm2 in main package.json updated to 3.9.11.
  • Updated: Maintenance container base image to node:14-alpine3.17.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: Support for Postgres versions: 13.8, 14.1, 14.2, 14.3, 14.4, 14.5.
  • Added: Support for Redis 7.0.
  • Added: Support for RDS gp3 disk types.

Bug fixes

  • Add role as a valid level to generate temporary credentials for roles.

Bug fixes

  • Updated: Query for resource notifications to improve performance when using the Activity sub-tab on the resource page.
  • Updated: Improved logic used to determine when to run maintenance control for stale policy values.
  • Updated: Mod install controlls will now use the standard worker queue instead of worker_priority queue to allow other actions to take priority during mod installs.

Enterprise

  • Updated: Updated Ubuntu vm2 package to version 3.9.11. to resolve CVE-2022-36067.
  • Updated: Message retetion period of events priority queue changed to 96 hours.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: support for TLS 1.2 for API Gateway

Bug fixes

  • Added: Btree aka index for akas_history and akas table. The Activity Tab should show improved performance.

Requires TEF: v1.42.1 TED: v1.9.1

Bug fixes

  • Fixed: Downloading the csv for EC2 > Instance > Report should not fail.

Enterprise

  • Added: ability to run async/callback in control's inline.
  • Added: Ability to move control to priority queue.
  • Updated: mute noisy log if unable to get process log data from S3.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: Postgres version 13.7 to RDS engine parameter.
  • Added: Tags to elasticache resources.

Bug fixes

  • Updated: Local Profiles and Group Profiles filter now use free text search instead of akas matches.
  • Updated: Installing a mod using the CLI now runs faster, reducing the likelyhood of a timeout.
  • Fixed: Quick actions menu will no longer show actions from child resources.

Enterprise

  • Added: Support for workspace URL in Turbot > Workspace > Workspace URL policy.

Requires TEF: v1.42.1 TED: v1.9.1

What's new?

  • Added: SSM parameter for Process Log Fallback Bucket.

Bug fixes

  • Fixed: Resolved issue where EC2 instance report would fail to run.
  • Fixed: Permissions summary report now works for users without permissions at the root level.

Enterprise

  • Added: allow an alternative process log bucket to be provided to read from an older bucket.
  • Updated: Ansible container base image to Ubuntu 22.10 (Kinetic Kudu)
  • Updated: Ansible version to 2.10.7
  • Updated: Docker base images of API and Factory to ubuntu 22.

Requires TEF: v1.42.1 TED: v1.9.1

Bug fixes

  • Fixed: Apollo UI behaves properly when setting backoff interval of an action.
  • Fixed: Actor display information will now fallback to unidentified if persona and identity are not available.
  • Updated: UI will now use the actor information of the process (if supplied) for Policy Setting CRUD operations.
  • Updated: Action runs now carry the identity of its launcher. This changes the way notifications are presented. Previously notifications from an action showed as Unidentified, now they will carry the identity of the launcher, most of the time this will be the Turbot identity unless the action is launched by a user from Turbot UI.

Enterprise

  • Updated: Linux Environment control to support version 3 of SELinux Python bindings

Enterprise

  • Updated: Improved Ansible container error handling

UI

  • Added: Mutation resolver for quick action and steampipe query in the developer tab.
  • Added: Add support to execute quick action via URL.

Enterprise

  • Fixed: Control type should only trigger the control if there is a change in graphql/inline/function.

What's new?

  • New Feature: Quick Actions
  • Updated: graphiql to 1.4.5

Quick Actions Quick Actions is a new feature that allows Turbot users to initaite specific (one time) control enforcements on their cloud environment via the Turbot UI. Cloud operations teams can use Quick Actions to remediate cloud configuration issues (e.g. enable encryption on a resource) or snooze Turbot alarms for issues that we want to come back to later. More details in the documentation. Quick actions will be rolling out across all supported cloud services in the coming months (based on your feedback); this initial release covers resources in the following AWS mods:

  • cloudtrail
  • ec2
  • kms
  • lambda
  • rds
  • s3
  • sns
  • sqs
  • vpc

Disabling the Quick Actions feature

  • Quick Actions use the permissions granted to the Turbot service user or cross-account role used to import your cloud service account into Turbot. Execution of quick actions will fail if the underlying role prevents those actions from occuring.

  • The Quick Actions feature is disabled by default, but can easily be enabled via the Turbot > Quick Actions > Enabled policy. If you would like to prevent lower level Turbot administrators from enabling Quick Actions for their cloud service accounts, then make sure you set Turbot > Quick Actions > Enabled to Disabled at the Turbot level using the Required option.

  • The policy Turbot > Quick Actions > Permission Levels offers fine-grained control over which Turbot permission levels are required to execute specific quick actions. These permission limits can be set globally and specific exceptions can be managed down to the individual cloud service account level.

Enterprise

  • Split package dependencies between Server and UI so they can use independent versions of GraphQL.

Bug fixes

  • CLI failed to download latest mod versions automatically for mods with version < 5.0.0.
  • turbot completion command was displayed twice on running turbot help.

Bug fixes

  • CLI failed to install dependencies for a mod with more than 26 dependencies.

What's new?

  • Added: new IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
  • Added: parameter for Worker Priority and Events Tick Lambda Reserved Concurrency.
  • Added: EC2 ECS host recycling using parameter.

Bug fixes

  • Fixed: ECS Rolling update.
  • Fixed: Condition of Foundation Key to prevent its creation if TEFKmsKey parameter value is specified.

There are IAM changes in this release:

  • New IAM permissions for Mod Lambda to publish messages to the Priority Events queue.
  • New IAM roles for ECS Rolling Update.

What's new?

  • Updated: GovCloud certificate to rds-ca-rsa4096-g1.

What's new?

  • Added: Parameter to limit the URL where the API Gateway Lambda can forward to. This should be a regular expression of valid workspace URLs.
  • Updated: TEF KMS Key parameter name changed to TEF KMS Key Arn.
  • Updated: Enforce HTTPS access for S3 buckets created by TEF.

What's new?

  • Updated: Enforce HTTPS access for S3 buckets created by TED.
  • Added: Postgres versions 11.12, 11.13, 11.14, 11.15, 12.7, 12.8, 12.9, 12.10, 13.3, 13.4, 13.5 and 13.6.

What's new?

  • Added: Parameter for Alb WAF option. (Default is disabled)
  • Added: Parameter for Mods Cleanup.

What's new?

  • Updated: Moved management of the Elasticache user group to CloudFormation instead of the Hive Manager lambda. It is no longer necessary to update the Redis access control groups after making changes to the Redis cluster.

1.30.0 [2022-03-01]

What's new?

  • Updated: Elasticache now uses the db_pair security group from TEF 1.47.0.
  • Fixed: The Cloudformation Hive custom resource used to depend on Elasticache when it shouldn't have in environments without Elasticache deployed.

Deprecation

  • As a result of this change to the db_pair security group, the Elasticache cache_pair security group is no longer required. It will be removed in a future release.

Requirements

  • TEF v1.47.0

What's new?

  • Added: Parameters for Api and Events Container Scaling metrics, and threshold values for CPU Utilization.
  • Added: Parameter to allow import of Foundation KMS Key.
  • Updated: Set DeletionPolicy of FoundationKey to Retain.

What's new?

  • Added: Parameters for ECS Factory Task hard limit and soft limit on memory.

Warning

  • There are IAM changes in this release.

What's new?

  • Updated: Condition for HiveManagerExecutionRole.
  • Updated: TurbotParameters and TurbotSnsSqsPolicyParameterLambda to include variables for Proxy setting.
  • Removed: MskManagerExecutionRole role from custom iam role template.

What's new?

  • Added: Postgres version 13.5 to RDS engine parameter.
  • Fixed: Replication group setting to enable Data Tiering for r6gd node type.

What's new?

  • Added: Postgres version 12.11 and 12.12.
  • Updated: PerformanceInsights description.
  • Updated: Default storage type to gp3. More info on using gp3
  • Updated: Hive custom resource depends on to include Elasticache cluster and parameter group and add ParameterDeploymentTrigger.

What's new?

  • Added: r6gd node type option for Elasticache.

What's new?

  • Updated: Backup Service Role to include kms Grant permissions for CopyDBSnapshot operation.

What's new?

  • Updated: Backup Service Role to include kms permissions.

What's new?

  • Added: VPC Endpoint for s3 to reduce NAT Gateway cost.
  • Updated: API and Events container scaling by replacing hardcoded values with parameters.
  • Updated: Outbound, Api and Database security groups so that they are created for Predefined VPC if custom security groups are not mentioned.
  • Updated: default value of LogRetentionDays parameter changed to 180.

What's new?

  • Added: Postgres version 13.3, 13.4 to RDS engine parameter.
  • Fixed: Cloudwatch alarms to use correct db identifier when hive name has _ in it.
  • Updated: Default database system backup to 7 days.
  • Updated: AWS Backup Service role to allow copying of RDS snapshots.
  • Updated: Cloudwatch alarms for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage for multi-node architectures.
  • Updated: Dashboard to move read-replica stats to right axis and that of primary to the left.
  • Updated: Dashboard to add Total IOPS metrics.

Warning

  • There are IAM changes in this release for the turbot_policy_parameter.

Bug fixes

  • TE Build ID was misconfigured causing TEF to build unsuccessfully, this has now been corrected and TEF builds as expected.

What's new?

  • Minimum DB size is now 50GB, default size is 200GB.

Requirements

  • TEF v1.31.2

Warning

  • There are IAM changes in this release for the turbot_policy_parameter.

What's new?

  • Turbot Security Group is added and includes rules for Ansible and LDAP. The security group is intended for additional rules to be added under feature flags. Note: the existing LDAP and Ansible security groups will remain for older TE versions.
  • Dashboard for ECS Cluster metrics is now added.
  • Autoscaling parameters were added for the Events Service.
  • ElastiCache Security Groups and Subnet Groups are now added to the overrides template.
  • TEF Workspace Manager now prevents users from changing the workspace name.
  • OSGuardrail parameter location from Advanced - OS Guardrails to Advanced - Deployment Group.
  • turbot_parameters and turbot_policy_parameter lambda functions now include VPC config.
  • turbot_policy_parameter IAM Role now includes EC2 network interfaces policy.
  • Improved input validation to not allow blank values.

What's new?

  • CloudWatch Alarms and Dashboards are added for ElastiCache SwapUsage and DatabaseMemoryUsagePercentage.
  • ElastiCache Instance Type can now be specified in the template.
  • Read replica parameter default is now set to false.

Requirements

  • TEF v1.31.2

What's new?

  • DB parameter group support for 11.10, 11.11, 12.6 and 13.2.
  • Postgres version 13.2 is now the default selection.

Requirements

  • TEF v1.31.2

What's new?

  • Shared_buffers parameter added for DB parameter group.
  • Postgres version 13.1 is now the default selection.
  • Postgres wal_keep_size default size is now 2048 (RDS Postgres default).
  • Turbot database default size is now 250GB.
  • Storage autoscale threshold default is now 1TB. For new TED installations only!

Requirements

  • TEF v1.31.2

Bug fixes

  • Invalid module reference fixed - this was causing turbot template build to fail.

Bug fixes

  • template build was loading the lock-file from the base branch to determine the current template version. When using a work-in-progress (wip) branch, this could lead to identifying an incorrect current version, leading to rebasing errors. Fix by loading the lock file from the wip branch.

What's new?

  • S3 bucket lifecycle rule added to the mods processing log bucket.
  • Optional AWS Security Group added to be used for connecting to LDAP server.
  • S3 inventory reports will no longer generate in the TEF Process Logs bucket.
  • Updated process log bucket lifecycle configurations to remove /debug/ rules.
  • Runtime has been updated to Node 14 for all Turbot Core deployed Lambda functions.

What's new?

  • Postgres version 13.1. For new TED installations only!
  • ElastiCache replication groups now support multi nodes.cluster mode.

Bug fixes

  • Hive Log Bucket lifecycle configurations now delete all objects.

Requirements

  • TEF v1.31.2

Bug fixes

  • Dependency issue with the HiveKey.

Requirements

  • TEF v1.31.2

What's new?

  • OSGuardrails feature flag, adding security groups and SSM parameters as required.
  • HealthCheckProxyLambda runtime updated from 2.7 to 3.8.

What's new?

  • Postgres version 12.5. For new TED installations only!
  • Parameter Group support for both 11.x and 12.x.

Bug fixes

  • Cache cluster parameter passed to Hive Manager should also convert underscore to hyphen.
  • Allow default encryption for ElastiCache for use in GovCloud (which does not support CMK).

Requirements

  • TEF v1.31.2

Bug fixes

  • Fixed CLI packaging error required for proper v1.28.0 installation.

Bug fixes

  • turbot template build now cleans up branches after a rebase failure.

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Fix and republish a corrupt portfolio build artifact.

Bug fixes

  • AWS Backup Vault name format issue.

Requirements

  • TEF v1.31.2

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Hive Manager should convert underscore to hyphen when creating Redis group (from TE).

Warning

  • IAM permissions updated in v1.31.0.

Bug fixes

  • Hive Manager should convert underscore to hyphen when creating Redis user (from TE).

Bug fixes

  • ElastiCache Redis cluster name should convert underscores to hyphens.

Requirements

  • TEF v1.31.2

Warning

  • IAM permissions updated.

What's new?

  • ElastiCache Redis is now enabled by default.
  • Parameters - Mod Lambda function limits.
  • Parameters - Worker Lambda configuration, allowing reuse across TE versions.
  • CloudWatch Alarms for SQS ApproximateAgeOfOldestMessage.

What's new?

  • ElastiCache Redis is now enabled by default.

Bug fixes

  • Postgres 11.9 is now available for the read replica as well.
  • ElastiCache Redis cluster should be created with the hive name rather than just resource name prefix.
  • AWS Backup Vault deletion policy is now set to retain.

Requirements

  • TEF v1.31.2

What's new?

  • turbot template build --rebase command now cleans up the work in progress branch if the template render fails.

Bug fixes

  • turbot template build --rebase command was failing to re-apply manual changes.
  • turbot template build --fleet-mode would stop building all branches if a single one failed.

Bug fixes

  • Fixed: Code of s3BucketArnLambda to fix s3 permission.

What's new?

  • Hive Manager and Workspace Manager runtime updated to node 12.

Bug fixes

  • Install Hive Manager in all regions, not just the Alpha region.

What's new?

  • Added latest RDS DB instance types.
  • Experimental ElastiCache: Configure use of Redis 6.x Access Control Lists.
  • Experimental ElastiCache: Also install Hive Manager in the replica region, for Redis management.

Requirements

  • TEF v1.30.0

Warning

  • IAM permissions updated.

What's new?

  • New turbot_transient KMS key specifically used for encryption of transient data (e.g. SNS, SQS).
  • Tightened IAM access policies to Turbot's own S3 buckets.
  • Hive Manager is now permitted IAM access to manage ElastiCache.
  • Added ListBucket permission to WorkspaceManager role so head object calls will return 404 instead of 403.

Bug fixes

  • Event Proxy Lambda must be installed in the subnet where Load Balancers are installed (by TE).

What's new?

  • turbot compose (used by all CLI commands that compose mods) now omits the releaseNotes field from turbot.head.json. It is still included in turbot.dist.json.
  • turbot template has a new --unchanged-issue <issue_id> argument. When a template build operation commits changes to git, if no files have actually changed then the commit message will use this issue instead of the normal --issue <issue_id> field. The commit message will also specify "no changes".

What's new?

  • turbot publish has a new --timeout <secs> argument to customize the publish timeout. The default has been increased to 2 minutes.
  • Use turbot template build --issue 1234 --close-issue will set the commit message to close the issue.

Bug fixes

  • turbot test should not fail with the the error TypeError: tmod.parse is not a function.

Warning

  • IAM permissions updated.

What's new?

  • Further refined our IAM permissions for S3 bucket access, with a focus on removing more wildcards. It was already good, but now it's better.

Bug fixes

  • Made the ElastiCache network infrastructure optional through Development Mode. It was harmless, but not necessary unless ElastiCache is enabled in TED.
  • Moved policy parameter role into the IAM stacks, where it belongs.

Bug fixes

  • Databases should never automatically upgrade their minor or major versions. Doing so takes the database out of sync with the CloudFormation stack, leading to upgrade rollbacks. We've deliberately removed these options and set the auto-update to false.

Requirements

  • TEF v1.25.0

Bug fixes

  • turbot template build --patch --push-instance-root command failed to push changes to the wip branch.

What's new?

  • Changes to the Turbot audit trail log group in v1.14.0 forced a name change, which is difficult for customers with integrations. This version removes that requirement, so existing installs keep their original log group name.

Bug fixes

  • Required TEF version dropped back down to TEF v1.25.0. v1.27.0 is only required if you are setting up the experimental ElastiCache features.

Requirements

  • TEF v1.25.0

What's new?

  • Reclaimed the ECSDesiredInstanceCount parameter, which now defaults to using ECSMinInstanceCount instead. This frees up a precious parameter slot for other options.
  • Added the DevelopmentMode parameter for internal use, which groups options like using the latest container image (instead of cached).
  • For environments with ElastiCache enabled in TED, cache subnet group and security groups have been added.

What's new?

  • The deletion policy for the DB Parameter Group is now set to Retain.
  • New installations will now add the stack ID to the audit trail log group, making it easier to re-install TED multiple times in testing / setup.
  • New ExperimentalFeatures flag, allowing gradual introduction of new capabilities. The first one is installation of ElastiCache preparing for future use in TE.

Requirements

  • TEF v1.27.0

Bug fixes

  • turbot pack and turbot publish were failing to run pre-pack script when --dir arg is used.

Bug fixes

  • turbot inspect should give a clear error message for invalid templates.

Bug fixes

  • turbot inspect --format changelog should properly escape CSV fields with commas.

Bug fixes

  • Error handling in workspace pre-install checker.

Bug fixes

  • Error handling in workspace pre-install checker.

Bug fixes

  • ECS Agent should attempt to use the locally cached image, which dramatically reduces disk IO and download bandwidth.
  • Upgrade via CloudFormation had a race condition in our custom resource Lambda functions that could be triggered when doing a large number of upgrades or rollbacks in parallel.

Bug fixes

  • When a custom outbound access security group is specified in the TEF template do not create the {prefix}_outbound_internet_security_group or the {prefix}_{version}_outbound_internet_security_group.

What's new?

  • Ability to restrict SNS topic and SQS queue access based on Organization Id.
  • Added: support to restrict access to SNS topic and SQS queue based on the Organization Id.

Requirements

  • TEF v1.25.0

What's new?

  • Added: Encryption to SNS Topic for Dashboard.
  • Updated: TED Stack - changed R/W IOPS metrics from line to stacked area, changed Transaction ID Wraparound Monitor threshold to 2 billion.
  • Fixed: Description and Typo (Duraction to Duration, Actiond to Action).

Requirements

  • TEF v1.22.1

What's new?

  • turbot install - checks if a compatible version of each dependency is already installed. If so, it is does not install from the registry unless there is a newer version available.
  • turbot template build --rebase rebuilds templates while using rebase to better merge and preserve custom changes to the rendered files since the last build.

What's new?

  • Show a progress bar during long running operations.

Warning

  • IAM permissions updated.

Bug fixes

  • The (optional) API Gateway to proxy external events to the internal Turbot load balancer was returning error codes (5xx) all queries even though it worked successfully. This could lead to retries of the message (which were not processed due to our duplicate detection). Errors in both the event handler and the health check have been cleared.

What's new?

  • Improved error messages for failed queries like authentication, network connectivity, etc.
  • Update credentials precedence to prioritise specific credentials (key, secretKey and workspace) over profile.

Bug fixes

  • turbot configure fails when no command line credentials arguments are given but they set in environment
  • turbot workspace list should ignore TURBOT_PROFILE env var and only filter profiles if one is given in command line.
  • turbot download should fall back to use the production registry if the user is not logged in.

Bug fixes

  • Exceptions from the pre-pack script in turbot pack were not caught and reported correctly.

What's new?

  • Improved error messages for turbot pack, turbot up and turbot publish for faster troubleshooting.

Bug fixes

  • turbot graphql queries for control, policy-value, etc were not properly handling the --resource-id and --resource-aka arguments.

Bug fixes

  • turbot configure was failing for some Windows users when used in interactive mode.

What's new?

  • Updated Workspace Manager permissions for SSM policy lookups and reading S3 data for access to the TE workspace manager Lambda results.

Bug fixes

  • turbot configure was always failing validation when using interactive mode to enter credentials.

Bug fixes

  • turbot install [mod] was not working. You can now install specific mods as expected.

What's new?

  • Use turbot install [mod[@version]] to install a specific mod as a local dependency.
  • Credentials passed to turbot workspace configure are now validated before saving, so you can be confident they are good to go.

What's new?

  • Use turbot workspace list to see a list of your currently configured workspaces.
  • turbot workspace configure added, with the same behavior as turbot configure.

Bug fixes

  • turbot test was failing for some GCP controls due to an update in the GCP auth library package. This has been fixed.

Bug fixes

  • As part of preparing for connection pooling, the hive manager included steps to initialize multiple database roles. These are not yet in use so have been removed.

What's new?

  • As part of preparing for connection pooling, the hive manager included steps to initialize multiple database roles. These are not yet in use so have been removed.

Requirements

  • TEF v1.22.1

What's new?

  • The default browser facing security group (used by the load balancer) is now open on port 80, so HTTP traffic can be automatically redirected to HTTPS at the load balancer level.
  • Expanded EC2 instance type options, and changed the default to t3.medium.
  • Changed the default maximum limit for ECS hosts from 64 to a more sensible, but still generous, 8.
  • Further restricted permissions to EC2 hosts, limiting the accessible resources as much as possible.

What's new?

  • Introducing a new parameter model in TEF, allowing parameter "overrides" to be optionally set in SSM. Turbot creates default parameters, but will automatically detect any overrides you create during the stack run. This allows us to expand beyond the 60 parameter limit of CloudFormation.
  • Each Turbot version installs minimal IAM policies and roles specific to its requirements. Some customers prefer more control over IAM management, so we now support BYO-IAM with parameters for all IAM entities required in the Turbot primary account.
  • Added parameters to optionally set the ALB Log Prefix and ALB Idle Timeout.
  • TEF will now perform a rolling update of the EC2 hosts if required due to launch configuration changes, ensuring no downtime during upgrades.
  • Allow preinstall check Lambda function to use VPC from non-VPC setting.

What's new?

  • Parameter groups created in GovCloud do not support newer parameters, unless a new parameter group is created (Note: AWS Commerical accounts were not affected by this). This blocks some existing customers from upgrading their TED stack. Because parameter group changes require a reboot (downtime), and most customers do not require this change, we've made it an optional parameter in the stack to force the change as required.
  • Default storage allocation for new installs is now 1TB (up from 100GB).

Requirements

  • TEF v1.19.1

What's new?

  • Added 169.254.170.2 to the default NO_PROXY parameter. This is required for stack containers to execute in some proxy environments.

Bug fixes

  • turbot install was attempting to install the latest version, which would fail if that version was not available or recommended. It will now install the latest recommended version, or if none are recommended, the latest available version.

Bug fixes

  • Network Interface permissions added in v1.19.0 are low risk, but have been tightened further to only be granted in environments running Lambda inside the VPC.

Bug fixes

  • v1.9.0 introduced a mix of names between preinstall and preinstallation which felt messy. This patch release brought to you by our clean up crew.

Requirements

  • TEF v1.19.1

What's new?

  • TED and TE are being enhanced to automatically check that their required versions of TEF and TED are installed. The Lambda function they use for that check (custom resource during the CloudFormation stack run) is deployed in TEF, and added in this release.
  • Turbot Guardrails Enterprise uses a lot of Lambda functions to execute mod code. For organizations who prefer more visibility into network traffic, we're adding support to run these functions inside the VPC. This version of TEF expands the IAM permissions granted to Lambda functions with the minimum required to attach Network Interface cards.

What's new?

  • TED now automatically checks the required TEF version is installed. If not, the TED stack will automatically rollback allowing you to upgrade TEF first.

Requirements

  • TEF v1.19.1

What's new?

  • Flags parameter now has validation rules and defaults to NONE (CloudFormation does not like empty string defaults for SSM parameters).

What's new?

  • Flags parameter will allow features to be enabled or disabled at the installation level giving us more flexibility to innovate and gradually deploy features.

Warning

  • The default for TrackFunctions in v1.7.0 was pl. Consider changing this to none (the new, more common, default in v1.8.0) if you don't require that tracking.

What's new?

  • Process log data collected by Turbot is being moved into TED level management. This better aligns with our model of data separation and encryption. This version adds S3 buckets with encryption and lifecycle rules to start accepting that (and other future) data.
  • If the master password is an empty string then Turbot will reset it automatically when required. The default was previously blank, requiring the parameter to be set (even if to empty string). This was difficult to understand and implement for those automating TED configuration. We now default to the empty string.
  • Added new DB instance size option of m5.8xlarge.

Bug fixes

  • Resource names related to metric collection, alarms and dashboards have been updated to use the ResourceName prefix. This aligns them with all other TED resources and makes it easier to track or target them with local rules.

What's new?

  • Moved to ECS optimized Amazon Linux 2 as our host OS for containers. (Previously we used ECS optimized Amazon Linux 1.)
  • Expanded proxy server support, particularly through the ECS bootstrap sequence. We now support HTTP and HTTPS requests being routed to a http:// proxy for all traffic - no need for endpoints or similar in any case. (We do not yet support custom certificates and https:// proxies.)
  • TEF now publishes an SSM parameter with the currently installed version, which will be used in the future to check version compatibility during TED and TE upgrades.

Bug fixes

  • The build of v1.17.1 was not properly published, leading to confusion and mixed installs. This release is identical, but properly distributed.

Bug fixes

  • Remove the explicit default value for force-recommended as this causes issues when using the yargs conflicts parameter.

What's new?

  • Mod authors often want to set their new version as RECOMMENDED in the registry, telling users it's the best choice. Use turbot publish --force-recommended and turbot modify --force-recommended to mark this version as RECOMMENDED and set all currently recommended versions to AVAILABLE.

Bug fixes

  • turbot test was showing incorrect test data validation errors, due to a graphql schema change that had not been handled by the CLI.

What's new?

  • Allow Self-Signed Certificate parameter, instructing Turbot to ignore certificate errors when connecting to external services - for example - enterprise environments with an outbound internet proxy.
  • S3 bucket inventory has been enabled, setting us up for future batch operations on collections of log files.
  • Updated lifecycle rules to clean deleted versions of debug logs and match changes to the prefix of log files.

What's new?

  • Added a "connectivity test" lambda function, making it easier to verify that an environment has the necessary network setup. Run ${ResourceNamePrefix}_connectivity_checker manually to test.
  • Improved descriptions for the Installation Domain and Turbot Certificate ARN parameters.

What's new?

  • turbot inspect now enforces valid semantic versions in mod version numbers. We admire your creativity, but encourage you to express it elsewhere.

Bug fixes

  • Fixed turbot up --zip, which broke during a dependency update.

What's new?

  • Turbot License Key has been added as a (currently optional) parameter.

Bug fixes

  • turbot login was failing if the ~/.config folder did not exist.
  • turbot template build was always expecting a wip-* instance branch to exist. It's now correctly limited to runs where --use-instance-root-branch is passed.

What's new?

  • Proxy support via the HTTPS_PROXY environment variable. Login, install mods and publish to our registry all via your favorite proxy. (Provided it's a http:// proxy, we don't support https:// yet.)

What's new?

  • Updates Hive Manager, which includes the ability to convert ownership of database schemas. This is part of a longer term effort to move database ownership to specific turbot roles, reducing our use of the master account.

What's new?

  • Parameters to set rds.force_admin_logging_level and track_functions,
  • Add CloudWatch alarms for DB connections, CPU utilization and free storage alerts.
  • Added t2.medium and t2.large instance class options, useful in test or dev environments.

What's new?

  • Manage published mods in the registry from the CLI, including their status and description. For example turbot registry modify --mod "@turbot/aws" --mod-version "5.0.0" --status RECOMMENDED --description "updated description".
  • Usually a newly published version should be the recommended one. So now you can do that automatically during turbot publish using the --status RECOMMENDED flag.
  • turbot template build now supports instance root branch names with a random suffix, following the naming convention: wip/<instance root name>/*. We've found scheme much more effective at scale.
  • We now automatically include RELEASE_NOTES.md as well as CHANGELOG.md when building a mod. Release notes are intended for users while a changelog is intended for developers or others obsessed over details.
  • turbot test validates input query, but only works for a single query (not for the more advanced array of queries syntax). Previously the test would always fail for an array of queries, so we're now skipping the test in these cases until it can be fully supported.

Bug fixes

  • turbot publish --dir <mod folder> did not work if run outside the mod folder - the function zips were not correctly created.

What's new?_

  • Registry login using turbot login (and similar) now requires both --username and --password or neither. They just can't live without each other.

Bug fixes

  • turbot template build --patch command was failing without running the git command.

Bug fixes

  • EC2 instances used for ECS should have AssociatePublicIpAddress set to false. This is a defence improvement since our EC2 instances are run in a private VPC so were not publically accessible anyway.

What's new?

  • Cleanup IAM roles to use _ consistently in names (instead of mixing _ and - together).

What's new?

  • Some organizations need to use a self-signed certificate for their ALB. This would fail a certificate check when also using our API Gateway proxy. Use the Self Signed Certificate In ALB parameter to ignore these certificate errors.

Bug fixes

  • The IAM role used for ECS EC2 instances is now named consistently with our other IAM roles.

Warning

  • Existing TEF installations must install v1.9.0 before upgrading to v1.10.0. This sequence will automatically preserve and transition parameter settings for S3 bucket names as we move from fixed names to randomized names by default for new installations.

What's new?

  • Log and process buckets now use a partly random name by default, making new installations smoother and easier to troubleshoot.

What's new?

  • Optionally use a random name for log and process log buckets, making repeated install and uninstall easier.
  • Log buckets will now be retained on deletion of the TEF stack.

Bug fixes

  • The SNS topic name for CPU alarms was not consistent with our other resources. Now it is.

What's new?

  • Setup an S3 bucket to store process logs, including lifecycle rules to cleanup debug logs.

What's new?

  • Alarm levels defined in the dashboard for CPU utilization and free storage, making problem levels clearer.
  • Dashboard charts are now zero based, as any statistician will tell you they should be.
  • SNS topic publishing CPU alarms, making it easy to subscribe for alerts.

What's new?

  • In turbot compose the +schema directive can now map from openApi format schema to valid JSON schema.

Bug fixes

  • turbot template build fleet operations were failing due to an error displaying the summary. This has been fixed.

What's new?

  • Turbot Hive Manager lambda now has permission to create encrypted SSM parameters, required by TED v1.5.0.

Warning

  • Requires TEF v1.7.0 or later.

What's new?

  • Parameter to set the maintenance window.
  • Parameter to set a Customer Managed Key for encryption.
  • Parameter to set the turbot master password. If blank, the master password is automatically reset.

Bug fixes

  • Auto scaling of storage for the read replicas outside the primary region.

What's new?

  • Use turbot test to check GraphQL mutations (e.g. updatePolicySetting) are called as expected from controls.
  • turbot compose no longer errors when a glob matches no source files.

Warning

  • Security access from the load balancer to ECS has changed from requiring port 8443 to requiring the full high port range of 32768-65535. This allows us to run ECS in bridge mode and efficiently reuse IP addresses across Turbot core containers.

  • The outbound security group now allows port 80 outbound by default. This makes cloud-init in the ECS optimized image run much faster than only providing port 443 outbound.

  • If you are upgrading from a previous TEF version, you will need to make the modifications listed below:

    • Add ports 32768-65535 to the Load Balancer Security Group OUTBOUND to the API Security Group

    • Add ports 32768-65535 to the API Security Group INBOUND from the Load Balancer Security Group

    • Add port 80 to the Outbound Internet Security Group OUTBOUND to 0.0.0.0/0

What's new?

  • Use ECS on EC2 (instead of Fargate) to accelerate container startup time (particularly for stacks), increase cost efficiency at scale, and prepare for wider container use at the core level.

What's new?

  • Workspace manager creation of turbot.com directories updated to use a server name (instead of a phase).

What's new?

  • Use turbot test to check GraphQL mutations (e.g. updatePolicySetting) are called as expected from controls.
  • turbot compose no longer errors when a glob matches no source files.

What's new?

  • A new directive, +schema has been added for turbot compose. This allows you to include a specific item from a schema file, including all definitions which are referenced.
  • turbot template build will now run even if there are changes on the local branch, if neither the --use-fleet-branch or --use-instance-root-branch arguments are set. This is useful when running building templates for the first time with local config updated but not committed.

What's new?

  • turbot inspect --format changelog now includes the uri of each control, policy, resource and action item.

Bug fixes

  • turbot up was broken in 1.7.0. This has been fixed.
  • turbot pack and turbot publish had to be run out of the target mod directory. They can now be run out of any directory by passing the --dir flag.

What's new?

  • turbot aws credentials now supports --aws-profile <aws_profile>, --profile <turbot_profile> and --access-key <turbot_access_key> --secret-key <turbot_secret_key> combinations.

Bug fixes

  • turbot test was doing type coercion of input data before validation. It now expects correct types to be passed, matching the behavior of the Turbot server.

Bug fixes

  • Auto scaling of storage for the primary read replica.

What's new?

  • Use --no-color to simplify the output of any command. Sometimes less is more.
  • turbot template build --git --branch <branch-name> allows you to specify the branch the build operations will be committed onto.
  • turbot template build no longer supports the --config flag. Use template.yml files instead.

Bug fixes

  • turbot install was not downloading files. Now it does.
  • turbot template build was creating template.yml files for every template instance. This is noisy and defeats the value of template inheritence, so has been stopped.

Bug fixes

  • turbot template build --git should checkout the original git branch at the end of the build. Broken in v1.5.0

What's new?

  • turbot template build --git now skips instances without a template-lock file, which cannot be resolved anyway.

Bug fixes

  • turbot up and turbot publish were stalling for large mods.

Bug fixes

  • turbot template build --git should checkout the original git branch at the end of the build. Broken in v1.4.0.

What’s new?

  • Clearer reporting of errors when running turbot template build.
  • turbot template build --fleet-mode now defaults to update, which is almost always the right choice.
  • When running turbot template build --git it is no longer necessary to specify a base git branch, it sensibly assumes you want to use the current branch.
  • Use turbot pack --zip-file awesome.zip to output mods with any name you prefer.

Bug fixes

  • turbot template outdated fixed to work with specific template definition directories.
  • Only save successful template operations to the branch when using turbot template build --git. Previously we were polluting that goodness with failures as well.
  • Limit template-lock.yml to data that is absolutely necessary, removing noise from change logs.
  • Disabled turbot template update. Please use turbot template build instead, as you probably already were.

What's new?

  • turbot inspect --output-format will now accept either a file path to the template or the template string directly.
  • Clearer output of the actions taken when running turbot template build.
  • Automatic code merging when doing updates with turbot template build will now merge successful changes onto a single branch and write failed patches to the filesystem for easier review.

What's new?

  • Support customization of parameters for max_connections, deadlock_timeout, idle_in_transaction_session_timeout and statement_timeout.

What's new?

  • Added a lifecycle rule to automatically delete temporary data from S3.

What's new?

  • Reduced scope of permissions granted to custom mod Lambda functions. These add extra levels of protection and take effect as mods are installed or updated in Turbot v5.5.0 or later.

Bug fixes

  • turbot template build has a special case "provider" field in the render context. Long term it will be removed. Short term, it should not break for vendor level mods like @turbot/aws or @turbot/linux.

What's new?

  • Instance Type for Replica DB will now default to Same as Primary DB, which is a lot easier than having to set and maintain it manually when most of the time they are the same anyway.
  • Choose a custom master username during install.

What's new?

  • View and confirm turbot template build actions before they happen. (Add --yes to keep the previous behavior.)
  • Easily review success and failure after running turbot template build across many instances.

Bug fixes

  • turbot download will now give up gracefully on failed downloads, relieving it of an eternity of failed retries.

What's new?

  • Option to configure AWS Backup with daily, weekly and/or monthly snapshots of the primary database.
  • Add Postgres v11.9 to supported versions list.
  • CloudWatch Alarms added for freeable memory, read replica CPU and queue depth.
  • RDS disk burst balance metrics added to TED dashboard.
  • Elasticache metrics added to TED dashboard.
  • Improve text and limit for Transaction ID Wraparound in TED dashboard.

Requirements

  • TEF v1.30.0

What's new?

  • Publish the alpha region as an SSM parameter so it can be used as a default in other areas - like TED's default location for the primary DB.

Warning

  • Requires TEF v1.2.0 or later.
  • The parameter Instance Type for Replica DB is new and must be set during upgrade. (Note: Fixed in v1.3.0 to use Same as Primary DB by default.)

What's new?

  • The Turbot Audit Trail is stored in a CloudWatch Log group managed in TED. It will now be retained if the TED stack is deleted, avoiding loss of audit trail data in that rare scenario.
  • Easily configure auto-scaling of the database storage up to a maximum value.
  • Read replicas can now have a different instance class to the primary. Typically they have a lower load level, so we've added flexibility to optimize costs.
  • Default to using the alpha region (as defined in TEF) for primary DB install.

Bug fixes

  • Fix turbot template build crash added by v1.1.0.

What’s new?

  • Use turbot aws credentials --account 123456789012 --profile my-account to generate and save temporary AWS credentials into your local AWS profile. Easily work across many AWS accounts using your single Turbot profile.
  • Filter turbot template build to target all instances of a specific template, which is great when you are in the process of converting code to use the template (some code in template management, some still custom).

Bug fixes

  • turbot test was broken in v1.0.4 due to a missing dependency. Life is better with friends.

Bug fixes

  • The Hive Manager and Workspace Manager lambda functions used during the workspace upgrade process were not properly connecting to the database using SSL during initial workspace creation (they were during upgrades). Our change to force SSL on the database in TED revealed this issue, which is now fixed.

Bug fixes

  • Expanded the list of database instance classes available during install to include older generations (e.g. m3) which are required for AWS us-gov-west-1.
  • Added the AWS RDS 2017 certificate as an option, since it's uniquely used and required in Gov Cloud installs.

What's new?

  • TEF version is now published as an output parameter in CloudFormation. (We'd rather that Service Catalog showed this automatically, but there is an AWS quirk that breaks that feature when Service Catalog versions are published using CloudFormation.)
  • Workspace upgrades may now take up to 15 minutes before timing out. This allows us to run larger data migration jobs during the upgrade process. (Don't worry, we design these to be background tasks that don't affect availability during the upgrade.)
  • Custom security groups are published as SSM parameters allowing them to be leveraged by the Turbot Guardrails Enterprise CloudFormation stacks to override per-version default security groups.

Bug fixes

  • GovCloud installations require conditions in IAM to match the correct partition arn:aws-us-gov:.

Warning

  • The AWS RDS certificate change requires a database reboot. This may cause a brief impact on availability. Please schedule this change for a suitable window.

What's new?

  • SSL is now required by default for all connections to the database. We used SSL anyway, but now we enforce it at the DB level as an extra precaution.
  • Upgrade database instances to the AWS RDS 2019 root certificate (their 2015 certificate is expiring soon).

Bug fixes

  • turbot template should allow rendering of the filename as well as folder names, e.g. src/{{instance}}/resource/types/{{instance}}.yml.

Bug fixes

  • test.options are useful, but not required, so turbot test should not crash if they are not set for a test.

Bug fixes

  • Registry name validation should work for valid registries like turbot.com.
  • turbot test has a test.awsProfile field to set the AWS profile to use when running tests locally. This has been moved into the generic, customizable test.options.awsProile location since it's relevant to AWS mods specifically rather than a core feature of Turbot.

What's new?

  • Initial version.
  • CloudFormation design for deployment via Service Catalog.
  • Foundation components: KMS keys, IAM roles, Log groups & buckets.
  • Network configuration with up to 3 tiers (public, turbot, database) across 3 availability zones in 3 regions.
  • Automated VPC peering setup across regions.
  • Subnet Groups and Security Groups for database and cache services.
  • Optional gateway proxy for external event handling with an internal installation.
  • Optional BYO network parameters for complex or pre-existing environments.

Bug fixes

  • The default registry is now turbot.com. Other development registries have been cleaned up to reduce noise.
  • Cleaned up available commands and their descriptions.

What's new?

  • Easily manage Turbot credentials and profiles.
  • Run graphql commands in scripts.
  • Install and inspect mods.
  • Build, compose & test Turbot mods.
  • Upload mods to Turbot for internal testing or use.
  • Publish mods to the Turbot registry for public sharing.
  • Use templates to accelerate the development of mods.

What's new?

  • Initial version.
  • CloudFormation design for deployment via Service Catalog.
  • CloudFormation stack per hive (physical shard).
  • Postgres design with primary, failover and regional read replicas.
  • Encryption at rest for all data.
  • Custom Resource for automatic database hive configuration.