Recommended Version

Version

5.19.0

Released On

Jul 21, 2023

Depends On

@turbot/aws ^5.0.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.1.0
@turbot/aws-iam ^5.1.0

Resource Types

Control Types

Policy Types

Release Notes

5.19.0 (2023-07-21)

What's new?

Resource's metadata will now also include createdBy details in Turbot CMDB.
AWS/Redshift/Admin, AWS/Redshift/Metadata and AWS/Redshift/Operator now include permissions for SQL Workbench Account Settings and Notebooks.
README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

Bug fixes

We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Action Types

Added

AWS > Redshift > Cluster > Delete from AWS
AWS > Redshift > Cluster > Set Tags
AWS > Redshift > Cluster > Skip alarm for Active control
AWS > Redshift > Cluster > Skip alarm for Active control [90 days]
AWS > Redshift > Cluster > Skip alarm for Approved control
AWS > Redshift > Cluster > Skip alarm for Approved control [90 days]
AWS > Redshift > Cluster > Skip alarm for Encryption at Rest control
AWS > Redshift > Cluster > Skip alarm for Encryption at Rest control [90 days]
AWS > Redshift > Cluster > Skip alarm for Tags control
AWS > Redshift > Cluster > Skip alarm for Tags control [90 days]
AWS > Redshift > Cluster Parameter Group > Delete from AWS
AWS > Redshift > Cluster Parameter Group > Set Tags
AWS > Redshift > Cluster Parameter Group > Skip alarm for Active control
AWS > Redshift > Cluster Parameter Group > Skip alarm for Active control [90 days]
AWS > Redshift > Cluster Parameter Group > Skip alarm for Approved control
AWS > Redshift > Cluster Parameter Group > Skip alarm for Approved control [90 days]
AWS > Redshift > Cluster Parameter Group > Skip alarm for Tags control
AWS > Redshift > Cluster Parameter Group > Skip alarm for Tags control [90 days]
AWS > Redshift > Cluster Subnet Group > Delete from AWS
AWS > Redshift > Cluster Subnet Group > Set Tags
AWS > Redshift > Cluster Subnet Group > Skip alarm for Active control
AWS > Redshift > Cluster Subnet Group > Skip alarm for Active control [90 days]
AWS > Redshift > Cluster Subnet Group > Skip alarm for Approved control
AWS > Redshift > Cluster Subnet Group > Skip alarm for Approved control [90 days]
AWS > Redshift > Cluster Subnet Group > Skip alarm for Tags control
AWS > Redshift > Cluster Subnet Group > Skip alarm for Tags control [90 days]
AWS > Redshift > Manual Cluster Snapshot > Delete from AWS
AWS > Redshift > Manual Cluster Snapshot > Set Tags
AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Active control
AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Active control [90 days]
AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Approved control
AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Approved control [90 days]
AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Tags control
AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Tags control [90 days]

5.18.0 (2022-02-16)

What's new?

Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

We've improved the process of deleting resources from Turbot if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Turbot's IAM role while deleting resources from Turbot. This will allow the CMDB controls to process resource deletions from Turbot more reliably than before.

Policy Types

Added

AWS > Redshift > Cluster > Approved > Custom
AWS > Redshift > Cluster Parameter Group > Approved > Custom
AWS > Redshift > Cluster Subnet Group > Approved > Custom
AWS > Redshift > Manual Cluster Snapshot > Approved > Custom

5.17.2 (2022-02-01)

Bug fixes

We've made a few improvements in the GraphQL query for AWS > Redshift > Cluster > Encryption At Rest control. You won't notice any difference, but things should run lighter and quicker than before.
The AWS > Redshift > Cluster > Schedule control would incorrectly go into a skipped state if the AWS > Redshift > Cluster > Schedule policy was set to Skip but the AWS > Redshift > Cluster > Schedule Tag policy was set to Enforce: Schedule per turbot_custom_schedule tag. This is fixed and the control will now work as expected.

5.17.1 (2022-01-20)

Bug fixes

The AWS > Redshift > Cluster > Schedule control would incorrectly go into an error state if the corresponding CMDB control was in error and the AWS > Redshift > Cluster > Schedule policy was set to Skip. This is fixed and the control will now work as expected.

5.17.0 (2022-01-04)

What's new?

AWS/Redshift/Admin AWS/Redshift/Metadata AWS/Redshift/Operator now include permissions for Partner, Data Share, Endpoint Access and Authentication Profile.

5.16.0 (2021-11-26)

What's new?

AWS/Redshift/Admin, AWS/Redshift/Operator and AWS/Redshift/Metadata now includes permissions for SQL Workbench.

5.15.0 (2021-11-11)

What's new?

AWS/Redshift/Admin and AWS/Redshift/Metadata now includes permissions for Redshift Data.

5.14.0 (2021-07-14)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

5.13.0 (2021-06-25)

Control Types

Added

AWS > Redshift > Cluster > Backup Retention Period

Policy Types

Added

AWS > Redshift > Cluster > Backup Retention Period
AWS > Redshift > Cluster > Backup Retention Period > Days

Action Types

Added

AWS > Redshift > Cluster > Update Backup Retention Period

5.12.0 (2021-02-24)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

5.11.3 (2021-02-03)

Bug fixes

The policy titles for AWS > Redshift > Cluster > Cluster Publicly Accessible and AWS > Redshift > Cluster > Parameter Group > Parameter Group Name have been updated to AWS > Redshift > Cluster > Publicly Accessible and AWS > Redshift > Cluster > Parameter Group > Name respectively to remove redundant wording. Both policies' URIs are still the same, so no migration action is required.

Policy Types

Renamed

AWS > Redshift > Cluster > Parameter Group > Parameter Group Name to AWS > Redshift > Cluster > Parameter Group > Name
AWS > Redshift > Cluster > Cluster Publicly Accessible to AWS > Redshift > Cluster > Publicly Accessible

5.11.2 (2021-01-27)

Bug fixes

The AWS > Redshift > Cluster > Audit Logging and AWS > Redshift > Cluster > Encryption in Transit controls will now move to invalid instead of tbd if the cluster’s attached parameter group is not in CMDB to provide better awareness around the missing information.

5.11.1 (2021-01-13)

Bug fixes

AWS > Redshift > Cluster > Encryption in Transit and AWS > Redshift > Cluster > Audit Logging controls would remain in an error state for a cluster if its attached parameter group is not upserted into Turbot's CMDB. This issue has been fixed and now the control remains in TBD state instead of moving into an error state.

5.11.0 (2020-12-22)

What's new?

With the addition of AWS > Redshift > Cluster > Parameter Group control, you can now ensure a specific parameter group is attached to a cluster, or have Turbot create and attach a new parameter group to a cluster with the previously attached parameter group's parameter values copied over. To get started, set the AWS > Redshift > Cluster > Parameter Group and AWS > Redshift > Cluster > Parameter Group > Parameter Group Name policies

Bug fixes

Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

Control Types

Added

AWS > Redshift > Cluster > Parameter Group

Policy Types

Added

AWS > Redshift > Cluster > Parameter Group
AWS > Redshift > Cluster > Parameter Group > Parameter Group Name

Action Types

Added

AWS > Redshift > Cluster > Create or update parameter group

5.10.0 (2020-11-27)

Control Types

Added

AWS > Redshift > Cluster > Audit Logging
AWS > Redshift > Cluster > Encryption in Transit

Policy Types

Added

AWS > Redshift > Cluster > Audit Logging
AWS > Redshift > Cluster > Audit Logging > Bucket
AWS > Redshift > Cluster > Audit Logging > Key Prefix
AWS > Redshift > Cluster > Audit Logging > User Activity Logging
AWS > Redshift > Cluster > Encryption in Transit

Action Types

Added

AWS > Redshift > Cluster > Update Audit Logging
AWS > Redshift > Cluster > Update Parameter Group

5.9.0 (2020-10-09)

What's new?

We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

5.8.1 (2020-09-17)

Bug fixes

We've made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There's no noticeable difference, but things should run more reliably now.

5.8.0 (2020-09-02)

What's new?

Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
We've renamed the service's default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

5.7.1 (2020-08-17)

Bug fixes

In various Active controls, we were outputting log messages that did not properly show how many days were left until we'd delete the inactive resources (we were still deleting them after the correct number of days). These log messages have been fixed and now contain the correct number of days.

5.7.0 (2020-08-07)

Control Types

Added

AWS > Redshift > Cluster > Schedule

Policy Types

Added

AWS > Redshift > Cluster > Schedule
AWS > Redshift > Cluster > Schedule Tag

Action Types

Added

AWS > Redshift > Cluster > Start
AWS > Redshift > Cluster > Stop

5.6.0 (2020-07-31)

What's new?

Cross-account trust is not only important for complex enterprise and application scenarios, but is also a critical area for security controls. We now support controlling cross-account access for manual cluster snapshots to provide automatic protection against unexpected cross-account access.
A common set of trusted AWS account IDs can be defined in the AWS > Account > Trusted Accounts [Default] policy. Trusted accounts can also be defined at any level, even down to the specific manual cluster snapshot resource.
To get started with these new controls, please see the AWS > Redshift > Manual Cluster Snapshot > Trusted Access policies.

Control Types

Added

AWS > Redshift > Manual Cluster Snapshot > Trusted Access

Policy Types

Added

AWS > Redshift > Manual Cluster Snapshot > Trusted Access
AWS > Redshift > Manual Cluster Snapshot > Trusted Access > Accounts
AWS > Redshift > Trusted Accounts [Default]

Action Types

Added

AWS > Redshift > Manual Cluster Snapshot > Set Trusted Access

5.5.1 (2020-07-02)

Bug fixes

Sometimes when updating CMDB for resources with tags that have empty string values, e.g., [{Key: "Empty", Value: ""}, {Key: "Turbot is great", Value: "true"}], we would not store all of the tags correctly. This has been fixed and now all tags are accounted for.

5.5.0 (2020-06-10)

What's new?

An additional API call has been added to the CMDB of cluster parameter group which returns a detailed list of parameters contained within the specified Amazon Redshift parameter group.

5.4.0 (2020-05-29)

What's new?

Updated AWS > Redshift > Regions policy default value to now include af-south-1, eu-south-1.

Bug fixes

Although the data validation errors, which appear in various CMDB and Discovery controls, are not blockers, they look ugly in the UI and should be cleaned up. These errors have now been fixed.
Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.