What's new?

• Server
  • Introducing scoped Account/* permissions to help application teams manage their own accounts.
  • Notifications routing based on permissions.

Bug fixes

• Server

  • Controls no longer crashes when there's a parsing issue in rule-based notifications. Instead, it logs the error gracefully and continues running.
  • Fixed a problem where certain operations could trigger a "callback already called" error, improving overall reliability of caching.
  • The Type Installed control now spreads events over time to reduce the likelihood of API throttling during large-scale installations or updates.
  • Guardrails now skips storing resource tags larger than 1 KB to ensure only valid tags are saved and to avoid potential issues later.
  • The osquery worker now correctly uses the TURBOT_RDS_SSL_FILE environment variable to point to the right certificate file, fixing an issue where it previously referenced the wrong path.
  • To improve reliability and performance, Guardrails prioritizes events in the order Type Installed > Policies > Scheduled Actions > Controls.
  • Resolved an issue where authenticated users without the appropriate permissions were able to access process logs.

• UI

  • Switching between self and descendant modes no longer clears existing filter configurations — your selections will now persist as expected.

Account Permissions

Introduced a new category of permissions — Account/ — designed specifically for application teams who need limited visibility and control over resources within their own accounts. These are distinct from the Turbot/ permissions used by governance teams.

• Account levels:

  • Account/Owner
  • Account/Admin
  • Account/Operator
  • Account/ReadOnly

• These levels are now explained alongside Turbot/* levels, with clear usage guidance:

  • Turbot/* — for managing the Guardrails platform
  • Account/* — for managing resources and notifications within cloud accounts

Notification Routing to Guardrails Profiles

You can now route notifications to Guardrails user profiles dynamically based on resource permissions — a major upgrade from static email/webhook targeting. This allows for context-aware delivery to users like Account Owners or Admins.

• Supported formats:
  • Specific roles like Account/Owner, Turbot/Owner
  • Wildcards like Account/*
  • Special role Account/CC for tagging-based routing
  • Use case:
    • Automatically notify account teams responsible for a resource, based on their assigned permission

Access Controls Refined for Process Logs

Access to process logs is now restricted to users with appropriate permissions, specifically those with Turbot/Metadata or higher.

Previously, any authenticated user could retrieve process logs via the API. This behavior has been corrected to align with expected permission boundaries and prevent overexposure of operational data.

Requirements

• TEF: 1.65.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The GCP > IAM > Service Account > CMDB control would sometimes enter a skipped state for newly imported projects if certain required attributes were missing from the IAM service's CMDB data. The control will now go into a TBD state instead and rerun after five minutes to allow the IAM service's CMDB data to populate correctly for newly imported projects.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Guardrails would sometimes ignore the GCP > BigQuery > Table > CMDB policy set to Enforce: Disabled and still upsert table resources via real-time events in CMDB. These resources were subsequently cleaned up by the CMDB control. This issue has been resolved, and the CMDB policy will now be correctly respected before upserting resources.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Types:
  • Turbot > Notifications > Email > CC
  • Turbot > Notifications > Email > CC > Tag
  • Turbot > Notifications > Email > CC > Tag > Name
  • Updated Turbot > Workspace > Retention > Activity Retention to 90 days
  • Updated default policy for Turbot > Notifications > Rule-Based Routing updated to use Account/* as the default recipient profile.
  • Relaxed the regex for MS teams webhook URL in Turbot > Notifications > Rule-Based Routing to allow broader URL formats.

Turbot > Workspace > Retention > Activity Retention

The default retention period for activity has been updated to 90 days (previously unlimited)

Storing too much historical activity data can slow down the system and increase storage costs. By setting a 90-day default, we ensure:

• Faster queries and improved UI performance
• A better balance between data retention and storage efficiency

Need more or less retention? You can adjust based on your needs:

For self-hosted environments, the 90-day default will apply when upgrading to @turbot/turbot version 5.51.0 or higher, unless a custom retention policy is set.

Requirements

• TE: 5.35.4

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.
• Added support for af-south-1, ap-east-1, ap-southeast-3, ap-southeast-5, ap-southeast-7, ca-west-1, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1 and me-south-1 regions in the AWS > Lambda > Regions policy.
• Corrected the region in the AWS > Lambda > Function Alias > Regions policy by updating us-west-3 to the correct region, us-west-2.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated internal dependencies and now use newer Azure SDK versions to discover and manage Security Center resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing settings to refer to the updated attributes as mentioned below:

Added:

• policy.enforcementMode
• policy.nonComplianceMessages
• policy.systemData

Removed:

• policy.sku

Renamed:

• settings[*].properties.enabled to settings[*].enabled

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The CMDB control for various resource types inadvertently removed the partition value from a resource's metadata when the AWS > Account > Partition policy value was null, resulting in a malformed AKA. We have tightened checks on partition values to ensure the control no longer updates resources with incorrect partition details.

Bug fixes

• Real-time delete events for topics would sometimes result in the deletion of subscriptions under a different topic in the CMDB. This issue has been fixed, and subscriptions are now cleaned up more reliably than before.

Bug fixes

• The AWS > MySQL > Server > CMDB policy will now be set to Skip by default because the resource type has been deprecated and will be removed in the next major version. Please check Single Server retirement for more information.

Resource Types

Renamed

• Azure > MySQL > Server to Azure > MySQL > Server [Deprecated]

Control Types

Renamed

• Azure > MySQL > Server > Active to Azure > MySQL > Server [Deprecated] > Active
• Azure > MySQL > Server > Approved to Azure > MySQL > Server [Deprecated] > Approved
• Azure > MySQL > Server > CMDB to Azure > MySQL > Server [Deprecated] > CMDB
• Azure > MySQL > Server > Discovery to Azure > MySQL > Server [Deprecated] > Discovery
• Azure > MySQL > Server > Encryption in Transit to Azure > MySQL > Server [Deprecated] > Encryption in Transit
• Azure > MySQL > Server > Tags to Azure > MySQL > Server [Deprecated] > Tags

Policy Types

Renamed

• Azure > MySQL > Server > Active to Azure > MySQL > Server [Deprecated] > Active
• Azure > MySQL > Server > Active > Age to Azure > MySQL > Server [Deprecated] > Active > Age
• Azure > MySQL > Server > Active > Last Modified to Azure > MySQL > Server [Deprecated] > Active > Last Modified
• Azure > MySQL > Server > Approved to Azure > MySQL > Server [Deprecated] > Approved
• Azure > MySQL > Server > Approved > Custom to Azure > MySQL > Server [Deprecated] > Approved > Custom
• Azure > MySQL > Server > Approved > Regions to Azure > MySQL > Server [Deprecated] > Approved > Regions
• Azure > MySQL > Server > Approved > Usage to Azure > MySQL > Server [Deprecated] > Approved > Usage
• Azure > MySQL > Server > CMDB to Azure > MySQL > Server [Deprecated] > CMDB
• Azure > MySQL > Server > Encryption in Transit to Azure > MySQL > Server [Deprecated] > Encryption in Transit
• Azure > MySQL > Server > Regions to Azure > MySQL > Server [Deprecated] > Regions
• Azure > MySQL > Server > Tags to Azure > MySQL > Server [Deprecated] > Tags
• Azure > MySQL > Server > Tags > Template to Azure > MySQL > Server [Deprecated] > Tags > Template

Action Types

Removed

• Azure > MySQL > Server > Delete
• Azure > MySQL > Server > Router
• Azure > MySQL > Server > Set Tags
• Azure > MySQL > Server > Update Encryption in Transit

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• We have improved our event handling configuration to filter AWS SQS events that Guardrails listens for based on the AWS > SQS > Queue > CMDB policy. If the CMDB policy is not set to Enforce: Enabled, the EventBridge rule for SQS will not be configured, preventing events for that resource type. This enhancement significantly reduces the number of unnecessary events processed by Guardrails.

Policy Types

• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-sqs

Removed

• AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-sqs

What's new?

• Added S3 Lifecycle rules for Hive bucket.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

Bug fixes

• The AWS > Turbot > IAM stack control occasionally encountered an error while attaching tags with special characters to Guardrails-managed users and roles. This issue is now fixed.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Added support for Contactable interface in various resource types.

What's new?

• Policy Type, Control Type, and Action Type definitions now also include their mapping details to establish clear relationships between them.
• Updated the default permissions required to run Quick Actions to include Account-type permissions in addition to the existing Turbot-type permissions.
• Added support for Contactable interface in various resource types.

Bug fixes

• The Azure > Compute > Disk > Discovery control occasionally encountered an error while upserting attached disks under VMs that were not available in Guardrails CMDB. Now, all disks will be upserted under their respective resource groups, ensuring the Discovery control functions more smoothly and reliably than before.

What's new?

• Added a new SSM parameter to forward the DB logs to CloudWatch log group.
• Added support for postgres version 16.5, 16.6, 16.7 and 16.8.
• Updated defaults for database and cache instances
  • Database instance type: Default updated to db.m6g.large.
  • Allocated database storage: Default increased to 400 GB.
  • Storage throughput: Default set to 500 MB/s.
  • Database engine parameter group family: Now defaults to postgres16.
  • Database engine version: Updated to 16.4.
  • Cache node type: Default updated to cache.r6g.large.
  • Allocated IOPS: Default increased to 12,000.
  • DB parameter group: Now defaults to HiveParamGroup16.
  • Shared buffer: Default set to {DBInstanceClassMemory/20480} for optimized performance.
  • Maximum statement duration: Default updated to 600,000 ms (10 minutes) to improve query execution limits.

What's new?

• Added parameter to manage ALB timeout, allowing better control over request handling.
• Added parameter to customize API Gateway domain name. For backward compatibility, the default value remains gateway.
• Added parameter to control message rate in the queue, enabling better queue message management.
• S3 Lifecycle Rules now automatically enable ‘Expired Object Delete Markers’ for cleanup and remove incomplete multipart uploads after 7 days to prevent storage waste.
• HOP limit increased to 2 for improved request forwarding.
• Route53 Record for API Gateway now includes the GatewayPrefix to enhance routing accuracy.

Bug fixes

• Guardrails would fail to process real-time delete events for subscriptions. This is now fixed.
• Fixed pagination for Azure > Turbot > Event Poller control.
• Real-time Microsoft.Resources tagging events will now be processed only for subscriptions and resource groups, and will be ignored for other resource types. This will avoid unnecessary triggers for subscription & resource group router actions.

What's new?

• Server
  • Added multi region KMS encryption for Tenant Master Key.
  • Guardrails now provides an override parameter at the TE level to configure API and Event container memory reservations, improving ECS task scaling and resource flexibility.

Multi Region KMS Key

Starting from TEF v1.65.0 and TE v5.49.0, a new multi-region KMS key is created at the TEF level.

When workspaces are upgraded to TE v5.49.0, Guardrails use this new key to re-encrypt the existing Tenant Master Key within the workspaces. The Tenant Master Key itself remains unchanged-only its encryption is updated. The previous version, encrypted with a regional KMS key, remains available.

If a workspace is downgraded to TE v5.48.0, the multi-region encryption persists. Upon re-upgrading to TE v5.49.0, re-encryption does not occur again.

This process works seamlessly unless TEF is downgraded to a version earlier than v1.65.0.

Requirements

• TEF: 1.65.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Added contactable interface.
• New policy type classes GUARDRAIL, SETTING, and ACCOUNT have been introduced to define the scope of policies.

Requirements

• TE: 5.35.4

What's new?

• UI
  • Update controls trend graph to use the latest counts.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• You can now filter ServiceNow records using encoded query strings and discover them in Guardrails. To get started, set the CMDB > Query policy for various resource types. For more details, refer to the ServiceNow documentation on encoded query strings.

Policy Types

• ServiceNow > Application > CMDB > Query
• ServiceNow > Cost Center > CMDB > Query
• ServiceNow > User > CMDB > Query

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

Bug fixes

• Filter policies for real-time events will now evaluate correctly if CMDB policies for resource types are set to Skip or Enforce: Disabled.

Bug fixes

• The GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-storage policy now respects CMDB policy settings for resource types and filters out real-time events when the policies are set to Skip or Enforce: Disabled. We recommend upgrading the gcp mod to v5.30.2 or higher in order to process real-time events correctly.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• Mute controls if you want to ignore them. The turbot_control_mute allows muting a control to help streamline operations without compromising security policies.

Bug fixes

• Fixed typo in an error message while calling Guardrails APIs.

Documentation

• Updated example for turbot_policy_pack resource.
• Fixed spacing in turbot_turbot_directory documentation.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• UI
  • Users can now select permissions (ReadOnly + Global Event Handlers or Full Remediation) to apply to the IAM role in the CFN template when importing an AWS Organization or Account.

Bug fixes

• UI
  • Fixed an issue where the terminate process call sometimes received an empty input when terminating a queued process.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Stack [Native] controls now run faster when in skipped state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 22. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• Guardrails would sometimes update resource metadata details inadvertently in CMDB due to incorrect handling of real-time update events. This issue has been fixed, and real-time update events are now processed more reliably.
• Controls and their associated actions previously retried unnecessarily when their API calls returned an error. This issue has now been fixed.

What's new?

• Server
  • Updated Workspace Manager Lambda to automatically populate the Turbot > Workspace > Guardrails Master Account policy for improved management.

Bug fixes

• UI
  • Adjusted stats limit to 30 days, ensuring a full month of data visibility.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The AWS > VPC > Transit Gateway Attachment > Discovery [Cross-Account] control would sometimes upsert transit gateway attachments in a deleted or deleting state. This issue is now fixed.

Bug fixes

• The AWS > VPC > Transit Gateway Attachment > CMDB control previously, in some cases, inadvertently deleted cross-account transit gateway attachments from Guardrails CMDB. This issue has now been fixed.

What's new?

• You can now configure a custom tag name to start/stop DB clusters via the AWS > RDS > DB Cluster > Schedule control. To get started, set the AWS > RDS > DB Cluster > Schedule Tag > Name policy.

Policy Types

• AWS > RDS > DB Cluster > Schedule Tag > Name

What's new?

Action Types

• Azure > Subscription > Router

Bug fixes

• Guardrails would fail to process real-time tagging events for subscriptions. This is now fixed.
• The default template input in Azure > Subscription > Tags > Template policy referred to an incorrect policy for its value. This is now fixed.

Bug fixes

• Resolved a race condition in Turbot > Smart Retention to ensure smoother execution.

Requirements

• TE: 5.35.4

Bug fixes

• Fixed the naming convention for EventBridge rule for organization level events.

Bug fixes

• In version 5.35.0, we added support for importing an AWS organization into Guardrails but inadvertently introduced a bug that prevented real-time events for the aws-organizations mod from being processed correctly. This issue has now been fixed.

Policy Types

Renamed

• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-organizations to AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws

Bug fixes

• Guardrails failed to handle real-time creation and tagging events for organizational account resources. This is now fixed.

Policy Types

• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-organizations

Removed

• AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-organizations

Bug fixes

• Server
  • Rolled back dynamic queueing adjustments to restore previous behavior.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Version bump to align with deployment requirements.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• UI

  • Addressed an issue where resource card links on the Resources dashboard were not working as expected.

• Server

  • Prevented the runnable monitor from entering an infinite loop.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• UI
  • Policy pack descriptions are now visible in the list view and detail page header for better clarity.

Bug fixes

• UI
  • Run and Terminate buttons now appear properly on the process detail page, ensuring a smoother experience.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The GCP > Storage > Bucket > Policy > Trusted Access control previously failed to evaluate results correctly and caused internal process timeouts when Guardrails was denied access to fetch IAM policy bindings for buckets. This issue has been resolved, ensuring that the control now evaluates results and terminates correctly as expected.

Bug fixes

• The Azure > Compute > Virtual Machine > Tags control would sometimes failed to update tags on spot instances. This is now fixed.

Bug fixes

• The AWS > S3 > Bucket > Discovery control incorrectly went into a skipped state when the AWS > S3 > Bucket > CMDB policy was set to Enforce: Enabled but ignore permission errors. This is fixed and control will now work as expected.

What's new?

• UI
  • Added 'Resource Type' column to activity ledger CSV exports.
  • Improved usability of the Resource trend graph.

Bug fixes

• Server
  • Recursive loops in Lambda are now handled seamlessly without termination.
  • Optimize message queue dispatch based on DB CPU usage, connections, and queue load.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Types:
  • Turbot > Workspace > Guardrails Master Account

Requirements

• TE: 5.35.4

Bug fixes

• The Azure > SQL > Server > CMDB control sometimes failed to fetch data for the associated firewall rules. This issue has now been fixed.

Bug fixes

• The Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) control sometimes failed to evaluate the control state correctly. This issue is now fixed.

What's new?

• You can now configure a custom tag name to start/stop DB instances via the AWS > RDS > DB Instance > Schedule control. To get started, set the AWS > RDS > DB Instance > Schedule Tag > Name policy.

Policy Types

• AWS > RDS > DB Instance > Schedule Tag > Name

Bug fixes

• The AWS > CloudSearch > Domain > CMDB policy will now be set to Skip by default because the resource type has been deprecated and will be removed in the next major version. Please check end of support for more information.

Bug fixes

• Stack [Native] controls now run faster when in skipped state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.

Bug fixes

• Stack [Native] controls now run faster when in skipped state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.

Bug fixes

• Stack [Native] controls now run faster when in skipped state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.

Bug fixes

• Stack [Native] controls now run faster when in skipped state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.

Bug fixes

• Stack [Native] controls now run faster when in skipped state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.

Bug fixes

• Stack [Native] controls now run faster when in skipped state. We've added Precheck conditions in such controls to avoid running GraphQL input queries when skipped, resulting in faster and lighter control runs.

What's new?

• UI
  • Resources and Controls tab now features summary cards for better visibility.

Bug fixes

• UI
  • No more NaN values in summary cards; they now display correctly.
  • Mute and Run Control buttons now respect proper permission checks in the Control Detail page.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The AWS > Account > CMDB control occasionally encountered an error state while fetching tagging details for accounts. This issue has now been fixed.

Bug fixes

• In the previous version, we introduced support for fetching AWS tags on accounts imported as part of an organization. However, this inadvertently caused a bug that removed tags added via the Guardrails API or Terraform on existing account resources. This issue has now been fixed, ensuring that tags added via Guardrails are preserved for individual accounts that are not part of any organization.
• Fixed pattern validation for AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN policy.

Bug fixes

• Minor internal improvements.

Bug fixes

• UI
  • The role name was not updating correctly in the CFN template for AWS Org import and has now been fixed.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The real-time event handlers did not process account level events if the associated organization was imported using a delegated account. This is now fixed.

What's new?

• Guardrails now supports configurable soft limits for API and Event container memory reservations in TEF, improving ECS task scaling and resource flexibility.
• Added Guardrails KMS key, a multi-region KMS key for encrypting internal Turbot Guardrails data.
• Added support for Node.js 22 in the Lambda runtime.

What's new?

• Support for IAM based authentication in Redis.

What's new?

• Added a new SSM parameter to enable GCP organization import.
• Introduced Redis-based IAM authentication support.

What's new?

• Server

  • Deprecation Notice: The SmartFolder API has been deprecated and replaced with a new Policy Pack API:
    • createSmartFolder → Use createPolicyPack instead.
    • deleteSmartFolders → Use deletePolicyPacks instead.
    • attachSmartFolders → Use attachPolicyPacks instead.
    • putSmartFolderAttachments → Use putPolicyPackAttachments instead.
    • updateSmartFolders → Use updatePolicyPacks instead.
    • detachSmartFolders → Use detachPolicyPacks instead.
  • The new Policy Pack API introduces targeted resource types, allowing policy packs to be associated only with specific resource types. This is an optional feature, providing more control over policy pack applicability.
  • Added Mute/Un-mute Controls, an alternative to policy setting exceptions. When a control is muted, it will still run in the background but will not affect compliance or trigger alerts.
  • Introduced the Daily Stats API, which tracks daily statistics for each account, helping users monitor trends and activity over time.
  • Added two new policies:
    • Policy Setting Levels: Defines where policy settings can be created.
    • Policy Pack Levels: Specifies where policy packs can be attached.

• UI

  • Added support for muting/un-muting controls directly from the interface.
  • The Import Page UI has been redesigned and now supports:
    • AWS organization import
    • GitHub organization import
    • GCP organization import using service-account-impersonation
  • Added new metrics with separate charts for resources, controls, and actions, making it easier to track compliance and trends.

Bug fixes

• Server

  • Fixed native stack (OpenTofu) and stack (Terraform) log order.

• UI

  • Fixed log message indentation issues for improved readability.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Types:

  • Turbot > Workspace > Retention > Account Statistics Retention
  • Turbot > Workspace > Retention > Account Statistics Retention > Purge Limit
  • Turbot > Workspace > Policy Pack Attachment Levels
  • Turbot > Workspace > Policy Setting Levels

• Control Types:

  • Turbot > Statistics > Accounts

Requirements

• TE: 5.35.4

What's new?

• Users can now discover folders, projects and resources under your organization. To get started, import an organization in your Guardrails workspace.

Resource Types

• GCP > Organization
• GCP > Folder

Control Types

• GCP > Folder > CMDB
• GCP > Folder > Discovery
• GCP > Organization > CMDB
• GCP > Project > Discovery
• GCP > Turbot > Folder Event Poller
• GCP > Turbot > Organization Event Poller

Policy Types

• GCP > External ID Label Name
• GCP > Organization > CMDB
• GCP > Organization > CMDB > Exclude
• GCP > Folder > CMDB
• GCP > Turbot > Folder Event Poller
• GCP > Turbot > Folder Event Poller > Filter
• GCP > Turbot > Folder Event Poller > Interval
• GCP > Turbot > Folder Event Poller > Window
• GCP > Turbot > Organization Event Poller
• GCP > Turbot > Organization Event Poller > Filter
• GCP > Turbot > Organization Event Poller > Interval
• GCP > Turbot > Organization Event Poller > Window

Action Types

• GCP > Folder > Event Poller
• GCP > Folder > Folder Event Handler
• GCP > Folder > Router
• GCP > Organization > Event Poller
• GCP > Organization > Organization Event Handler
• GCP > Organization > Router

What's new?

• Users can now exclude subscriptions that they do not wish to import while importing a tenant in Guardrails. To get started, set the Azure > Tenant > CMDB > Exclude policy.

• Users can now create and manage tags for subscriptions. To get started, set the Azure > Subscription > Tags > * policies.

Control Types

• Azure > Subscription > Tags

Policy Types

• Azure > Subscription > Tags
• Azure > Subscription > Tags > Template
• Azure > Tenant > CMDB > Exclude

Action Types

• Azure > Subscription > Set Tags

What's new?

• Users can now discover OUs, accounts and resources under your organization. To get started, import an organization in your Guardrails workspace.

Resource Types

• AWS > Organization
• AWS > Organization Root
• AWS > Organizational Unit

Control Types

• AWS > Account > Discovery
• AWS > Organization > CMDB
• AWS > Organization Root > CMDB
• AWS > Organization Root > Discovery
• AWS > Organizational Unit > CMDB
• AWS > Organizational Unit > Discovery
• AWS > Turbot > Organization Event Poller

Policy Types

• AWS > Account > Turbot IAM Role > External ID [Default]
• AWS > Account > Turbot IAM Role > Name [Default]
• AWS > Organization > CMDB
• AWS > Organization > CMDB > Exclude
• AWS > Organization > Turbot IAM Role
• AWS > Organization > Turbot IAM Role > External ID
• AWS > Organization Root > CMDB
• AWS > Organizational Unit > CMDB
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-organizations
• AWS > Turbot > Organization Event Poller
• AWS > Turbot > Organization Event Poller > Interval
• AWS > Turbot > Organization Event Poller > Window

Action Types

• AWS > Organization > Organization Event Handler
• AWS > Organization > Organization Event Poller
• AWS > Organization Root > Router
• AWS > Organizational Unit > Router

Bug fixes

• The GitHub > Organization > Event Handlers control will now use Turbot > Workspace > GitHub > Secrets policy to set the webhook secret.

What's new?

Resource Types

• GitHub
• GitHub > Organization
• GitHub > Repository

Control Types

• GitHub > Organization > Blocked Users
• GitHub > Organization > CMDB
• GitHub > Organization > Deploy Keys
• GitHub > Organization > Deploy Keys > Enabled
• GitHub > Organization > Event Handlers
• GitHub > Organization > Member Privileges
• GitHub > Organization > Member Privileges > Base Permissions
• GitHub > Organization > Member Privileges > Pages Creation
• GitHub > Organization > Member Privileges > Repository Creation
• GitHub > Organization > Member Privileges > Repository Forking
• GitHub > Repository > CMDB
• GitHub > Repository > Code Security
• GitHub > Repository > Code Security > Push Protection
• GitHub > Repository > Code Security > Secret Scanning
• GitHub > Repository > Default Branch
• GitHub > Repository > Dependabot
• GitHub > Repository > Dependabot > Alerts
• GitHub > Repository > Dependabot > Security Updates
• GitHub > Repository > Discovery
• GitHub > Repository > Discussions
• GitHub > Repository > Discussions > Enabled
• GitHub > Repository > Forking
• GitHub > Repository > Forking > Enabled
• GitHub > Repository > Projects
• GitHub > Repository > Projects > Enabled
• GitHub > Repository > Pull Request
• GitHub > Repository > Pull Request > Delete Branch on Merge
• GitHub > Repository > Pull Request > Merge Configuration
• GitHub > Repository > Visibility
• GitHub > Repository > Wikis
• GitHub > Repository > Wikis > Enabled

Policy Types

• GitHub > Config
• GitHub > Config > Personal Access Token
• GitHub > Login Names
• GitHub > Organization > Blocked Users
• GitHub > Organization > Blocked Users > Usernames
• GitHub > Organization > CMDB
• GitHub > Organization > Deploy Keys
• GitHub > Organization > Deploy Keys > Enabled
• GitHub > Organization > Event Handlers
• GitHub > Organization > Event Handlers > Events
• GitHub > Organization > Member Privileges
• GitHub > Organization > Member Privileges > Base Permissions
• GitHub > Organization > Member Privileges > Pages Creation
• GitHub > Organization > Member Privileges > Repository Creation
• GitHub > Organization > Member Privileges > Repository Forking
• GitHub > Repository > CMDB
• GitHub > Repository > Code Security
• GitHub > Repository > Code Security > Push Protection
• GitHub > Repository > Code Security > Secret Scanning
• GitHub > Repository > Default Branch
• GitHub > Repository > Default Branch > Name
• GitHub > Repository > Dependabot
• GitHub > Repository > Dependabot > Alerts
• GitHub > Repository > Dependabot > Security Updates
• GitHub > Repository > Discussions
• GitHub > Repository > Discussions > Enabled
• GitHub > Repository > Forking
• GitHub > Repository > Forking > Enabled
• GitHub > Repository > Projects
• GitHub > Repository > Projects > Enabled
• GitHub > Repository > Pull Request
• GitHub > Repository > Pull Request > Delete Branch on Merge
• GitHub > Repository > Pull Request > Merge Configuration
• GitHub > Repository > Pull Request > Merge Configuration > Settings
• GitHub > Repository > Visibility
• GitHub > Repository > Wikis
• GitHub > Repository > Wikis > Enabled

Action Types

• GitHub > Organization > Event Handlers
• GitHub > Organization > Router
• GitHub > Organization > Update
• GitHub > Organization > Update Blocked Users
• GitHub > Repository > Router
• GitHub > Repository > Update
• GitHub > Repository > Update Dependabot

Bug fixes

• The Azure > SQL > Server > CMDB control occasionally deleted servers from Guardrails CMDB when they used the SQL authentication method. This issue has been fixed, and such resources will no longer be removed from the CMDB.

What's new?

• Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

• Azure > Network > Virtual Network > Stack [Native] > Drift Detection
• Azure > Network > Virtual Network > Stack [Native] > Drift Detection > Interval
• Azure > Network > Virtual Network > Stack [Native] > Timeout
• Azure > Network > Virtual Network > Stack [Native] > Version

What's new?

• Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

• AWS > VPC > Stack [Native] > Drift Detection
• AWS > VPC > Stack [Native] > Drift Detection > Interval
• AWS > VPC > Stack [Native] > Timeout
• AWS > VPC > Stack [Native] > Version
• AWS > VPC > VPC > Stack [Native] > Drift Detection
• AWS > VPC > VPC > Stack [Native] > Drift Detection > Interval
• AWS > VPC > VPC > Stack [Native] > Timeout
• AWS > VPC > VPC > Stack [Native] > Version

What's new?

• Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

• AWS > S3 > Bucket > Stack [Native] > Drift Detection
• AWS > S3 > Bucket > Stack [Native] > Drift Detection > Interval
• AWS > S3 > Bucket > Stack [Native] > Timeout
• AWS > S3 > Bucket > Stack [Native] > Version

What's new?

• Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

• AWS > IAM > Stack [Native] > Drift Detection
• AWS > IAM > Stack [Native] > Drift Detection > Interval
• AWS > IAM > Stack [Native] > Timeout
• AWS > IAM > Stack [Native] > Version

What's new?

• Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

• GCP > Project > Stack [Native] > Drift Detection
• GCP > Project > Stack [Native] > Drift Detection > Interval
• GCP > Project > Stack [Native] > Timeout
• GCP > Project > Stack [Native] > Version

What's new?

• Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

• Azure > Subscription > Stack [Native] > Drift Detection
• Azure > Subscription > Stack [Native] > Drift Detection > Interval
• Azure > Subscription > Stack [Native] > Timeout
• Azure > Subscription > Stack [Native] > Version

What's new?

• Added support for Drift Detection, Version and Timeout policies for the Stack [Native] controls.

Policy Types

• AWS > Account > Stack [Native] > Drift Detection
• AWS > Account > Stack [Native] > Drift Detection > Interval
• AWS > Account > Stack [Native] > Timeout
• AWS > Account > Stack [Native] > Version
• AWS > Region > Stack [Native] > Drift Detection
• AWS > Region > Stack [Native] > Drift Detection > Interval
• AWS > Region > Stack [Native] > Timeout
• AWS > Region > Stack [Native] > Version

Bug fixes

• Server
  • Added support for drift detection in OpenTofu 1.x (open-source Terraform) integration via Guardrail.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Server
  • Added support for OpenTofu v1.8.3 (open source Terraform) container to run Stack [Native] controls.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• GCP > Project > Stack [Native]

Policy Types

• GCP > Project > Stack [Native]
• GCP > Project > Stack [Native] > Modifier
• GCP > Project > Stack [Native] > Secret Variables
• GCP > Project > Stack [Native] > Source
• GCP > Project > Stack [Native] > Variables

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• Azure > Subscription > Stack [Native]

Policy Types

• Azure > Subscription > Stack [Native]
• Azure > Subscription > Stack [Native] > Modifier
• Azure > Subscription > Stack [Native] > Secret Variables
• Azure > Subscription > Stack [Native] > Source
• Azure > Subscription > Stack [Native] > Variables

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• Azure > Network > Virtual Network > Stack [Native]

Policy Types

• Azure > Network > Virtual Network > Stack [Native]
• Azure > Network > Virtual Network > Stack [Native] > Modifier
• Azure > Network > Virtual Network > Stack [Native] > Secret Variables
• Azure > Network > Virtual Network > Stack [Native] > Source
• Azure > Network > Virtual Network > Stack [Native] > Variables

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > VPC > Stack [Native]
• AWS > VPC > VPC > Stack [Native]

Policy Types

• AWS > VPC > Stack [Native]
• AWS > VPC > Stack [Native] > Modifier
• AWS > VPC > Stack [Native] > Secret Variables
• AWS > VPC > Stack [Native] > Source
• AWS > VPC > Stack [Native] > Variables
• AWS > VPC > VPC > Stack [Native]
• AWS > VPC > VPC > Stack [Native] > Modifier
• AWS > VPC > VPC > Stack [Native] > Secret Variables
• AWS > VPC > VPC > Stack [Native] > Source
• AWS > VPC > VPC > Stack [Native] > Variables

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > Account > Stack [Native]
• AWS > Region > Stack [Native]

Policy Types

• AWS > Account > Stack [Native]
• AWS > Account > Stack [Native] > Modifier
• AWS > Account > Stack [Native] > Secret Variables
• AWS > Account > Stack [Native] > Source
• AWS > Account > Stack [Native] > Variables
• AWS > Region > Stack [Native]
• AWS > Region > Stack [Native] > Modifier
• AWS > Region > Stack [Native] > Secret Variables
• AWS > Region > Stack [Native] > Source
• AWS > Region > Stack [Native] > Variables

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > S3 > Bucket > Stack [Native]

Policy Types

• AWS > S3 > Bucket [Native]
• AWS > S3 > Bucket [Native] > Modifier
• AWS > S3 > Bucket [Native] > Secret Variables
• AWS > S3 > Bucket [Native] > Source
• AWS > S3 > Bucket [Native] > Variables

What's new?

• Users can now create and manage cloud resources using OpenTofu 1.x (open source Terraform) via Guardrails, fully leveraging all features available in this version. To get started, set the Stack [Native] > * policies.

Control Types

• AWS > IAM > Stack [Native]

Policy Types

• AWS > IAM > Stack [Native]
• AWS > IAM > Stack [Native] > Modifier
• AWS > IAM > Stack [Native] > Secret Variables
• AWS > IAM > Stack [Native] > Source
• AWS > IAM > Stack [Native] > Variables

Bug fixes

• The real-time Event Handlers would fail to update details for Flow Logs attached to Virtual Networks. This is now fixed.

Bug fixes

• Guardrails would fail to update CMDB for virtual networks when flow logs were created or removed from such resources. This is now fixed.

Bug fixes

• The AWS > VPC > VPC > Flow Logging control previously attempted to destroy and recreate flow logs with CloudWatch log groups as the destination on successive runs due to an incorrect ARN reference to the log destination. This issue is now fixed, and the control will no longer unnecessarily destroy and recreate flow logs in such cases.

Bug fixes

• Server
  • Minor internal improvements.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

• We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

• We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

• In a previous version, we resolved an issue in the Azure > Compute > Virtual Machine Scale Set > Tags control to ensure tags were updated correctly for Scale Sets launched via the Azure Marketplace. However, the control occasionally failed to update tags for Scale Sets on certain purchase plans. This issue has now been addressed, and the control will update tags correctly and reliably for all types of Scale Sets.

Bug fixes

• We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

• We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

• We have updated internal dependencies for the Terraform Version policy across various stack controls to prevent unnecessary control reruns. You wouldn't notice any difference and things will run more smoothly and reliably than before.

Bug fixes

• UI
  • Updated the filter logic on the Reports page for more accurate results.
  • Resolved an issue where resource links in the Permissions section redirected to the profile page instead of the resource page when grouped by resources.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Users can now define a list of events to filter out while polling for events using the Azure > Turbot > Event Poller. To get started, set the Azure > Turbot > Event Poller > Excluded Events policy.

Policy Types

• Azure > Turbot > Event Poller > Excluded Events

What's new?

• Users can now check and enforce SQS SSE for queue encryption. To get started, configure the AWS > SQS > Queue > Encryption at Rest policy to one of the following values: Check: SQS SSE, Check: SQS SSE or higher, Enforce: SQS SSE or Enforce: SQS SSE or higher.

What's new?

• Check if Kubernetes clusters are approved for use via Guardrails. To get started, set the Kubernetes > Cluster > Approved > * policies.

Control Types

• Kubernetes > Cluster > Approved

Policy Types

• Kubernetes > Cluster > Approved
• Kubernetes > Cluster > Approved > Custom

Bug fixes

• The Azure > App Service > Function App > HTTPS Only control would sometime fail to enable the setting in Azure. This is now fixed.

Bug fixes

• The GCP > Compute Engine > Instance > Serial Port Access and GCP > Compute Engine > Instance > Block Project Wide SSH Keys controls would sometimes go into an error state due to incorrect references to CMDB attributes. This is fixed and the controls will now work as expected.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

• Guardrails would fail to delete unapproved ingress rules when the Azure > Network > Network Security Group > Ingress Rules > Approved policy was set to Enforce: Delete unapproved. This is now fixed.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

• Guardrails would sometimes update the createTimestamp for Web Apps and Function Apps incorrectly when processing update events for these resources. We have updated the internal logic to ensure the createTimestamp is now updated correctly and more reliably than before.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

• Disks created alongside VMs sometimes lacked createdBy details in their metadata. The internal logic has been updated to ensure createdBy details are added more reliably for these disks.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

Bug fixes

• The GCP > IAM > Service Account Key > Active control has been updated to use validAfterTime instead of metadata.createTimestamp to accurately evaluate the age of the resource.

What's new?

• The list of supported regions for various resource types has been refreshed. This update enables Guardrails to discover and manage resources across all supported regions for these resource types in Azure.

What's new?

• Users can now check and delete DB clusters that are not approved for use if they lack encryption at rest. To get started, set the AWS > RDS > DB Cluster > Approved > Encryption at Rest > * policies.

Policy Types

• AWS > RDS > DB Cluster > Approved > Encryption at Rest
• AWS > RDS > DB Cluster > Approved > Encryption at Rest > Customer Managed Key

What's new?

• Users can now check if their account spend is On Target per Budget. To get started, set the AWS > Account > Budget > Enabled policy to Check: Budget > State is On Target.

Bug fixes

• UI
  • Resolved an issue where reports pages could crash if certain information was null

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Server
  • Resolved an issue where actor information was not being passed correctly during the process execution, ensuring accurate tracking and processing of actor-related data.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The AWS > VPC > Route > CMDB control would go into an error state due to an incorrect use of a function from an internal node package. This is now fixed.

Bug fixes

• Guardrails would sometimes update the createdBy details for storage accounts due to mishandled real-time update events. This issue has been fixed, and createdBy details will now be stored more reliably and consistently than before.
• In a previous version, we inadvertently introduced a bug that prevented the createTimestamp details from being stored in the metadata of new storage accounts upserted in Guardrails CMDB. This issue has now been resolved, and createTimestamp details are now stored correctly and reliably.

What's new?

• Resource's metadata will now also include createdBy details in Guardrails CMDB.

Bug fixes

• The AWS > VPC > VPC > Flow Logging control would sometimes fail to update flow logs if the Max Aggregation Interval in the stack's source policy was updated. This is fixed and the stack control will now update such resources correctly, as expected.

What's new?

• Users can now configure the maximum aggregation interval in the AWS > VPC > VPC > Flow Logging control. To get started, set the AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval policy and/or AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval policy.

Policy Types

• AWS > VPC > VPC > Flow Logging > Cloud Watch > Maximum Aggregation Interval
• AWS > VPC > VPC > Flow Logging > S3 > Maximum Aggregation Interval

Resource Types

• Azure > SQL > Managed Instance

Control Types

• Azure > SQL > Managed Instance > Active
• Azure > SQL > Managed Instance > Approved
• Azure > SQL > Managed Instance > CMDB
• Azure > SQL > Managed Instance > Discovery
• Azure > SQL > Managed Instance > Tags

Policy Types

• Azure > SQL > Managed Instance > Active
• Azure > SQL > Managed Instance > Active > Age
• Azure > SQL > Managed Instance > Active > Last Modified
• Azure > SQL > Managed Instance > Approved
• Azure > SQL > Managed Instance > Approved > Custom
• Azure > SQL > Managed Instance > Approved > Regions
• Azure > SQL > Managed Instance > Approved > Usage
• Azure > SQL > Managed Instance > CMDB
• Azure > SQL > Managed Instance > Regions
• Azure > SQL > Managed Instance > Tags
• Azure > SQL > Managed Instance > Tags > Template

Action Types

• Azure > SQL > Managed Instance > Delete
• Azure > SQL > Managed Instance > Router
• Azure > SQL > Managed Instance > Set Tags

Bug fixes

• Controls previously targeting the AWS > IAM > Credential Report resource type have now been updated to target either the AWS > IAM > Root or AWS > IAM > User resource types, depending on the specific control requirements. This adjustment more accurately aligns each control with the relevant resources, enabling more precise and targeted checks.

Bug fixes

• The Azure > Security Center > Security Center > Auto Provisioning control is now deprecated and will now move to an Invalid state if enforcements are applied. This follows the deprecation plan announcement from Azure. The control will be removed in a future mod version.

Control Types

Renamed

• Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]

Policy Types

Renamed

• Azure > Security Center > Security Center > Auto Provisioning to Azure > Security Center > Security Center > Auto Provisioning [Deprecated]

Action Types

Removed

• Azure > Security Center > Security Center > Update Auto Provisioning

What's new?

Control Types

• Kubernetes > CronJob > ServiceNow > Import Set
• Kubernetes > DaemonSet > ServiceNow > Import Set
• Kubernetes > Ingress > ServiceNow > Import Set
• Kubernetes > Job > ServiceNow > Import Set
• Kubernetes > Persistent Volume > ServiceNow > Import Set
• Kubernetes > ReplicationController > ServiceNow > Import Set
• Kubernetes > StatefulSet > ServiceNow > Import Set

Policy Types

• Kubernetes > CronJob > ServiceNow > Import Set
• Kubernetes > CronJob > ServiceNow > Import Set > Archive Columns
• Kubernetes > CronJob > ServiceNow > Import Set > Insert Mode
• Kubernetes > CronJob > ServiceNow > Import Set > Record
• Kubernetes > CronJob > ServiceNow > Import Set > Table Name
• Kubernetes > DaemonSet > ServiceNow > Import Set
• Kubernetes > DaemonSet > ServiceNow > Import Set > Archive Columns
• Kubernetes > DaemonSet > ServiceNow > Import Set > Insert Mode
• Kubernetes > DaemonSet > ServiceNow > Import Set > Record
• Kubernetes > DaemonSet > ServiceNow > Import Set > Table Name
• Kubernetes > Ingress > ServiceNow > Import Set
• Kubernetes > Ingress > ServiceNow > Import Set > Archive Columns
• Kubernetes > Ingress > ServiceNow > Import Set > Insert Mode
• Kubernetes > Ingress > ServiceNow > Import Set > Record
• Kubernetes > Ingress > ServiceNow > Import Set > Table Name
• Kubernetes > Job > ServiceNow > Import Set
• Kubernetes > Job > ServiceNow > Import Set > Archive Columns
• Kubernetes > Job > ServiceNow > Import Set > Insert Mode
• Kubernetes > Job > ServiceNow > Import Set > Record
• Kubernetes > Job > ServiceNow > Import Set > Table Name
• Kubernetes > Persistent Volume > ServiceNow > Import Set
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Archive Columns
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Insert Mode
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Record
• Kubernetes > Persistent Volume > ServiceNow > Import Set > Table Name
• Kubernetes > ReplicationController > ServiceNow > Import Set
• Kubernetes > ReplicationController > ServiceNow > Import Set > Archive Columns
• Kubernetes > ReplicationController > ServiceNow > Import Set > Insert Mode
• Kubernetes > ReplicationController > ServiceNow > Import Set > Record
• Kubernetes > ReplicationController > ServiceNow > Import Set > Table Name
• Kubernetes > StatefulSet > ServiceNow > Import Set
• Kubernetes > StatefulSet > ServiceNow > Import Set > Archive Columns
• Kubernetes > StatefulSet > ServiceNow > Import Set > Insert Mode
• Kubernetes > StatefulSet > ServiceNow > Import Set > Record
• Kubernetes > StatefulSet > ServiceNow > Import Set > Table Name

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• Removed unused node package dependencies for tenant lambda functions.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

What's new?

Policy Types

• GCP > Compute Engine > Disk > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > HTTP Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > HTTPS Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Image > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Instance > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Instance Template > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Node Group > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Node template > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Project > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Region Disk > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Region Health Check > ServiceNow > Import Set > Insert Mode
• GCP > Compute Engine > Snapshot > ServiceNow > Import Set > Insert Mode

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In version 5.5.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Security Center resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.
• The Azure > Security Center > Security Center > CMDB control would go into an error state if it was not able to fetch policy assignment details correctly. This issue has now been fixed.

Bug fixes

• In version 5.8.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Monitor resources in Guardrails. However, this caused controls to enter an error state for US Gov cloud subscriptions because the APIs did not work as expected. We have now updated dependencies that are compatible with both commercial and US Gov cloud subscriptions, ensuring that controls in both environments will work as expected.

Bug fixes

• In version 5.9.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing DNS resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

Bug fixes

• In version 5.18.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing Compute resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

Bug fixes

• In version 5.4.0, we updated internal dependencies to use the latest Azure SDK versions for discovering and managing API Management resources in Guardrails. However, this caused controls to enter an error state due to the inadvertent use of incorrect endpoints. This issue has been fixed, and the controls will now work as expected.

What's new?

• We've updated internal dependencies and now use the new authentication method to discover and manage Automation resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• In a previous version, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

Bug fixes

• In v5.3.1, we updated the internal logic for the Import Set controls to convert JSON objects to strings to store them reliably in ServiceNow. However, applying transformation logic to this data proved to be difficult in such cases. We have reverted this behavior, and JSON objects will no longer be transformed via the Import Set control. They will now be synced to ServiceNow in their original format.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Key Vault resources in Guardrails. This release includes breaking changes in the CMDB data for key, and secret. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below:

KeyVault > Vault

Added :

• enableSoftDelete
• publicNetworkAccess
• enableRbacAuthorization

KeyVault > Key

Added :

• hsmPlatform

Removed:

• key.e
• key.n

KeyVault > Secret

Modified :

• ID property does not contain the secret version.

Removed:

• expires
• updated
• created

Bug fixes

• The Azure > Key Vault > Key > CMDB control would go into an error state while fetching key rotation policy details for managed keys. The control will no longer attempt to fetch the key rotation policy details for such keys and will work as expected.
• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• Added support for PostgresSQL 16.
• Added support for custom hive key.
• Default database engine version changed to 15.7.
• Default cache engine version set to 7.1.
• M4 and R4 instance types removed from the supported database instance list due to deprecation.

What's new?

• Server

  • Introduced Activity Retention feature for Smart Retention control to enhance version and data management.

• UI

  • Support for downloading AWS CloudFormation templates directly from the AWS import page.

Bug fixes

• Server

  • Resolved controls getting stuck when Notify or Ignore keywords were missing in the notification rules.

• UI

  • The + button for adding permissions now correctly applies the appropriate attributes.

Requirements

• TEF: 1.59.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Types:

  • Turbot > Workspace > Retention > Activity Purge Limit.
  • Turbot > Workspace > Retention > Activity Retention.

• Control Types:

  • Add support to Turbot > Smart Retention control to enhance version and data management.

Requirements

• TE: 5.35.4

What's new?

• You can now check if flexible servers have a TLS version setting of 1.2 or higher enabled. To get started, set the Azure > MySQL > Flexible Server > Set Minimum TLS Version policy to Check: TLS 1.2 or higher.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage resources in Guardrails. This release includes breaking changes in the CMDB data for Azure. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Azure > Management Group

Modified :

• The value of type property is updated as type: Microsoft.Management/managementGroups, earlier it was /providers/Microsoft.Management/managementGroups

What's new?

• We've updated internal dependencies and now use the new authentication method to discover and manage SQL Virtual Machine resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage SQL resources in Guardrails. This release includes breaking changes in the CMDB data for server, database, and elasticpool. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below:

Renamed:

• transparentDataEncryption.status to transparentDataEncryption.state
• databaseThreatDetectionPolicy to databaseSecurityAlertPolicy

Added:

Azure SQL > Server

• Added administrators block
• isManagedIdentityInUse
• autoRotationEnabled
• externalGovernanceStatus
• minimalTlsVersion
• privateEndpointConnections
• publicNetworkAccess
• restrictOutboundNetworkAccess
• serverAzureADAdministrator.azureADOnlyAuthentication

Azure SQL > Database

• availabilityZone
• currentBackupStorageRedundancy
• databaseSecurityAlertPolicy. creationTime
• transparentDataEncryption.location
• isInfraEncryptionEnabled
• isLedgerOn
• maintenanceConfigurationId
• requestedBackupStorageRedundancy
• maintenanceConfigurationId

Azure SQL > ElasticPool

• maintenanceConfigurationId

Modified:

• The value of the attribute serverAzureADAdministrator.name has been changed from string (activeDirectory) to string (ActiveDirectory).
• The data type of the attribute databaseThreatDetectionPolicy.disabledAlerts has been changed from string ("") to object ([]).
• The data type of the attribute databaseThreatDetectionPolicy.emailAddresses has been changed from string ("") to object ([]).
• The data type of the attribute databaseThreatDetectionPolicy.emailAccountAdmins has been changed from string (Disabled/Enabled) to boolean (false/true).
• The data type of the attribute disabledAlerts has been changed from string ("") to object ([]).

Removed:

• databaseThreatDetectionPolicy.useServerDefault

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Resource Providers in Guardrails.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Network resources in Guardrails.

Network > NetworkInterface

Added :

• auxiliaryMode
• auxiliarySku
• kind
• disableTcpStateTracking

Network > PrivateDNSZone

Added :

• internalId

Network > VirtualNetworkGateway

Added :

• allowVirtualWanTraffic
• allowRemoteVnetTraffic

Modified :

• activeActive property updated as active

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Monitor resources in Guardrails. This release includes changes in the CMDB data for action groups.

Added:

• tags
• kind

Resource Types

• Azure > Monitor > Metric Alert

Control Types

• Azure > Monitor > Action Group > Tags
• Azure > Monitor > Metric Alert > Active
• Azure > Monitor > Metric Alert > Approved
• Azure > Monitor > Metric Alert > CMDB
• Azure > Monitor > Metric Alert > Discovery
• Azure > Monitor > Metric Alert > Tags

Policy Types

• Azure > Monitor > Action Group > Tags
• Azure > Monitor > Action Group > Tags > Template
• Azure > Monitor > Metric Alert > Active
• Azure > Monitor > Metric Alert > Active > Age
• Azure > Monitor > Metric Alert > Active > Last Modified
• Azure > Monitor > Metric Alert > Approved
• Azure > Monitor > Metric Alert > Approved > Custom
• Azure > Monitor > Metric Alert > Approved > Usage
• Azure > Monitor > Metric Alert > CMDB
• Azure > Monitor > Metric Alert > Tags
• Azure > Monitor > Metric Alert > Tags > Template
• Azure > Monitor > Tags Template [Default]

Action Types

• Azure > Monitor > Action Group > Set Tags
• Azure > Monitor > Metric Alert > Delete
• Azure > Monitor > Metric Alert > Router
• Azure > Monitor > Metric Alert > Set Tags

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Managed Identity resources in Guardrails. This release includes changes in the CMDB data as below.

Removed:

• clientSecretUrl

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Log Analytics resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage IAM resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Firewall resources in Guardrails.

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage CosmosDB resources in Guardrails.

Added:

createMode

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

Bug fixes

• The AWS > Account > Budget > Budget control would enter an error state for US Gov cloud accounts because the budget APIs are not supported for these accounts. We have updated the control to avoid making these API calls and instead rely on the AWS > Account > Budget > State policy being updated periodically, allowing the control to evaluate the outcome correctly.

What's new?

• You can now configure and manage CI Relationships for various Kubernetes resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• Kubernetes > Cluster > ServiceNow > Relationships
• Kubernetes > ConfigMap > ServiceNow > Relationships
• Kubernetes > CronJob > ServiceNow > Relationships
• Kubernetes > DaemonSet > ServiceNow > Relationships
• Kubernetes > Deployment > ServiceNow > Relationships
• Kubernetes > Ingress > ServiceNow > Relationships
• Kubernetes > Job > ServiceNow > Relationships
• Kubernetes > Namespace > ServiceNow > Relationships
• Kubernetes > Node > ServiceNow > Relationships
• Kubernetes > Persistent Volume > ServiceNow > Relationships
• Kubernetes > Pod > ServiceNow > Relationships
• Kubernetes > ReplicaSet > ServiceNow > Relationships
• Kubernetes > ReplicationController > ServiceNow > Relationships
• Kubernetes > Service > ServiceNow > Relationships
• Kubernetes > StatefulSet > ServiceNow > Relationships

Policy Types

• Kubernetes > Cluster > ServiceNow > Relationships
• Kubernetes > Cluster > ServiceNow > Relationships > Template
• Kubernetes > ConfigMap > ServiceNow > Relationships
• Kubernetes > ConfigMap > ServiceNow > Relationships > Template
• Kubernetes > CronJob > ServiceNow > Relationships
• Kubernetes > CronJob > ServiceNow > Relationships > Template
• Kubernetes > DaemonSet > ServiceNow > Relationships
• Kubernetes > DaemonSet > ServiceNow > Relationships > Template
• Kubernetes > Deployment > ServiceNow > Relationships
• Kubernetes > Deployment > ServiceNow > Relationships > Template
• Kubernetes > Ingress > ServiceNow > Relationships
• Kubernetes > Ingress > ServiceNow > Relationships > Template
• Kubernetes > Job > ServiceNow > Relationships
• Kubernetes > Job > ServiceNow > Relationships > Template
• Kubernetes > Namespace > ServiceNow > Relationships
• Kubernetes > Namespace > ServiceNow > Relationships > Template
• Kubernetes > Node > ServiceNow > Relationships
• Kubernetes > Node > ServiceNow > Relationships > Template
• Kubernetes > Persistent Volume > ServiceNow > Relationships
• Kubernetes > Persistent Volume > ServiceNow > Relationships > Template
• Kubernetes > Pod > ServiceNow > Relationships
• Kubernetes > Pod > ServiceNow > Relationships > Template
• Kubernetes > ReplicaSet > ServiceNow > Relationships
• Kubernetes > ReplicaSet > ServiceNow > Relationships > Template
• Kubernetes > ReplicationController > ServiceNow > Relationships
• Kubernetes > ReplicationController > ServiceNow > Relationships > Template
• Kubernetes > Service > ServiceNow > Relationships
• Kubernetes > Service > ServiceNow > Relationships > Template
• Kubernetes > StatefulSet > ServiceNow > Relationships
• Kubernetes > StatefulSet > ServiceNow > Relationships > Template

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Load Balancer resources in Guardrails.

What's new?

• You can now configure and manage CI Relationships for projects in ServiceNow. To get started, set the GCP > Project > ServiceNow > Relationships > * policies.

Control Types

• GCP > Project > ServiceNow > Relationships

Policy Types

• GCP > Project > ServiceNow > Relationships
• GCP > Project > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for subscriptions in ServiceNow. To get started, set the Azure > Subscription > ServiceNow > Relationships > * policies.

Control Types

• Azure > Subscription > ServiceNow > Relationships

Policy Types

• Azure > Subscription > ServiceNow > Relationships
• Azure > Subscription > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for accounts in ServiceNow. To get started, set the AWS > Account > ServiceNow > Relationships > * policies.

Control Types

• AWS > Account > ServiceNow > Relationships

Policy Types

• AWS > Account > ServiceNow > Relationships
• AWS > Account > ServiceNow > Relationships > Template

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage DNS resources in Guardrails. This release includes breaking changes in the CMDB data for security center. We recommend updating your existing policy settings to refer to the updated attributes as mentioned below.

Removed:

• tTL

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Databricks resources in Guardrails.

Added:

• createdBy
• updatedBy
• systemData
• createdDateTime

Bug fixes

• Improved descriptions for various resource types to ensure they are clearer and more helpful.

What's new?

• We've updated internal dependencies and now use the latest Azure SDK versions to discover and manage Container Registry resources in Guardrails.

Added:

• softDeletePolicy
• azureADAuthenticationAsArmPolicy

What's new?

• You can now configure and manage CI Relationships for various network resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• GCP > Network > Firewall > ServiceNow > Relationships
• GCP > Network > Forwarding Rule > ServiceNow > Relationships
• GCP > Network > Network > ServiceNow > Relationships
• GCP > Network > Route > ServiceNow > Relationships
• GCP > Network > Router > ServiceNow > Relationships
• GCP > Network > Subnetwork > ServiceNow > Relationships
• GCP > Network > Target Pool > ServiceNow > Relationships
• GCP > Network > Target VPN Gateway > ServiceNow > Relationships

Policy Types

• GCP > Network > Firewall > ServiceNow > Relationships
• GCP > Network > Firewall > ServiceNow > Relationships > Template
• GCP > Network > Forwarding Rule > ServiceNow > Relationships
• GCP > Network > Forwarding Rule > ServiceNow > Relationships > Template
• GCP > Network > Network > ServiceNow > Relationships
• GCP > Network > Network > ServiceNow > Relationships > Template
• GCP > Network > Route > ServiceNow > Relationships
• GCP > Network > Route > ServiceNow > Relationships > Template
• GCP > Network > Router > ServiceNow > Relationships
• GCP > Network > Router > ServiceNow > Relationships > Template
• GCP > Network > Subnetwork > ServiceNow > Relationships
• GCP > Network > Subnetwork > ServiceNow > Relationships > Template
• GCP > Network > Target Pool > ServiceNow > Relationships
• GCP > Network > Target Pool > ServiceNow > Relationships > Template
• GCP > Network > Target VPN Gateway > ServiceNow > Relationships
• GCP > Network > Target VPN Gateway > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for various compute engine resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• GCP > Compute Engine > Disk > ServiceNow > Relationships
• GCP > Compute Engine > Image > ServiceNow > Relationships
• GCP > Compute Engine > Instance > ServiceNow > Relationships
• GCP > Compute Engine > Node Group > ServiceNow > Relationships
• GCP > Compute Engine > Node template > ServiceNow > Relationships
• GCP > Compute Engine > Snapshot > ServiceNow > Relationships

Policy Types

• GCP > Compute Engine > Disk > ServiceNow > Relationships
• GCP > Compute Engine > Disk > ServiceNow > Relationships > Template
• GCP > Compute Engine > Image > ServiceNow > Relationships
• GCP > Compute Engine > Image > ServiceNow > Relationships > Template
• GCP > Compute Engine > Instance > ServiceNow > Relationships
• GCP > Compute Engine > Instance > ServiceNow > Relationships > Template
• GCP > Compute Engine > Node Group > ServiceNow > Relationships
• GCP > Compute Engine > Node Group > ServiceNow > Relationships > Template
• GCP > Compute Engine > Node template > ServiceNow > Relationships
• GCP > Compute Engine > Node template > ServiceNow > Relationships > Template
• GCP > Compute Engine > Snapshot > ServiceNow > Relationships
• GCP > Compute Engine > Snapshot > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for various network resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• Azure > Network > Application Security Group > ServiceNow > Import Set
• Azure > Network > Application Security Group > ServiceNow > Relationships
• Azure > Network > Express Route Circuits > ServiceNow > Import Set
• Azure > Network > Network Interface > ServiceNow > Import Set
• Azure > Network > Network Interface > ServiceNow > Relationships
• Azure > Network > Network Security Group > ServiceNow > Relationships
• Azure > Network > Private DNS Zones > ServiceNow > Import Set
• Azure > Network > Private Endpoints > ServiceNow > Import Set
• Azure > Network > Public IP Address > ServiceNow > Import Set
• Azure > Network > Public IP Address > ServiceNow > Relationships
• Azure > Network > Route Table > ServiceNow > Import Set
• Azure > Network > Route Table > ServiceNow > Relationships
• Azure > Network > Subnet > ServiceNow > Import Set
• Azure > Network > Subnet > ServiceNow > Relationships
• Azure > Network > Virtual Network > ServiceNow > Import Set
• Azure > Network > Virtual Network > ServiceNow > Relationships
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set
• Azure > Network > Virtual Network Gateway > ServiceNow > Relationships

Policy Types

• Azure > Network > Application Security Group > ServiceNow > Import Set
• Azure > Network > Application Security Group > ServiceNow > Import Set > Archive Columns
• Azure > Network > Application Security Group > ServiceNow > Import Set > Insert Mode
• Azure > Network > Application Security Group > ServiceNow > Import Set > Record
• Azure > Network > Application Security Group > ServiceNow > Import Set > Table Name
• Azure > Network > Application Security Group > ServiceNow > Relationships
• Azure > Network > Application Security Group > ServiceNow > Relationships > Template
• Azure > Network > Express Route Circuits > ServiceNow > Import Set
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Archive Columns
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Insert Mode
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Record
• Azure > Network > Express Route Circuits > ServiceNow > Import Set > Table Name
• Azure > Network > Network Interface > ServiceNow > Import Set
• Azure > Network > Network Interface > ServiceNow > Import Set > Archive Columns
• Azure > Network > Network Interface > ServiceNow > Import Set > Insert Mode
• Azure > Network > Network Interface > ServiceNow > Import Set > Record
• Azure > Network > Network Interface > ServiceNow > Import Set > Table Name
• Azure > Network > Network Interface > ServiceNow > Relationships
• Azure > Network > Network Interface > ServiceNow > Relationships > Template
• Azure > Network > Network Security Group > ServiceNow > Import Set > Insert Mode
• Azure > Network > Network Security Group > ServiceNow > Relationships
• Azure > Network > Network Security Group > ServiceNow > Relationships > Template
• Azure > Network > Private DNS Zones > ServiceNow > Import Set
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Archive Columns
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Insert Mode
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Record
• Azure > Network > Private DNS Zones > ServiceNow > Import Set > Table Name
• Azure > Network > Private Endpoints > ServiceNow > Import Set
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Archive Columns
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Insert Mode
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Record
• Azure > Network > Private Endpoints > ServiceNow > Import Set > Table Name
• Azure > Network > Public IP Address > ServiceNow > Import Set
• Azure > Network > Public IP Address > ServiceNow > Import Set > Archive Columns
• Azure > Network > Public IP Address > ServiceNow > Import Set > Insert Mode
• Azure > Network > Public IP Address > ServiceNow > Import Set > Record
• Azure > Network > Public IP Address > ServiceNow > Import Set > Table Name
• Azure > Network > Public IP Address > ServiceNow > Relationships
• Azure > Network > Public IP Address > ServiceNow > Relationships > Template
• Azure > Network > Route Table > ServiceNow > Import Set
• Azure > Network > Route Table > ServiceNow > Import Set > Archive Columns
• Azure > Network > Route Table > ServiceNow > Import Set > Insert Mode
• Azure > Network > Route Table > ServiceNow > Import Set > Record
• Azure > Network > Route Table > ServiceNow > Import Set > Table Name
• Azure > Network > Route Table > ServiceNow > Relationships
• Azure > Network > Route Table > ServiceNow > Relationships > Template
• Azure > Network > Subnet > ServiceNow > Import Set
• Azure > Network > Subnet > ServiceNow > Import Set > Archive Columns
• Azure > Network > Subnet > ServiceNow > Import Set > Insert Mode
• Azure > Network > Subnet > ServiceNow > Import Set > Record
• Azure > Network > Subnet > ServiceNow > Import Set > Table Name
• Azure > Network > Subnet > ServiceNow > Relationships
• Azure > Network > Subnet > ServiceNow > Relationships > Template
• Azure > Network > Virtual Network > ServiceNow > Import Set
• Azure > Network > Virtual Network > ServiceNow > Import Set > Archive Columns
• Azure > Network > Virtual Network > ServiceNow > Import Set > Insert Mode
• Azure > Network > Virtual Network > ServiceNow > Import Set > Record
• Azure > Network > Virtual Network > ServiceNow > Import Set > Table Name
• Azure > Network > Virtual Network > ServiceNow > Relationships
• Azure > Network > Virtual Network > ServiceNow > Relationships > Template
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Archive Columns
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Insert Mode
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Record
• Azure > Network > Virtual Network Gateway > ServiceNow > Import Set > Table Name
• Azure > Network > Virtual Network Gateway > ServiceNow > Relationships
• Azure > Network > Virtual Network Gateway > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for various compute resources in ServiceNow. To get started, set their ServiceNow Relationships policies respectively.

Control Types

• Azure > Compute > Availability Set > ServiceNow > Relationships
• Azure > Compute > Disk > ServiceNow > Relationships
• Azure > Compute > Image > ServiceNow > Relationships
• Azure > Compute > Snapshot > ServiceNow > Relationships
• Azure > Compute > Virtual Machine > ServiceNow > Relationships

Policy Types

• Azure > Compute > Availability Set > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Availability Set > ServiceNow > Relationships
• Azure > Compute > Availability Set > ServiceNow > Relationships > Template
• Azure > Compute > Disk > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Disk > ServiceNow > Relationships
• Azure > Compute > Disk > ServiceNow > Relationships > Template
• Azure > Compute > Disk Encryption Set > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Image > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Image > ServiceNow > Relationships
• Azure > Compute > Image > ServiceNow > Relationships > Template
• Azure > Compute > Snapshot > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Snapshot > ServiceNow > Relationships
• Azure > Compute > Snapshot > ServiceNow > Relationships > Template
• Azure > Compute > Ssh Public Key > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Virtual Machine > ServiceNow > Import Set > Insert Mode
• Azure > Compute > Virtual Machine > ServiceNow > Relationships
• Azure > Compute > Virtual Machine > ServiceNow > Relationships > Template
• Azure > Compute > Virtual Machine Scale Set > ServiceNow > Import Set > Insert Mode

What's new?

• You can now configure and manage CI Relationships for global regions, multi-regions, regions and zones in ServiceNow. To get started, set the GCP > Global Region > ServiceNow > Relationships > *, GCP > Multi-Region > ServiceNow > Relationships > *, GCP > Region > ServiceNow > Relationships > * and GCP > Zone > ServiceNow > Relationships > * policies respectively.

Control Types

• GCP > Global Region > ServiceNow > Relationships
• GCP > Multi-Region > ServiceNow > Relationships
• GCP > Region > ServiceNow > Relationships
• GCP > Zone > ServiceNow > Relationships

Policy Types

• GCP > Global Region > ServiceNow > Relationships
• GCP > Global Region > ServiceNow > Relationships > Template
• GCP > Multi-Region > ServiceNow > Relationships
• GCP > Multi-Region > ServiceNow > Relationships > Template
• GCP > Region > ServiceNow > Relationships
• GCP > Region > ServiceNow > Relationships > Template
• GCP > Zone > ServiceNow > Relationships
• GCP > Zone > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for buckets and objects in ServiceNow. To get started, set the GCP > Storage > Bucket > ServiceNow > Relationships > * and GCP > Storage > Object > ServiceNow > Relationships > * policies respectively.

Control Types

• GCP > Storage > Bucket > ServiceNow > Relationships
• GCP > Storage > Object > ServiceNow > Relationships

Policy Types

• GCP > Storage > Bucket > ServiceNow > Relationships
• GCP > Storage > Bucket > ServiceNow > Relationships > Template
• GCP > Storage > Object > ServiceNow > Relationships
• GCP > Storage > Object > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for resource groups in ServiceNow. To get started, set the Azure > Resource Group > ServiceNow > Relationships > * policies.

Control Types

• Azure > Resource Group > ServiceNow > Relationships

Policy Types

• Azure > Resource Group > ServiceNow > Relationships
• Azure > Resource Group > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for containers, file shares, queues and storage accounts in ServiceNow. To get started, set the Azure > Storage > Container > ServiceNow > Relationships > *, Azure > Storage > File Share > ServiceNow > Relationships > *, Azure > Storage > Queue > ServiceNow > Relationships > * and Azure > Storage > Storage Account > ServiceNow > Relationships > * policies respectively.

Control Types

• Azure > Storage > Container > ServiceNow > Relationships
• Azure > Storage > FileShare > ServiceNow > Relationships
• Azure > Storage > Queue > ServiceNow > Relationships
• Azure > Storage > Storage Account > ServiceNow > Relationships

Policy Types

• Azure > Storage > Container > ServiceNow > Import Set > Insert Mode
• Azure > Storage > Container > ServiceNow > Relationships
• Azure > Storage > Container > ServiceNow > Relationships > Template
• Azure > Storage > FileShare > ServiceNow > Import Set > Insert Mode
• Azure > Storage > FileShare > ServiceNow > Relationships
• Azure > Storage > FileShare > ServiceNow > Relationships > Template
• Azure > Storage > Queue > ServiceNow > Import Set > Insert Mode
• Azure > Storage > Queue > ServiceNow > Relationships
• Azure > Storage > Queue > ServiceNow > Relationships > Template
• Azure > Storage > Storage Account > ServiceNow > Import Set > Insert Mode
• Azure > Storage > Storage Account > ServiceNow > Relationships
• Azure > Storage > Storage Account > ServiceNow > Relationships > Template

What's new?

• You can now configure and manage CI Relationships for elastic IPs, internet gateways and NAT gateways in ServiceNow. To get started, set the AWS > VPC > Elastic IP > ServiceNow > Relationships > *, AWS > VPC > Internet Gateway > ServiceNow > Relationships > * and AWS > VPC > NAT Gateway > ServiceNow > Relationships > * policies respectively.

Control Types

• AWS > VPC > Elastic IP > ServiceNow > Relationships
• AWS > VPC > Internet Gateway > ServiceNow
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item
• AWS > VPC > Internet Gateway > ServiceNow > Relationships
• AWS > VPC > Internet Gateway > ServiceNow > Table
• AWS > VPC > NAT Gateway > ServiceNow
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item
• AWS > VPC > NAT Gateway > ServiceNow > Relationships
• AWS > VPC > NAT Gateway > ServiceNow > Table

Policy Types

• AWS > VPC > Elastic IP > ServiceNow > Relationships
• AWS > VPC > Elastic IP > ServiceNow > Relationships > Template
• AWS > VPC > Internet Gateway > ServiceNow
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > Internet Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Internet Gateway > ServiceNow > Relationships
• AWS > VPC > Internet Gateway > ServiceNow > Relationships > Template
• AWS > VPC > Internet Gateway > ServiceNow > Table
• AWS > VPC > Internet Gateway > ServiceNow > Table > Definition
• AWS > VPC > NAT Gateway > ServiceNow
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > NAT Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > NAT Gateway > ServiceNow > Relationships
• AWS > VPC > NAT Gateway > ServiceNow > Relationships > Template
• AWS > VPC > NAT Gateway > ServiceNow > Table
• AWS > VPC > NAT Gateway > ServiceNow > Table > Definition

Control Types

• AWS > VPC > Customer Gateway > ServiceNow
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item
• AWS > VPC > Customer Gateway > ServiceNow > Relationships
• AWS > VPC > Customer Gateway > ServiceNow > Table
• AWS > VPC > Transit Gateway > ServiceNow
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item
• AWS > VPC > Transit Gateway > ServiceNow > Relationships
• AWS > VPC > Transit Gateway > ServiceNow > Table
• AWS > VPC > VPN Gateway > ServiceNow
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item
• AWS > VPC > VPN Gateway > ServiceNow > Relationships
• AWS > VPC > VPN Gateway > ServiceNow > Table

Policy Types

• AWS > VPC > Customer Gateway > ServiceNow
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > Customer Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Customer Gateway > ServiceNow > Relationships
• AWS > VPC > Customer Gateway > ServiceNow > Relationships > Template
• AWS > VPC > Customer Gateway > ServiceNow > Table
• AWS > VPC > Customer Gateway > ServiceNow > Table > Definition
• AWS > VPC > Transit Gateway > ServiceNow
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > Transit Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > Transit Gateway > ServiceNow > Relationships
• AWS > VPC > Transit Gateway > ServiceNow > Relationships > Template
• AWS > VPC > Transit Gateway > ServiceNow > Table
• AWS > VPC > Transit Gateway > ServiceNow > Table > Definition
• AWS > VPC > VPN Gateway > ServiceNow
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item > Record
• AWS > VPC > VPN Gateway > ServiceNow > Configuration Item > Table Definition
• AWS > VPC > VPN Gateway > ServiceNow > Relationships
• AWS > VPC > VPN Gateway > ServiceNow > Relationships > Template
• AWS > VPC > VPN Gateway > ServiceNow > Table
• AWS > VPC > VPN Gateway > ServiceNow > Table > Definition

What's new?

• You can now configure and manage CI Relationships for AMIs, instances, key pairs, network interfaces, snapshots and volumes in ServiceNow. To get started, set the AWS > EC2 > AMI > ServiceNow > Relationships > *, AWS > EC2 > Instance > ServiceNow > Relationships > *, AWS > EC2 > Key Pair > ServiceNow > Relationships > *, AWS > EC2 > Network Interface > ServiceNow > Relationships > *, AWS > EC2 > Snapshot > ServiceNow > Relationships > * and AWS > EC2 > Volume > ServiceNow > Relationships > * policies respectively.