Control types for @turbot/aws-ec2
- AWS > EC2 > AMI > Active
- AWS > EC2 > AMI > Approved
- AWS > EC2 > AMI > CMDB
- AWS > EC2 > AMI > Configured
- AWS > EC2 > AMI > Discovery
- AWS > EC2 > AMI > Tags
- AWS > EC2 > AMI > Trusted Access
- AWS > EC2 > AMI > Usage
- AWS > EC2 > Account Attributes > Block Public Access for AMIs
- AWS > EC2 > Account Attributes > Block Public Access for Snapshots
- AWS > EC2 > Account Attributes > CMDB
- AWS > EC2 > Account Attributes > Discovery
- AWS > EC2 > Account Attributes > EBS Encryption by Default
- AWS > EC2 > Account Attributes > Instance Metadata Service Defaults
- AWS > EC2 > Application Load Balancer > Access Logging
- AWS > EC2 > Application Load Balancer > Active
- AWS > EC2 > Application Load Balancer > Approved
- AWS > EC2 > Application Load Balancer > CMDB
- AWS > EC2 > Application Load Balancer > Configured
- AWS > EC2 > Application Load Balancer > Discovery
- AWS > EC2 > Application Load Balancer > Tags
- AWS > EC2 > Application Load Balancer > Usage
- AWS > EC2 > Auto Scaling Group > Active
- AWS > EC2 > Auto Scaling Group > Approved
- AWS > EC2 > Auto Scaling Group > CMDB
- AWS > EC2 > Auto Scaling Group > Discovery
- AWS > EC2 > Auto Scaling Group > Tags
- AWS > EC2 > Auto Scaling Group > Usage
- AWS > EC2 > Classic Load Balancer > Access Logging
- AWS > EC2 > Classic Load Balancer > Active
- AWS > EC2 > Classic Load Balancer > Approved
- AWS > EC2 > Classic Load Balancer > CMDB
- AWS > EC2 > Classic Load Balancer > Configured
- AWS > EC2 > Classic Load Balancer > Discovery
- AWS > EC2 > Classic Load Balancer > Tags
- AWS > EC2 > Classic Load Balancer > Usage
- AWS > EC2 > Classic Load Balancer Listener > Active
- AWS > EC2 > Classic Load Balancer Listener > Approved
- AWS > EC2 > Classic Load Balancer Listener > CMDB
- AWS > EC2 > Classic Load Balancer Listener > Discovery
- AWS > EC2 > Classic Load Balancer Listener > SSL Policy
- AWS > EC2 > Classic Load Balancer Listener > Usage
- AWS > EC2 > Gateway Load Balancer > Active
- AWS > EC2 > Gateway Load Balancer > Approved
- AWS > EC2 > Gateway Load Balancer > CMDB
- AWS > EC2 > Gateway Load Balancer > Discovery
- AWS > EC2 > Gateway Load Balancer > Tags
- AWS > EC2 > Gateway Load Balancer > Usage
- AWS > EC2 > Instance > Active
- AWS > EC2 > Instance > Approved
- AWS > EC2 > Instance > CMDB
- AWS > EC2 > Instance > Configured
- AWS > EC2 > Instance > Detailed Monitoring
- AWS > EC2 > Instance > Discovery
- AWS > EC2 > Instance > Instance Profile
- AWS > EC2 > Instance > Metadata Service
- AWS > EC2 > Instance > Schedule
- AWS > EC2 > Instance > Tags
- AWS > EC2 > Instance > Termination Protection
- AWS > EC2 > Instance > Usage
- AWS > EC2 > Key Pair > Active
- AWS > EC2 > Key Pair > Approved
- AWS > EC2 > Key Pair > CMDB
- AWS > EC2 > Key Pair > Discovery
- AWS > EC2 > Key Pair > Tags
- AWS > EC2 > Key Pair > Usage
- AWS > EC2 > Launch Configuration > Active
- AWS > EC2 > Launch Configuration > Approved
- AWS > EC2 > Launch Configuration > CMDB
- AWS > EC2 > Launch Configuration > Discovery
- AWS > EC2 > Launch Configuration > Usage
- AWS > EC2 > Launch Template > Active
- AWS > EC2 > Launch Template > Approved
- AWS > EC2 > Launch Template > CMDB
- AWS > EC2 > Launch Template > Discovery
- AWS > EC2 > Launch Template > Tags
- AWS > EC2 > Launch Template > Usage
- AWS > EC2 > Launch Template Version > Active
- AWS > EC2 > Launch Template Version > Approved
- AWS > EC2 > Launch Template Version > CMDB
- AWS > EC2 > Launch Template Version > Discovery
- AWS > EC2 > Launch Template Version > Usage
- AWS > EC2 > Listener Rule > Active
- AWS > EC2 > Listener Rule > Approved
- AWS > EC2 > Listener Rule > CMDB
- AWS > EC2 > Listener Rule > Configured
- AWS > EC2 > Listener Rule > Discovery
- AWS > EC2 > Listener Rule > Usage
- AWS > EC2 > Load Balancer Listener > Active
- AWS > EC2 > Load Balancer Listener > Approved
- AWS > EC2 > Load Balancer Listener > CMDB
- AWS > EC2 > Load Balancer Listener > Configured
- AWS > EC2 > Load Balancer Listener > Discovery
- AWS > EC2 > Load Balancer Listener > SSL Policy
- AWS > EC2 > Load Balancer Listener > Usage
- AWS > EC2 > Network Interface > Active
- AWS > EC2 > Network Interface > Approved
- AWS > EC2 > Network Interface > CMDB
- AWS > EC2 > Network Interface > Configured
- AWS > EC2 > Network Interface > Discovery
- AWS > EC2 > Network Interface > Tags
- AWS > EC2 > Network Interface > Usage
- AWS > EC2 > Network Load Balancer > Access Logging
- AWS > EC2 > Network Load Balancer > Active
- AWS > EC2 > Network Load Balancer > Approved
- AWS > EC2 > Network Load Balancer > CMDB
- AWS > EC2 > Network Load Balancer > Configured
- AWS > EC2 > Network Load Balancer > Discovery
- AWS > EC2 > Network Load Balancer > Tags
- AWS > EC2 > Network Load Balancer > Usage
- AWS > EC2 > Snapshot > Active
- AWS > EC2 > Snapshot > Approved
- AWS > EC2 > Snapshot > CMDB
- AWS > EC2 > Snapshot > Configured
- AWS > EC2 > Snapshot > Discovery
- AWS > EC2 > Snapshot > Tags
- AWS > EC2 > Snapshot > Trusted Access
- AWS > EC2 > Snapshot > Usage
- AWS > EC2 > Target Group > Active
- AWS > EC2 > Target Group > Approved
- AWS > EC2 > Target Group > CMDB
- AWS > EC2 > Target Group > Configured
- AWS > EC2 > Target Group > Discovery
- AWS > EC2 > Target Group > Tags
- AWS > EC2 > Target Group > Usage
- AWS > EC2 > Volume > Active
- AWS > EC2 > Volume > Approved
- AWS > EC2 > Volume > CMDB
- AWS > EC2 > Volume > Configured
- AWS > EC2 > Volume > Discovery
- AWS > EC2 > Volume > Performance Configuration
- AWS > EC2 > Volume > Tags
- AWS > EC2 > Volume > Usage
AWS > EC2 > AMI > Active
Take an action when an AWS EC2 ami is not active based on theAWS > EC2 > AMI > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > AMI > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/amiActive
AWS > EC2 > AMI > Approved
Take an action when an AWS EC2 ami is not approved based on AWS > EC2 > AMI > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/amiApproved
AWS > EC2 > AMI > CMDB
Record and synchronize details for the AWS EC2 ami into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > AMI > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/amiCmdb
AWS > EC2 > AMI > Configured
Maintain AWS > EC2 > AMI configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/amiConfigured
AWS > EC2 > AMI > Discovery
Discover all AWS EC2 ami resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > AMI > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/amiDiscovery
AWS > EC2 > AMI > Tags
Take an action when an AWS EC2 ami tags is not updated based on the AWS > EC2 > AMI > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > AMI > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/amiTags
AWS > EC2 > AMI > Trusted Access
Manage trusted access for AWS EC2 AMIs.
AWS allows EC2 AMIs to be shared with specific AWS accounts.
This control allows you to configure whether such sharing is allowed, and to which accounts.
If set to Enforce
, access to non-trusted accounts will be removed.
tmod:@turbot/aws-ec2#/control/types/amiTrustedAccess
AWS > EC2 > AMI > Usage
The Usage control determines whether the number of AWS EC2 ami resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > AMI > Usage
policy, and set the limit with the AWS > EC2 > AMI > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/amiUsage
AWS > EC2 > Account Attributes > Block Public Access for AMIs
Configure Block Public Access settings for Amazon Machine Images (AMIs) on AWS > EC2 > Account Attributes
.
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesBlockPublicImageAccess
AWS > EC2 > Account Attributes > Block Public Access for Snapshots
Configure Block Public Access settings for Snapshots on AWS > EC2 > Account Attributes
.
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesBlockPublicAccessForSnapshot
AWS > EC2 > Account Attributes > CMDB
Record and synchronize details for the AWS EC2 account attributes into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Account Attributes > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesCmdb
AWS > EC2 > Account Attributes > Discovery
Discover all AWS EC2 account attributes resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Account Attributes > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesDiscovery
AWS > EC2 > Account Attributes > EBS Encryption by Default
Define the EBS Encryption by Default settings required for AWS > EC2 > Account Attributes
.
Encryption at Rest refers specifically to the encryption of data when written
to an underlying storage system. This control determines whether the resource
is encrypted at rest, and sets encryption to your desired level.
The EBS Encryption by Default control compares the encryption settings against the encryption policies for the resource
(AWS > EC2 > Account Attributes > EBS Encryption by Default > *
),
raises an alarm, and takes the defined enforcement action.
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesEbsEncryptionByDefault
AWS > EC2 > Account Attributes > Instance Metadata Service Defaults
Instance metadata is data about your instance that you can use to configure or manage the running instance.
Instance metadata is divided into categories, for example, host name, events, and security groups.
Instance metadata can be accessed from a running instance using one of the following methods:
Instance Metadata Service Version 1 (IMDSv1) – a request/response method
Instance Metadata Service Version 2 (IMDSv2) – a session-oriented method
By default, you can use either IMDSv1 or IMDSv2, or both. However, the instance metadata service can be specifically
configured to use IMDSv2 on each instance. When you specify that IMDSv2 must be used, IMDSv1 no longer works.
tmod:@turbot/aws-ec2#/control/types/ec2AccountAttributesInstanceMetadataServiceDefaults
AWS > EC2 > Application Load Balancer > Access Logging
Define the Access Logging settings required for AWS > EC2 > Application Load Balancer
.AWS > EC2 > Application Load Balancer
provides access logs that capture
detailed information about requests sent to your load
balancer. Each log contains information such as the time the
request was received, the client's IP address, latencies,
request paths, and server responses. You can use these
access logs to analyze traffic patterns and troubleshoot
issues.
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerAccessLogging
AWS > EC2 > Application Load Balancer > Active
Take an action when an AWS EC2 application load balancer is not active based on theAWS > EC2 > Application Load Balancer > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Application Load Balancer > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerActive
AWS > EC2 > Application Load Balancer > Approved
Take an action when an AWS EC2 application load balancer is not approved based on AWS > EC2 > Application Load Balancer > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerApproved
AWS > EC2 > Application Load Balancer > CMDB
Record and synchronize details for the AWS EC2 application load balancer into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Application Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerCmdb
AWS > EC2 > Application Load Balancer > Configured
Maintain AWS > EC2 > Application Load Balancer configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerConfigured
AWS > EC2 > Application Load Balancer > Discovery
Discover all AWS EC2 application load balancer resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Application Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerDiscovery
AWS > EC2 > Application Load Balancer > Tags
Take an action when an AWS EC2 application load balancer tags is not updated based on the AWS > EC2 > Application Load Balancer > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Application Load Balancer > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerTags
AWS > EC2 > Application Load Balancer > Usage
The Usage control determines whether the number of AWS EC2 application load balancer resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Application Load Balancer > Usage
policy, and set the limit with the AWS > EC2 > Application Load Balancer > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/applicationLoadBalancerUsage
AWS > EC2 > Auto Scaling Group > Active
Take an action when an AWS EC2 auto scaling group is not active based on theAWS > EC2 > Auto Scaling Group > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Auto Scaling Group > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupActive
AWS > EC2 > Auto Scaling Group > Approved
Take an action when an AWS EC2 auto scaling group is not approved based on AWS > EC2 > Auto Scaling Group > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupApproved
AWS > EC2 > Auto Scaling Group > CMDB
Record and synchronize details for the AWS EC2 auto scaling group into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Auto Scaling Group > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupCmdb
AWS > EC2 > Auto Scaling Group > Discovery
Discover all AWS EC2 auto scaling group resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Auto Scaling Group > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupDiscovery
AWS > EC2 > Auto Scaling Group > Tags
Take an action when an AWS EC2 auto scaling group tags is not updated based on the AWS > EC2 > Auto Scaling Group > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Auto Scaling Group > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupTags
AWS > EC2 > Auto Scaling Group > Usage
The Usage control determines whether the number of AWS EC2 auto scaling group resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Auto Scaling Group > Usage
policy, and set the limit with the AWS > EC2 > Auto Scaling Group > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/autoScalingGroupUsage
AWS > EC2 > Classic Load Balancer > Access Logging
Define the Access Logging settings required for AWS > EC2 > Classic Load Balancer
.AWS > EC2 > Classic Load Balancer
provides access logs that capture
detailed information about requests sent to your load
balancer. Each log contains information such as the time the
request was received, the client's IP address, latencies,
request paths, and server responses. You can use these
access logs to analyze traffic patterns and troubleshoot
issues.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerAccessLogging
AWS > EC2 > Classic Load Balancer > Active
Take an action when an AWS EC2 classic load balancer is not active based on theAWS > EC2 > Classic Load Balancer > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Classic Load Balancer > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerActive
AWS > EC2 > Classic Load Balancer > Approved
Take an action when an AWS EC2 classic load balancer is not approved based on AWS > EC2 > Classic Load Balancer > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerApproved
AWS > EC2 > Classic Load Balancer > CMDB
Record and synchronize details for the AWS EC2 classic load balancer into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Classic Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerCmdb
AWS > EC2 > Classic Load Balancer > Configured
Maintain AWS > EC2 > Classic Load Balancer configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerConfigured
AWS > EC2 > Classic Load Balancer > Discovery
Discover all AWS EC2 classic load balancer resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Classic Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerDiscovery
AWS > EC2 > Classic Load Balancer > Tags
Take an action when an AWS EC2 classic load balancer tags is not updated based on the AWS > EC2 > Classic Load Balancer > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Classic Load Balancer > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerTags
AWS > EC2 > Classic Load Balancer > Usage
The Usage control determines whether the number of AWS EC2 classic load balancer resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Classic Load Balancer > Usage
policy, and set the limit with the AWS > EC2 > Classic Load Balancer > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerUsage
AWS > EC2 > Classic Load Balancer Listener > Active
Take an action when an AWS EC2 classic load balancer listener is not active based on theAWS > EC2 > Classic Load Balancer Listener > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Classic Load Balancer Listener > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerActive
AWS > EC2 > Classic Load Balancer Listener > Approved
Take an action when an AWS EC2 classic load balancer listener is not approved based on AWS > EC2 > Classic Load Balancer Listener > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerApproved
AWS > EC2 > Classic Load Balancer Listener > CMDB
Record and synchronize details for the AWS EC2 classic load balancer listener into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Classic Load Balancer Listener > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerCmdb
AWS > EC2 > Classic Load Balancer Listener > Discovery
Discover all AWS EC2 classic load balancer listener resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Classic Load Balancer Listener > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerDiscovery
AWS > EC2 > Classic Load Balancer Listener > SSL Policy
Take an action when an AWS EC2 classic load balancer listener is not using an allowed SSL policy.
If the SSL policy specified in the AWS > EC2 > Classic Load Balancer Listener > SSL Policy > Default
policy is not in the AWS > EC2 > Classic Load Balancer Listener > SSL Policy > Allowed
policy, the control will move to invalid
to prevent a conflict.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerSslPolicy
AWS > EC2 > Classic Load Balancer Listener > Usage
The Usage control determines whether the number of AWS EC2 classic load balancer listener resources exceeds the configured usage limit for this classicLoadBalancer.
You can configure the behavior of this control with the AWS > EC2 > Classic Load Balancer Listener > Usage
policy, and set the limit with the AWS > EC2 > Classic Load Balancer Listener > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/classicLoadBalancerListenerUsage
AWS > EC2 > Gateway Load Balancer > Active
Take an action when an AWS EC2 gateway load balancer is not active based on theAWS > EC2 > Gateway Load Balancer > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Gateway Load Balancer > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerActive
AWS > EC2 > Gateway Load Balancer > Approved
Take an action when an AWS EC2 gateway load balancer is not approved based on AWS > EC2 > Gateway Load Balancer > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerApproved
AWS > EC2 > Gateway Load Balancer > CMDB
Record and synchronize details for the AWS EC2 gateway load balancer into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Gateway Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerCmdb
AWS > EC2 > Gateway Load Balancer > Discovery
Discover all AWS EC2 gateway load balancer resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Gateway Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerDiscovery
AWS > EC2 > Gateway Load Balancer > Tags
Take an action when an AWS EC2 gateway load balancer tags is not updated based on the AWS > EC2 > Gateway Load Balancer > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Gateway Load Balancer > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerTags
AWS > EC2 > Gateway Load Balancer > Usage
The Usage control determines whether the number of AWS EC2 gateway load balancer resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Gateway Load Balancer > Usage
policy, and set the limit with the AWS > EC2 > Gateway Load Balancer > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/gatewayLoadBalancerUsage
AWS > EC2 > Instance > Active
Take an action when an AWS EC2 instance is not active based on theAWS > EC2 > Instance > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Instance > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/instanceActive
AWS > EC2 > Instance > Approved
Take an action when an AWS EC2 instance is not approved based on AWS > EC2 > Instance > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/instanceApproved
AWS > EC2 > Instance > CMDB
Record and synchronize details for the AWS EC2 instance into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Instance > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/instanceCmdb
AWS > EC2 > Instance > Configured
Maintain AWS > EC2 > Instance configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/instanceConfigured
AWS > EC2 > Instance > Detailed Monitoring
Define the Detailed Monitoring settings required for AWS > EC2 > Instance > Detailed Monitoring
.
If detailed monitoring is enabled then Amazon EC2 console displays monitoring graphs with a 1-minute period for the instance.
Note: Enabling detailed monitoring will incur additional charges.
tmod:@turbot/aws-ec2#/control/types/instanceDetailedMonitoring
AWS > EC2 > Instance > Discovery
Discover all AWS EC2 instance resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Instance > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/instanceDiscovery
AWS > EC2 > Instance > Instance Profile
Determine whether the IAM instance profile is attached to instance.
tmod:@turbot/aws-ec2#/control/types/instanceInstanceProfile
AWS > EC2 > Instance > Metadata Service
Instance metadata is data about your instance that you can use to configure or manage the running instance.
Instance metadata is divided into categories, for example, host name, events, and security groups.
Instance metadata can be accessed from a running instance using one of the following methods:
Instance Metadata Service Version 1 (IMDSv1) – a request/response method
Instance Metadata Service Version 2 (IMDSv2) – a session-oriented method
By default, you can use either IMDSv1 or IMDSv2, or both. However, the instance metadata service can be specifically
configured to use IMDSv2 on each instance. When you specify that IMDSv2 must be used, IMDSv1 no longer works.
tmod:@turbot/aws-ec2#/control/types/instanceMetadataService
AWS > EC2 > Instance > Schedule
Set a schedule for starting and stopping an AWS EC2 instance.
Note If both "Schedule" and "Schedule Tag" are set to enforce and the
instance has a turbot_custom_schedule tag, then the schedule specified by
the tag will be in effect.
tmod:@turbot/aws-ec2#/control/types/instanceSchedule
AWS > EC2 > Instance > Tags
Take an action when an AWS EC2 instance tags is not updated based on the AWS > EC2 > Instance > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Instance > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/instanceTags
AWS > EC2 > Instance > Termination Protection
Define the Termination Protection settings required for AWS > EC2 > Instance > Termination Protection
.
It allows to prevent an instance from being terminated accidentally by someone using the AWS Management Console, the CLI, and the API.
tmod:@turbot/aws-ec2#/control/types/instanceTerminationProtection
AWS > EC2 > Instance > Usage
The Usage control determines whether the number of AWS EC2 instance resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Instance > Usage
policy, and set the limit with the AWS > EC2 > Instance > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/instanceUsage
AWS > EC2 > Key Pair > Active
Take an action when an AWS EC2 key pair is not active based on theAWS > EC2 > Key Pair > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Key Pair > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/keyPairActive
AWS > EC2 > Key Pair > Approved
Take an action when an AWS EC2 key pair is not approved based on AWS > EC2 > Key Pair > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/keyPairApproved
AWS > EC2 > Key Pair > CMDB
Record and synchronize details for the AWS EC2 key pair into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Key Pair > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/keyPairCmdb
AWS > EC2 > Key Pair > Discovery
Discover all AWS EC2 key pair resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Key Pair > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/keyPairDiscovery
AWS > EC2 > Key Pair > Tags
Take an action when an AWS EC2 key pair tags is not updated based on the AWS > EC2 > Key Pair > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Key Pair > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/keyPairTags
AWS > EC2 > Key Pair > Usage
The Usage control determines whether the number of AWS EC2 key pair resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Key Pair > Usage
policy, and set the limit with the AWS > EC2 > Key Pair > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/keyPairUsage
AWS > EC2 > Launch Configuration > Active
Take an action when an AWS EC2 launch configuration is not active based on theAWS > EC2 > Launch Configuration > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Launch Configuration > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/launchConfigurationActive
AWS > EC2 > Launch Configuration > Approved
Take an action when an AWS EC2 launch configuration is not approved based on AWS > EC2 > Launch Configuration > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/launchConfigurationApproved
AWS > EC2 > Launch Configuration > CMDB
Record and synchronize details for the AWS EC2 launch configuration into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Launch Configuration > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/launchConfigurationCmdb
AWS > EC2 > Launch Configuration > Discovery
Discover all AWS EC2 launch configuration resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Launch Configuration > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/launchConfigurationDiscovery
AWS > EC2 > Launch Configuration > Usage
The Usage control determines whether the number of AWS EC2 launch configuration resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Launch Configuration > Usage
policy, and set the limit with the AWS > EC2 > Launch Configuration > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/launchConfigurationUsage
AWS > EC2 > Launch Template > Active
Take an action when an AWS EC2 launch template is not active based on theAWS > EC2 > Launch Template > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Launch Template > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/launchTemplateActive
AWS > EC2 > Launch Template > Approved
Take an action when an AWS EC2 launch template is not approved based on AWS > EC2 > Launch Template > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/launchTemplateApproved
AWS > EC2 > Launch Template > CMDB
Record and synchronize details for the AWS EC2 launch template into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Launch Template > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/launchTemplateCmdb
AWS > EC2 > Launch Template > Discovery
Discover all AWS EC2 launch template resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Launch Template > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/launchTemplateDiscovery
AWS > EC2 > Launch Template > Tags
Take an action when an AWS EC2 launch template tags is not updated based on the AWS > EC2 > Launch Template > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Launch Template > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/launchTemplateTags
AWS > EC2 > Launch Template > Usage
The Usage control determines whether the number of AWS EC2 launch template resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Launch Template > Usage
policy, and set the limit with the AWS > EC2 > Launch Template > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/launchTemplateUsage
AWS > EC2 > Launch Template Version > Active
Take an action when an AWS EC2 launch template version is not active based on theAWS > EC2 > Launch Template Version > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Launch Template Version > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionActive
AWS > EC2 > Launch Template Version > Approved
Take an action when an AWS EC2 launch template version is not approved based on AWS > EC2 > Launch Template Version > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionApproved
AWS > EC2 > Launch Template Version > CMDB
Record and synchronize details for the AWS EC2 launch template version into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Launch Template Version > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionCmdb
AWS > EC2 > Launch Template Version > Discovery
Discover all AWS EC2 launch template version resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Launch Template Version > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionDiscovery
AWS > EC2 > Launch Template Version > Usage
The Usage control determines whether the number of AWS EC2 launch template version resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Launch Template Version > Usage
policy, and set the limit with the AWS > EC2 > Launch Template Version > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/launchTemplateVersionUsage
AWS > EC2 > Listener Rule > Active
Take an action when an AWS EC2 listener rule is not active based on theAWS > EC2 > Listener Rule > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Listener Rule > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/listenerRuleActive
AWS > EC2 > Listener Rule > Approved
Take an action when an AWS EC2 listener rule is not approved based on AWS > EC2 > Listener Rule > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/listenerRuleApproved
AWS > EC2 > Listener Rule > CMDB
Record and synchronize details for the AWS EC2 listener rule into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Listener Rule > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/listenerRuleCmdb
AWS > EC2 > Listener Rule > Configured
Maintain AWS > EC2 > Listener Rule configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/listenerRuleConfigured
AWS > EC2 > Listener Rule > Discovery
Discover all AWS EC2 listener rule resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Listener Rule > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/listenerRuleDiscovery
AWS > EC2 > Listener Rule > Usage
The Usage control determines whether the number of AWS EC2 listener rule resources exceeds the configured usage limit for this applicationLoadBalancer.
You can configure the behavior of this control with the AWS > EC2 > Listener Rule > Usage
policy, and set the limit with the AWS > EC2 > Listener Rule > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/listenerRuleUsage
AWS > EC2 > Load Balancer Listener > Active
Take an action when an AWS EC2 load balancer listener is not active based on theAWS > EC2 > Load Balancer Listener > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Load Balancer Listener > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerActive
AWS > EC2 > Load Balancer Listener > Approved
Take an action when an AWS EC2 load balancer listener is not approved based on AWS > EC2 > Load Balancer Listener > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerApproved
AWS > EC2 > Load Balancer Listener > CMDB
Record and synchronize details for the AWS EC2 load balancer listener into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Load Balancer Listener > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerCmdb
AWS > EC2 > Load Balancer Listener > Configured
Maintain AWS > EC2 > Load Balancer Listener configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerConfigured
AWS > EC2 > Load Balancer Listener > Discovery
Discover all AWS EC2 load balancer listener resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Load Balancer Listener > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerDiscovery
AWS > EC2 > Load Balancer Listener > SSL Policy
Take an action when an AWS EC2 load balancer listener is not using an allowed SSL policy.
If the SSL policy specified in the AWS > EC2 > Load Balancer Listener > SSL Policy > Default
policy is not in the AWS > EC2 > Load Balancer Listener > SSL Policy > Allowed
policy, the control will move to invalid
to prevent a conflict.
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerSslPolicy
AWS > EC2 > Load Balancer Listener > Usage
The Usage control determines whether the number of AWS EC2 load balancer listener resources exceeds the configured usage limit for this applicationLoadBalancer.
You can configure the behavior of this control with the AWS > EC2 > Load Balancer Listener > Usage
policy, and set the limit with the AWS > EC2 > Load Balancer Listener > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/loadBalancerListenerUsage
AWS > EC2 > Network Interface > Active
Take an action when an AWS EC2 network interface is not active based on theAWS > EC2 > Network Interface > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Network Interface > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/networkInterfaceActive
AWS > EC2 > Network Interface > Approved
Take an action when an AWS EC2 network interface is not approved based on AWS > EC2 > Network Interface > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/networkInterfaceApproved
AWS > EC2 > Network Interface > CMDB
Record and synchronize details for the AWS EC2 network interface into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Network Interface > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/networkInterfaceCmdb
AWS > EC2 > Network Interface > Configured
Maintain AWS > EC2 > Network Interface configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/networkInterfaceConfigured
AWS > EC2 > Network Interface > Discovery
Discover all AWS EC2 network interface resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Network Interface > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/networkInterfaceDiscovery
AWS > EC2 > Network Interface > Tags
Take an action when an AWS EC2 network interface tags is not updated based on the AWS > EC2 > Network Interface > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Network Interface > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/networkInterfaceTags
AWS > EC2 > Network Interface > Usage
The Usage control determines whether the number of AWS EC2 network interface resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Network Interface > Usage
policy, and set the limit with the AWS > EC2 > Network Interface > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/networkInterfaceUsage
AWS > EC2 > Network Load Balancer > Access Logging
Define the Access Logging settings required for AWS > EC2 > Network Load Balancer
.AWS > EC2 > Network Load Balancer
provides access logs that capture
detailed information about requests sent to your load
balancer. Each log contains information such as the time the
request was received, the client's IP address, latencies,
request paths, and server responses. You can use these
access logs to analyze traffic patterns and troubleshoot
issues.
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerAccessLogging
AWS > EC2 > Network Load Balancer > Active
Take an action when an AWS EC2 network load balancer is not active based on theAWS > EC2 > Network Load Balancer > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Network Load Balancer > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerActive
AWS > EC2 > Network Load Balancer > Approved
Take an action when an AWS EC2 network load balancer is not approved based on AWS > EC2 > Network Load Balancer > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerApproved
AWS > EC2 > Network Load Balancer > CMDB
Record and synchronize details for the AWS EC2 network load balancer into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Network Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerCmdb
AWS > EC2 > Network Load Balancer > Configured
Maintain AWS > EC2 > Network Load Balancer configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerConfigured
AWS > EC2 > Network Load Balancer > Discovery
Discover all AWS EC2 network load balancer resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Network Load Balancer > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerDiscovery
AWS > EC2 > Network Load Balancer > Tags
Take an action when an AWS EC2 network load balancer tags is not updated based on the AWS > EC2 > Network Load Balancer > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Network Load Balancer > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerTags
AWS > EC2 > Network Load Balancer > Usage
The Usage control determines whether the number of AWS EC2 network load balancer resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Network Load Balancer > Usage
policy, and set the limit with the AWS > EC2 > Network Load Balancer > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/networkLoadBalancerUsage
AWS > EC2 > Snapshot > Active
Take an action when an AWS EC2 snapshot is not active based on theAWS > EC2 > Snapshot > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Snapshot > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/snapshotActive
AWS > EC2 > Snapshot > Approved
Take an action when an AWS EC2 snapshot is not approved based on AWS > EC2 > Snapshot > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/snapshotApproved
AWS > EC2 > Snapshot > CMDB
Record and synchronize details for the AWS EC2 snapshot into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Snapshot > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/snapshotCmdb
AWS > EC2 > Snapshot > Configured
Maintain AWS > EC2 > Snapshot configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/snapshotConfigured
AWS > EC2 > Snapshot > Discovery
Discover all AWS EC2 snapshot resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Snapshot > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/snapshotDiscovery
AWS > EC2 > Snapshot > Tags
Take an action when an AWS EC2 snapshot tags is not updated based on the AWS > EC2 > Snapshot > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Snapshot > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/snapshotTags
AWS > EC2 > Snapshot > Trusted Access
Manage trusted access for AWS EC2 Snapshots.
AWS allows EC2 Snapshots to be shared with specific AWS accounts.
This control allows you to configure whether such sharing is allowed, and to which accounts.
If set to Enforce
, access to non-trusted accounts will be removed.
tmod:@turbot/aws-ec2#/control/types/snapshotTrustedAccess
AWS > EC2 > Snapshot > Usage
The Usage control determines whether the number of AWS EC2 snapshot resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Snapshot > Usage
policy, and set the limit with the AWS > EC2 > Snapshot > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/snapshotUsage
AWS > EC2 > Target Group > Active
Take an action when an AWS EC2 target group is not active based on theAWS > EC2 > Target Group > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Target Group > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/targetGroupActive
AWS > EC2 > Target Group > Approved
Take an action when an AWS EC2 target group is not approved based on AWS > EC2 > Target Group > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/targetGroupApproved
AWS > EC2 > Target Group > CMDB
Record and synchronize details for the AWS EC2 target group into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Target Group > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/targetGroupCmdb
AWS > EC2 > Target Group > Configured
Maintain AWS > EC2 > Target Group configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/targetGroupConfigured
AWS > EC2 > Target Group > Discovery
Discover all AWS EC2 target group resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Target Group > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/targetGroupDiscovery
AWS > EC2 > Target Group > Tags
Take an action when an AWS EC2 target group tags is not updated based on the AWS > EC2 > Target Group > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Target Group > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/targetGroupTags
AWS > EC2 > Target Group > Usage
The Usage control determines whether the number of AWS EC2 target group resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Target Group > Usage
policy, and set the limit with the AWS > EC2 > Target Group > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/targetGroupUsage
AWS > EC2 > Volume > Active
Take an action when an AWS EC2 volume is not active based on theAWS > EC2 > Volume > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > EC2 > Volume > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-ec2#/control/types/volumeActive
AWS > EC2 > Volume > Approved
Take an action when an AWS EC2 volume is not approved based on AWS > EC2 > Volume > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-ec2#/control/types/volumeApproved
AWS > EC2 > Volume > CMDB
Record and synchronize details for the AWS EC2 volume into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > EC2 > Volume > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-ec2#/control/types/volumeCmdb
AWS > EC2 > Volume > Configured
Maintain AWS > EC2 > Volume configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-ec2#/control/types/volumeConfigured
AWS > EC2 > Volume > Discovery
Discover all AWS EC2 volume resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > EC2 > Volume > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-ec2#/control/types/volumeDiscovery
AWS > EC2 > Volume > Performance Configuration
Define the parameters required for AWS > EC2 > Volume
.
Please refer Solid state derive (SSD) volumes for more details on EBS Volume Types and its parameters.
tmod:@turbot/aws-ec2#/control/types/volumeConfiguration
AWS > EC2 > Volume > Tags
Take an action when an AWS EC2 volume tags is not updated based on the AWS > EC2 > Volume > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > EC2 > Volume > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-ec2#/control/types/volumeTags
AWS > EC2 > Volume > Usage
The Usage control determines whether the number of AWS EC2 volume resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > EC2 > Volume > Usage
policy, and set the limit with the AWS > EC2 > Volume > Usage > Limit
policy.
tmod:@turbot/aws-ec2#/control/types/volumeUsage