Run Controls Using Scripts
In this guide, you will:
- Use the Guardrails Console to identify controls in an error state and resolve them using scripts.
Controls enforce policies to ensure cloud resources remain compliant and Guardrails operates effectively. However, a large number of controls may encounter errors due to factors like network outages. To efficiently resolve these errors, use the script available in the guardrails-samples GitHub repository to rerun the affected controls. Regularly addressing controls in an Error state helps maintain system stability and compliance.
Prerequisites
- Turbot/Operator permissions at the Turbot resource level.
- Familiarity with Github and the Guardrails console.
Step 1: Navigate to Controls
Log into the Guardrails console with provided local credentials or by using any SAML based login and Select Controls from the top navigation menu.

Step 2: Identify Control Errors
In the Controls section, filter and select the controls in an Error
state that need to be re-run.

Step 3: Retrieve Control Type URI
Open the control details, navigate to the Developers tab, and copy the Control Type URI
for use in later steps.

Step 4: Clone Guardrails Samples Repository
Go to guardrails-samples and clone the repository.

Step 5: Navigate to Run-Controls Directory
In the cloned repository, navigate to the following folder:
guardrails_utilities/shell_utils/run-controls
Step 6: Set Environment Variables
Set the necessary environment variables using the command below:
export TURBOT_WORKSPACE="https://<environment-name>.cloud.turbot.com/"export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef172390814export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4b67fa82ab2c
Step 7: Run Controls via Script
Execute this script using the Control Type URI from Step 3. The batch size is set to 25 to minimize database load.
./run-controls.sh --filter 'state:error controlTypeId:tmod:@turbot/turbot#/control/types/controlInstalled' --batch-size 25
The script should start running and output results similar to below:
[INFO] Control 1 of 22[INFO] Type: "Type Installed"[INFO] Resource: "Turbot > @turbot/aws-rds > Update Performance Configuration"[INFO] State: "error"[INFO] Reason: "Error running trusted inline"[INFO] ID: "311522861481171"[INFO] Control 2 of 22[INFO] Type: "Type Installed"[INFO] Resource: "Turbot > @turbot/aws-rds > Set Tags"[INFO] State: "error"[INFO] Reason: "Error running trusted inline"[INFO] ID: "293907562769114"[INFO] Control 3 of 22[INFO] Type: "Type Installed"[INFO] Resource: "Turbot > @turbot/aws-rds > Delete from AWS"[INFO] State: "error"[INFO] Reason: "Error running trusted inline"[INFO] ID: "293907548601779"[INFO] Control 4 of 22[INFO] Type: "Type Installed"[INFO] Resource: "Turbot > @turbot/aws-rds > Delete from AWS"[INFO] State: "error"[INFO] Reason: "Error running trusted inline"[INFO] ID: "293907547759782"[INFO] Control 22 of 22[INFO] Type: "Type Installed"[INFO] Resource: "Turbot > @turbot/aws-rds > Update Access Logging"[INFO] State: "error"[INFO] Reason: "Error running trusted inline"[INFO] ID: "195756668765883"[INFO] Total amount of controls re-run: 22[INFO] Total time taken 7 second(s)
The command stops once all controls have successfully run.
Step 8: Review
Check that all controls have moved to an OK
state.

NoteIf you need to resolve policies that are not evaluating properly, you can use the same approach with the run-policies script instead.
Troubleshooting
Issue | Description | Guide |
---|---|---|
Common errors | Common issues that may prevent controls from running include network connectivity problems, permission issues, and API rate limits. These can cause controls to enter an error state. | Refer to Common Troubleshooting for detailed resolution steps. |
Further Assistance | If you encounter further issues with Calculated Policies, please open a ticket with us and attach the relevant information to assist you more efficiently. | Open Support Ticket |