CMDB Guardrails
Overview
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
The Resource Type
AWS > SQS > Queue
defines a Control AWS > SQS > Queue > CMDB
with a target Resource Type of AWS > SQS > Queue
.Policies to control CMDB
CMDB controls have an associated policy that allows them to be enforced or
skipped. Note, however, that if CMDB is set to Skip
for a resource, then it
will not exist in the CMDB, and no controls that target it will run.
The
AWS > S3 > Bucket > CMDB
policy may be set to `Skip` or `Enforce: Enabled`CMDB controls also use the Region
policy associated with the resource. If
region is not in Regions
policy, the CMDB control should delete the resource
from the CMDB (since we don’t want to capture any resources in that region, we
should also cleanup).
The
AWS > S3 > Bucket > CMDB
will add/modify a resource in the CMDB if the resource is in region specified in AWS > S3 > Bucket > Regions
, and delete it from the CMDB if it is not.