- Step 1: Locate the IAM role
- Step 2: Review role permissions
- Step 3: Edit the IAM policy
- Step 4: Name the policy
- Step 5: Find Quick Actions
- Step 6: Enable Quick Actions
- Step 7: Find a bucket in Alarm
- Step 8: Select a bucket in Alarm
- Step 9: Use a Quick Action
- Step 10: Observe the change
- Step 11: Check if it worked
- Step 12: Review
- Next Steps
- Progress tracker
Apply a Quick Action
In this guide we’ll show how you can enable Guardrails to perform Quick Actions that fix misconfigurations. A Quick Action empowers an administrator to quickly fix misconfigurations by applying a change directly to an underlying AWS resource. In order to use this feature, the cross account role used by Guardrails will need additional permissions to perform those actions. This guide will instruct you how to change the permissions specific to S3 bucket versioning, other types of quick actions will require different permission grants.
This is the ninth guide in the Getting started with AWS series.
Prerequisites:
- Completion of the previous guides in this series.
- Access to the Guardrails console with administrative privlidges.
- Access to an AWS account with administrative privlidges to add permissions to the Guardrails cross-account role.
Step 1: Locate the IAM role
In the AWS Console, find the role you created in the first guide and open its details by clicking the named link.
Step 2: Review role permissions
Expand the Add permissions dropdown.
Step 3: Edit the IAM policy
Choose Create inline policy.
Choose JSON, and then copy and paste this code:
{"Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:PutBucketVersioning", "Resource": "*" } ]}Select Next.
Step 4: Name the policy
Name the policy PutBucketVersioningForGuardrails, and select Create policy.
Step 5: Find Quick Actions
Select Policies from the top-level navigation. In the search box, type quick actions, then select the Turbot > Quick Actions > Enabled policy type.
Select the green New Policy Setting button.
Step 6: Enable Quick Actions
Choose Sandbox as the Resource, and then select Enabled, and click the green Create button.
Step 7: Find a bucket in Alarm
Use your bookmark to navigate back to the Controls by State report and filter on AWS > S3 > Bucket > Versioning.
Step 8: Select a bucket in Alarm
Select a bucket in Alarm state from the list of buckets.
Step 9: Use a Quick Action
Select the Actions dropdown, and choose Enable Versioning.
Step 10: Observe the change
Guardrails reports that the action was successful, and the control goes to the OK state.
Step 11: Check if it worked
Open a tab to the AWS console, and navigate to the S3 bucket. Confirm the Guardrails Quick Action has correctly set the versioning status of the bucket.
Step 12: Review
In this guide you increased the permissions scope for your cross-account role, enabled Guardrails Quick Actions and, used a Quick Action to change a bucket's versioning property.
Next Steps
In the next guide we’ll set Guardrails to automatically enforce these actions continuously.
Progress tracker
- Prepare an AWS Account for import to Guardrails
- Connect an AWS Account to Guardrails
- Observe AWS Resource Activity
- Enable Your First Policy Pack
- Review Account-Wide Bucket Versioning
- Create a Static Exception to a Guardrails Policy
- Create a Calculated Exception to a Guardrails Policy
- Send an Alert to Email
- Apply a Quick Action
- Enable Automatic Enforcement