@turbot/aws-efs
The aws-efs mod contains resource, control and policy definitions for AWS EFS service.
Resource Types
Resource types covered by this mod:
Permissions
Taking a look at permissions and associated grant levels for each permission for EFS:
| Permission | Grant Level | Help |
|---|---|---|
| elasticfilesystem:Backup | Admin | |
| elasticfilesystem:ClientMount | Admin | |
| elasticfilesystem:ClientRootAccess | Admin | |
| elasticfilesystem:ClientWrite | Admin | |
| elasticfilesystem:CreateAccessPoint | Admin | |
| elasticfilesystem:CreateFileSystem | Admin | |
| elasticfilesystem:CreateMountTarget | Admin | |
| elasticfilesystem:CreateReplicationConfiguration | Admin | |
| elasticfilesystem:CreateTags | Operator | Operators can manage tagging and modifying existing file systems. |
| elasticfilesystem:DeleteAccessPoint | Admin | |
| elasticfilesystem:DeleteFileSystem | Admin | |
| elasticfilesystem:DeleteFileSystemPolicy | Admin | |
| elasticfilesystem:DeleteMountTarget | Admin | |
| elasticfilesystem:DeleteReplicationConfiguration | Admin | |
| elasticfilesystem:DeleteTags | Operator | Operators can manage tagging and modifying existing file systems. |
| elasticfilesystem:DescribeAccessPoints | Metadata | |
| elasticfilesystem:DescribeAccountPreferences | Metadata | |
| elasticfilesystem:DescribeBackupPolicy | Metadata | |
| elasticfilesystem:DescribeFileSystemPolicy | Metadata | |
| elasticfilesystem:DescribeFileSystems | Metadata | |
| elasticfilesystem:DescribeLifecycleConfiguration | Metadata | |
| elasticfilesystem:DescribeMountTargetSecurityGroups | Metadata | |
| elasticfilesystem:DescribeMountTargets | Metadata | |
| elasticfilesystem:DescribeReplicationConfigurations | Metadata | |
| elasticfilesystem:DescribeTags | Metadata | |
| elasticfilesystem:ListTagsForResource | Metadata | |
| elasticfilesystem:ModifyMountTargetSecurityGroups | Operator | Operators can manage tagging and modifying existing file systems. |
| elasticfilesystem:PutAccountPreferences | Admin | |
| elasticfilesystem:PutBackupPolicy | Admin | |
| elasticfilesystem:PutFileSystemPolicy | Admin | |
| elasticfilesystem:PutLifecycleConfiguration | Admin | |
| elasticfilesystem:Restore | Admin | |
| elasticfilesystem:TagResource | Operator | |
| elasticfilesystem:UntagResource | Operator | |
| elasticfilesystem:UpdateFileSystem | Admin |
Learn More About Guardrails
- Setting Policies Tutorial
- Mods Overview
- Policies Overview
- Resources Overview
- Common Policies and Controls
Recommended Version
Version
5.7.0
Released On
Sep 01, 2023
Depends On
Resource Types
Control Types
- AWS > EFS > FileSystem > Active
- AWS > EFS > FileSystem > Approved
- AWS > EFS > FileSystem > CMDB
- AWS > EFS > FileSystem > Discovery
- AWS > EFS > FileSystem > Tags
- AWS > EFS > FileSystem > Usage
- AWS > EFS > Mount Target > Active
- AWS > EFS > Mount Target > Approved
- AWS > EFS > Mount Target > CMDB
- AWS > EFS > Mount Target > Discovery
- AWS > EFS > Mount Target > Usage
Policy Types
- AWS > EFS > API Enabled
- AWS > EFS > Approved Regions [Default]
- AWS > EFS > Enabled
- AWS > EFS > FileSystem > Active
- AWS > EFS > FileSystem > Active > Age
- AWS > EFS > FileSystem > Active > Budget
- AWS > EFS > FileSystem > Active > Last Modified
- AWS > EFS > FileSystem > Approved
- AWS > EFS > FileSystem > Approved > Budget
- AWS > EFS > FileSystem > Approved > Custom
- AWS > EFS > FileSystem > Approved > Encryption at Rest
- AWS > EFS > FileSystem > Approved > Encryption at Rest > Customer Managed Key
- AWS > EFS > FileSystem > Approved > Regions
- AWS > EFS > FileSystem > Approved > Usage
- AWS > EFS > FileSystem > CMDB
- AWS > EFS > FileSystem > Regions
- AWS > EFS > FileSystem > Tags
- AWS > EFS > FileSystem > Tags > Template
- AWS > EFS > FileSystem > Usage
- AWS > EFS > FileSystem > Usage > Limit
- AWS > EFS > Mount Target > Active
- AWS > EFS > Mount Target > Active > Age
- AWS > EFS > Mount Target > Active > Last Modified
- AWS > EFS > Mount Target > Approved
- AWS > EFS > Mount Target > Approved > Custom
- AWS > EFS > Mount Target > Approved > Regions
- AWS > EFS > Mount Target > Approved > Usage
- AWS > EFS > Mount Target > CMDB
- AWS > EFS > Mount Target > Regions
- AWS > EFS > Mount Target > Usage
- AWS > EFS > Mount Target > Usage > Limit
- AWS > EFS > Permissions
- AWS > EFS > Permissions > Levels
- AWS > EFS > Permissions > Levels > Modifiers
- AWS > EFS > Permissions > Lockdown
- AWS > EFS > Permissions > Lockdown > API Boundary
- AWS > EFS > Regions
- AWS > EFS > Tags Template [Default]
- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-efs
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-efs
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-efs
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-efs
Release Notes
5.7.0 (2023-09-01)
What's new?
- Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
Bug fixes
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.6.0 (2023-05-24)
What's new?
- README.md file is now available for users to check details about the resource types and service permissions that the mod covers.
Bug fixes
- Guardrails would sometimes fail to process real-time tagging events for
AWS > EFS > File Systemcorrectly. This is now fixed.
Policy Types
Added
- AWS > EFS > FileSystem > Approved > Custom
- AWS > EFS > Mount Target > Approved > Custom
Action Types
Added
- AWS > EFS > FileSystem > Delete from AWS
- AWS > EFS > FileSystem > Set Tags
- AWS > EFS > FileSystem > Skip alarm for Active control
- AWS > EFS > FileSystem > Skip alarm for Active control [90 days]
- AWS > EFS > FileSystem > Skip alarm for Approved control
- AWS > EFS > FileSystem > Skip alarm for Approved control [90 days]
- AWS > EFS > FileSystem > Skip alarm for Tags control
- AWS > EFS > FileSystem > Skip alarm for Tags control [90 days]
- AWS > EFS > Mount Target > Delete from AWS
- AWS > EFS > Mount Target > Skip alarm for Active control
- AWS > EFS > Mount Target > Skip alarm for Active control [90 days]
- AWS > EFS > Mount Target > Skip alarm for Approved control
- AWS > EFS > Mount Target > Skip alarm for Approved control [90 days]
5.5.1 (2020-12-24)
Bug fixes
- Controls run faster now when in the
tbdandskippedstates thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when intbdandskipped, resulting in faster and lighter control runs.
5.5.0 (2020-09-29)
What's new?
- The file system policy for the specified EFS file system will now be available in its
Policyfield.
Bug fixes
- We've made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There's no noticeable difference, but things should run more reliably now.
5.4.0 (2020-09-01)
What's new?
- Discovery controls now have their own control category,
CMDB > Discovery, to allow for easier filtering separately from other CMDB controls. - We've renamed the service's default regions policy from
Regions [Default]toRegionsto be consistent with our other regions policies.
5.3.3 (2020-08-17)
Bug fixes
- In various Active controls, we were outputting log messages that did not properly show how many days were left until we'd delete the inactive resources (we were still deleting them after the correct number of days). These log messages have been fixed and now contain the correct number of days.
5.3.2 (2020-07-01)
Bug fixes
- Sometimes when updating CMDB for resources with tags that have empty string values, e.g.,
[{Key: "Empty", Value: ""}, {Key: "Turbot is great", Value: "true"}], we would not store all of the tags correctly. This has been fixed and now all tags are accounted for.
5.3.1 (2020-06-16)
What's new?
- All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.
5.3.0 (2020-05-14)
What's new?
- Updated
AWS > EFS > Regionspolicy default value to now includecn-north-1,cn-northwest-1,us-gov-east-1.
Bug fixes
- Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.