Control types for @turbot/aws-vpc-connect
- AWS > VPC > Customer Gateway > Active
- AWS > VPC > Customer Gateway > Approved
- AWS > VPC > Customer Gateway > CMDB
- AWS > VPC > Customer Gateway > Configured
- AWS > VPC > Customer Gateway > Discovery
- AWS > VPC > Customer Gateway > Tags
- AWS > VPC > Customer Gateway > Usage
- AWS > VPC > Peering Connection > Active
- AWS > VPC > Peering Connection > Approved
- AWS > VPC > Peering Connection > CMDB
- AWS > VPC > Peering Connection > Configured
- AWS > VPC > Peering Connection > DNS Resolution
- AWS > VPC > Peering Connection > Discovery
- AWS > VPC > Peering Connection > Tags
- AWS > VPC > Peering Connection > Usage
- AWS > VPC > Transit Gateway > Active
- AWS > VPC > Transit Gateway > Approved
- AWS > VPC > Transit Gateway > CMDB
- AWS > VPC > Transit Gateway > Configured
- AWS > VPC > Transit Gateway > Discovery
- AWS > VPC > Transit Gateway > Tags
- AWS > VPC > Transit Gateway > Usage
- AWS > VPC > Transit Gateway Attachment > CMDB
- AWS > VPC > Transit Gateway Attachment > Configured
- AWS > VPC > Transit Gateway Attachment > Discovery
- AWS > VPC > Transit Gateway Attachment > Discovery [Cross-Account]
- AWS > VPC > Transit Gateway Route Table > Active
- AWS > VPC > Transit Gateway Route Table > Approved
- AWS > VPC > Transit Gateway Route Table > CMDB
- AWS > VPC > Transit Gateway Route Table > Configured
- AWS > VPC > Transit Gateway Route Table > Discovery
- AWS > VPC > Transit Gateway Route Table > Tags
- AWS > VPC > Transit Gateway Route Table > Usage
- AWS > VPC > VPN Connection > Active
- AWS > VPC > VPN Connection > Approved
- AWS > VPC > VPN Connection > CMDB
- AWS > VPC > VPN Connection > Configured
- AWS > VPC > VPN Connection > Discovery
- AWS > VPC > VPN Connection > Tags
- AWS > VPC > VPN Connection > Usage
- AWS > VPC > VPN Gateway > Active
- AWS > VPC > VPN Gateway > Approved
- AWS > VPC > VPN Gateway > CMDB
- AWS > VPC > VPN Gateway > Configured
- AWS > VPC > VPN Gateway > Discovery
- AWS > VPC > VPN Gateway > Tags
- AWS > VPC > VPN Gateway > Usage
AWS > VPC > Customer Gateway > Active
Take an action when an AWS VPC customer gateway is not active based on theAWS > VPC > Customer Gateway > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Customer Gateway > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-vpc-connect#/control/types/customerGatewayActive
AWS > VPC > Customer Gateway > Approved
Take an action when an AWS VPC customer gateway is not approved based on AWS > VPC > Customer Gateway > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-vpc-connect#/control/types/customerGatewayApproved
AWS > VPC > Customer Gateway > CMDB
Record and synchronize details for the AWS VPC customer gateway into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Customer Gateway > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-vpc-connect#/control/types/customerGatewayCmdb
AWS > VPC > Customer Gateway > Configured
Maintain AWS > VPC > Customer Gateway configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-vpc-connect#/control/types/customerGatewayConfigured
AWS > VPC > Customer Gateway > Discovery
Discover all AWS VPC customer gateway resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Customer Gateway > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/customerGatewayDiscovery
AWS > VPC > Customer Gateway > Tags
Take an action when an AWS VPC customer gateway tags is not updated based on the AWS > VPC > Customer Gateway > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > VPC > Customer Gateway > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-vpc-connect#/control/types/customerGatewayTags
AWS > VPC > Customer Gateway > Usage
The Usage control determines whether the number of AWS VPC customer gateway resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > VPC > Customer Gateway > Usage
policy, and set the limit with the AWS > VPC > Customer Gateway > Usage > Limit
policy.
tmod:@turbot/aws-vpc-connect#/control/types/customerGatewayUsage
AWS > VPC > Peering Connection > Active
Take an action when an AWS VPC peering connection is not active based on theAWS > VPC > Peering Connection > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Peering Connection > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionActive
AWS > VPC > Peering Connection > Approved
Take an action when an AWS VPC peering connection is not approved based on AWS > VPC > Peering Connection > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionApproved
AWS > VPC > Peering Connection > CMDB
Record and synchronize details for the AWS VPC peering connection into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Peering Connection > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionCmdb
AWS > VPC > Peering Connection > Configured
Maintain AWS > VPC > Peering Connection configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionConfigured
AWS > VPC > Peering Connection > DNS Resolution
Check if the AWS VPC Peering Connection DNS Resolution configuration is set correctly.
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionDnsResolution
AWS > VPC > Peering Connection > Discovery
Discover all AWS VPC peering connection resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Peering Connection > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionDiscovery
AWS > VPC > Peering Connection > Tags
Take an action when an AWS VPC peering connection tags is not updated based on the AWS > VPC > Peering Connection > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > VPC > Peering Connection > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionTags
AWS > VPC > Peering Connection > Usage
The Usage control determines whether the number of AWS VPC peering connection resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > VPC > Peering Connection > Usage
policy, and set the limit with the AWS > VPC > Peering Connection > Usage > Limit
policy.
tmod:@turbot/aws-vpc-connect#/control/types/vpcPeeringConnectionUsage
AWS > VPC > Transit Gateway > Active
Take an action when an AWS VPC transit gateway is not active based on theAWS > VPC > Transit Gateway > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Transit Gateway > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayActive
AWS > VPC > Transit Gateway > Approved
Take an action when an AWS VPC transit gateway is not approved based on AWS > VPC > Transit Gateway > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayApproved
AWS > VPC > Transit Gateway > CMDB
Record and synchronize details for the AWS VPC transit gateway into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Transit Gateway > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayCmdb
AWS > VPC > Transit Gateway > Configured
Maintain AWS > VPC > Transit Gateway configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayConfigured
AWS > VPC > Transit Gateway > Discovery
Discover all AWS VPC transit gateway resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayDiscovery
AWS > VPC > Transit Gateway > Tags
Take an action when an AWS VPC transit gateway tags is not updated based on the AWS > VPC > Transit Gateway > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > VPC > Transit Gateway > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayTags
AWS > VPC > Transit Gateway > Usage
The Usage control determines whether the number of AWS VPC transit gateway resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > VPC > Transit Gateway > Usage
policy, and set the limit with the AWS > VPC > Transit Gateway > Usage > Limit
policy.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayUsage
AWS > VPC > Transit Gateway Attachment > CMDB
Record and synchronize details for the AWS VPC transit gateway attachment into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Transit Gateway Attachment > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayAttachmentCmdb
AWS > VPC > Transit Gateway Attachment > Configured
Maintain AWS > VPC > Transit Gateway Attachment configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayAttachmentConfigured
AWS > VPC > Transit Gateway Attachment > Discovery
Discover all AWS VPC transit gateway attachment resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway Attachment > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayAttachmentDiscovery
AWS > VPC > Transit Gateway Attachment > Discovery [Cross-Account]
Discover all AWS VPC transit gateway attachment [cross-account] resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway Attachment > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayAttachmentSharedCrossAccount
AWS > VPC > Transit Gateway Route Table > Active
Take an action when an AWS VPC transit gateway route table is not active based on theAWS > VPC > Transit Gateway Route Table > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Transit Gateway Route Table > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayRouteTableActive
AWS > VPC > Transit Gateway Route Table > Approved
Take an action when an AWS VPC transit gateway route table is not approved based on AWS > VPC > Transit Gateway Route Table > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayRouteTableApproved
AWS > VPC > Transit Gateway Route Table > CMDB
Record and synchronize details for the AWS VPC transit gateway route table into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Transit Gateway Route Table > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayRouteTableCmdb
AWS > VPC > Transit Gateway Route Table > Configured
Maintain AWS > VPC > Transit Gateway Route Table configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayRouteTableConfigured
AWS > VPC > Transit Gateway Route Table > Discovery
Discover all AWS VPC transit gateway route table resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway Route Table > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayRouteTableDiscovery
AWS > VPC > Transit Gateway Route Table > Tags
Take an action when an AWS VPC transit gateway route table tags is not updated based on the AWS > VPC > Transit Gateway Route Table > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > VPC > Transit Gateway Route Table > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayRouteTableTags
AWS > VPC > Transit Gateway Route Table > Usage
The Usage control determines whether the number of AWS VPC transit gateway route table resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > VPC > Transit Gateway Route Table > Usage
policy, and set the limit with the AWS > VPC > Transit Gateway Route Table > Usage > Limit
policy.
tmod:@turbot/aws-vpc-connect#/control/types/transitGatewayRouteTableUsage
AWS > VPC > VPN Connection > Active
Take an action when an AWS VPC vpn connection is not active based on theAWS > VPC > VPN Connection > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > VPN Connection > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpnConnectionActive
AWS > VPC > VPN Connection > Approved
Take an action when an AWS VPC vpn connection is not approved based on AWS > VPC > VPN Connection > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpnConnectionApproved
AWS > VPC > VPN Connection > CMDB
Record and synchronize details for the AWS VPC vpn connection into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > VPN Connection > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-vpc-connect#/control/types/vpnConnectionCmdb
AWS > VPC > VPN Connection > Configured
Maintain AWS > VPC > VPN Connection configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-vpc-connect#/control/types/vpnConnectionConfigured
AWS > VPC > VPN Connection > Discovery
Discover all AWS VPC vpn connection resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > VPN Connection > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/vpnConnectionDiscovery
AWS > VPC > VPN Connection > Tags
Take an action when an AWS VPC vpn connection tags is not updated based on the AWS > VPC > VPN Connection > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > VPC > VPN Connection > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpnConnectionTags
AWS > VPC > VPN Connection > Usage
The Usage control determines whether the number of AWS VPC vpn connection resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > VPC > VPN Connection > Usage
policy, and set the limit with the AWS > VPC > VPN Connection > Usage > Limit
policy.
tmod:@turbot/aws-vpc-connect#/control/types/vpnConnectionUsage
AWS > VPC > VPN Gateway > Active
Take an action when an AWS VPC vpn gateway is not active based on theAWS > VPC > VPN Gateway > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > VPN Gateway > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpnGatewayActive
AWS > VPC > VPN Gateway > Approved
Take an action when an AWS VPC vpn gateway is not approved based on AWS > VPC > VPN Gateway > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpnGatewayApproved
AWS > VPC > VPN Gateway > CMDB
Record and synchronize details for the AWS VPC vpn gateway into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > VPN Gateway > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-vpc-connect#/control/types/vpnGatewayCmdb
AWS > VPC > VPN Gateway > Configured
Maintain AWS > VPC > VPN Gateway configuration
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it
tmod:@turbot/aws-vpc-connect#/control/types/vpnGatewayConfigured
AWS > VPC > VPN Gateway > Discovery
Discover all AWS VPC vpn gateway resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > VPN Gateway > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-vpc-connect#/control/types/vpnGatewayDiscovery
AWS > VPC > VPN Gateway > Tags
Take an action when an AWS VPC vpn gateway tags is not updated based on the AWS > VPC > VPN Gateway > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > VPC > VPN Gateway > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-vpc-connect#/control/types/vpnGatewayTags
AWS > VPC > VPN Gateway > Usage
The Usage control determines whether the number of AWS VPC vpn gateway resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > VPC > VPN Gateway > Usage
policy, and set the limit with the AWS > VPC > VPN Gateway > Usage > Limit
policy.
tmod:@turbot/aws-vpc-connect#/control/types/vpnGatewayUsage