Control types for @turbot/aws-vpc-connect

• AWS > VPC > Customer Gateway > Active
• AWS > VPC > Customer Gateway > Approved
• AWS > VPC > Customer Gateway > CMDB
• AWS > VPC > Customer Gateway > Configured
• AWS > VPC > Customer Gateway > Discovery
• AWS > VPC > Customer Gateway > Tags
• AWS > VPC > Customer Gateway > Usage
• AWS > VPC > Peering Connection > Active
• AWS > VPC > Peering Connection > Approved
• AWS > VPC > Peering Connection > CMDB
• AWS > VPC > Peering Connection > Configured
• AWS > VPC > Peering Connection > DNS Resolution
• AWS > VPC > Peering Connection > Discovery
• AWS > VPC > Peering Connection > Tags
• AWS > VPC > Peering Connection > Usage
• AWS > VPC > Transit Gateway > Active
• AWS > VPC > Transit Gateway > Approved
• AWS > VPC > Transit Gateway > CMDB
• AWS > VPC > Transit Gateway > Configured
• AWS > VPC > Transit Gateway > Discovery
• AWS > VPC > Transit Gateway > Tags
• AWS > VPC > Transit Gateway > Usage
• AWS > VPC > Transit Gateway Attachment > CMDB
• AWS > VPC > Transit Gateway Attachment > Configured
• AWS > VPC > Transit Gateway Attachment > Discovery
• AWS > VPC > Transit Gateway Attachment > Discovery [Cross-Account]
• AWS > VPC > Transit Gateway Route Table > Active
• AWS > VPC > Transit Gateway Route Table > Approved
• AWS > VPC > Transit Gateway Route Table > CMDB
• AWS > VPC > Transit Gateway Route Table > Configured
• AWS > VPC > Transit Gateway Route Table > Discovery
• AWS > VPC > Transit Gateway Route Table > Tags
• AWS > VPC > Transit Gateway Route Table > Usage
• AWS > VPC > VPN Connection > Active
• AWS > VPC > VPN Connection > Approved
• AWS > VPC > VPN Connection > CMDB
• AWS > VPC > VPN Connection > Configured
• AWS > VPC > VPN Connection > Discovery
• AWS > VPC > VPN Connection > Tags
• AWS > VPC > VPN Connection > Usage
• AWS > VPC > VPN Gateway > Active
• AWS > VPC > VPN Gateway > Approved
• AWS > VPC > VPN Gateway > CMDB
• AWS > VPC > VPN Gateway > Configured
• AWS > VPC > VPN Gateway > Discovery
• AWS > VPC > VPN Gateway > Tags
• AWS > VPC > VPN Gateway > Usage

AWS > VPC > Customer Gateway > Active

Take an action when an AWS VPC customer gateway is not active based on the
AWS > VPC > Customer Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Customer Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Customer Gateway > Approved

Take an action when an AWS VPC customer gateway is not approved based on AWS > VPC > Customer Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Customer Gateway > CMDB

Record and synchronize details for the AWS VPC customer gateway into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Customer Gateway > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Customer Gateway > Configured

Maintain AWS > VPC > Customer Gateway configuration

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it

AWS > VPC > Customer Gateway > Discovery

Discover all AWS VPC customer gateway resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Customer Gateway > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Customer Gateway > Tags

Take an action when an AWS VPC customer gateway tags is not updated based on the AWS > VPC > Customer Gateway > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Customer Gateway > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Customer Gateway > Usage

The Usage control determines whether the number of AWS VPC customer gateway resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Customer Gateway > Usage policy, and set the limit with the AWS > VPC > Customer Gateway > Usage > Limit policy.

AWS > VPC > Peering Connection > Active

Take an action when an AWS VPC peering connection is not active based on the
AWS > VPC > Peering Connection > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Peering Connection > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Peering Connection > Approved

Take an action when an AWS VPC peering connection is not approved based on AWS > VPC > Peering Connection > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Peering Connection > CMDB

Record and synchronize details for the AWS VPC peering connection into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Peering Connection > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Peering Connection > Configured

Maintain AWS > VPC > Peering Connection configuration

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it

AWS > VPC > Peering Connection > DNS Resolution

Check if the AWS VPC Peering Connection DNS Resolution configuration is set correctly.

AWS > VPC > Peering Connection > Discovery

Discover all AWS VPC peering connection resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Peering Connection > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Peering Connection > Tags

Take an action when an AWS VPC peering connection tags is not updated based on the AWS > VPC > Peering Connection > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Peering Connection > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Peering Connection > Usage

The Usage control determines whether the number of AWS VPC peering connection resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Peering Connection > Usage policy, and set the limit with the AWS > VPC > Peering Connection > Usage > Limit policy.

AWS > VPC > Transit Gateway > Active

Take an action when an AWS VPC transit gateway is not active based on the
AWS > VPC > Transit Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Transit Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Transit Gateway > Approved

Take an action when an AWS VPC transit gateway is not approved based on AWS > VPC > Transit Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Transit Gateway > CMDB

Record and synchronize details for the AWS VPC transit gateway into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Transit Gateway > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Transit Gateway > Configured

Maintain AWS > VPC > Transit Gateway configuration

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it

AWS > VPC > Transit Gateway > Discovery

Discover all AWS VPC transit gateway resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Transit Gateway > Tags

Take an action when an AWS VPC transit gateway tags is not updated based on the AWS > VPC > Transit Gateway > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Transit Gateway > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Transit Gateway > Usage

The Usage control determines whether the number of AWS VPC transit gateway resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Transit Gateway > Usage policy, and set the limit with the AWS > VPC > Transit Gateway > Usage > Limit policy.

AWS > VPC > Transit Gateway Attachment > CMDB

Record and synchronize details for the AWS VPC transit gateway attachment into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Transit Gateway Attachment > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Transit Gateway Attachment > Configured

Maintain AWS > VPC > Transit Gateway Attachment configuration

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it

AWS > VPC > Transit Gateway Attachment > Discovery

Discover all AWS VPC transit gateway attachment resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway Attachment > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Transit Gateway Attachment > Discovery [Cross-Account]

Discover all AWS VPC transit gateway attachment [cross-account] resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway Attachment > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Transit Gateway Route Table > Active

Take an action when an AWS VPC transit gateway route table is not active based on the
AWS > VPC > Transit Gateway Route Table > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Transit Gateway Route Table > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Transit Gateway Route Table > Approved

Take an action when an AWS VPC transit gateway route table is not approved based on AWS > VPC > Transit Gateway Route Table > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Transit Gateway Route Table > CMDB

Record and synchronize details for the AWS VPC transit gateway route table into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Transit Gateway Route Table > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Transit Gateway Route Table > Configured

Maintain AWS > VPC > Transit Gateway Route Table configuration

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it

AWS > VPC > Transit Gateway Route Table > Discovery

Discover all AWS VPC transit gateway route table resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Transit Gateway Route Table > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Transit Gateway Route Table > Tags

Take an action when an AWS VPC transit gateway route table tags is not updated based on the AWS > VPC > Transit Gateway Route Table > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Transit Gateway Route Table > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Transit Gateway Route Table > Usage

The Usage control determines whether the number of AWS VPC transit gateway route table resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Transit Gateway Route Table > Usage policy, and set the limit with the AWS > VPC > Transit Gateway Route Table > Usage > Limit policy.

AWS > VPC > VPN Connection > Active

Take an action when an AWS VPC vpn connection is not active based on the
AWS > VPC > VPN Connection > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > VPN Connection > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > VPN Connection > Approved

Take an action when an AWS VPC vpn connection is not approved based on AWS > VPC > VPN Connection > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > VPN Connection > CMDB

Record and synchronize details for the AWS VPC vpn connection into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > VPN Connection > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > VPN Connection > Configured

Maintain AWS > VPC > VPN Connection configuration

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it

AWS > VPC > VPN Connection > Discovery

Discover all AWS VPC vpn connection resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > VPN Connection > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > VPN Connection > Tags

Take an action when an AWS VPC vpn connection tags is not updated based on the AWS > VPC > VPN Connection > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > VPN Connection > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > VPN Connection > Usage

The Usage control determines whether the number of AWS VPC vpn connection resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > VPN Connection > Usage policy, and set the limit with the AWS > VPC > VPN Connection > Usage > Limit policy.

AWS > VPC > VPN Gateway > Active

Take an action when an AWS VPC vpn gateway is not active based on the
AWS > VPC > VPN Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > VPN Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > VPN Gateway > Approved

Take an action when an AWS VPC vpn gateway is not approved based on AWS > VPC > VPN Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > VPN Gateway > CMDB

Record and synchronize details for the AWS VPC vpn gateway into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > VPN Gateway > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > VPN Gateway > Configured

Maintain AWS > VPC > VPN Gateway configuration

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it

AWS > VPC > VPN Gateway > Discovery

Discover all AWS VPC vpn gateway resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > VPN Gateway > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > VPN Gateway > Tags

Take an action when an AWS VPC vpn gateway tags is not updated based on the AWS > VPC > VPN Gateway > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > VPN Gateway > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > VPN Gateway > Usage

The Usage control determines whether the number of AWS VPC vpn gateway resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > VPN Gateway > Usage policy, and set the limit with the AWS > VPC > VPN Gateway > Usage > Limit policy.