@turbot/aws-inspector
The aws-inspector mod contains resource, control and policy definitions for AWS Inspector service.
- Setting Policies Tutorial
- Mods Overview
- Policies Overview
- Resources Overview
- Common Policies and Controls
Recommended Version
Version
5.2.0
Released On
Nov 09, 2023
Depends On
Resource Types
Control Types
- AWS > Inspector > Assessment Target > Active
- AWS > Inspector > Assessment Target > Approved
- AWS > Inspector > Assessment Target > CMDB
- AWS > Inspector > Assessment Target > Discovery
- AWS > Inspector > Assessment Target > Usage
- AWS > Inspector > Assessment Template > Active
- AWS > Inspector > Assessment Template > Approved
- AWS > Inspector > Assessment Template > CMDB
- AWS > Inspector > Assessment Template > Discovery
- AWS > Inspector > Assessment Template > Tags
- AWS > Inspector > Assessment Template > Usage
Policy Types
- AWS > Inspector > API Enabled
- AWS > Inspector > Approved Regions [Default]
- AWS > Inspector > Assessment Target > Active
- AWS > Inspector > Assessment Target > Active > Age
- AWS > Inspector > Assessment Target > Active > Budget
- AWS > Inspector > Assessment Target > Active > Last Modified
- AWS > Inspector > Assessment Target > Approved
- AWS > Inspector > Assessment Target > Approved > Budget
- AWS > Inspector > Assessment Target > Approved > Custom
- AWS > Inspector > Assessment Target > Approved > Regions
- AWS > Inspector > Assessment Target > Approved > Usage
- AWS > Inspector > Assessment Target > CMDB
- AWS > Inspector > Assessment Target > Regions
- AWS > Inspector > Assessment Target > Usage
- AWS > Inspector > Assessment Target > Usage > Limit
- AWS > Inspector > Assessment Template > Active
- AWS > Inspector > Assessment Template > Active > Age
- AWS > Inspector > Assessment Template > Active > Budget
- AWS > Inspector > Assessment Template > Active > Last Modified
- AWS > Inspector > Assessment Template > Approved
- AWS > Inspector > Assessment Template > Approved > Budget
- AWS > Inspector > Assessment Template > Approved > Custom
- AWS > Inspector > Assessment Template > Approved > Regions
- AWS > Inspector > Assessment Template > Approved > Usage
- AWS > Inspector > Assessment Template > CMDB
- AWS > Inspector > Assessment Template > Regions
- AWS > Inspector > Assessment Template > Tags
- AWS > Inspector > Assessment Template > Tags > Template
- AWS > Inspector > Assessment Template > Usage
- AWS > Inspector > Assessment Template > Usage > Limit
- AWS > Inspector > Enabled
- AWS > Inspector > Permissions
- AWS > Inspector > Permissions > Levels
- AWS > Inspector > Permissions > Levels > Modifiers
- AWS > Inspector > Permissions > Lockdown
- AWS > Inspector > Permissions > Lockdown > API Boundary
- AWS > Inspector > Regions
- AWS > Inspector > Tags Template [Default]
- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-inspector
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-inspector
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-inspector
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-inspector
Release Notes
5.2.0 (2023-11-09)
What's new?
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Resource's metadata will now also include
createdBy
details in Turbot CMDB.
Policy Types
- AWS > Inspector > Assessment Target > Approved > Custom
- AWS > Inspector > Assessment Template > Approved > Custom
Action Types
- AWS > Inspector > Assessment Target > Delete from AWS
- AWS > Inspector > Assessment Target > Skip alarm for Active control
- AWS > Inspector > Assessment Target > Skip alarm for Active control [90 days]
- AWS > Inspector > Assessment Target > Skip alarm for Approved control
- AWS > Inspector > Assessment Target > Skip alarm for Approved control [90 days]
- AWS > Inspector > Assessment Template > Delete from AWS
- AWS > Inspector > Assessment Template > Set Tags
- AWS > Inspector > Assessment Template > Skip alarm for Active control
- AWS > Inspector > Assessment Template > Skip alarm for Active control [90 days]
- AWS > Inspector > Assessment Template > Skip alarm for Approved control
- AWS > Inspector > Assessment Template > Skip alarm for Approved control [90 days]
- AWS > Inspector > Assessment Template > Skip alarm for Tags control
- AWS > Inspector > Assessment Template > Skip alarm for Tags control [90 days]
5.1.0 (2020-10-12)
What's new?
- We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to
Skip
, its Active control will move toinvalid
to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available. - We've renamed the service's default regions policy from
Regions [Default]
toRegions
to be consistent with our other regions policies. - Discovery controls now have their own control category,
CMDB > Discovery
, to allow for easier filtering separately from other CMDB controls.
Bug fixes
- We've made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There's no noticeable difference, but things should run more reliably now.
Policy Types
Renamed
- AWS > Inspector > Regions [Default] to AWS > Inspector > Regions
5.0.6 (2020-08-14)
Bug fixes
- In various Active controls, we were outputting log messages that did not properly show how many days were left until we'd delete the inactive resources (we were still deleting them after the correct number of days). These log messages have been fixed and now contain the correct number of days.
5.0.5 (2020-07-07)
Bug fixes
- Sometimes when updating CMDB for resources with tags that have empty string values, e.g.,
[{Key: "Empty", Value: ""}, {Key: "Guardrails is great", Value: "true"}]
, we would not store all of the tags correctly. This has been fixed and now all tags are accounted for.
5.0.4 (2020-06-16)
What's new?
- All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.
5.0.3 (2020-05-14)
Bug fixes
- Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.