@turbot/aws-cloudfront

The aws-cloudfront mod contains resource, control and policy definitions for AWS CloudFront service.

Recommended Version

Version

5.5.0

Released On

Dec 11, 2023

Depends On

What's new?

AWS/CloudFront/Admin and AWS/CloudFront/Metadata will now also include permissions for CloudFront KeyValueStore.

What's new?

We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include createdBy details in Turbot CMDB.

Policy Types

Action Types

AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control
AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Active control [90 days]
AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control
AWS > CloudFront > CloudFront Origin Access Identity > Skip alarm for Approved control [90 days]
AWS > CloudFront > Distribution > Set Tags
AWS > CloudFront > Distribution > Skip alarm for Active control
AWS > CloudFront > Distribution > Skip alarm for Active control [90 days]
AWS > CloudFront > Distribution > Skip alarm for Approved control
AWS > CloudFront > Distribution > Skip alarm for Approved control [90 days]
AWS > CloudFront > Distribution > Skip alarm for Tags control
AWS > CloudFront > Distribution > Skip alarm for Tags control [90 days]
AWS > CloudFront > Streaming Distribution > Set Tags
AWS > CloudFront > Streaming Distribution > Skip alarm for Active control
AWS > CloudFront > Streaming Distribution > Skip alarm for Active control [90 days]
AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control
AWS > CloudFront > Streaming Distribution > Skip alarm for Approved control [90 days]
AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control
AWS > CloudFront > Streaming Distribution > Skip alarm for Tags control [90 days]

Bug fixes

Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

What's new?

We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.

Bug fixes

We've made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There's no noticeable difference, but things should run more reliably now.

Bug fixes

In various Active controls, we were outputting log messages that did not properly show how many days were left until we'd delete the inactive resources (we were still deleting them after the correct number of days). These log messages have been fixed and now contain the correct number of days.

Bug fixes

Updated various resource configurations to provide better compatibility with AWS China regions.

Bug fixes

Sometimes when updating CMDB for resources with tags that have empty string values, e.g., [{Key: "Empty", Value: ""}, {Key: "Turbot is great", Value: "true"}], we would not store all of the tags correctly. This has been fixed and now all tags are accounted for.

Bug fixes

Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.