Product logo
DocsBlogPricing

Control types for @turbot/aws-ec2

AWS > EC2 > AMI > Active

Take an action when an AWS EC2 ami is not active based on the\nAWS > EC2 > AMI > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > AMI > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/amiActive
Parent
Category
Targets

AWS > EC2 > AMI > Approved

Take an action when an AWS EC2 ami is not approved based on AWS > EC2 > AMI > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/amiApproved
Parent
Category
Targets

AWS > EC2 > AMI > CMDB

Record and synchronize details for the AWS EC2 ami into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > AMI > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/amiCmdb
Parent
Category
Targets

AWS > EC2 > AMI > Configured

Maintain AWS > EC2 > AMI configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/amiConfigured
Parent
Category
Targets

AWS > EC2 > AMI > Discovery

Discover all AWS EC2 ami resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > AMI > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/amiDiscovery
Parent
Category
Targets

AWS > EC2 > AMI > Tags

Take an action when an AWS EC2 ami tags is not updated based on the AWS > EC2 > AMI > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > AMI > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/amiTags
Parent
Category
Targets

AWS > EC2 > AMI > Trusted Access

Manage trusted access for AWS EC2 AMIs.\n\nAWS allows EC2 AMIs to be shared with specific AWS accounts.\nThis control allows you to configure whether such sharing is allowed, and to which accounts.\n\nIf set to Enforce, access to non-trusted accounts will be removed.\n

URI
tmod:@turbot/aws-ec2#/control/types/amiTrustedAccess
Parent
Category
Targets

AWS > EC2 > AMI > Usage

The Usage control determines whether the number of AWS EC2 ami resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > AMI > Usage policy, and set the limit with the AWS > EC2 > AMI > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/amiUsage
Parent
Category
Targets

AWS > EC2 > Account Attributes > CMDB

Record and synchronize details for the AWS EC2 account attributes into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Account Attributes > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesCmdb
Parent
Category
Targets

AWS > EC2 > Account Attributes > Discovery

Discover all AWS EC2 account attributes resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Account Attributes > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesDiscovery
Parent
Category
Targets

AWS > EC2 > Account Attributes > EBS Encryption by Default

Define the EBS Encryption by Default settings required for AWS > EC2 > Account Attributes.\n\nEncryption at Rest refers specifically to the encryption of data when written\nto an underlying storage system. This control determines whether the resource\nis encrypted at rest, and sets encryption to your desired level.\n\nThe EBS Encryption by Default control compares the encryption settings against the encryption policies for the resource\n(AWS > EC2 > Account Attributes > EBS Encryption by Default > *),\nraises an alarm, and takes the defined enforcement action.\n

URI
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesEbsEncryptionByDefault
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > Access Logging

Define the Access Logging settings required for AWS > EC2 > Application Load Balancer.\n\nAWS > EC2 > Application Load Balancer provides access logs that capture\ndetailed information about requests sent to your load\nbalancer. Each log contains information such as the time the\nrequest was received, the client's IP address, latencies,\nrequest paths, and server responses. You can use these\naccess logs to analyze traffic patterns and troubleshoot\nissues.\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerAccessLogging
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > Active

Take an action when an AWS EC2 application load balancer is not active based on the\nAWS > EC2 > Application Load Balancer > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Application Load Balancer > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerActive
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > Approved

Take an action when an AWS EC2 application load balancer is not approved based on AWS > EC2 > Application Load Balancer > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerApproved
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > CMDB

Record and synchronize details for the AWS EC2 application load balancer into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Application Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerCmdb
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > Configured

Maintain AWS > EC2 > Application Load Balancer configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerConfigured
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > Discovery

Discover all AWS EC2 application load balancer resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Application Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerDiscovery
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > Tags

Take an action when an AWS EC2 application load balancer tags is not updated based on the AWS > EC2 > Application Load Balancer > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Application Load Balancer > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerTags
Parent
Category
Targets

AWS > EC2 > Application Load Balancer > Usage

The Usage control determines whether the number of AWS EC2 application load balancer resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Application Load Balancer > Usage policy, and set the limit with the AWS > EC2 > Application Load Balancer > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerUsage
Parent
Category
Targets

AWS > EC2 > Auto Scaling Group > Active

Take an action when an AWS EC2 auto scaling group is not active based on the\nAWS > EC2 > Auto Scaling Group > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Auto Scaling Group > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupActive
Parent
Category
Targets

AWS > EC2 > Auto Scaling Group > Approved

Take an action when an AWS EC2 auto scaling group is not approved based on AWS > EC2 > Auto Scaling Group > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupApproved
Parent
Category
Targets

AWS > EC2 > Auto Scaling Group > CMDB

Record and synchronize details for the AWS EC2 auto scaling group into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Auto Scaling Group > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupCmdb
Parent
Category
Targets

AWS > EC2 > Auto Scaling Group > Discovery

Discover all AWS EC2 auto scaling group resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Auto Scaling Group > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupDiscovery
Parent
Category
Targets

AWS > EC2 > Auto Scaling Group > Tags

Take an action when an AWS EC2 auto scaling group tags is not updated based on the AWS > EC2 > Auto Scaling Group > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Auto Scaling Group > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupTags
Parent
Category
Targets

AWS > EC2 > Auto Scaling Group > Usage

The Usage control determines whether the number of AWS EC2 auto scaling group resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Auto Scaling Group > Usage policy, and set the limit with the AWS > EC2 > Auto Scaling Group > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupUsage
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > Access Logging

Define the Access Logging settings required for AWS > EC2 > Classic Load Balancer.\n\nAWS > EC2 > Classic Load Balancer provides access logs that capture\ndetailed information about requests sent to your load\nbalancer. Each log contains information such as the time the\nrequest was received, the client's IP address, latencies,\nrequest paths, and server responses. You can use these\naccess logs to analyze traffic patterns and troubleshoot\nissues.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerAccessLogging
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > Active

Take an action when an AWS EC2 classic load balancer is not active based on the\nAWS > EC2 > Classic Load Balancer > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Classic Load Balancer > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerActive
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > Approved

Take an action when an AWS EC2 classic load balancer is not approved based on AWS > EC2 > Classic Load Balancer > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerApproved
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > CMDB

Record and synchronize details for the AWS EC2 classic load balancer into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Classic Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerCmdb
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > Configured

Maintain AWS > EC2 > Classic Load Balancer configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerConfigured
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > Discovery

Discover all AWS EC2 classic load balancer resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Classic Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerDiscovery
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > Tags

Take an action when an AWS EC2 classic load balancer tags is not updated based on the AWS > EC2 > Classic Load Balancer > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Classic Load Balancer > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerTags
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer > Usage

The Usage control determines whether the number of AWS EC2 classic load balancer resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Classic Load Balancer > Usage policy, and set the limit with the AWS > EC2 > Classic Load Balancer > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerUsage
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer Listener > Active

Take an action when an AWS EC2 classic load balancer listener is not active based on the\nAWS > EC2 > Classic Load Balancer Listener > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Classic Load Balancer Listener > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerActive
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer Listener > Approved

Take an action when an AWS EC2 classic load balancer listener is not approved based on AWS > EC2 > Classic Load Balancer Listener > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerApproved
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer Listener > CMDB

Record and synchronize details for the AWS EC2 classic load balancer listener into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Classic Load Balancer Listener > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerCmdb
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer Listener > Discovery

Discover all AWS EC2 classic load balancer listener resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Classic Load Balancer Listener > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerDiscovery
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer Listener > SSL Policy

Take an action when an AWS EC2 classic load balancer listener is not using an allowed SSL policy.\n\nIf the SSL policy specified in the AWS > EC2 > Classic Load Balancer Listener > SSL Policy > Default policy is not in the AWS > EC2 > Classic Load Balancer Listener > SSL Policy > Allowed policy, the control will move to invalid to prevent a conflict.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerSslPolicy
Parent
Category
Targets

AWS > EC2 > Classic Load Balancer Listener > Usage

The Usage control determines whether the number of AWS EC2 classic load balancer listener resources exceeds the configured usage limit for this classicLoadBalancer.\n\nYou can configure the behavior of this control with the AWS > EC2 > Classic Load Balancer Listener > Usage policy, and set the limit with the AWS > EC2 > Classic Load Balancer Listener > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerUsage
Parent
Category
Targets

AWS > EC2 > Gateway Load Balancer > Active

Take an action when an AWS EC2 gateway load balancer is not active based on the\nAWS > EC2 > Gateway Load Balancer > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Gateway Load Balancer > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerActive
Parent
Category
Targets

AWS > EC2 > Gateway Load Balancer > Approved

Take an action when an AWS EC2 gateway load balancer is not approved based on AWS > EC2 > Gateway Load Balancer > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerApproved
Parent
Category
Targets

AWS > EC2 > Gateway Load Balancer > CMDB

Record and synchronize details for the AWS EC2 gateway load balancer into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Gateway Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerCmdb
Parent
Category
Targets

AWS > EC2 > Gateway Load Balancer > Discovery

Discover all AWS EC2 gateway load balancer resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Gateway Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerDiscovery
Parent
Category
Targets

AWS > EC2 > Gateway Load Balancer > Tags

Take an action when an AWS EC2 gateway load balancer tags is not updated based on the AWS > EC2 > Gateway Load Balancer > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Gateway Load Balancer > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerTags
Parent
Category
Targets

AWS > EC2 > Gateway Load Balancer > Usage

The Usage control determines whether the number of AWS EC2 gateway load balancer resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Gateway Load Balancer > Usage policy, and set the limit with the AWS > EC2 > Gateway Load Balancer > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerUsage
Parent
Category
Targets

AWS > EC2 > Instance > Active

Take an action when an AWS EC2 instance is not active based on the\nAWS > EC2 > Instance > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Instance > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceActive
Parent
Category
Targets

AWS > EC2 > Instance > Approved

Take an action when an AWS EC2 instance is not approved based on AWS > EC2 > Instance > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceApproved
Parent
Category
Targets

AWS > EC2 > Instance > CMDB

Record and synchronize details for the AWS EC2 instance into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Instance > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceCmdb
Parent
Category
Targets

AWS > EC2 > Instance > Configured

Maintain AWS > EC2 > Instance configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceConfigured
Parent
Category
Targets

AWS > EC2 > Instance > Detailed Monitoring

Define the Detailed Monitoring settings required for AWS > EC2 > Instance > Detailed Monitoring.\n\nIf detailed monitoring is enabled then Amazon EC2 console displays monitoring graphs with a 1-minute period for the instance.\n\nNote: Enabling detailed monitoring will incur additional charges.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceDetailedMonitoring
Parent
Category
Targets

AWS > EC2 > Instance > Discovery

Discover all AWS EC2 instance resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Instance > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceDiscovery
Parent
Category
Targets

AWS > EC2 > Instance > Instance Profile

Determine whether the IAM instance profile is attached to instance.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceInstanceProfile
Parent
Category
Targets

AWS > EC2 > Instance > Metadata Service

Instance metadata is data about your instance that you can use to configure or manage the running instance.\nInstance metadata is divided into categories, for example, host name, events, and security groups.\n\nInstance metadata can be accessed from a running instance using one of the following methods:\n\n Instance Metadata Service Version 1 (IMDSv1) – a request/response method\n\n Instance Metadata Service Version 2 (IMDSv2) – a session-oriented method\n\nBy default, you can use either IMDSv1 or IMDSv2, or both. However, the instance metadata service can be specifically\nconfigured to use IMDSv2 on each instance. When you specify that IMDSv2 must be used, IMDSv1 no longer works.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceMetadataService
Parent
Category
Targets

AWS > EC2 > Instance > Schedule

Set a schedule for starting and stopping an AWS EC2 instance.\n\nNote If both "Schedule" and "Schedule Tag" are set to enforce and the\ninstance has a turbot_custom_schedule tag, then the schedule specified by\nthe tag will be in effect.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceSchedule
Parent
Category
Targets

AWS > EC2 > Instance > Tags

Take an action when an AWS EC2 instance tags is not updated based on the AWS > EC2 > Instance > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Instance > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceTags
Parent
Category
Targets

AWS > EC2 > Instance > Termination Protection

Define the Termination Protection settings required for AWS > EC2 > Instance > Termination Protection.\n\nIt allows to prevent an instance from being terminated accidentally by someone using the AWS Management Console, the CLI, and the API.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceTerminationProtection
Parent
Category
Targets

AWS > EC2 > Instance > Usage

The Usage control determines whether the number of AWS EC2 instance resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Instance > Usage policy, and set the limit with the AWS > EC2 > Instance > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/instanceUsage
Parent
Category
Targets

AWS > EC2 > Key Pair > Active

Take an action when an AWS EC2 key pair is not active based on the\nAWS > EC2 > Key Pair > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Key Pair > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/keyPairActive
Parent
Category
Targets

AWS > EC2 > Key Pair > Approved

Take an action when an AWS EC2 key pair is not approved based on AWS > EC2 > Key Pair > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/keyPairApproved
Parent
Category
Targets

AWS > EC2 > Key Pair > CMDB

Record and synchronize details for the AWS EC2 key pair into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Key Pair > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/keyPairCmdb
Parent
Category
Targets

AWS > EC2 > Key Pair > Discovery

Discover all AWS EC2 key pair resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Key Pair > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/keyPairDiscovery
Parent
Category
Targets

AWS > EC2 > Key Pair > Tags

Take an action when an AWS EC2 key pair tags is not updated based on the AWS > EC2 > Key Pair > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Key Pair > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/keyPairTags
Parent
Category
Targets

AWS > EC2 > Key Pair > Usage

The Usage control determines whether the number of AWS EC2 key pair resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Key Pair > Usage policy, and set the limit with the AWS > EC2 > Key Pair > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/keyPairUsage
Parent
Category
Targets

AWS > EC2 > Launch Configuration > Active

Take an action when an AWS EC2 launch configuration is not active based on the\nAWS > EC2 > Launch Configuration > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Launch Configuration > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchConfigurationActive
Parent
Category
Targets

AWS > EC2 > Launch Configuration > Approved

Take an action when an AWS EC2 launch configuration is not approved based on AWS > EC2 > Launch Configuration > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchConfigurationApproved
Parent
Category
Targets

AWS > EC2 > Launch Configuration > CMDB

Record and synchronize details for the AWS EC2 launch configuration into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Launch Configuration > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/launchConfigurationCmdb
Parent
Category
Targets

AWS > EC2 > Launch Configuration > Discovery

Discover all AWS EC2 launch configuration resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Launch Configuration > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchConfigurationDiscovery
Parent
Category
Targets

AWS > EC2 > Launch Configuration > Usage

The Usage control determines whether the number of AWS EC2 launch configuration resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Launch Configuration > Usage policy, and set the limit with the AWS > EC2 > Launch Configuration > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchConfigurationUsage
Parent
Category
Targets

AWS > EC2 > Launch Template > Active

Take an action when an AWS EC2 launch template is not active based on the\nAWS > EC2 > Launch Template > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Launch Template > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateActive
Parent
Category
Targets

AWS > EC2 > Launch Template > Approved

Take an action when an AWS EC2 launch template is not approved based on AWS > EC2 > Launch Template > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateApproved
Parent
Category
Targets

AWS > EC2 > Launch Template > CMDB

Record and synchronize details for the AWS EC2 launch template into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Launch Template > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateCmdb
Parent
Category
Targets

AWS > EC2 > Launch Template > Discovery

Discover all AWS EC2 launch template resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Launch Template > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateDiscovery
Parent
Category
Targets

AWS > EC2 > Launch Template > Tags

Take an action when an AWS EC2 launch template tags is not updated based on the AWS > EC2 > Launch Template > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Launch Template > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateTags
Parent
Category
Targets

AWS > EC2 > Launch Template > Usage

The Usage control determines whether the number of AWS EC2 launch template resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Launch Template > Usage policy, and set the limit with the AWS > EC2 > Launch Template > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateUsage
Parent
Category
Targets

AWS > EC2 > Launch Template Version > Active

Take an action when an AWS EC2 launch template version is not active based on the\nAWS > EC2 > Launch Template Version > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Launch Template Version > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionActive
Parent
Category
Targets

AWS > EC2 > Launch Template Version > Approved

Take an action when an AWS EC2 launch template version is not approved based on AWS > EC2 > Launch Template Version > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionApproved
Parent
Category
Targets

AWS > EC2 > Launch Template Version > CMDB

Record and synchronize details for the AWS EC2 launch template version into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Launch Template Version > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionCmdb
Parent
Category
Targets

AWS > EC2 > Launch Template Version > Discovery

Discover all AWS EC2 launch template version resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Launch Template Version > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionDiscovery
Parent
Category
Targets

AWS > EC2 > Launch Template Version > Usage

The Usage control determines whether the number of AWS EC2 launch template version resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Launch Template Version > Usage policy, and set the limit with the AWS > EC2 > Launch Template Version > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionUsage
Parent
Category
Targets

AWS > EC2 > Listener Rule > Active

Take an action when an AWS EC2 listener rule is not active based on the\nAWS > EC2 > Listener Rule > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Listener Rule > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/listenerRuleActive
Parent
Category
Targets

AWS > EC2 > Listener Rule > Approved

Take an action when an AWS EC2 listener rule is not approved based on AWS > EC2 > Listener Rule > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/listenerRuleApproved
Parent
Category
Targets

AWS > EC2 > Listener Rule > CMDB

Record and synchronize details for the AWS EC2 listener rule into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Listener Rule > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/listenerRuleCmdb
Parent
Category
Targets

AWS > EC2 > Listener Rule > Configured

Maintain AWS > EC2 > Listener Rule configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/listenerRuleConfigured
Parent
Category
Targets

AWS > EC2 > Listener Rule > Discovery

Discover all AWS EC2 listener rule resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Listener Rule > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/listenerRuleDiscovery
Parent
Category
Targets

AWS > EC2 > Listener Rule > Usage

The Usage control determines whether the number of AWS EC2 listener rule resources exceeds the configured usage limit for this applicationLoadBalancer.\n\nYou can configure the behavior of this control with the AWS > EC2 > Listener Rule > Usage policy, and set the limit with the AWS > EC2 > Listener Rule > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/listenerRuleUsage
Parent
Category
Targets

AWS > EC2 > Load Balancer Listener > Active

Take an action when an AWS EC2 load balancer listener is not active based on the\nAWS > EC2 > Load Balancer Listener > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Load Balancer Listener > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerActive
Parent
Category
Targets

AWS > EC2 > Load Balancer Listener > Approved

Take an action when an AWS EC2 load balancer listener is not approved based on AWS > EC2 > Load Balancer Listener > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerApproved
Parent
Category
Targets

AWS > EC2 > Load Balancer Listener > CMDB

Record and synchronize details for the AWS EC2 load balancer listener into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Load Balancer Listener > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerCmdb
Parent
Category
Targets

AWS > EC2 > Load Balancer Listener > Configured

Maintain AWS > EC2 > Load Balancer Listener configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerConfigured
Parent
Category
Targets

AWS > EC2 > Load Balancer Listener > Discovery

Discover all AWS EC2 load balancer listener resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Load Balancer Listener > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerDiscovery
Parent
Category
Targets

AWS > EC2 > Load Balancer Listener > SSL Policy

Take an action when an AWS EC2 load balancer listener is not using an allowed SSL policy.\n\nIf the SSL policy specified in the AWS > EC2 > Load Balancer Listener > SSL Policy > Default policy is not in the AWS > EC2 > Load Balancer Listener > SSL Policy > Allowed policy, the control will move to invalid to prevent a conflict.\n

URI
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerSslPolicy
Parent
Category
Targets

AWS > EC2 > Load Balancer Listener > Usage

The Usage control determines whether the number of AWS EC2 load balancer listener resources exceeds the configured usage limit for this applicationLoadBalancer.\n\nYou can configure the behavior of this control with the AWS > EC2 > Load Balancer Listener > Usage policy, and set the limit with the AWS > EC2 > Load Balancer Listener > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerUsage
Parent
Category
Targets

AWS > EC2 > Network Interface > Active

Take an action when an AWS EC2 network interface is not active based on the\nAWS > EC2 > Network Interface > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Network Interface > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkInterfaceActive
Parent
Category
Targets

AWS > EC2 > Network Interface > Approved

Take an action when an AWS EC2 network interface is not approved based on AWS > EC2 > Network Interface > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkInterfaceApproved
Parent
Category
Targets

AWS > EC2 > Network Interface > CMDB

Record and synchronize details for the AWS EC2 network interface into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Network Interface > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/networkInterfaceCmdb
Parent
Category
Targets

AWS > EC2 > Network Interface > Configured

Maintain AWS > EC2 > Network Interface configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/networkInterfaceConfigured
Parent
Category
Targets

AWS > EC2 > Network Interface > Discovery

Discover all AWS EC2 network interface resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Network Interface > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkInterfaceDiscovery
Parent
Category
Targets

AWS > EC2 > Network Interface > Tags

Take an action when an AWS EC2 network interface tags is not updated based on the AWS > EC2 > Network Interface > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Network Interface > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkInterfaceTags
Parent
Category
Targets

AWS > EC2 > Network Interface > Usage

The Usage control determines whether the number of AWS EC2 network interface resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Network Interface > Usage policy, and set the limit with the AWS > EC2 > Network Interface > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkInterfaceUsage
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > Access Logging

Define the Access Logging settings required for AWS > EC2 > Network Load Balancer.\n\nAWS > EC2 > Network Load Balancer provides access logs that capture\ndetailed information about requests sent to your load\nbalancer. Each log contains information such as the time the\nrequest was received, the client's IP address, latencies,\nrequest paths, and server responses. You can use these\naccess logs to analyze traffic patterns and troubleshoot\nissues.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerAccessLogging
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > Active

Take an action when an AWS EC2 network load balancer is not active based on the\nAWS > EC2 > Network Load Balancer > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Network Load Balancer > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerActive
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > Approved

Take an action when an AWS EC2 network load balancer is not approved based on AWS > EC2 > Network Load Balancer > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerApproved
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > CMDB

Record and synchronize details for the AWS EC2 network load balancer into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Network Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerCmdb
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > Configured

Maintain AWS > EC2 > Network Load Balancer configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerConfigured
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > Discovery

Discover all AWS EC2 network load balancer resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Network Load Balancer > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerDiscovery
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > Tags

Take an action when an AWS EC2 network load balancer tags is not updated based on the AWS > EC2 > Network Load Balancer > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Network Load Balancer > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerTags
Parent
Category
Targets

AWS > EC2 > Network Load Balancer > Usage

The Usage control determines whether the number of AWS EC2 network load balancer resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Network Load Balancer > Usage policy, and set the limit with the AWS > EC2 > Network Load Balancer > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerUsage
Parent
Category
Targets

AWS > EC2 > Snapshot > Active

Take an action when an AWS EC2 snapshot is not active based on the\nAWS > EC2 > Snapshot > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Snapshot > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotActive
Parent
Category
Targets

AWS > EC2 > Snapshot > Approved

Take an action when an AWS EC2 snapshot is not approved based on AWS > EC2 > Snapshot > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotApproved
Parent
Category
Targets

AWS > EC2 > Snapshot > CMDB

Record and synchronize details for the AWS EC2 snapshot into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Snapshot > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotCmdb
Parent
Category
Targets

AWS > EC2 > Snapshot > Configured

Maintain AWS > EC2 > Snapshot configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotConfigured
Parent
Category
Targets

AWS > EC2 > Snapshot > Discovery

Discover all AWS EC2 snapshot resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Snapshot > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotDiscovery
Parent
Category
Targets

AWS > EC2 > Snapshot > Tags

Take an action when an AWS EC2 snapshot tags is not updated based on the AWS > EC2 > Snapshot > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Snapshot > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotTags
Parent
Category
Targets

AWS > EC2 > Snapshot > Trusted Access

Manage trusted access for AWS EC2 Snapshots.\n\nAWS allows EC2 Snapshots to be shared with specific AWS accounts.\nThis control allows you to configure whether such sharing is allowed, and to which accounts.\n\nIf set to Enforce, access to non-trusted accounts will be removed.\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotTrustedAccess
Parent
Category
Targets

AWS > EC2 > Snapshot > Usage

The Usage control determines whether the number of AWS EC2 snapshot resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Snapshot > Usage policy, and set the limit with the AWS > EC2 > Snapshot > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/snapshotUsage
Parent
Category
Targets

AWS > EC2 > Target Group > Active

Take an action when an AWS EC2 target group is not active based on the\nAWS > EC2 > Target Group > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Target Group > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/targetGroupActive
Parent
Category
Targets

AWS > EC2 > Target Group > Approved

Take an action when an AWS EC2 target group is not approved based on AWS > EC2 > Target Group > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/targetGroupApproved
Parent
Category
Targets

AWS > EC2 > Target Group > CMDB

Record and synchronize details for the AWS EC2 target group into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Target Group > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/targetGroupCmdb
Parent
Category
Targets

AWS > EC2 > Target Group > Configured

Maintain AWS > EC2 > Target Group configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/targetGroupConfigured
Parent
Category
Targets

AWS > EC2 > Target Group > Discovery

Discover all AWS EC2 target group resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Target Group > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/targetGroupDiscovery
Parent
Category
Targets

AWS > EC2 > Target Group > Tags

Take an action when an AWS EC2 target group tags is not updated based on the AWS > EC2 > Target Group > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Target Group > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/targetGroupTags
Parent
Category
Targets

AWS > EC2 > Target Group > Usage

The Usage control determines whether the number of AWS EC2 target group resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Target Group > Usage policy, and set the limit with the AWS > EC2 > Target Group > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/targetGroupUsage
Parent
Category
Targets

AWS > EC2 > Volume > Active

Take an action when an AWS EC2 volume is not active based on the\nAWS > EC2 > Volume > Active > * policies.\n\nThe Active control determines whether the resource is in active use, and if not, has\nthe ability to delete / cleanup the resource. When running an automated compliance\nenvironment, it's common to end up with a wide range of alarms that are difficult\nand time consuming to clear. The Active control brings automated, well-defined\ncontrol to this process.\n\nThe Active control checks the status of all defined Active policies for the\nresource (AWS > EC2 > Volume > Active > *),\nraises an alarm, and takes the defined enforcement action. Each Active\nsub-policy can calculate a status of active, inactive or skipped. Generally,\nif the resource appears to be Active for any reason it will be considered Active.\n\nNote the contrast with Approved, where if the resource appears to be Unapproved\nfor any reason it will be considered Unapproved.\n\nSee Active for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/volumeActive
Parent
Category
Targets

AWS > EC2 > Volume > Approved

Take an action when an AWS EC2 volume is not approved based on AWS > EC2 > Volume > Approved > * policies.\n\nThe Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.\n\nFor any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.\n\nSee Approved for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/volumeApproved
Parent
Category
Targets

AWS > EC2 > Volume > CMDB

Record and synchronize details for the AWS EC2 volume into the CMDB.\n\nThe CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.\n\nIf set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.\n\nTo cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".\n\nCMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Volume > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)\n

URI
tmod:@turbot/aws-ec2#/control/types/volumeCmdb
Parent
Category
Targets

AWS > EC2 > Volume > Configured

Maintain AWS > EC2 > Volume configuration\n\nNote: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored\nand inherit from the stack that owns it\n

URI
tmod:@turbot/aws-ec2#/control/types/volumeConfigured
Parent
Category
Targets

AWS > EC2 > Volume > Discovery

Discover all AWS EC2 volume resources and add them to the CMDB.\n\nThe Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.\n\nNote that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Volume > Regions policy, the CMDB control will delete the resource from the CMDB.\n

URI
tmod:@turbot/aws-ec2#/control/types/volumeDiscovery
Parent
Category
Targets

AWS > EC2 > Volume > Tags

Take an action when an AWS EC2 volume tags is not updated based on the AWS > EC2 > Volume > Tags > * policies.\n\nIf the resource is not updated with the tags defined in AWS > EC2 > Volume > Tags > Template, this control raises an alarm and takes the defined enforcement action.\n\nSee Tags for more information.\n

URI
tmod:@turbot/aws-ec2#/control/types/volumeTags
Parent
Category
Targets

AWS > EC2 > Volume > Usage

The Usage control determines whether the number of AWS EC2 volume resources exceeds the configured usage limit for this region.\n\nYou can configure the behavior of this control with the AWS > EC2 > Volume > Usage policy, and set the limit with the AWS > EC2 > Volume > Usage > Limit policy.\n

URI
tmod:@turbot/aws-ec2#/control/types/volumeUsage
Parent
Category
Targets