Guardrails

Turbot Guardrails Policies and Controls provide a flexible framework for auditing and enforcing configuration across hundreds of cloud services, networking, OS, and DB tiers. While this model is extensible, there are many guardrails that are common and consistent across resources.

GuardrailDescription
Access LoggingMonitor and enable access logging on various cloud resources.
ActiveUse a variety of criteria to determine if a cloud resource is Active, i.e. number of days the resource has existed, and take action (shutdown, delete, alarm, etc).
ApprovedVerify whether a particular resource is allowed to exist and take an appropriate action if not (shutdown, delete, alarm, etc).
Audit LoggingAudit Logging configuration tools for cloud resources.
BudgetA mechanism for tracking current spend against a planned target and taking appropriate action to control cost.
CMDBResponsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
DiscoveryMechanism by which Guardrails initially adds a resource to the CMDB.
Encryption at RestA mechanism to manage data encryption at rest (i.e. AWS S3 Buckets).
Encryption in TransitA mechanism to manage data encryption in transit (i.e. AWS S3 Buckets).
Public AccessConfigure public access settings on cloud resources.
SchedulingDefine schedules to control cloud resource usage.
Stacks/ ConfiguredManage resource configuration using Terraform.
TaggingTagging of both Guardrails resources, such as a folder, and Cloud Provider resources, such as an Azure Subscription or AWS EC2 instance.
Trusted AccessTrusted Access allow you to define whom and what you trust and enforce those limitations on your cloud resources.
UsageGenerate alarms if the number of resources in a specific service exceeds a set amount.