Apply a Quick Action

In this guide we’ll show how you can enable Guardrails to perform Quick Actions that fix misconfigurations. A Quick Action empowers an administrator to quickly fix misconfigurations by applying a change directly to an underlying AWS resource. In order to use this feature, the cross account role used by Guardrails will need additional permissions to perform those actions. This guide will instruct you how to change the permissions specific to S3 bucket versioning, other types of quick actions will require different permission grants.

This is the ninth guide in the Getting started with AWS series.

Prerequisites:

  • Completion of the previous guides in this series.
  • Access to the Guardrails console with administrative privileges.
  • Access to an AWS account with administrative privlidges to add permissions to the Guardrails cross-account role.

Step 1: Locate the IAM role

In the AWS Console, find the role you created in the first guide and open its details by clicking the named link.

Step 2: Review role permissions

Expand the Add permissions dropdown.

Step 3: Edit the IAM policy

Choose Create inline policy.

Choose JSON, and then copy and paste this code:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutBucketVersioning",
"Resource": "*"
}
]
}

Select Next.

Step 4: Name the policy

Name the policy PutBucketVersioningForGuardrails, and select Create policy.

Step 5: Find Quick Actions

Select Policies from the top-level navigation. In the search box, type quick actions, then select the Turbot > Quick Actions > Enabled policy type.

Select the green New Policy Setting button.

Step 6: Enable Quick Actions

Choose Sandbox as the Resource, and then select Enabled, and click the green Create button.

Step 7: Find a bucket in Alarm

Use your bookmark to navigate back to the Controls by State report and filter on AWS > S3 > Bucket > Versioning.

Step 8: Select a bucket in Alarm

Select a bucket in Alarm state from the list of buckets.

Step 9: Use a Quick Action

Select the Actions dropdown, and choose Enable Versioning.

Step 10: Observe the change

Guardrails reports that the action was successful, and the control goes to the OK state.

Step 11: Check if it worked

Open a tab to the AWS console, and navigate to the S3 bucket. Confirm the Guardrails Quick Action has correctly set the versioning status of the bucket.

Step 12: Review

In this guide you increased the permissions scope for your cross-account role, enabled Guardrails Quick Actions and, used a Quick Action to change a bucket's versioning property.

Next Steps

In the next guide we’ll set Guardrails to automatically enforce these actions continuously.

Progress tracker

  • Prepare an AWS Account for import to Guardrails
  • Connect an AWS Account to Guardrails
  • Observe AWS Resource Activity
  • Enable Your First Policy Pack
  • Review Account-Wide Bucket Versioning
  • Create a Static Exception to a Guardrails Policy
  • Create a Calculated Exception to a Guardrails Policy
  • Send an Alert to Email
  • Apply a Quick Action
  • Enable Automatic Enforcement