What's new?

• Resource's metadata will now also include createdBy details in Guardrails CMDB.

Bug fixes

• The AWS > VPC > VPC > Flow Logging control would sometimes fail to update flow logs if the Max Aggregation Interval in the stack's source policy was updated. This is fixed and the stack control will now update such resources correctly, as expected.

What's new?

• Users can now configure the maximum aggregation interval in the AWS > VPC > VPC > Flow Logging control. To get started, set the AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval policy and/or AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval policy.

Policy Types

• AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval
• AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval

Resource Types

• Azure > SQL > Managed Instance

Control Types

• Azure > SQL > Managed Instance > Active
• Azure > SQL > Managed Instance > Approved
• Azure > SQL > Managed Instance > CMDB
• Azure > SQL > Managed Instance > Discovery
• Azure > SQL > Managed Instance > Tags

Policy Types

• Azure > SQL > Managed Instance > Active
• Azure > SQL > Managed Instance > Active > Age
• Azure > SQL > Managed Instance > Active > Last Modified
• Azure > SQL > Managed Instance > Approved
• Azure > SQL > Managed Instance > Approved > Custom
• Azure > SQL > Managed Instance > Approved > Regions
• Azure > SQL > Managed Instance > Approved > Usage
• Azure > SQL > Managed Instance > CMDB
• Azure > SQL > Managed Instance > Regions
• Azure > SQL > Managed Instance > Tags
• Azure > SQL > Managed Instance > Tags > Template

Action Types

• Azure > SQL > Managed Instance > Delete
• Azure > SQL > Managed Instance > Router
• Azure > SQL > Managed Instance > Set Tags

Bug fixes

• Controls previously targeting the AWS > IAM > Credential Report resource type have now been updated to target either the AWS > IAM > Root or AWS > IAM > User resource types, depending on the specific control requirements. This adjustment more accurately aligns each control with the relevant resources, enabling more precise and targeted checks.

Bug fixes

• The Azure > Security Center > Security Center > Auto Provisioning control is now deprecated and will now move to an Invalid state if enforcements are applied. This follows the deprecation plan announcement from Azure. The control will be removed in a future mod version.

Control Types

Renamed

• Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]

Policy Types

Renamed

• Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]

Action Types

Removed

• Azure > Security Center > Security Center > Update Auto Provisioning

What's new?

Control Types

• Kubernetes > CronJob > ServiceNow > Import Set
• Kubernetes > DaemonSet > ServiceNow > Import Set
• Kubernetes > Ingress > ServiceNow > Import Set
• Kubernetes > Job > ServiceNow > Import Set
• Kubernetes > Persistent Volume > ServiceNow > Import Set
• Kubernetes > ReplicationController > ServiceNow > Import Set
• Kubernetes > StatefulSet > ServiceNow > Import Set

Policy Types

• Kubernetes > CronJob > ServiceNow > Import Set
• Kubernetes > CronJob > ServiceNow > Import Set > Archive Columns
• Kubernetes > CronJob > ServiceNow > Import Set > Insert Mode
• Kubernetes > CronJob > ServiceNow > Import Set > Record
• Kubernetes > CronJob > ServiceNow > Import Set > Table Name
• Kubernetes > DaemonSet > ServiceNow > Import Set
• Kubernetes > DaemonSet > ServiceNow > Import Set > Archive Columns
• Kubernetes > DaemonSet > ServiceNow > Import Set > Insert Mode
• Kubernetes > DaemonSet > ServiceNow > Import Set > Record
• Kubernetes > DaemonSet > ServiceNow > Import Set > Table Name
• Kubernetes > Ingress > ServiceNow > Import Set
• Kubernetes > Ingress > ServiceNow > Import Set > Archive Columns
• Kubernetes > Ingress > ServiceNow > Import Set > Insert Mode
• Kubernetes > Ingress > ServiceNow > Import Set > Record
• Kubernetes > Ingress > ServiceNow > Import Set > Table Name
• Kubernetes > Job > ServiceNow > Import Set
• Kubernetes > Job > ServiceNow > Import Set > Archive Columns
• Kubernetes > Job > ServiceNow > Import Set > Insert Mode
• Kubernetes > Job > ServiceNow > Import Set > Record
• Kubernetes > Job > ServiceNow > Import Set > Table Name
• Kubernetes > Persistent Volume > ServiceNow > Import Set
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Archive Columns
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Insert Mode
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Record
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Table Name
• Kubernetes > ReplicationController > ServiceNow > Import Set
• Kubernetes > ReplicationController > ServiceNow > Import Set > Archive Columns
• Kubernetes > ReplicationController > ServiceNow > Import Set > Insert Mode
• Kubernetes > ReplicationController > ServiceNow > Import Set > Record
• Kubernetes > ReplicationController > ServiceNow > Import Set > Table Name
• Kubernetes > StatefulSet > ServiceNow > Import Set
• Kubernetes > StatefulSet > ServiceNow > Import Set > Archive Columns
• Kubernetes > StatefulSet > ServiceNow > Import Set > Insert Mode
• Kubernetes > StatefulSet > ServiceNow > Import Set > Record
• Kubernetes > StatefulSet > ServiceNow > Import Set > Table Name

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• Removed unused node package dependencies for tenant lambda functions.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

What's new?

Policy Types

• GCP > Compute Engine > Disk > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Image > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Instance > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Node Group > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Node template > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Project > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Insert Mode

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In version 5.5.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Security Center resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.
• The Azure > Security Center > Security Center > CMDB control would go into an error state if it was not able to fetch policy assignment details correctly. This issue has now been fixed.

Bug fixes

• In version 5.8.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Monitor resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.

Bug fixes

• In version 5.9.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing DNS resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

Bug fixes

• In version 5.18.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Compute resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

Bug fixes

• In version 5.4.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing API Management resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

What's new?

• We've updated internal dependencies and now use the new authentication method to discover and manage Automation resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In v5.3.1, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Key Vault resources in Guardrails. This release includes breaking changes in the CMDB data for key, and secret. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below:

KeyVault > Vault

Added :

• enableSoftDelete
• publicNetworkAccess
• enableRbacAuthorization

KeyVault > Key

Added :

• hsmPlatform

Removed:

• key.e
• key.n

KeyVault > Secret

Modified :

• ID property does not contain the secret version.

Removed:

• expires
• updated
• created

Bug fixes

• The Azure > Key Vault > Key > CMDB control would go into an error state while fetching key rotation policy details for managed keys. The control will no longer attempt to fetch the key rotation policy details for such keys and will work as expected.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• Added support for PostgresSQL 16.
• Added support for custom hive key.
• Default database engine version changed to 15.7.
• Default cache engine version set to 7.1.
• M4 and R4 instance types removed from the supported database instance list due to deprecation.

What's new?

• Server

  • Introduced Activity Retention feature for Smart Retention control to enhance version and data management.

• UI

  • Support for downloading AWS CloudFormation templates directly from the AWS import page.

Bug fixes

• Server

  • Resolved controls getting stuck when Notify or Ignore keywords were missing in the notification rules.

• UI

  • The + button for adding permissions now correctly applies the appropriate attributes.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Types:

  • Turbot > Workspace > Retention > Activity Purge Limit.
  • Turbot > Workspace > Retention > Activity Retention.

• Control Types:

  • Add support to Turbot > Smart Retention control to enhance version and data management.

Requirements

• TE: 5.35.4

What's new?

• You can now check if flexible servers have a TLS version setting of 1.2 or higher enabled. To get started, set the Azure > MySQL > Flexible Server > Set Minimum TLS Version policy to Check: TLS 1.2 or higher.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage resources in Guardrails. This release includes breaking changes in the CMDB data for Azure. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Azure > Management Group

Modified :

• The value of type property is updated as type: Microsoft.Management/managementGroups, earlier it was /providers/Microsoft.Management/managementGroups

What's new?

• We've updated internal dependencies and now use the new authentication method to discover and manage SQL Virtual Machine resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage SQL resources in Guardrails. This release includes breaking changes in the CMDB data for server, database, and elasticpool. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below:

Renamed:

• transparentDataEncryption.status to transparentDataEncryption.state
• databaseThreatDetectionPolicy to databaseSecurityAlertPolicy

Added:

Azure SQL > Server

• Added administrators block
• isManagedIdentityInUse
• autoRotationEnabled
• externalGovernanceStatus
• minimalTlsVersion
• privateEndpointConnections
• publicNetworkAccess
• restrictOutboundNetworkAccess
• serverAzureADAdministrator.azureADOnlyAuthentication

Azure SQL > Database

• availabilityZone
• currentBackupStorageRedundancy
• databaseSecurityAlertPolicy. creationTime
• transparentDataEncryption.location
• isInfraEncryptionEnabled
• isLedgerOn
• maintenanceConfigurationId
• requestedBackupStorageRedundancy
• maintenanceConfigurationId

Azure SQL > ElasticPool

• maintenanceConfigurationId

Modified:

• The value of the attribute serverAzureADAdministrator.name has been changed from string (activeDirectory) to string (ActiveDirectory).
• The data type of the attribute databaseThreatDetectionPolicy.disabledAlerts has been changed from string ("") to object ([]).
• The data type of the attribute databaseThreatDetectionPolicy.emailAddresses has been changed from string ("") to object ([]).
• The data type of the attribute databaseThreatDetectionPolicy.emailAccountAdmins has been changed from string (Disabled/Enabled) to boolean (false/true).
• The data type of the attribute disabledAlerts has been changed from string ("") to object ([]).

Removed:

• databaseThreatDetectionPolicy.useServerDefault

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Resource Providers in Guardrails.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Network resources in Guardrails.

Network > NetworkInterface

Added :

• auxiliaryMode
• auxiliarySku
• kind
• disableTcpStateTracking

Network > PrivateDNSZone

Added :

• internalId

Network > VirtualNetworkGateway

Added :

• allowVirtualWanTraffic
• allowRemoteVnetTraffic

Modified :

• activeActive property updated as active

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Monitor resources in Guardrails. This release includes changes in the CMDB data for action groups.

Added:

• tags
• kind

Resource Types

• Azure > Monitor > Metric Alert

Control Types

• Azure > Monitor > Action Group > Tags
• Azure > Monitor > Metric Alert > Active
• Azure > Monitor > Metric Alert > Approved
• Azure > Monitor > Metric Alert > CMDB
• Azure > Monitor > Metric Alert > Discovery
• Azure > Monitor > Metric Alert > Tags

Policy Types

• Azure > Monitor > Action Group > Tags
• Azure > Monitor > Action Group > Tags > Template
• Azure > Monitor > Metric Alert > Active
• Azure > Monitor > Metric Alert > Active > Age
• Azure > Monitor > Metric Alert > Active > Last Modified
• Azure > Monitor > Metric Alert > Approved
• Azure > Monitor > Metric Alert > Approved > Custom
• Azure > Monitor > Metric Alert > Approved > Usage
• Azure > Monitor > Metric Alert > CMDB
• Azure > Monitor > Metric Alert > Tags
• Azure > Monitor > Metric Alert > Tags > Template
• Azure > Monitor > Tags Template [Default]

Action Types

• Azure > Monitor > Action Group > Set Tags
• Azure > Monitor > Metric Alert > Delete
• Azure > Monitor > Metric Alert > Router
• Azure > Monitor > Metric Alert > Set Tags

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Managed Identity resources in Guardrails. This release includes changes in the CMDB data as below.

Removed:

• clientSecretUrl

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Log Analytics resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage IAM resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Firewall resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage CosmosDB resources in Guardrails.

Added:

createMode

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The AWS > Account > Budget > Budget control would enter an error state for US Gov cloud accounts because the budget APIs are not supported for these accounts. We have updated the control to avoid making these API calls and instead rely on the AWS > Account > Budget > State policy being updated periodically, allowing the control to evaluate the outcome correctly.

What's new?

• You can now configure and manage CI Relationships for various Kubernetes resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• Kubernetes > Cluster > ServiceNow > Relationships
• Kubernetes > ConfigMap > ServiceNow > Relationships
• Kubernetes > CronJob > ServiceNow > Relationships
• Kubernetes > DaemonSet > ServiceNow > Relationships
• Kubernetes > Deployment > ServiceNow > Relationships
• Kubernetes > Ingress > ServiceNow > Relationships
• Kubernetes > Job > ServiceNow > Relationships
• Kubernetes > Namespace > ServiceNow > Relationships
• Kubernetes > Node > ServiceNow > Relationships
• Kubernetes > Persistent Volume > ServiceNow > Relationships
• Kubernetes > Pod > ServiceNow > Relationships
• Kubernetes > ReplicaSet > ServiceNow > Relationships
• Kubernetes > ReplicationController > ServiceNow > Relationships
• Kubernetes > Service > ServiceNow > Relationships
• Kubernetes > StatefulSet > ServiceNow > Relationships

Policy Types

• Kubernetes > Cluster > ServiceNow > Relationships
• Kubernetes > Cluster > ServiceNow > Relationships > Template
• Kubernetes > ConfigMap > ServiceNow > Relationships
• Kubernetes > ConfigMap > ServiceNow > Relationships > Template
• Kubernetes > CronJob > ServiceNow > Relationships
• Kubernetes > CronJob > ServiceNow > Relationships > Template
• Kubernetes > DaemonSet > ServiceNow > Relationships
• Kubernetes > DaemonSet > ServiceNow > Relationships > Template
• Kubernetes > Deployment > ServiceNow > Relationships
• Kubernetes > Deployment > ServiceNow > Relationships > Template
• Kubernetes > Ingress > ServiceNow > Relationships
• Kubernetes > Ingress > ServiceNow > Relationships > Template
• Kubernetes > Job > ServiceNow > Relationships
• Kubernetes > Job > ServiceNow > Relationships > Template
• Kubernetes > Namespace > ServiceNow > Relationships
• Kubernetes > Namespace > ServiceNow > Relationships > Template
• Kubernetes > Node > ServiceNow > Relationships
• Kubernetes > Node > ServiceNow > Relationships > Template
• Kubernetes > Persistent Volume > ServiceNow > Relationships
• Kubernetes > Persistent Volume > ServiceNow > Relationships > Template
• Kubernetes > Pod > ServiceNow > Relationships
• Kubernetes > Pod > ServiceNow > Relationships > Template
• Kubernetes > ReplicaSet > ServiceNow > Relationships
• Kubernetes > ReplicaSet > ServiceNow > Relationships > Template
• Kubernetes > ReplicationController > ServiceNow > Relationships
• Kubernetes > ReplicationController > ServiceNow > Relationships > Template
• Kubernetes > Service > ServiceNow > Relationships
• Kubernetes > Service > ServiceNow > Relationships > Template
• Kubernetes > StatefulSet > ServiceNow > Relationships
• Kubernetes > StatefulSet > ServiceNow > Relationships > Template

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Load Balancer resources in Guardrails.

What's new?

• You can now configure and manage CI Relationships for projects in ServiceNow. To get started, set the GCP > Project > ServiceNow > Relationships > * policies.

Control Types

• GCP > Project > ServiceNow > Relationships

Policy Types

• GCP > Project > ServiceNow > Relationships
• GCP > Project > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for subscriptions in ServiceNow. To get started, set the Azure > Subscription > ServiceNow > Relationships > * policies.

Control Types

• Azure > Subscription > ServiceNow > Relationships

Policy Types

• Azure > Subscription > ServiceNow > Relationships
• Azure > Subscription > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for accounts in ServiceNow. To get started, set the AWS > Account > ServiceNow > Relationships > * policies.

Control Types

• AWS > Account > ServiceNow > Relationships

Policy Types

• AWS > Account > ServiceNow > Relationships
• AWS > Account > ServiceNow > Relationships > Template

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage DNS resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Removed:

• tTL

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Databricks resources in Guardrails.

Added:

• createdBy
• updatedBy
• systemData
• createdDateTime

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Container Registry resources in Guardrails.

Added:

• softDeletePolicy
• azureADAuthenticationAsArmPolicy

What's new?

• You can now configure and manage CI Relationships for various network resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• GCP > Network > Firewall > ServiceNow > Relationships
• GCP > Network > Forwarding Rule > ServiceNow > Relationships
• GCP > Network > Network > ServiceNow > Relationships
• GCP > Network > Route > ServiceNow > Relationships
• GCP > Network > Router > ServiceNow > Relationships
• GCP > Network > Subnetwork > ServiceNow > Relationships
• GCP > Network > Target Pool > ServiceNow > Relationships
• GCP > Network > Target VPN Gateway > ServiceNow > Relationships

Policy Types

• GCP > Network > Firewall > ServiceNow > Relationships
• GCP > Network > Firewall > ServiceNow > Relationships > Template
• GCP > Network > Forwarding Rule > ServiceNow > Relationships
• GCP > Network > Forwarding Rule > ServiceNow > Relationships > Template
• GCP > Network > Network > ServiceNow > Relationships
• GCP > Network > Network > ServiceNow > Relationships > Template
• GCP > Network > Route > ServiceNow > Relationships
• GCP > Network > Route > ServiceNow > Relationships > Template
• GCP > Network > Router > ServiceNow > Relationships
• GCP > Network > Router > ServiceNow > Relationships > Template
• GCP > Network > Subnetwork > ServiceNow > Relationships
• GCP > Network > Subnetwork > ServiceNow > Relationships > Template
• GCP > Network > Target Pool > ServiceNow > Relationships
• GCP > Network > Target Pool > ServiceNow > Relationships > Template
• GCP > Network > Target VPN Gateway > ServiceNow > Relationships
• GCP > Network > Target VPN Gateway > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for various compute engine resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• GCP > Compute Engine > Disk > ServiceNow > Relationships
• GCP > Compute Engine > Image > ServiceNow > Relationships
• GCP > Compute Engine > Instance > ServiceNow > Relationships
• GCP > Compute Engine > Node Group > ServiceNow > Relationships
• GCP > Compute Engine > Node template > ServiceNow > Relationships
• GCP > Compute Engine > Snapshot > ServiceNow > Relationships

Policy Types

• GCP > Compute Engine > Disk > ServiceNow > Relationships
• GCP > Compute Engine > Disk > ServiceNow > Relationships > Template
• GCP > Compute Engine > Image > ServiceNow > Relationships
• GCP > Compute Engine > Image > ServiceNow > Relationships > Template
• GCP > Compute Engine > Instance > ServiceNow > Relationships
• GCP > Compute Engine > Instance > ServiceNow > Relationships > Template
• GCP > Compute Engine > Node Group > ServiceNow > Relationships
• GCP > Compute Engine > Node Group > ServiceNow > Relationships > Template
• GCP > Compute Engine > Node template > ServiceNow > Relationships
• GCP > Compute Engine > Node template > ServiceNow > Relationships > Template
• GCP > Compute Engine > Snapshot > ServiceNow > Relationships
• GCP > Compute Engine > Snapshot > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for various network resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• Azure > Network > Application Security Group > ServiceNow > Import Set
• Azure > Network > Application Security Group > ServiceNow > Relationships
• Azure > Network > Express Route Circuits > ServiceNow > Import Set
• Azure > Network > Network Interface > ServiceNow > Import Set
• Azure > Network > Network Interface > ServiceNow > Relationships
• Azure > Network > Network Security Group > ServiceNow > Relationships
• Azure > Network > Private DNS Zones > ServiceNow > Import Set
• Azure > Network > Private Endpoints > ServiceNow > Import Set
• Azure > Network > Public IP Address > ServiceNow > Import Set
• Azure > Network > Public IP Address > ServiceNow > Relationships
• Azure > Network > Route Table > ServiceNow > Import Set
• Azure > Network > Route Table > ServiceNow > Relationships
• Azure > Network > Subnet > ServiceNow > Import Set
• Azure > Network > Subnet > ServiceNow > Relationships
• Azure > Network > Virtual Network > ServiceNow > Import Set
• Azure > Network > Virtual Network > ServiceNow > Relationships
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set
• Azure > Network > Virtual Network Gateway > ServiceNow > Relationships

Policy Types

• Azure > Network > Application Security Group > ServiceNow > Import Set
• Azure > Network > Application Security Group > ServiceNow > Import Set > Archive Columns
• Azure > Network > Application Security Group > ServiceNow > Import Set > Insert Mode
• Azure > Network > Application Security Group > ServiceNow > Import Set > Record
• Azure > Network > Application Security Group > ServiceNow > Import Set > Table Name
• Azure > Network > Application Security Group > ServiceNow > Relationships
• Azure > Network > Application Security Group > ServiceNow > Relationships > Template
• Azure > Network > Express Route Circuits > ServiceNow > Import Set
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Archive Columns
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Insert Mode
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Record
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Table Name
• Azure > Network > Network Interface > ServiceNow > Import Set
• Azure > Network > Network Interface > ServiceNow > Import Set > Archive Columns
• Azure > Network > Network Interface > ServiceNow > Import Set > Insert Mode
• Azure > Network > Network Interface > ServiceNow > Import Set > Record
• Azure > Network > Network Interface > ServiceNow > Import Set > Table Name
• Azure > Network > Network Interface > ServiceNow > Relationships
• Azure > Network > Network Interface > ServiceNow > Relationships > Template
• Azure > Network > Network Security Group > ServiceNow > Import Set > Insert Mode
• Azure > Network > Network Security Group > ServiceNow > Relationships
• Azure > Network > Network Security Group > ServiceNow > Relationships > Template
• Azure > Network > Private DNS Zones > ServiceNow > Import Set
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Archive Columns
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Insert Mode
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Record
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Table Name
• Azure > Network > Private Endpoints > ServiceNow > Import Set
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Archive Columns
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Insert Mode
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Record
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Table Name
• Azure > Network > Public IP Address > ServiceNow > Import Set
• Azure > Network > Public IP Address > ServiceNow > Import Set > Archive Columns
• Azure > Network > Public IP Address > ServiceNow > Import Set > Insert Mode
• Azure > Network > Public IP Address > ServiceNow > Import Set > Record
• Azure > Network > Public IP Address > ServiceNow > Import Set > Table Name
• Azure > Network > Public IP Address > ServiceNow > Relationships
• Azure > Network > Public IP Address > ServiceNow > Relationships > Template
• Azure > Network > Route Table > ServiceNow > Import Set
• Azure > Network > Route Table > ServiceNow > Import Set > Archive Columns
• Azure > Network > Route Table > ServiceNow > Import Set > Insert Mode
• Azure > Network > Route Table > ServiceNow > Import Set > Record
• Azure > Network > Route Table > ServiceNow > Import Set > Table Name
• Azure > Network > Route Table > ServiceNow > Relationships
• Azure > Network > Route Table > ServiceNow > Relationships > Template
• Azure > Network > Subnet > ServiceNow > Import Set
• Azure > Network > Subnet > ServiceNow > Import Set > Archive Columns
• Azure > Network > Subnet > ServiceNow > Import Set > Insert Mode
• Azure > Network > Subnet > ServiceNow > Import Set > Record
• Azure > Network > Subnet > ServiceNow > Import Set > Table Name
• Azure > Network > Subnet > ServiceNow > Relationships
• Azure > Network > Subnet > ServiceNow > Relationships > Template
• Azure > Network > Virtual Network > ServiceNow > Import Set
• Azure > Network > Virtual Network > ServiceNow > Import Set > Archive Columns
• Azure > Network > Virtual Network > ServiceNow > Import Set > Insert Mode
• Azure > Network > Virtual Network > ServiceNow > Import Set > Record
• Azure > Network > Virtual Network > ServiceNow > Import Set > Table Name
• Azure > Network > Virtual Network > ServiceNow > Relationships
• Azure > Network > Virtual Network > ServiceNow > Relationships > Template
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Archive Columns
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Insert Mode
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Record
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Table Name
• Azure > Network > Virtual Network Gateway > ServiceNow > Relationships
• Azure > Network > Virtual Network Gateway > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for various compute resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• Azure > Compute > Availability Set > ServiceNow > Relationships
• Azure > Compute > Disk > ServiceNow > Relationships
• Azure > Compute > Image > ServiceNow > Relationships
• Azure > Compute > Snapshot > ServiceNow > Relationships
• Azure > Compute > Virtual Machine > ServiceNow > Relationships

Policy Types

• Azure > Compute > Availability Set > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Availability Set > ServiceNow > Relationships
• Azure > Compute > Availability Set > ServiceNow > Relationships > Template
• Azure > Compute > Disk > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Disk > ServiceNow > Relationships
• Azure > Compute > Disk > ServiceNow > Relationships > Template
• Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Image > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Image > ServiceNow > Relationships
• Azure > Compute > Image > ServiceNow > Relationships > Template
• Azure > Compute > Snapshot > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Snapshot > ServiceNow > Relationships
• Azure > Compute > Snapshot > ServiceNow > Relationships > Template
• Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Virtual Machine > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Virtual Machine > ServiceNow > Relationships
• Azure > Compute > Virtual Machine > ServiceNow > Relationships > Template
• Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Insert Mode

What's new?

• You can now configure and manage CI Relationships for global regions, multi-regions, regions and zones in ServiceNow. To get started, set the GCP > Global Region > ServiceNow > Relationships > *, GCP > Multi-Region > ServiceNow > Relationships > *, GCP > Region > ServiceNow > Relationships > * and GCP > Zone > ServiceNow > Relationships > * policies respectively.

Control Types

• GCP > Global Region > ServiceNow > Relationships
• GCP > Multi-Region > ServiceNow > Relationships
• GCP > Region > ServiceNow > Relationships
• GCP > Zone > ServiceNow > Relationships

Policy Types

• GCP > Global Region > ServiceNow > Relationships
• GCP > Global Region > ServiceNow > Relationships > Template
• GCP > Multi-Region > ServiceNow > Relationships
• GCP > Multi-Region > ServiceNow > Relationships > Template
• GCP > Region > ServiceNow > Relationships
• GCP > Region > ServiceNow > Relationships > Template
• GCP > Zone > ServiceNow > Relationships
• GCP > Zone > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for buckets and objects in ServiceNow. To get started, set the GCP > Storage > Bucket > ServiceNow > Relationships > * and GCP > Storage > Object > ServiceNow > Relationships > * policies respectively.

Control Types

• GCP > Storage > Bucket > ServiceNow > Relationships
• GCP > Storage > Object > ServiceNow > Relationships

Policy Types

• GCP > Storage > Bucket > ServiceNow > Relationships
• GCP > Storage > Bucket > ServiceNow > Relationships > Template
• GCP > Storage > Object > ServiceNow > Relationships
• GCP > Storage > Object > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for resource groups in ServiceNow. To get started, set the Azure > Resource Group > ServiceNow > Relationships > * policies.

Control Types

• Azure > Resource Group > ServiceNow > Relationships

Policy Types

• Azure > Resource Group > ServiceNow > Relationships
• Azure > Resource Group > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for containers, file shares, queues and storage accounts in ServiceNow. To get started, set the Azure > Storage > Container > ServiceNow > Relationships > *, Azure > Storage > File Share > ServiceNow > Relationships > *, Azure > Storage > Queue > ServiceNow > Relationships > * and Azure > Storage > Storage Account > ServiceNow > Relationships > * policies respectively.

Control Types

• Azure > Storage > Container > ServiceNow > Relationships
• Azure > Storage > FileShare > ServiceNow > Relationships
• Azure > Storage > Queue > ServiceNow > Relationships
• Azure > Storage > Storage Account > ServiceNow > Relationships

Policy Types

• Azure > Storage > Container > ServiceNow > Import Set > Insert Mode
• Azure > Storage > Container > ServiceNow > Relationships
• Azure > Storage > Container > ServiceNow > Relationships > Template
• Azure > Storage > FileShare > ServiceNow > Import Set > Insert Mode
• Azure > Storage > FileShare > ServiceNow > Relationships
• Azure > Storage > FileShare > ServiceNow > Relationships > Template
• Azure > Storage > Queue > ServiceNow > Import Set > Insert Mode
• Azure > Storage > Queue > ServiceNow > Relationships
• Azure > Storage > Queue > ServiceNow > Relationships > Template
• Azure > Storage > Storage Account > ServiceNow > Import Set > Insert Mode
• Azure > Storage > Storage Account > ServiceNow > Relationships
• Azure > Storage > Storage Account > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for elastic IPs, internet gateways and NAT gateways in ServiceNow. To get started, set the AWS > VPC > Elastic IP > ServiceNow > Relationships > *, AWS > VPC > Internet Gateway > ServiceNow > Relationships > * and AWS > VPC > NAT Gateway > ServiceNow > Relationships > * policies respectively.

Control Types

• AWS > VPC > Elastic IP > ServiceNow > Relationships
• AWS > VPC > Internet Gateway > ServiceNow
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item
• AWS > VPC > Internet Gateway > ServiceNow > Relationships
• AWS > VPC > Internet Gateway > ServiceNow > Table
• AWS > VPC > NAT Gateway > ServiceNow
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item
• AWS > VPC > NAT Gateway > ServiceNow > Relationships
• AWS > VPC > NAT Gateway > ServiceNow > Table

Policy Types

• AWS > VPC > Elastic IP > ServiceNow > Relationships
• AWS > VPC > Elastic IP > ServiceNow > Relationships > Template
• AWS > VPC > Internet Gateway > ServiceNow
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Internet Gateway > ServiceNow > Relationships
• AWS > VPC > Internet Gateway > ServiceNow > Relationships > Template
• AWS > VPC > Internet Gateway > ServiceNow > Table
• AWS > VPC > Internet Gateway > ServiceNow > Table > Definition
• AWS > VPC > NAT Gateway > ServiceNow
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > NAT Gateway > ServiceNow > Relationships
• AWS > VPC > NAT Gateway > ServiceNow > Relationships > Template
• AWS > VPC > NAT Gateway > ServiceNow > Table
• AWS > VPC > NAT Gateway > ServiceNow > Table > Definition

Control Types

• AWS > VPC > Customer Gateway > ServiceNow
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item
• AWS > VPC > Customer Gateway > ServiceNow > Relationships
• AWS > VPC > Customer Gateway > ServiceNow > Table
• AWS > VPC > Transit Gateway > ServiceNow
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item
• AWS > VPC > Transit Gateway > ServiceNow > Relationships
• AWS > VPC > Transit Gateway > ServiceNow > Table
• AWS > VPC > VPN Gateway > ServiceNow
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item
• AWS > VPC > VPN Gateway > ServiceNow > Relationships
• AWS > VPC > VPN Gateway > ServiceNow > Table

Policy Types

• AWS > VPC > Customer Gateway > ServiceNow
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Customer Gateway > ServiceNow > Relationships
• AWS > VPC > Customer Gateway > ServiceNow > Relationships > Template
• AWS > VPC > Customer Gateway > ServiceNow > Table
• AWS > VPC > Customer Gateway > ServiceNow > Table > Definition
• AWS > VPC > Transit Gateway > ServiceNow
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Transit Gateway > ServiceNow > Relationships
• AWS > VPC > Transit Gateway > ServiceNow > Relationships > Template
• AWS > VPC > Transit Gateway > ServiceNow > Table
• AWS > VPC > Transit Gateway > ServiceNow > Table > Definition
• AWS > VPC > VPN Gateway > ServiceNow
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > VPN Gateway > ServiceNow > Relationships
• AWS > VPC > VPN Gateway > ServiceNow > Relationships > Template
• AWS > VPC > VPN Gateway > ServiceNow > Table
• AWS > VPC > VPN Gateway > ServiceNow > Table > Definition

What's new?

• You can now configure and manage CI Relationships for AMIs, instances, key pairs, network interfaces, snapshots and volumes in ServiceNow. To get started, set the AWS > EC2 > AMI > ServiceNow > Relationships > *, AWS > EC2 > Instance > ServiceNow > Relationships > *, AWS > EC2 > Key Pair > ServiceNow > Relationships > *, AWS > EC2 > Network Interface > ServiceNow > Relationships > *, AWS > EC2 > Snapshot > ServiceNow > Relationships > * and AWS > EC2 > Volume > ServiceNow > Relationships > * policies respectively.

Control Types

• AWS > EC2 > AMI > ServiceNow
• AWS > EC2 > AMI > ServiceNow > Configuration Item
• AWS > EC2 > AMI > ServiceNow > Relationships
• AWS > EC2 > AMI > ServiceNow > Table
• AWS > EC2 > Instance > ServiceNow > Relationships
• AWS > EC2 > Key Pair > ServiceNow
• AWS > EC2 > Key Pair > ServiceNow > Configuration Item
• AWS > EC2 > Key Pair > ServiceNow > Relationships
• AWS > EC2 > Key Pair > ServiceNow > Table
• AWS > EC2 > Network Interface > ServiceNow
• AWS > EC2 > Network Interface > ServiceNow > Configuration Item
• AWS > EC2 > Network Interface > ServiceNow > Relationships
• AWS > EC2 > Network Interface > ServiceNow > Table
• AWS > EC2 > Snapshot > ServiceNow > Relationships
• AWS > EC2 > Volume > ServiceNow > Relationships

Policy Types

• AWS > EC2 > AMI > ServiceNow
• AWS > EC2 > AMI > ServiceNow > Configuration Item
• AWS > EC2 > AMI > ServiceNow > Configuration Item > Record
• AWS > EC2 > AMI > ServiceNow > Configuration Item > Table Definition
• AWS > EC2 > AMI > ServiceNow > Relationships
• AWS > EC2 > AMI > ServiceNow > Relationships > Template
• AWS > EC2 > AMI > ServiceNow > Table
• AWS > EC2 > AMI > ServiceNow > Table > Definition
• AWS > EC2 > Instance > ServiceNow > Relationships
• AWS > EC2 > Instance > ServiceNow > Relationships > Template
• AWS > EC2 > Key Pair > ServiceNow
• AWS > EC2 > Key Pair > ServiceNow > Configuration Item
• AWS > EC2 > Key Pair > ServiceNow > Configuration Item > Record
• AWS > EC2 > Key Pair > ServiceNow > Configuration Item > Table Definition
• AWS > EC2 > Key Pair > ServiceNow > Relationships
• AWS > EC2 > Key Pair > ServiceNow > Relationships > Template
• AWS > EC2 > Key Pair > ServiceNow > Table
• AWS > EC2 > Key Pair > ServiceNow > Table > Definition
• AWS > EC2 > Network Interface > ServiceNow
• AWS > EC2 > Network Interface > ServiceNow > Configuration Item
• AWS > EC2 > Network Interface > ServiceNow > Configuration Item > Record
• AWS > EC2 > Network Interface > ServiceNow > Configuration Item > Table Definition
• AWS > EC2 > Network Interface > ServiceNow > Relationships
• AWS > EC2 > Network Interface > ServiceNow > Relationships > Template
• AWS > EC2 > Network Interface > ServiceNow > Table
• AWS > EC2 > Network Interface > ServiceNow > Table > Definition
• AWS > EC2 > Snapshot > ServiceNow > Relationships
• AWS > EC2 > Snapshot > ServiceNow > Relationships > Template
• AWS > EC2 > Volume > ServiceNow > Relationships
• AWS > EC2 > Volume > ServiceNow > Relationships > Template

What's new?

Control Types

• GCP > Vertex AI > Endpoint > ServiceNow
• GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item
• GCP > Vertex AI > Endpoint > ServiceNow > Import Set
• GCP > Vertex AI > Endpoint > ServiceNow > Table
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Table

Policy Types

• GCP > Vertex AI > Endpoint > ServiceNow
• GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item
• GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item > Record
• GCP > Vertex AI > Endpoint > ServiceNow > Configuration Item > Table Definition
• GCP > Vertex AI > Endpoint > ServiceNow > Import Set
• GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Archive Columns
• GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Insert Mode
• GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Record
• GCP > Vertex AI > Endpoint > ServiceNow > Import Set > Table Name
• GCP > Vertex AI > Endpoint > ServiceNow > Table
• GCP > Vertex AI > Endpoint > ServiceNow > Table > Definition
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item > Record
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Configuration Item > Table Definition
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Archive Columns
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Insert Mode
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Record
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Import Set > Table Name
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Table
• GCP > Vertex AI > Notebook Runtime Template > ServiceNow > Table > Definition

What's new?

Control Types

• GCP > Dataplex > Lake > ServiceNow
• GCP > Dataplex > Lake > ServiceNow > Configuration Item
• GCP > Dataplex > Lake > ServiceNow > Import Set
• GCP > Dataplex > Lake > ServiceNow > Table
• GCP > Dataplex > Task > ServiceNow
• GCP > Dataplex > Task > ServiceNow > Configuration Item
• GCP > Dataplex > Task > ServiceNow > Import Set
• GCP > Dataplex > Task > ServiceNow > Table
• GCP > Dataplex > Zone > ServiceNow
• GCP > Dataplex > Zone > ServiceNow > Configuration Item
• GCP > Dataplex > Zone > ServiceNow > Import Set
• GCP > Dataplex > Zone > ServiceNow > Table

Policy Types

• GCP > Dataplex > Lake > ServiceNow
• GCP > Dataplex > Lake > ServiceNow > Configuration Item
• GCP > Dataplex > Lake > ServiceNow > Configuration Item > Record
• GCP > Dataplex > Lake > ServiceNow > Configuration Item > Table Definition
• GCP > Dataplex > Lake > ServiceNow > Import Set
• GCP > Dataplex > Lake > ServiceNow > Import Set > Archive Columns
• GCP > Dataplex > Lake > ServiceNow > Import Set > Insert Mode
• GCP > Dataplex > Lake > ServiceNow > Import Set > Record
• GCP > Dataplex > Lake > ServiceNow > Import Set > Table Name
• GCP > Dataplex > Lake > ServiceNow > Table
• GCP > Dataplex > Lake > ServiceNow > Table > Definition
• GCP > Dataplex > Task > ServiceNow
• GCP > Dataplex > Task > ServiceNow > Configuration Item
• GCP > Dataplex > Task > ServiceNow > Configuration Item > Record
• GCP > Dataplex > Task > ServiceNow > Configuration Item > Table Definition
• GCP > Dataplex > Task > ServiceNow > Import Set
• GCP > Dataplex > Task > ServiceNow > Import Set > Archive Columns
• GCP > Dataplex > Task > ServiceNow > Import Set > Insert Mode
• GCP > Dataplex > Task > ServiceNow > Import Set > Record
• GCP > Dataplex > Task > ServiceNow > Import Set > Table Name
• GCP > Dataplex > Task > ServiceNow > Table
• GCP > Dataplex > Task > ServiceNow > Table > Definition
• GCP > Dataplex > Zone > ServiceNow
• GCP > Dataplex > Zone > ServiceNow > Configuration Item
• GCP > Dataplex > Zone > ServiceNow > Configuration Item > Record
• GCP > Dataplex > Zone > ServiceNow > Configuration Item > Table Definition
• GCP > Dataplex > Zone > ServiceNow > Import Set
• GCP > Dataplex > Zone > ServiceNow > Import Set > Archive Columns
• GCP > Dataplex > Zone > ServiceNow > Import Set > Insert Mode
• GCP > Dataplex > Zone > ServiceNow > Import Set > Record
• GCP > Dataplex > Zone > ServiceNow > Import Set > Table Name
• GCP > Dataplex > Zone > ServiceNow > Table
• GCP > Dataplex > Zone > ServiceNow > Table > Definition

What's new?

• You can now configure and manage CI Relationships for flow logs, network ACLs, security groups and security group rules in ServiceNow. To get started, set the AWS > VPC > Flow Log > ServiceNow > Relationships > *, AWS > VPC > Network ACL > ServiceNow > Relationships > *, AWS > VPC > Security Group > ServiceNow > Relationships > * and AWS > VPC > Security Group Rule > ServiceNow > Relationships > * policies respectively.

Control Types

• AWS > VPC > Flow Log > ServiceNow
• AWS > VPC > Flow Log > ServiceNow > Configuration Item
• AWS > VPC > Flow Log > ServiceNow > Relationships
• AWS > VPC > Flow Log > ServiceNow > Table
• AWS > VPC > Network ACL > ServiceNow > Relationships
• AWS > VPC > Security Group > ServiceNow > Relationships
• AWS > VPC > Security Group Rule > ServiceNow
• AWS > VPC > Security Group Rule > ServiceNow > Configuration Item
• AWS > VPC > Security Group Rule > ServiceNow > Relationships
• AWS > VPC > Security Group Rule > ServiceNow > Table

Policy Types

• AWS > VPC > Flow Log > ServiceNow
• AWS > VPC > Flow Log > ServiceNow > Configuration Item
• AWS > VPC > Flow Log > ServiceNow > Configuration Item > Record
• AWS > VPC > Flow Log > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Flow Log > ServiceNow > Relationships
• AWS > VPC > Flow Log > ServiceNow > Relationships > Template
• AWS > VPC > Flow Log > ServiceNow > Table
• AWS > VPC > Flow Log > ServiceNow > Table > Definition
• AWS > VPC > Network ACL > ServiceNow > Relationships
• AWS > VPC > Network ACL > ServiceNow > Relationships > Template
• AWS > VPC > Security Group > ServiceNow > Relationships
• AWS > VPC > Security Group > ServiceNow > Relationships > Template
• AWS > VPC > Security Group Rule > ServiceNow
• AWS > VPC > Security Group Rule > ServiceNow > Configuration Item
• AWS > VPC > Security Group Rule > ServiceNow > Configuration Item > Record
• AWS > VPC > Security Group Rule > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Security Group Rule > ServiceNow > Relationships
• AWS > VPC > Security Group Rule > ServiceNow > Relationships > Template
• AWS > VPC > Security Group Rule > ServiceNow > Table
• AWS > VPC > Security Group Rule > ServiceNow > Table > Definition

What's new?

• You can now configure and manage CI Relationships for route tables, subnets and VPCs in ServiceNow. To get started, set the AWS > VPC > Route Table > ServiceNow > Relationships > *, AWS > VPC > Subnet > ServiceNow > Relationships > * and AWS > VPC > VPC > ServiceNow > Relationships > * policies respectively.

Control Types

• AWS > VPC > Route Table > ServiceNow > Relationships
• AWS > VPC > Subnet > ServiceNow > Relationships
• AWS > VPC > VPC > ServiceNow > Relationships

Policy Types

• AWS > VPC > Route Table > ServiceNow > Relationships
• AWS > VPC > Route Table > ServiceNow > Relationships > Template
• AWS > VPC > Subnet > ServiceNow > Relationships
• AWS > VPC > Subnet > ServiceNow > Relationships > Template
• AWS > VPC > VPC > ServiceNow > Relationships
• AWS > VPC > VPC > ServiceNow > Relationships > Template

What's new?

Control Types

• AWS > Account > ServiceNow
• AWS > Account > ServiceNow > Configuration Item
• AWS > Account > ServiceNow > Table
• AWS > Region > ServiceNow
• AWS > Region > ServiceNow > Configuration Item
• AWS > Region > ServiceNow > Relationships
• AWS > Region > ServiceNow > Table

Policy Types

• AWS > Account > ServiceNow
• AWS > Account > ServiceNow > Configuration Item
• AWS > Account > ServiceNow > Configuration Item > Record
• AWS > Account > ServiceNow > Configuration Item > Table Definition
• AWS > Account > ServiceNow > Table
• AWS > Account > ServiceNow > Table > Definition
• AWS > Region > ServiceNow
• AWS > Region > ServiceNow > Configuration Item
• AWS > Region > ServiceNow > Configuration Item > Record
• AWS > Region > ServiceNow > Configuration Item > Table Definition
• AWS > Region > ServiceNow > Relationships
• AWS > Region > ServiceNow > Relationships > Template
• AWS > Region > ServiceNow > Table
• AWS > Region > ServiceNow > Table > Definition

What's new?

• You can now configure and manage CI Relationships for buckets in ServiceNow. To get started, set the AWS > S3 > Bucket > ServiceNow > Relationships > * policies.

Control Types

• AWS > S3 > Bucket > ServiceNow > Relationships

Policy Types

• AWS > S3 > Bucket > ServiceNow > Import Set > Insert Mode
• AWS > S3 > Bucket > ServiceNow > Relationships
• AWS > S3 > Bucket > ServiceNow > Relationships > Template

What's new?

• AWS/Billing/Admin, AWS/Billing/Metadata and AWS/Billing/Operator now also include purchase orders permissions.

Bug fixes

• Server
  • Removed recursive loop detection logic, as this is now managed effectively by Lambda.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Support for AWS Graviton instance with ARM64 architecture.

What's new?

• Added support to process enable and disable real-time events for Dataplex.

Resource Types

• GCP > Dataplex
• GCP > Dataplex > Lake
• GCP > Dataplex > Task
• GCP > Dataplex > Zone

Control Types

• GCP > Dataplex > API Enabled
• GCP > Dataplex > CMDB
• GCP > Dataplex > Discovery
• GCP > Dataplex > Lake > Active
• GCP > Dataplex > Lake > Approved
• GCP > Dataplex > Lake > CMDB
• GCP > Dataplex > Lake > Discovery
• GCP > Dataplex > Lake > Labels
• GCP > Dataplex > Lake > Usage
• GCP > Dataplex > Task > Active
• GCP > Dataplex > Task > Approved
• GCP > Dataplex > Task > CMDB
• GCP > Dataplex > Task > Discovery
• GCP > Dataplex > Task > Labels
• GCP > Dataplex > Task > Usage
• GCP > Dataplex > Zone > Active
• GCP > Dataplex > Zone > Approved
• GCP > Dataplex > Zone > CMDB
• GCP > Dataplex > Zone > Discovery
• GCP > Dataplex > Zone > Labels
• GCP > Dataplex > Zone > Usage

Policy Types

• GCP > Dataplex > API Enabled
• GCP > Dataplex > Approved Regions [Default]
• GCP > Dataplex > CMDB
• GCP > Dataplex > Enabled
• GCP > Dataplex > Labels Template [Default]
• GCP > Dataplex > Lake > Active
• GCP > Dataplex > Lake > Active > Age
• GCP > Dataplex > Lake > Active > Last Modified
• GCP > Dataplex > Lake > Approved
• GCP > Dataplex > Lake > Approved > Custom
• GCP > Dataplex > Lake > Approved > Regions
• GCP > Dataplex > Lake > Approved > Usage
• GCP > Dataplex > Lake > CMDB
• GCP > Dataplex > Lake > Labels
• GCP > Dataplex > Lake > Labels > Template
• GCP > Dataplex > Lake > Regions
• GCP > Dataplex > Lake > Usage
• GCP > Dataplex > Lake > Usage > Limit
• GCP > Dataplex > Permissions
• GCP > Dataplex > Permissions > Levels
• GCP > Dataplex > Permissions > Levels > Modifiers
• GCP > Dataplex > Regions
• GCP > Dataplex > Task > Active
• GCP > Dataplex > Task > Active > Age
• GCP > Dataplex > Task > Active > Last Modified
• GCP > Dataplex > Task > Approved
• GCP > Dataplex > Task > Approved > Custom
• GCP > Dataplex > Task > Approved > Regions
• GCP > Dataplex > Task > Approved > Usage
• GCP > Dataplex > Task > CMDB
• GCP > Dataplex > Task > Labels
• GCP > Dataplex > Task > Labels > Template
• GCP > Dataplex > Task > Regions
• GCP > Dataplex > Task > Usage
• GCP > Dataplex > Task > Usage > Limit
• GCP > Dataplex > Zone > Active
• GCP > Dataplex > Zone > Active > Age
• GCP > Dataplex > Zone > Active > Last Modified
• GCP > Dataplex > Zone > Approved
• GCP > Dataplex > Zone > Approved > Custom
• GCP > Dataplex > Zone > Approved > Regions
• GCP > Dataplex > Zone > Approved > Usage
• GCP > Dataplex > Zone > CMDB
• GCP > Dataplex > Zone > Labels
• GCP > Dataplex > Zone > Labels > Template
• GCP > Dataplex > Zone > Regions
• GCP > Dataplex > Zone > Usage
• GCP > Dataplex > Zone > Usage > Limit
• GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-dataplex
• GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-dataplex
• GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-dataplex

Action Types

• GCP > Dataplex > Lake > Delete
• GCP > Dataplex > Lake > Router
• GCP > Dataplex > Lake > Set Labels
• GCP > Dataplex > Set API Enabled
• GCP > Dataplex > Task > Delete
• GCP > Dataplex > Task > Router
• GCP > Dataplex > Task > Set Labels
• GCP > Dataplex > Zone > Delete
• GCP > Dataplex > Zone > Router
• GCP > Dataplex > Zone > Set Labels

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage compute resources in Guardrails. This release includes breaking changes in the CMDB data for virtual machine. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below

Added:

In Azure > Compute > Disk:

• supportedCapabilities.diskControllerTypes
• diskIopsReadWrite
• lastOwnershipUpdateTime

In Azure > Compute > Virtual Machine:

• resources
• timeCreated
• etag

In Azure > Compute > Virtual Machine Scale Set:

• constrainedMaximumCapacity
• etag
• scaleInPolicy
• timeCreated
• upgradePolicy
• storageProfile. diskControllerType

In Azure > Compute > Snapshot:

• dataAccessAuthMode
• incrementalSnapshotFamilyId

Removed:

In Azure > Compute > Virtual Machine:

• statuses.time

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage App Service resources in Guardrails.

Added:

Azure > App Service > App Service Plan

• elasticScaleEnabled
• numberOfWorkers
• zoneRedundant

Azure > App Service > Function App

• configuration.acrUseManagedIdentityCreds
• configuration.acrUserManagedIdentityID
• configuration.elasticWebAppScaleLimit
• configuration.ipSecurityRestrictionsDefaultAction
• configuration.metadata
• configuration.minTlsCipherSuite
• configuration.scmIpSecurityRestrictionsDefaultAction
• dnsConfiguration
• publicNetworkAccess
• vnetBackupRestoreEnabled
• vnetContentShareEnabled
• vnetImagePullEnabled
• vnetRouteAllEnabled

Azure > App Service > Web App

• configuration.acrUseManagedIdentityCreds
• configuration.acrUserManagedIdentityID
• configuration.elasticWebAppScaleLimit
• configuration.ipSecurityRestrictionsDefaultAction
• configuration.metadata
• configuration.minTlsCipherSuite
• configuration.scmIpSecurityRestrictionsDefaultAction
• dnsConfiguration
• publicNetworkAccess
• vnetBackupRestoreEnabled
• vnetContentShareEnabled
• vnetImagePullEnabled
• vnetRouteAllEnabled

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage API Management resources in Guardrails.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Security Center resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below

Renamed:

• JitNetworkAccessPolicies to jitNetworkAccessPolicies
• Pricing to pricing
• Locations to locations

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage MySQL resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Front Door Service resources in Guardrails. This release includes breaking changes in the CMDB data for Front Door Service. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Added:

• frontdoorId
• rulesEngines
• extendedProperties
• backendPoolsSettings
• backendPool.privateLinkAlias
• backendPool.privateLinkLocation
• backendPool.privateEndpointStatus
• backendPool.privateLinkResourceId
• backendPool.privateLinkApprovalMessage
• routingRule.rulesEngine
• routingRule.routeConfiguration.odataType
• routingRule.routeConfiguration.cacheConfiguration.cacheDuration
• routingRule.routeConfiguration.cacheConfiguration.queryParameters
• routingRule.webApplicationFirewallPolicyLink

Modified:

• routingRule.backendPool to routingRule.routeConfiguration.backendPool
• routingRule.forwardingProtocol to routingRule.routeConfiguration.forwardingProtocol
• routingRule.customForwardingPath to routingRule.routeConfiguration.customForwardingPath
• routingRule.cacheConfiguration.dynamicCompression to routingRule.routeConfiguration.cacheConfiguration. dynamicCompression
• routingRule.cacheConfiguration.queryParameterStripDirective to routingRule.routeConfiguration.cacheConfiguration. queryParameterStripDirective

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Data Factory resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage AKS resources in Guardrails.

Added:

• networkProfile.podCidrs
• networkProfile.ipFamilies
• networkProfile.outboundType
• networkProfile.serviceCidrs
• networkProfile.networkPolicy
• networkProfile.loadBalancerProfile.backendPoolType
• networkProfile.loadBalancerProfile.countIPv6
• networkProfile.loadBalancerProfile.idleTimeoutInMinutes
• networkProfile.loadBalancerProfile.allocatedOutboundPorts
• agentPoolProfiles.mode
• agentPoolProfiles.osSKU
• agentPoolProfiles.enableFips
• agentPoolProfiles.osDiskType
• agentPoolProfiles.spotMaxPrice
• agentPoolProfiles.scaleDownMode
• agentPoolProfiles.enableUltraSSD
• agentPoolProfiles.kubeletDiskType
• agentPoolProfiles.upgradeSettings.maxSurge
• agentPoolProfiles.nodeImageVersion
• agentPoolProfiles.enableEncryptionAtHost
• agentPoolProfiles.currentOrchestratorVersion

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage SignalR resources in Guardrails.

Added:

• hostNamePrefix
• serverless. connectionTimeoutInSeconds

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Service Bus resources in Guardrails.

Added:

Azure > Service Bus > Namespace

• disableLocalAuth
• status
• zoneRedundant

Azure > Service Bus > Queue

• maxMessageSizeInKilobytes

Azure > Service Bus > Topic

• maxMessageSizeInKilobytes

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Relay resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Recovery Service resources in Guardrails.

Added: Azure > Recovery Service > Vault

• properties.backupStorageVersion
• properties.bcdrSecurityLevel
• properties.publicNetworkAccess
• properties.restoreSettings
• properties.secureScore
• properties.securitySettings

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The AWS > RoboMaker > Robot Application > CMDB, AWS > RoboMaker > Fleet > CMDB and AWS > RoboMaker > Robot > CMDB policies will now be set to Skip by default because the resource types have been deprecated and will be removed in the next major version. Please check end of support for more information.

What's new?

• Track and manage Fargate FIPS Mode for Gov cloud accounts via Guardrails. To get started, set the AWS > ECS > Account Settings > Fargate FIPS Mode policy.
• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Resource Types

• AWS > ECS > Account Settings

Control Types

• AWS > ECS > Account Settings > CMDB
• AWS > ECS > Account Settings > Discovery
• AWS > ECS > Account Settings > Fargate FIPS Mode

Policy Types

• AWS > ECS > Account Settings > CMDB
• AWS > ECS > Account Settings > Fargate FIPS Mode
• AWS > ECS > Account Settings > Regions

Action Types

• AWS > ECS > Account Settings > Router
• AWS > ECS > Account Settings > Update Fargate FIPS Mode

What's new?

• Server

  • Introduced support for multi-architecture images, now compatible with both ARM64 and x86_64.
  • Added a default resource query to the context of calculated policies.
  • Updated several node packages to newer versions for improved functionality and security.
  • Updated Lambda to support recursive loops.

• UI

  • Now you can use the + sign to grant permissions in the context of both the identity and resource.
  • Updated several node packages to newer versions for improved functionality and security.

Bug fixes

• Server

  • Azure Credential Resolver now respects proxy settings, adding full proxy support.

• UI

  • Updated policy pack Terraform to correctly reference turbot_policy_pack.
  • Adjusted the Admin page layout for improved usability.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• resource/turbot_policy_pack_attachment: terraform apply failed to detect existing Policy Pack attachments. (#181)

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Application Insights resources in Guardrails. This release includes changes in the CMDB data as below.

Added:

• flowType
• requestSource

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Application Gateway resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Resource Types

• AWS > Support

Policy Types

• AWS > Support > API Enabled
• AWS > Support > Enabled
• AWS > Support > Permissions
• AWS > Support > Permissions > Levels
• AWS > Support > Permissions > Levels > Modifiers
• AWS > Support > Permissions > Lockdown
• AWS > Support > Permissions > Lockdown > API Boundary
• AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-support
• AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-support
• AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-support

What's new?

• Users can now manage whether AWS/User grant should include support:* permissions. To get started, set the AWS > Account > Permissions > Support Level policy.

Policy Types

• AWS > Account > Permissions > Support Level

Bug fixes

• The AWS > Turbot > IAM stack control did not correctly evaluate user memberships in custom IAM groups when the AWS > Turbot > Permissions > Custom Group Levels [Account] policy was set, and users were granted permissions for those custom IAM groups. This issue has now been fixed.

Bug fixes

• The AWS > EC2 > Volume > CMDB control would sometimes run unnecessarily due to a bad internal GraphQL dependency. This is now fixed.

Bug fixes

• A precheck dependency on the Kubernetes > Cluster > CMDB > Expiration policy was inadvertently added to the Kubernetes > Cluster > CMDB control. This precheck condition has now been removed.

Resource Types

• GCP > Vertex AI
• GCP > Vertex AI > Endpoint
• GCP > Vertex AI > Notebook Runtime Template

Control Types

• GCP > Vertex AI > API Enabled
• GCP > Vertex AI > CMDB
• GCP > Vertex AI > Discovery
• GCP > Vertex AI > Endpoint > Active
• GCP > Vertex AI > Endpoint > Approved
• GCP > Vertex AI > Endpoint > CMDB
• GCP > Vertex AI > Endpoint > Discovery
• GCP > Vertex AI > Endpoint > Labels
• GCP > Vertex AI > Endpoint > Usage
• GCP > Vertex AI > Notebook Runtime Template > Active
• GCP > Vertex AI > Notebook Runtime Template > Approved
• GCP > Vertex AI > Notebook Runtime Template > CMDB
• GCP > Vertex AI > Notebook Runtime Template > Discovery
• GCP > Vertex AI > Notebook Runtime Template > Router
• GCP > Vertex AI > Notebook Runtime Template > Usage

Policy Types

• GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-vertexai
• GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-vertexai
• GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-vertexai
• GCP > Vertex AI > API Enabled
• GCP > Vertex AI > Approved Regions [Default]
• GCP > Vertex AI > CMDB
• GCP > Vertex AI > Enabled
• GCP > Vertex AI > Endpoint > Active
• GCP > Vertex AI > Endpoint > Active > Age
• GCP > Vertex AI > Endpoint > Active > Last Modified
• GCP > Vertex AI > Endpoint > Approved
• GCP > Vertex AI > Endpoint > Approved > Custom
• GCP > Vertex AI > Endpoint > Approved > Regions
• GCP > Vertex AI > Endpoint > Approved > Usage
• GCP > Vertex AI > Endpoint > CMDB
• GCP > Vertex AI > Endpoint > Labels
• GCP > Vertex AI > Endpoint > Labels > Template
• GCP > Vertex AI > Endpoint > Regions
• GCP > Vertex AI > Endpoint > Usage
• GCP > Vertex AI > Endpoint > Usage > Limit
• GCP > Vertex AI > Labels Template [Default]
• GCP > Vertex AI > Notebook Runtime Template > Active
• GCP > Vertex AI > Notebook Runtime Template > Active > Age
• GCP > Vertex AI > Notebook Runtime Template > Active > Last Modified
• GCP > Vertex AI > Notebook Runtime Template > Approved
• GCP > Vertex AI > Notebook Runtime Template > Approved > Custom
• GCP > Vertex AI > Notebook Runtime Template > Approved > Regions
• GCP > Vertex AI > Notebook Runtime Template > Approved > Usage
• GCP > Vertex AI > Notebook Runtime Template > CMDB
• GCP > Vertex AI > Notebook Runtime Template > Regions
• GCP > Vertex AI > Notebook Runtime Template > Usage
• GCP > Vertex AI > Notebook Runtime Template > Usage > Limit
• GCP > Vertex AI > Permissions
• GCP > Vertex AI > Permissions > Levels
• GCP > Vertex AI > Permissions > Levels > Modifiers
• GCP > Vertex AI > Regions

Action Types

• GCP > Vertex AI > Endpoint > Delete
• GCP > Vertex AI > Endpoint > Router
• GCP > Vertex AI > Endpoint > Set Labels
• GCP > Vertex AI > Notebook Runtime Template > Delete
• GCP > Vertex AI > Set API Enabled

What's new?

• Added support to process real-time enable and disable events for Vertex AI API via Service Usage APIs.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Search Management resources in Guardrails.

Added:

• authOptions
• disableLocalAuth
• encryptionWithCmk
• networkRuleSet
• privateEndpointConnections
• publicNetworkAccess
• semanticSearch
• sharedPrivateLinkResources

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

Action Types

• GCP > Storage > Bucket > Set Fine-grained Access Control
• GCP > Storage > Bucket > Set Uniform Access Control

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Synapse Analytics resources in Guardrails.

Added: Azure > Synapse Analytics > Workspace

• azureADOnlyAuthentication
• createManagedPrivateEndpoint
• encryption
• extraProperties
• publicNetworkAccess
• settings
• trustedServiceBypassEnabled
• workspaceUID

Azure > Synapse Analytics > SQL Pool

• storageAccountType

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

Action Types

• Azure > Storage > Storage Account > Set Minimum TLS Version

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage PostgreSQL resources in Guardrails. This release includes breaking changes in the CMDB data for server and flexible server. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below

Added:

• authConfig

• dataEncryption

• standbyAvailabilityZone

• network. delegatedSubnetResourceId

• network. privateDnsZoneArmResourceId

• replicaCapacity

• replicationRole

• systemData

• configurations.documentationLink

• configurations.isConfigPendingRestart

• configurations.isDynamicConfig

• configurations.isReadOnly

• configurations.unit

Modified:

• The data type of the attribute firewallRules has been changed from array ([]) to object ({}).

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Network Watcher resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The serviceProperties.table.clientRequestId and serviceProperties.table.requestId properties for storage accounts have now been made dynamic to avoid unnecessary notifications in the activity tab.

Bug fixes

• Fixed incorrect references to various Quick Actions.

What's new?

Policy Types

• Kubernetes > Cluster > ServiceNow > Import Set > Insert Mode
• Kubernetes > ConfigMap > ServiceNow > Import Set > Insert Mode
• Kubernetes > Deployment > ServiceNow > Import Set > Insert Mode
• Kubernetes > Namespace > ServiceNow > Import Set > Insert Mode
• Kubernetes > Node > ServiceNow > Import Set > Insert Mode
• Kubernetes > Pod > ServiceNow > Import Set > Insert Mode
• Kubernetes > ReplicaSet > ServiceNow > Import Set > Insert Mode
• Kubernetes > Service > ServiceNow > Import Set > Insert Mode

Bug fixes

• Improved error handling for osquery error events.

Bug fixes

• Query controls for various resource types will now go into an invalid state if we receive an error from the osquery agent.

What's new?

Policy Types

• GCP > Storage > Bucket > ServiceNow > Import Set > Insert Mode
• GCP > Storage > Object > ServiceNow > Import Set > Insert Mode

Control Types

• GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set
• GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set
• GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set
• GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set

Policy Types

• GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set
• GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Archive Columns
• GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Insert Mode
• GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Record
• GCP > Kubernetes Engine > Region Cluster > ServiceNow > Import Set > Table Name
• GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set
• GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Archive Columns
• GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Insert Mode
• GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Record
• GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Import Set > Table Name
• GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set
• GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Archive Columns
• GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Insert Mode
• GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Record
• GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Import Set > Table Name
• GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set
• GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Archive Columns
• GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Insert Mode
• GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Record
• GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Import Set > Table Name

What's new?

Policy Types

• GCP > Global Region > ServiceNow > Import Set > Insert Mode
• GCP > Multi-Region > ServiceNow > Import Set > Insert Mode
• GCP > Project > ServiceNow > Import Set > Insert Mode
• GCP > Region > ServiceNow > Import Set > Insert Mode
• GCP > Zone > ServiceNow > Import Set > Insert Mode

Control Types

• Azure > AKS > Managed Cluster > ServiceNow > Import Set

Policy Types

• Azure > AKS > Managed Cluster > ServiceNow > Import Set
• Azure > AKS > Managed Cluster > ServiceNow > Import Set > Archive Columns
• Azure > AKS > Managed Cluster > ServiceNow > Import Set > Insert Mode
• Azure > AKS > Managed Cluster > ServiceNow > Import Set > Record
• Azure > AKS > Managed Cluster > ServiceNow > Import Set > Table Name

What's new?

Policy Types

• Azure > Subscription > ServiceNow > Import Set > Insert Mode

What's new?

Policy Types

• ServiceNow > Import Set > Insert Mode [Default]

Bug fixes

• Guardrails did not correctly raise the real-time modifyVolume event for EBS Volume Notifications. This issue is now fixed.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

Action Types

• AWS > SWF > Domain > Delete from AWS

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

Bug fixes

• Fixed incorrect references to various Quick Actions.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

What's new?

• Volume's metadata will now also include createdBy details in Guardrails CMDB.
• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• The AWS > EC2 > Volume > Performance Configuration control would sometimes fail to set the expected configuration per AWS > EC2 > Volume > Performance Configuration > * policies and move to an Invalid state if the required data was not available for new volumes in the CMDB. The control will now move to TBD instead and retry after 5 minutes to fetch the required data correctly and set the performance configuration as expected.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed incorrect references to various Quick Actions.

What's new?

• Support for Node.js 20 in the Lambda runtime.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• The Azure > Storage> Storage Account > CMDB control will now also fetch diagnostic settings details and store them in CMDB.
• Track and manage storage account access keys in Guardrails CMDB.

Resource Types

• Azure > Storage > Access Key

Control Types

• Azure > Storage > Access Key > CMDB
• Azure > Storage > Access Key > Discovery

Policy Types

• Azure > Storage > Access Key > CMDB

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.
• Fixed the AKA format for rule group v2 global and regional resource types.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Control Types

• GCP > Global Region > ServiceNow
• GCP > Global Region > ServiceNow > Configuration Item
• GCP > Global Region > ServiceNow > Import Set
• GCP > Global Region > ServiceNow > Table
• GCP > Multi-Region > ServiceNow
• GCP > Multi-Region > ServiceNow > Configuration Item
• GCP > Multi-Region > ServiceNow > Import Set
• GCP > Multi-Region > ServiceNow > Table
• GCP > Region > ServiceNow
• GCP > Region > ServiceNow > Configuration Item
• GCP > Region > ServiceNow > Import Set
• GCP > Region > ServiceNow > Table
• GCP > Zone > ServiceNow
• GCP > Zone > ServiceNow > Configuration Item
• GCP > Zone > ServiceNow > Import Set
• GCP > Zone > ServiceNow > Table

Policy Types

• GCP > Global Region > ServiceNow
• GCP > Global Region > ServiceNow > Configuration Item
• GCP > Global Region > ServiceNow > Configuration Item > Record
• GCP > Global Region > ServiceNow > Configuration Item > Table Definition
• GCP > Global Region > ServiceNow > Import Set
• GCP > Global Region > ServiceNow > Import Set > Archive Columns
• GCP > Global Region > ServiceNow > Import Set > Record
• GCP > Global Region > ServiceNow > Import Set > Table Name
• GCP > Global Region > ServiceNow > Table
• GCP > Global Region > ServiceNow > Table > Definition
• GCP > Multi-Region > ServiceNow
• GCP > Multi-Region > ServiceNow > Configuration Item
• GCP > Multi-Region > ServiceNow > Configuration Item > Record
• GCP > Multi-Region > ServiceNow > Configuration Item > Table Definition
• GCP > Multi-Region > ServiceNow > Import Set
• GCP > Multi-Region > ServiceNow > Import Set > Archive Columns
• GCP > Multi-Region > ServiceNow > Import Set > Record
• GCP > Multi-Region > ServiceNow > Import Set > Table Name
• GCP > Multi-Region > ServiceNow > Table
• GCP > Multi-Region > ServiceNow > Table > Definition
• GCP > Region > ServiceNow
• GCP > Region > ServiceNow > Configuration Item
• GCP > Region > ServiceNow > Configuration Item > Record
• GCP > Region > ServiceNow > Configuration Item > Table Definition
• GCP > Region > ServiceNow > Import Set
• GCP > Region > ServiceNow > Import Set > Archive Columns
• GCP > Region > ServiceNow > Import Set > Record
• GCP > Region > ServiceNow > Import Set > Table Name
• GCP > Region > ServiceNow > Table
• GCP > Region > ServiceNow > Table > Definition
• GCP > Zone > ServiceNow
• GCP > Zone > ServiceNow > Configuration Item
• GCP > Zone > ServiceNow > Configuration Item > Record
• GCP > Zone > ServiceNow > Configuration Item > Table Definition
• GCP > Zone > ServiceNow > Import Set
• GCP > Zone > ServiceNow > Import Set > Archive Columns
• GCP > Zone > ServiceNow > Import Set > Record
• GCP > Zone > ServiceNow > Import Set > Table Name
• GCP > Zone > ServiceNow > Table
• GCP > Zone > ServiceNow > Table > Definition

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

Bug fixes

• The Import Set controls will not require permissions to read the sys_db_object & sys_dictionary tables in ServiceNow.

What's new?

• You can now configure parameter groups for DB clusters. To get started, set the AWS > RDS > DB Cluster > Parameter Group > * policies.

Control Types

• AWS > RDS > DB Cluster > Parameter Group

Policy Types

• AWS > RDS > DB Cluster > Parameter Group
• AWS > RDS > DB Cluster > Parameter Group > Name

Action Types

• AWS > RDS > DB Cluster > Update Parameter Group

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• Server

  • Resolved an issue where policy values were not being terminated due to a race condition.
  • The ServiceNow credentials resolver will now display a clear message when the instance is hibernate or unavailable state.

• UI

  • Fixed an issue where filters on the Resource Explorer page were not functioning correctly.
  • The Import button on the Connect page has been updated to Connect.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We have updated various policies set during project imports to allow for a smoother import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• You can now configure Master Authorized Networks for region and zone clusters via Guardrails. To get started, set the GCP > Kubernetes Engine > Region Cluster > Master Authorized Networks Config and GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config policies respectively.

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Control Types

• GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config

Policy Types

• GCP > Kubernetes Engine > Zone Cluster > Master Authorized Networks Config

Action Types

• GCP > Kubernetes Engine > Region Cluster > Set Desired Master Authorized Network Config
• GCP > Kubernetes Engine > Zone Cluster > Set Desired Master Authorized Network Config

What's new?

• We have updated various policies set during subscription imports to allow for a smoother import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Resource Types

• Azure > Network > Private Link Service

Control Types

• Azure > Network > Private Link Service > Active
• Azure > Network > Private Link Service > Approved
• Azure > Network > Private Link Service > CMDB
• Azure > Network > Private Link Service > Discovery
• Azure > Network > Private Link Service > Tags

Policy Types

• Azure > Network > Private Link Service > Active
• Azure > Network > Private Link Service > Active > Age
• Azure > Network > Private Link Service > Active > Last Modified
• Azure > Network > Private Link Service > Approved
• Azure > Network > Private Link Service > Approved > Custom
• Azure > Network > Private Link Service > Approved > Regions
• Azure > Network > Private Link Service > Approved > Usage
• Azure > Network > Private Link Service > CMDB
• Azure > Network > Private Link Service > Regions
• Azure > Network > Private Link Service > Tags
• Azure > Network > Private Link Service > Tags > Template

Action Types

• Azure > Network > Private Link Service > Delete
• Azure > Network > Private Link Service > Router
• Azure > Network > Private Link Service > Set Tags

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.

Bug fixes

• In version 5.25.0, we added support to ignore permission errors on a bucket via the CMDB policy Enforce: Enabled but ignore permission errors. However, the CMDB control previously ignored permission errors only on the HeadBucket operation and still entered an error state for permission errors on sub-API calls. The CMDB control will now ignore all sub-API calls if the HeadBucket operation is denied access. If the HeadBucket operation is successful, the control will attempt to make all sub-API calls and ignore access denied errors if encountered.

What's new?

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Resource Types

• Azure > Provider > Container Registry

Control Types

• Azure > Provider > Container Registry > CMDB
• Azure > Provider > Container Registry > Discovery
• Azure > Provider > Container Registry > Registered

Policy Types

• Azure > Provider > Container Registry > CMDB
• Azure > Provider > Container Registry > Registered

Action Types

• Azure > Provider > Container Registry > Set Registered

Resource Types

• Azure > Container Registry
• Azure > Container Registry > Registry

Control Types

• Azure > Container Registry > Registry > Active
• Azure > Container Registry > Registry > Approved
• Azure > Container Registry > Registry > CMDB
• Azure > Container Registry > Registry > Discovery
• Azure > Container Registry > Registry > Tags

Policy Types

• Azure > Container Registry > Approved Regions [Default]
• Azure > Container Registry > Enabled
• Azure > Container Registry > Permissions
• Azure > Container Registry > Permissions > Levels
• Azure > Container Registry > Permissions > Levels > Modifiers
• Azure > Container Registry > Regions
• Azure > Container Registry > Registry > Active
• Azure > Container Registry > Registry > Active > Age
• Azure > Container Registry > Registry > Active > Last Modified
• Azure > Container Registry > Registry > Approved
• Azure > Container Registry > Registry > Approved > Custom
• Azure > Container Registry > Registry > Approved > Regions
• Azure > Container Registry > Registry > Approved > Usage
• Azure > Container Registry > Registry > CMDB
• Azure > Container Registry > Registry > Regions
• Azure > Container Registry > Registry > Tags
• Azure > Container Registry > Registry > Tags > Template
• Azure > Container Registry > Tags Template [Default]
• Azure > Turbot > Permissions > Compiled > Levels > @turbot/azure-containerregistry
• Azure > Turbot > Permissions > Compiled > Service Permissions > @turbot/azure-containerregistry

Action Types

• Azure > Container Registry > Registry > Delete
• Azure > Container Registry > Registry > Router
• Azure > Container Registry > Registry > Set Tags

What's new?

• The Approved > Usage policy for resource types will now default to Approved instead of Approved if AWS > {service} > Enabled.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The AWS > VPC > VPC > Stack control would sometimes go into an error state while upserting newly created flow logs in Guardrails due to incorrect mapping of its parent resource. This issue has now been fixed, and the control will upsert flow logs more consistently and reliably than before.

Bug fixes

• The CMDB control for the service resource type will no longer depend on the API Enabled policy being set to Enforce: Enabled for the service.

What's new?

• Added support for Postgres versions 13.14, 13.15, 13.16, 14.11, 14.12, 14.13 and 15.8.
• Updated Default value for the RDS certificate to rds-ca-rsa4096-g1.

5.0.0 (2024-08-13)

Resource Types

• Azure > Managed Identity
• Azure > Managed Identity > User Assigned Identity

Control Types

• Azure > Managed Identity > User Assigned Identity > Active
• Azure > Managed Identity > User Assigned Identity > Approved
• Azure > Managed Identity > User Assigned Identity > CMDB
• Azure > Managed Identity > User Assigned Identity > Discovery
• Azure > Managed Identity > User Assigned Identity > Tags

Policy Types

• Azure > Managed Identity > Approved Regions [Default]
• Azure > Managed Identity > Enabled
• Azure > Managed Identity > Permissions
• Azure > Managed Identity > Permissions > Levels
• Azure > Managed Identity > Permissions > Levels > Modifiers
• Azure > Managed Identity > Regions
• Azure > Managed Identity > Tags Template [Default]
• Azure > Managed Identity > User Assigned Identity > Active
• Azure > Managed Identity > User Assigned Identity > Active > Age
• Azure > Managed Identity > User Assigned Identity > Active > Last Modified
• Azure > Managed Identity > User Assigned Identity > Approved
• Azure > Managed Identity > User Assigned Identity > Approved > Custom
• Azure > Managed Identity > User Assigned Identity > Approved > Regions
• Azure > Managed Identity > User Assigned Identity > Approved > Usage
• Azure > Managed Identity > User Assigned Identity > CMDB
• Azure > Managed Identity > User Assigned Identity > Regions
• Azure > Managed Identity > User Assigned Identity > Tags
• Azure > Managed Identity > User Assigned Identity > Tags > Template
• Azure > Turbot > Permissions > Compiled > Levels > @turbot/azure-managedidentity
• Azure > Turbot > Permissions > Compiled > Service Permissions > @turbot/azure-managedidentity

Action Types

• Azure > Managed Identity > User Assigned Identity > Delete
• Azure > Managed Identity > User Assigned Identity > Router
• Azure > Managed Identity > User Assigned Identity > Set Tags

What's new?

• The AWS > Turbot > Logging > Bucket > Default Encryption policy is now deprecated because all buckets are now encrypted by default in AWS. As a result, all buckets created and managed via the AWS > Turbot > Logging > Bucket stack control will now be encrypted by AWS SSE by default. We've also removed ACL settings for buckets and now apply bucket ownership controls instead via the stack control to align with the latest AWS recommendations. Please upgrade the @turbot/aws-s3 mod to v5.26.0 for the stack control to work reliably as before.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Policy Types

Renamed

• AWS > Turbot > Logging > Bucket > Default Encryption to AWS > Turbot > Logging > Bucket > Default Encryption [Deprecated]

What's new?

• Added support for aws_s3_bucket_ownership_controls Terraform resource for buckets.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• Users can now configure the Terraform version for the AWS > Config > Configuration Recording stack control. To get started, set the AWS > Config > Configuration Recording > Terraform Version policy. We recommend using versions 0.11, 0.12, or 0.15 for this control to create and manage resources effectively and reliably.

Policy Types

• AWS > Config > Configuration Recording > Terraform Version

What's new?

• Users can now create and manage labels on Pub/Sub topics created via the GCP > Turbot > Event Handlers > Pub/Sub control. To get started, set the GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels policy.

Policy Types

• GCP > Turbot > Event Handlers > Pub/Sub > Subscription > Labels > Ignore Changes
• GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels
• GCP > Turbot > Event Handlers > Pub/Sub > Topic > Labels > Ignore Changes

Bug fixes

• Guardrails failed to cleanup deleted security group rules via the real-time ec2:RevokeSecurityGroupEgress and ec2:RevokeSecurityGroupIngress events. This issue is now fixed.

Bug fixes

• The AWS > Turbot > Event Handlers control did not correctly raise the real-time CreateTags and DeleteTags events for VPC security group rules. This issue is now fixed.

What's new?

• Users can now configure flow logging for subnetworks. To get started, set the GCP > Network > Subnetwork > Flow Log policy.

Control Types

• GCP > Network > Subnetwork > Flow Log

Policy Types

• GCP > Network > Subnetwork > Flow Log

Action Types

• GCP > Network > Subnetwork > Set Flow Log

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

Resource Types

• Azure > Provider > Elastic
• Azure > Provider > Managed Identity

Control Types

• Azure > Provider > Elastic > CMDB
• Azure > Provider > Elastic > Discovery
• Azure > Provider > Elastic > Registered
• Azure > Provider > Managed Identity > CMDB
• Azure > Provider > Managed Identity > Discovery
• Azure > Provider > Managed Identity > Registered

Policy Types

• Azure > Provider > Elastic > CMDB
• Azure > Provider > Elastic > Registered
• Azure > Provider > Managed Identity > CMDB
• Azure > Provider > Managed Identity > Registered

Action Types

• Azure > Provider > Elastic > Set Registered
• Azure > Provider > Managed Identity > Set Registered

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• You can now disable inactive or unapproved service accounts via Guardrails. To get started, set the GCP > IAM > Service Account > Active or GCP > IAM > Service Account > Approved policy to Enforce: Disable inactive with <x> days warning or Enforce: Disable unapproved respectively.

Action Types

• GCP > IAM > Service Account > Disable

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

• The AWS > ECR > Repository > CMDB control went into an error state for shared repositories upserted incorrectly in Guardrails CMDB. Shared repositories will now not be upserted under shared accounts or regions, but will only be upserted under their owner accounts and regions.

Bug fixes

• Guardrails failed to process the real-time event ec2:CreateReplaceRootVolumeTask for instances. This is now fixed.

What's new?

• Server

  • Made notifications faster by improving the query, which enhances the performance of the resource activity tab.

• UI

  • Fixed a bug where policy pack creation would fail if the AKA was not provided from the user interface.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The Azure > Resource Group > ServiceNow > Configuration Item control would fail to fetch instance credentials internally and did not process the data correctly in ServiceNow. This issue has now been fixed.

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Control Types

• GCP > Project > ServiceNow > Import Set

Policy Types

• GCP > Project > ServiceNow > Import Set
• GCP > Project > ServiceNow > Import Set > Archive Columns
• GCP > Project > ServiceNow > Import Set > Record
• GCP > Project > ServiceNow > Import Set > Table Name

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

Bug fixes

• The Import Set control for various resources would push JSON objects to ServiceNow without converting them to strings. This would result in ServiceNow reading those JSON objects in an incorrect format. The Import Set control will now convert such JSON objects to strings so that they are stored reliably and consistently in ServiceNow.

What's new?

• Added support for Postgres versions 15.6 and 15.7.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to poll events from Azure Monitor and process them in Guardrails. You won't notice any difference, and things will continue to work smoothly as before.

What's new?

• AWS/DynamoDB/Admin, AWS/DynamoDB/Metadata and AWS/DynamoDB/Operator now include permissions for Resource Policy, Imports, Time to Live and Global Table Version.

What's new?

Control Types

• Azure > Network > Network Security Group > ServiceNow > Import Set

Policy Types

• Azure > Network > Network Security Group > ServiceNow > Import Set
• Azure > Network > Network Security Group > ServiceNow > Import Set > Archive Columns
• Azure > Network > Network Security Group > ServiceNow > Import Set > Record
• Azure > Network > Network Security Group > ServiceNow > Import Set > Table Name

What's new?

Control Types

• Azure > Subscription > ServiceNow > Import Set

Policy Types

• Azure > Subscription > ServiceNow > Import Set
• Azure > Subscription > ServiceNow > Import Set > Archive Columns
• Azure > Subscription > ServiceNow > Import Set > Record
• Azure > Subscription > ServiceNow > Import Set > Table Name

What's new?

• Users can now enable/disable Table logging for Storage Accounts via Azure > Storage > Storage Account > Table > Logging control. To get started, set the Azure > Storage > Storage Account > Table > Logging policy.

Control Types

• Azure > Storage > Storage Account > Encryption at Rest
• Azure > Storage > Storage Account > Table
• Azure > Storage > Storage Account > Table > Logging

Policy Types

• Azure > Storage > Storage Account > Encryption at Rest
• Azure > Storage > Storage Account > Encryption at Rest > Customer Managed Key
• Azure > Storage > Storage Account > Table
• Azure > Storage > Storage Account > Table > Logging
• Azure > Storage > Storage Account > Table > Logging > Properties
• Azure > Storage > Storage Account > Table > Logging > Retention Days

Action Types

• Azure > Storage > Storage Account > Update Encryption at Rest

• Azure > Storage > Storage Account > Update Storage Account Table Logging

• The Storage Account CMDB data will now also include information about the account's table service properties.

• We've removed the dependency on listKeys permission for Azure > Storage Account > Container > Discovery to run its course to completion. This release includes breaking changes in the CMDB data for containers. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Renamed: isImmutableStorageWithVersioningEnabled to isImmutableStorageWithVersioning.enabled

Removed: preventEncryptionScopeOverride

Bug fixes

• The Azure > Storage > Storage Account > CMDB control would go into an error state while trying to fetch default Queue and Blob properties if Guardrails did not have permission to list the storage account keys. The control will now not attempt to fetch default Queue and Blob properties if Guardrails does not have the required access for listKeys, and will run its course to completion without going into an error state.

Bug fixes

• Improved error message for the AWS > S3 > Bucket > CMDB control if it would go into an error state due to insufficient permissions for the headBucket operation.

What's new?

• Server
  • Migrated from Node.js 18 to Node.js 20 for improved performance and security.
  • Updated the Mod Lambda architecture to ARM64 for better efficiency.
  • Added support for Node.js 20 in the Lambda runtime.

Bug fixes

• Server
  • Resolved an issue where the next tick timestamp was not being set for large commands

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• UI
  • Resolved deletion issue from UI for Policy Packs with latest Turbot Mod(5.45.0) and TE 5.45.0.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Server
  • Minor internal improvements.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

Control Types

• Kubernetes > CronJob > ServiceNow
• Kubernetes > CronJob > ServiceNow > Configuration Item
• Kubernetes > CronJob > ServiceNow > Table
• Kubernetes > DaemonSet > ServiceNow
• Kubernetes > DaemonSet > ServiceNow > Configuration Item
• Kubernetes > DaemonSet > ServiceNow > Table
• Kubernetes > Ingress > ServiceNow
• Kubernetes > Ingress > ServiceNow > Configuration Item
• Kubernetes > Ingress > ServiceNow > Table
• Kubernetes > Job > ServiceNow
• Kubernetes > Job > ServiceNow > Configuration Item
• Kubernetes > Job > ServiceNow > Table
• Kubernetes > Persistent Volume > ServiceNow
• Kubernetes > Persistent Volume > ServiceNow > Configuration Item
• Kubernetes > Persistent Volume > ServiceNow > Table
• Kubernetes > ReplicationController > ServiceNow
• Kubernetes > ReplicationController > ServiceNow > Configuration Item
• Kubernetes > ReplicationController > ServiceNow > Table
• Kubernetes > StatefulSet > ServiceNow
• Kubernetes > StatefulSet > ServiceNow > Configuration Item
• Kubernetes > StatefulSet > ServiceNow > Table

Policy Types

• Kubernetes > CronJob > ServiceNow
• Kubernetes > CronJob > ServiceNow > Configuration Item
• Kubernetes > CronJob > ServiceNow > Configuration Item > Record
• Kubernetes > CronJob > ServiceNow > Configuration Item > Table Definition
• Kubernetes > CronJob > ServiceNow > Table
• Kubernetes > CronJob > ServiceNow > Table > Definition
• Kubernetes > DaemonSet > ServiceNow
• Kubernetes > DaemonSet > ServiceNow > Configuration Item
• Kubernetes > DaemonSet > ServiceNow > Configuration Item > Record
• Kubernetes > DaemonSet > ServiceNow > Configuration Item > Table Definition
• Kubernetes > DaemonSet > ServiceNow > Table
• Kubernetes > DaemonSet > ServiceNow > Table > Definition
• Kubernetes > Ingress > ServiceNow
• Kubernetes > Ingress > ServiceNow > Configuration Item
• Kubernetes > Ingress > ServiceNow > Configuration Item > Record
• Kubernetes > Ingress > ServiceNow > Configuration Item > Table Definition
• Kubernetes > Ingress > ServiceNow > Table
• Kubernetes > Ingress > ServiceNow > Table > Definition
• Kubernetes > Job > ServiceNow
• Kubernetes > Job > ServiceNow > Configuration Item
• Kubernetes > Job > ServiceNow > Configuration Item > Record
• Kubernetes > Job > ServiceNow > Configuration Item > Table Definition
• Kubernetes > Job > ServiceNow > Table
• Kubernetes > Job > ServiceNow > Table > Definition
• Kubernetes > Persistent Volume > ServiceNow
• Kubernetes > Persistent Volume > ServiceNow > Configuration Item
• Kubernetes > Persistent Volume > ServiceNow > Configuration Item > Record
• Kubernetes > Persistent Volume > ServiceNow > Configuration Item > Table Definition
• Kubernetes > Persistent Volume > ServiceNow > Table
• Kubernetes > Persistent Volume > ServiceNow > Table > Definition
• Kubernetes > ReplicationController > ServiceNow
• Kubernetes > ReplicationController > ServiceNow > Configuration Item
• Kubernetes > ReplicationController > ServiceNow > Configuration Item > Record
• Kubernetes > ReplicationController > ServiceNow > Configuration Item > Table Definition
• Kubernetes > ReplicationController > ServiceNow > Table
• Kubernetes > ReplicationController > ServiceNow > Table > Definition
• Kubernetes > StatefulSet > ServiceNow
• Kubernetes > StatefulSet > ServiceNow > Configuration Item
• Kubernetes > StatefulSet > ServiceNow > Configuration Item > Record
• Kubernetes > StatefulSet > ServiceNow > Configuration Item > Table Definition
• Kubernetes > StatefulSet > ServiceNow > Table
• Kubernetes > StatefulSet > ServiceNow > Table > Definition

What's new?

Resource Types

• Kubernetes > CronJob
• Kubernetes > DaemonSet
• Kubernetes > Ingress
• Kubernetes > Job
• Kubernetes > Persistent Volume
• Kubernetes > ReplicationController
• Kubernetes > StatefulSet

Control Types

• Kubernetes > ConfigMap > Active
• Kubernetes > CronJob > Active
• Kubernetes > CronJob > Annotations
• Kubernetes > CronJob > Approved
• Kubernetes > CronJob > CMDB
• Kubernetes > CronJob > Labels
• Kubernetes > CronJob > Query
• Kubernetes > DaemonSet > Active
• Kubernetes > DaemonSet > Annotations
• Kubernetes > DaemonSet > Approved
• Kubernetes > DaemonSet > CMDB
• Kubernetes > DaemonSet > Labels
• Kubernetes > DaemonSet > Query
• Kubernetes > Deployment > Active
• Kubernetes > Ingress > Active
• Kubernetes > Ingress > Annotations
• Kubernetes > Ingress > Approved
• Kubernetes > Ingress > CMDB
• Kubernetes > Ingress > Labels
• Kubernetes > Ingress > Query
• Kubernetes > Job > Active
• Kubernetes > Job > Annotations
• Kubernetes > Job > Approved
• Kubernetes > Job > CMDB
• Kubernetes > Job > Labels
• Kubernetes > Job > Query
• Kubernetes > Namespace > Active
• Kubernetes > Node > Active
• Kubernetes > Persistent Volume > Active
• Kubernetes > Persistent Volume > Annotations
• Kubernetes > Persistent Volume > Approved
• Kubernetes > Persistent Volume > CMDB
• Kubernetes > Persistent Volume > Labels
• Kubernetes > Persistent Volume > Query
• Kubernetes > Pod > Active
• Kubernetes > ReplicaSet > Active
• Kubernetes > ReplicationController > Active
• Kubernetes > ReplicationController > Annotations
• Kubernetes > ReplicationController > Approved
• Kubernetes > ReplicationController > CMDB
• Kubernetes > ReplicationController > Labels
• Kubernetes > ReplicationController > Query
• Kubernetes > Service > Active
• Kubernetes > StatefulSet > Active
• Kubernetes > StatefulSet > Annotations
• Kubernetes > StatefulSet > Approved
• Kubernetes > StatefulSet > CMDB
• Kubernetes > StatefulSet > Labels
• Kubernetes > StatefulSet > Query

Policy Types

• Kubernetes > Cluster > CMDB > Expiration
• Kubernetes > Cluster > CMDB > Expiration > Expiration Days
• Kubernetes > Cluster > osquery
• Kubernetes > Cluster > osquery > Configuration
• Kubernetes > ConfigMap > Active
• Kubernetes > ConfigMap > Active > Age
• Kubernetes > ConfigMap > Active > Last Modified
• Kubernetes > CronJob > Active
• Kubernetes > CronJob > Active > Age
• Kubernetes > CronJob > Active > Last Modified
• Kubernetes > CronJob > Annotations
• Kubernetes > CronJob > Annotations > Template
• Kubernetes > CronJob > Approved
• Kubernetes > CronJob > Approved > Custom
• Kubernetes > CronJob > CMDB
• Kubernetes > CronJob > Labels
• Kubernetes > CronJob > Labels > Template
• Kubernetes > CronJob > osquery
• Kubernetes > CronJob > osquery > Configuration
• Kubernetes > CronJob > osquery > Configuration > Columns
• Kubernetes > CronJob > osquery > Configuration > Interval
• Kubernetes > CronJob > osquery > Configuration > Name
• Kubernetes > DaemonSet > Active
• Kubernetes > DaemonSet > Active > Age
• Kubernetes > DaemonSet > Active > Last Modified
• Kubernetes > DaemonSet > Annotations
• Kubernetes > DaemonSet > Annotations > Template
• Kubernetes > DaemonSet > Approved
• Kubernetes > DaemonSet > Approved > Custom
• Kubernetes > DaemonSet > CMDB
• Kubernetes > DaemonSet > Labels
• Kubernetes > DaemonSet > Labels > Template
• Kubernetes > DaemonSet > osquery
• Kubernetes > DaemonSet > osquery > Configuration
• Kubernetes > DaemonSet > osquery > Configuration > Columns
• Kubernetes > DaemonSet > osquery > Configuration > Interval
• Kubernetes > DaemonSet > osquery > Configuration > Name
• Kubernetes > Deployment > Active
• Kubernetes > Deployment > Active > Age
• Kubernetes > Deployment > Active > Last Modified
• Kubernetes > Ingress > Active
• Kubernetes > Ingress > Active > Age
• Kubernetes > Ingress > Active > Last Modified
• Kubernetes > Ingress > Annotations
• Kubernetes > Ingress > Annotations > Template
• Kubernetes > Ingress > Approved
• Kubernetes > Ingress > Approved > Custom
• Kubernetes > Ingress > CMDB
• Kubernetes > Ingress > Labels
• Kubernetes > Ingress > Labels > Template
• Kubernetes > Ingress > osquery
• Kubernetes > Ingress > osquery > Configuration
• Kubernetes > Ingress > osquery > Configuration > Columns
• Kubernetes > Ingress > osquery > Configuration > Interval
• Kubernetes > Ingress > osquery > Configuration > Name
• Kubernetes > Job > Active
• Kubernetes > Job > Active > Age
• Kubernetes > Job > Active > Last Modified
• Kubernetes > Job > Annotations
• Kubernetes > Job > Annotations > Template
• Kubernetes > Job > Approved
• Kubernetes > Job > Approved > Custom
• Kubernetes > Job > CMDB
• Kubernetes > Job > Labels
• Kubernetes > Job > Labels > Template
• Kubernetes > Job > osquery
• Kubernetes > Job > osquery > Configuration
• Kubernetes > Job > osquery > Configuration > Columns
• Kubernetes > Job > osquery > Configuration > Interval
• Kubernetes > Job > osquery > Configuration > Name
• Kubernetes > Namespace > Active
• Kubernetes > Namespace > Active > Age
• Kubernetes > Namespace > Active > Last Modified
• Kubernetes > Node > Active
• Kubernetes > Node > Active > Age
• Kubernetes > Node > Active > Last Modified
• Kubernetes > Persistent Volume > Active
• Kubernetes > Persistent Volume > Active > Age
• Kubernetes > Persistent Volume > Active > Last Modified
• Kubernetes > Persistent Volume > Annotations
• Kubernetes > Persistent Volume > Annotations > Template
• Kubernetes > Persistent Volume > Approved
• Kubernetes > Persistent Volume > Approved > Custom
• Kubernetes > Persistent Volume > CMDB
• Kubernetes > Persistent Volume > Labels
• Kubernetes > Persistent Volume > Labels > Template
• Kubernetes > Persistent Volume > osquery
• Kubernetes > Persistent Volume > osquery > Configuration
• Kubernetes > Persistent Volume > osquery > Configuration > Columns
• Kubernetes > Persistent Volume > osquery > Configuration > Interval
• Kubernetes > Persistent Volume > osquery > Configuration > Name
• Kubernetes > Pod > Active
• Kubernetes > Pod > Active > Age
• Kubernetes > Pod > Active > Last Modified
• Kubernetes > ReplicaSet > Active
• Kubernetes > ReplicaSet > Active > Age
• Kubernetes > ReplicaSet > Active > Last Modified
• Kubernetes > ReplicationController > Active
• Kubernetes > ReplicationController > Active > Age
• Kubernetes > ReplicationController > Active > Last Modified
• Kubernetes > ReplicationController > Annotations
• Kubernetes > ReplicationController > Annotations > Template
• Kubernetes > ReplicationController > Approved
• Kubernetes > ReplicationController > Approved > Custom
• Kubernetes > ReplicationController > CMDB
• Kubernetes > ReplicationController > Labels
• Kubernetes > ReplicationController > Labels > Template
• Kubernetes > ReplicationController > osquery
• Kubernetes > ReplicationController > osquery > Configuration
• Kubernetes > ReplicationController > osquery > Configuration > Columns
• Kubernetes > ReplicationController > osquery > Configuration > Interval
• Kubernetes > ReplicationController > osquery > Configuration > Name
• Kubernetes > Service > Active
• Kubernetes > Service > Active > Age
• Kubernetes > Service > Active > Last Modified
• Kubernetes > StatefulSet > Active
• Kubernetes > StatefulSet > Active > Age
• Kubernetes > StatefulSet > Active > Last Modified
• Kubernetes > StatefulSet > Annotations
• Kubernetes > StatefulSet > Annotations > Template
• Kubernetes > StatefulSet > Approved
• Kubernetes > StatefulSet > Approved > Custom
• Kubernetes > StatefulSet > CMDB
• Kubernetes > StatefulSet > Labels
• Kubernetes > StatefulSet > Labels > Template
• Kubernetes > StatefulSet > osquery
• Kubernetes > StatefulSet > osquery > Configuration
• Kubernetes > StatefulSet > osquery > Configuration > Columns
• Kubernetes > StatefulSet > osquery > Configuration > Interval
• Kubernetes > StatefulSet > osquery > Configuration > Name

Action Types

• Kubernetes > Cluster > Router
• Kubernetes > CronJob > Router
• Kubernetes > DaemonSet > Router
• Kubernetes > Ingress > Router
• Kubernetes > Job > Router
• Kubernetes > Persistent Volume > Router
• Kubernetes > ReplicationController > Router
• Kubernetes > StatefulSet > Router

Bug fixes

• CMDB controls for various resources sometimes failed to process a large number of updates that occurred in quick succession via Cluster events. We’ve improved our GraphQL queries to handle such a load, and the controls will now be able to process such events more smoothly and reliably than before.

What's new?

• The AWS > S3 > Bucket > CMDB control would go into an error state if Guardrails did not have permissions to call the headBucket operation on a bucket. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > S3 > Bucket > CMDB policy to Enforce: Enabled but ignore permission errors.

Bug fixes

• Server
  • Minor internal improvements.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• In the previous version, we fixed an issue with the Azure > App Service > Web App > Client Certificate Mode control, ensuring that the Client Certificate Mode is set to Require correctly. However, we missed an edge case where the control wouldn’t enforce any mode other than the default setting of Ignore. We have now addressed all cases, and the control will work more reliably and consistently than before.

What's new?

• Updated AWS Lambda function architecture to ARM64 for improved performance and cost efficiency.

What's new?

• Server

  • Improved memory optimization for Redis.
  • Updated all AWS Lambda functions in the TE environment to use ARM64 architecture for improved performance and cost efficiency.
  • Allow notifications rules to accept nunjucks for Email address.
  • Updated several node packages to newer versions for improved functionality and security.

• UI

  • Smart Folders are now called Policy Packs.
  • Now you can add AKA while creating Policy Packs from UI.

Bug fixes

• Server

  • Fixed an issue where controls remained in TBD state for accounts imported without an External ID.

• UI

  • Removed the unsupported feature for rearranging Policy Packs from the UI.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The Import Set policies for various Kubernetes resources will no longer include the Enforce: Sync policy value for integrating Import Sets in ServiceNow.

Control Types

• GCP > Storage > Object > ServiceNow > Import Set

Policy Types

• GCP > Storage > Object > ServiceNow > Import Set
• GCP > Storage > Object > ServiceNow > Import Set > Archive Columns
• GCP > Storage > Object > ServiceNow > Import Set > Record
• GCP > Storage > Object > ServiceNow > Import Set > Table Name

Control Types

• GCP > Compute Engine > Disk > ServiceNow > Import Set
• GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set
• GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set
• GCP > Compute Engine > Health Check > ServiceNow > Import Set
• GCP > Compute Engine > Image > ServiceNow > Import Set
• GCP > Compute Engine > Instance > ServiceNow > Import Set
• GCP > Compute Engine > Instance Template > ServiceNow > Import Set
• GCP > Compute Engine > Node Group > ServiceNow > Import Set
• GCP > Compute Engine > Node template > ServiceNow > Import Set
• GCP > Compute Engine > Project > ServiceNow > Import Set
• GCP > Compute Engine > Region Disk > ServiceNow > Import Set
• GCP > Compute Engine > Region Health Check > ServiceNow > Import Set
• GCP > Compute Engine > Snapshot > ServiceNow > Import Set

Policy Types

• GCP > Compute Engine > Disk > ServiceNow > Import Set
• GCP > Compute Engine > Disk > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Disk > ServiceNow > Import Set > Record
• GCP > Compute Engine > Disk > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set
• GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Record
• GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set
• GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Record
• GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Health Check > ServiceNow > Import Set
• GCP > Compute Engine > Health Check > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Health Check > ServiceNow > Import Set > Record
• GCP > Compute Engine > Health Check > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Image > ServiceNow > Import Set
• GCP > Compute Engine > Image > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Image > ServiceNow > Import Set > Record
• GCP > Compute Engine > Image > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Instance > ServiceNow > Import Set
• GCP > Compute Engine > Instance > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Instance > ServiceNow > Import Set > Record
• GCP > Compute Engine > Instance > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Instance Template > ServiceNow > Import Set
• GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Record
• GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Node Group > ServiceNow > Import Set
• GCP > Compute Engine > Node Group > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Node Group > ServiceNow > Import Set > Record
• GCP > Compute Engine > Node Group > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Node template > ServiceNow > Import Set
• GCP > Compute Engine > Node template > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Node template > ServiceNow > Import Set > Record
• GCP > Compute Engine > Node template > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Project > ServiceNow > Import Set
• GCP > Compute Engine > Project > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Project > ServiceNow > Import Set > Record
• GCP > Compute Engine > Project > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Region Disk > ServiceNow > Import Set
• GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Record
• GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Region Health Check > ServiceNow > Import Set
• GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Record
• GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Table Name
• GCP > Compute Engine > Snapshot > ServiceNow > Import Set
• GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Archive Columns
• GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Record
• GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Table Name

Control Types

• Azure > Storage > Container > ServiceNow > Import Set
• Azure > Storage > FileShare > ServiceNow > Import Set
• Azure > Storage > Queue > ServiceNow > Import Set

Policy Types

• Azure > Storage > Container > ServiceNow > Import Set
• Azure > Storage > Container > ServiceNow > Import Set > Archive Columns
• Azure > Storage > Container > ServiceNow > Import Set > Record
• Azure > Storage > Container > ServiceNow > Import Set > Table Name
• Azure > Storage > FileShare > ServiceNow > Import Set
• Azure > Storage > FileShare > ServiceNow > Import Set > Archive Columns
• Azure > Storage > FileShare > ServiceNow > Import Set > Record
• Azure > Storage > FileShare > ServiceNow > Import Set > Table Name
• Azure > Storage > Queue > ServiceNow > Import Set
• Azure > Storage > Queue > ServiceNow > Import Set > Archive Columns
• Azure > Storage > Queue > ServiceNow > Import Set > Record
• Azure > Storage > Queue > ServiceNow > Import Set > Table Name

Control Types

• Azure > Compute > Availability Set > ServiceNow > Import Set
• Azure > Compute > Disk > ServiceNow > Import Set
• Azure > Compute > Disk Encryption Set > ServiceNow > Import Set
• Azure > Compute > Image > ServiceNow > Import Set
• Azure > Compute > Snapshot > ServiceNow > Import Set
• Azure > Compute > Ssh Public Key > ServiceNow > Import Set
• Azure > Compute > Virtual Machine > ServiceNow > Import Set
• Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set

Policy Types

• Azure > Compute > Availability Set > ServiceNow > Import Set
• Azure > Compute > Availability Set > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Availability Set > ServiceNow > Import Set > Record
• Azure > Compute > Availability Set > ServiceNow > Import Set > Table Name
• Azure > Compute > Disk > ServiceNow > Import Set
• Azure > Compute > Disk > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Disk > ServiceNow > Import Set > Record
• Azure > Compute > Disk > ServiceNow > Import Set > Table Name
• Azure > Compute > Disk Encryption Set > ServiceNow > Import Set
• Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Record
• Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Table Name
• Azure > Compute > Image > ServiceNow > Import Set
• Azure > Compute > Image > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Image > ServiceNow > Import Set > Record
• Azure > Compute > Image > ServiceNow > Import Set > Table Name
• Azure > Compute > Snapshot > ServiceNow > Import Set
• Azure > Compute > Snapshot > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Snapshot > ServiceNow > Import Set > Record
• Azure > Compute > Snapshot > ServiceNow > Import Set > Table Name
• Azure > Compute > Ssh Public Key > ServiceNow > Import Set
• Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Record
• Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Table Name
• Azure > Compute > Virtual Machine > ServiceNow > Import Set
• Azure > Compute > Virtual Machine > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Virtual Machine > ServiceNow > Import Set > Record
• Azure > Compute > Virtual Machine > ServiceNow > Import Set > Table Name
• Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set
• Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Archive Columns
• Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Record
• Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Table Name

Control Types

• AWS > S3 > Bucket > ServiceNow > Import Set

Policy Types

• AWS > S3 > Bucket > ServiceNow > Import Set
• AWS > S3 > Bucket > ServiceNow > Import Set > Archive Columns
• AWS > S3 > Bucket > ServiceNow > Import Set > Record
• AWS > S3 > Bucket > ServiceNow > Import Set > Table Name

What's new?

• Added support to archive Import Sets in ServiceNow.

Bug fixes

• The Azure > App Service > Web App > Client Certificate Mode control did not apply Enforce: Require settings correctly. This is now fixed.

What's new?

• Added support for google_monitoring_alert_policy and google_monitoring_notification_channel Terraform resources.

Control Types

• GCP > Monitoring > Alert Policy > Configured
• GCP > Monitoring > Notification Channel > Configured

Policy Types

• GCP > Monitoring > Alert Policy > Configured
• GCP > Monitoring > Alert Policy > Configured > Claim Precedence
• GCP > Monitoring > Alert Policy > Configured > Source
• GCP > Monitoring > Notification Channel > Configured
• GCP > Monitoring > Notification Channel > Configured > Claim Precedence
• GCP > Monitoring > Notification Channel > Configured > Source

What's new?

• Added support for google_logging_metric Terraform resource.

Control Types

• GCP > Logging > Metric > Configured

Policy Types

• GCP > Logging > Metric > Configured
• GCP > Logging > Metric > Configured > Claim Precedence
• GCP > Logging > Metric > Configured > Source

Bug fixes

• The Azure > Storage > Storage Account > Queue > Logging control failed to set queue logging properties correctly. This issue has been fixed, and the control will now function correctly as intended.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• Users can now configure Shielded Instance Configuration for instances. To get started, set GCP > Compute > Instance > Shielded Instance Configuration > * policies.

Control Types

• GCP > Compute Engine > Instance > Shielded Instance Configuration

Policy Types

• GCP > Compute Engine > Instance > Shielded Instance Configuration
• GCP > Compute Engine > Instance > Shielded Instance Configuration > Integrity Monitoring
• GCP > Compute Engine > Instance > Shielded Instance Configuration > Secure Boot
• GCP > Compute Engine > Instance > Shielded Instance Configuration > vTPM

Action Types

• GCP > Compute Engine > Instance > Set Shielded Instance Configuration

What's new?

• The Azure > CIS v2.0 > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) control will also evaluate SQL databases for SKU Basic/Consumption.

Control Types

• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics

Policy Types

• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group flow logs are captured and sent to Log Analytics

Bug fixes

• The Azure > CIS v2.0 > 4 - Database Services > 01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key control did not evaluate the result correctly, as expected. This is now fixed.

What's new?

DOCUMENTATION:

• resource/turbot_policy_pack: Added documentation for akas attribute for the resource. (#179)

What's new?

• Users can now configure Encryption In Transit for instances. To get started, set the GCP > SQL > Instance > Encryption In Transit policy.

Control Types

• GCP > SQL > Instance > Encryption In Transit

Policy Types

• GCP > SQL > Instance > Encryption In Transit

Action Types

• GCP > SQL > Instance > Update Encryption in Transit

What's new?

Control Types

• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure API Keys Only Exist for Active Services
• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps
• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure API Keys Are Restricted to Only APIs That Application Needs Access
• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure API Keys Are Rotated Every 90 Days

Policy Types

• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure API Keys Only Exist for Active Services
• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps
• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure API Keys Are Restricted to Only APIs That Application Needs Access
• GCP > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure API Keys Are Rotated Every 90 Days

What's new?

• Users can now upgrade the SKU from Basic to Standard for Public IP Addresss via Azure > Network > Public IP Address > Standard SKU control. To get started, set the Azure > Network > Public IP Address > Standard SKU policy.

Control Types

• Azure > Network > Public IP Address > Standard SKU

Policy Types

• Azure > Network > Public IP Address > Standard SKU
• Azure > Network > Public IP Address > Standard SKU > SKU Tier

Action Types

• Azure > Network > Public IP Address > Update SKU to Standard

What's new?

• We've added guardrails to help secure access to your database accounts' public endpoints. All database accounts have public endpoints that are accessible through the internet by default. This access can be limited to specific IP ranges, virtual network subnets, and trusted Microsoft services by defining firewall and virtual network rules.

To get started configuring these rules through Guardrails, the following policies should set according to your desired firewall rules configuration:

Azure > Cosmos DB > Database Account > Firewall - Configure default access rules for the public endpoint Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved - Remove unapproved IP ranges Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required - Grant access to specific IP ranges Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved - Remove unapproved virtual network subnets Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required - Grant access to specific virtual network subnets Please note that if the Azure > Cosmos DB > Database Account > Firewall policy is set to Enforce: Allow only approved virtual networks and IP ranges, only applications in the configured IP ranges, virtual network subnets, and trusted Microsoft services will be allowed to access the database accounts. If these boundaries are not properly configured beforehand or an application is outside of these boundaries, it will lose access to the database accounts.

Control Types

• Azure > Cosmos DB > Database Account > Firewall
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required

Policy Types

• Azure > Cosmos DB > Database Account > Firewall
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved > CIDR Ranges
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved > Compiled Rules
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Approved > Rules
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required > Compiled Items
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required > Exceptions
• Azure > Cosmos DB > Database Account > Firewall > IP Ranges > Required > Items
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved > Compiled Rules
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved > Rules
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Approved > Subnets
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required
• Azure > Cosmos DB > Database Account > Firewall > Virtual Networks > Required > Items

Action Types

• Azure > Cosmos DB > Database Account > Update Firewall Default Access Rule
• Azure > Cosmos DB > Database Account > Update Firewall IP Ranges
• Azure > Cosmos DB > Database Account > Update Firewall Virtual Networks

Bug fixes

• Various Discovery and CMDB controls entered an error state because they used outdated APIs that no longer functioned as expected. We have updated internal package dependencies, and those controls now operate smoothly as intended.

Bug fixes

• Resolved an issue where an empty outbound_cidr_ranges SSM parameter caused a validation error. Now, if the outbound_cidr_ranges parameter is empty, it will be set to None.

What's new?

• Added M7i and M7i-flex instance type.
• Updated the HealthCheckProxy lambda function to use python 3.10.

Bug fixes

• The GCP > Project > CMDB control went into an error state while fetching Access Approval settings for the project if Access Transparency was disabled at the organization level. We have now handled such cases gracefully, and the control will fetch all available details without going into an error state.

What's new?

• Users can now configure authorized networks for instances in Guardrails. To get started, set the GCP > SQL > Instance > Authorized Network > * policies.
• Users can now configure Database Flags for instances in Guardrails. To get started, set the GCP > SQL > Instance > Database Flags policy.
• Users can now clean up and stop tracking SQL resources in Guardrails. To get started, set the GCP > SQL > CMDB policy to Enforce: Disabled.

Control Types

• GCP > SQL > Instance > Authorized Network
• GCP > SQL > Instance > Authorized Network > Approved
• GCP > SQL > Instance > Database Flags

Policy Types

• GCP > SQL > Instance > Authorized Network
• GCP > SQL > Instance > Authorized Network > Approved
• GCP > SQL > Instance > Authorized Network > Approved > CIDR Ranges
• GCP > SQL > Instance > Database Flags
• GCP > SQL > Instance > Database Flags > MySQL
• GCP > SQL > Instance > Database Flags > MySQL > Template
• GCP > SQL > Instance > Database Flags > PostgreSQL
• GCP > SQL > Instance > Database Flags > PostgreSQL > Template
• GCP > SQL > Instance > Database Flags > SQL Server
• GCP > SQL > Instance > Database Flags > SQL Server > Template

Action Types

• GCP > SQL > Instance > Update Authorized Network
• GCP > SQL > Instance > Update Database Flags

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Storage resources in Guardrails. This release includes breaking changes in the CMDB data for storage accounts. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

  Renamed:

  • serviceProperties.blob.DeleteRetentionPolicy to serviceProperties.blob.deleteRetentionPolicy
  • serviceProperties.blob.DeleteRetentionPolicy.Days to serviceProperties.blob.deleteRetentionPolicy.days
  • serviceProperties.blob.DeleteRetentionPolicy.Enabled to serviceProperties.blob.deleteRetentionPolicy.enabled
  • serviceProperties.blob.StaticWebsite to serviceProperties.blob.staticWebsite
  • serviceProperties.blob.StaticWebsite.Enabled to serviceProperties.blob.staticWebsite.enabled
  • serviceProperties.blob.logging to serviceProperties.blob.blobAnalyticsLogging
  • serviceProperties.queue.logging to serviceProperties.queue.queueAnalyticsLogging

  Added:

  • serviceProperties.blob.deleteRetentionPolicy.AllowPermanentDelete

  Modified:

  • The data type of the attribute serviceProperties.blob.cors has been changed from string ("") to array ([]).
  • The data type of the attribute serviceProperties.queue.cors has been changed from string ("") to array ([]).

• Users can now enable/disable Blob logging for storage accounts. To get started, set the Azure > Storage > Storage Account > Blob > Logging > * policies.

• Users can now check if storage accounts are approved for use based on Infrastructure Encryption settings. To get started, set the Azure > Storage > Storage Account > Approved > Infrastructure Encryption policy.

Control Types

• Azure > Storage > Storage Account > Blob
• Azure > Storage > Storage Account > Blob > Logging

Renamed

• Azure > Storage > Storage Account > Public Access to Azure > Storage > Storage Account > Blob Public Access

Policy Types

• Azure > Storage > Storage Account > Approved > Infrastructure Encryption
• Azure > Storage > Storage Account > Blob
• Azure > Storage > Storage Account > Blob > Logging
• Azure > Storage > Storage Account > Blob > Logging > Properties
• Azure > Storage > Storage Account > Blob > Logging > Retention Days