Control types for @turbot/aws-vpc-internet

• AWS > VPC > Egress Only Internet Gateway > Active
• AWS > VPC > Egress Only Internet Gateway > Approved
• AWS > VPC > Egress Only Internet Gateway > CMDB
• AWS > VPC > Egress Only Internet Gateway > Configured
• AWS > VPC > Egress Only Internet Gateway > Discovery
• AWS > VPC > Egress Only Internet Gateway > Tags
• AWS > VPC > Egress Only Internet Gateway > Usage
• AWS > VPC > Elastic IP > Active
• AWS > VPC > Elastic IP > Approved
• AWS > VPC > Elastic IP > CMDB
• AWS > VPC > Elastic IP > Configured
• AWS > VPC > Elastic IP > Discovery
• AWS > VPC > Elastic IP > Tags
• AWS > VPC > Elastic IP > Usage
• AWS > VPC > Endpoint > Active
• AWS > VPC > Endpoint > Approved
• AWS > VPC > Endpoint > CMDB
• AWS > VPC > Endpoint > Configured
• AWS > VPC > Endpoint > Discovery
• AWS > VPC > Endpoint > Policy
• AWS > VPC > Endpoint > Policy > Trusted Access
• AWS > VPC > Endpoint > Tags
• AWS > VPC > Endpoint > Usage
• AWS > VPC > Endpoint Service > Active
• AWS > VPC > Endpoint Service > Approved
• AWS > VPC > Endpoint Service > CMDB
• AWS > VPC > Endpoint Service > Configured
• AWS > VPC > Endpoint Service > Discovery
• AWS > VPC > Endpoint Service > Tags
• AWS > VPC > Endpoint Service > Usage
• AWS > VPC > Internet Gateway > Active
• AWS > VPC > Internet Gateway > Approved
• AWS > VPC > Internet Gateway > CMDB
• AWS > VPC > Internet Gateway > Configured
• AWS > VPC > Internet Gateway > Discovery
• AWS > VPC > Internet Gateway > Tags
• AWS > VPC > Internet Gateway > Usage
• AWS > VPC > NAT Gateway > Active
• AWS > VPC > NAT Gateway > Approved
• AWS > VPC > NAT Gateway > CMDB
• AWS > VPC > NAT Gateway > Configured
• AWS > VPC > NAT Gateway > Discovery
• AWS > VPC > NAT Gateway > Tags
• AWS > VPC > NAT Gateway > Usage

AWS > VPC > Egress Only Internet Gateway > Active

Take an action when an AWS VPC egress only internet gateway is not active based on the
AWS > VPC > Egress Only Internet Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Egress Only Internet Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Egress Only Internet Gateway > Approved

Take an action when an AWS VPC egress only internet gateway is not approved based on AWS > VPC > Egress Only Internet Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Egress Only Internet Gateway > CMDB

Record and synchronize details for the AWS VPC egress only internet gateway into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Egress Only Internet Gateway > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Egress Only Internet Gateway > Configured

Maintain AWS > VPC > Egress Only Internet Gateway configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

AWS > VPC > Egress Only Internet Gateway > Discovery

Discover all AWS VPC egress only internet gateway resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Egress Only Internet Gateway > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Egress Only Internet Gateway > Tags

Take an action when an AWS VPC egress only internet gateway tags is not updated based on the AWS > VPC > Egress Only Internet Gateway > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Egress Only Internet Gateway > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Egress Only Internet Gateway > Usage

The Usage control determines whether the number of AWS VPC egress only internet gateway resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Egress Only Internet Gateway > Usage policy, and set the limit with the AWS > VPC > Egress Only Internet Gateway > Usage > Limit policy.

AWS > VPC > Elastic IP > Active

Take an action when an AWS VPC elastic ip is not active based on the
AWS > VPC > Elastic IP > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Elastic IP > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Elastic IP > Approved

Take an action when an AWS VPC elastic ip is not approved based on AWS > VPC > Elastic IP > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Elastic IP > CMDB

Record and synchronize details for the AWS VPC elastic ip into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Elastic IP > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Elastic IP > Configured

Maintain AWS > VPC > Elastic IP configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

AWS > VPC > Elastic IP > Discovery

Discover all AWS VPC elastic ip resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Elastic IP > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Elastic IP > Tags

Take an action when an AWS VPC elastic ip tags is not updated based on the AWS > VPC > Elastic IP > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Elastic IP > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Elastic IP > Usage

The Usage control determines whether the number of AWS VPC elastic ip resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Elastic IP > Usage policy, and set the limit with the AWS > VPC > Elastic IP > Usage > Limit policy.

AWS > VPC > Endpoint > Active

Take an action when an AWS VPC endpoint is not active based on the
AWS > VPC > Endpoint > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Endpoint > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Endpoint > Approved

Take an action when an AWS VPC endpoint is not approved based on AWS > VPC > Endpoint > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Endpoint > CMDB

Record and synchronize details for the AWS VPC endpoint into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Endpoint > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Endpoint > Configured

Maintain AWS > VPC > Endpoint configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

AWS > VPC > Endpoint > Discovery

Discover all AWS VPC endpoint resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Endpoint > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Endpoint > Policy

AWS > VPC > Endpoint > Policy > Trusted Access

Take an action when AWS VPC endpoint policy is not trusted based on the
AWS > VPC > Endpoint > Policy > Trusted Access > * policies.

The Trusted Access control evaluates the endpoint policy against the list of allowed
members in each of the Trusted Access sub-policies (Trusted Access > Accounts,
Trusted Access > Services etc.), this control raises an alarm and takes the
defined enforcement action.

If set to Enforce: Revoke untrusted access, access to non-trusted
members will be removed.

AWS > VPC > Endpoint > Tags

Take an action when an AWS VPC endpoint tags is not updated based on the AWS > VPC > Endpoint > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Endpoint > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Endpoint > Usage

The Usage control determines whether the number of AWS VPC endpoint resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Endpoint > Usage policy, and set the limit with the AWS > VPC > Endpoint > Usage > Limit policy.

AWS > VPC > Endpoint Service > Active

Take an action when an AWS VPC endpoint service is not active based on the
AWS > VPC > Endpoint Service > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Endpoint Service > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Endpoint Service > Approved

Take an action when an AWS VPC endpoint service is not approved based on AWS > VPC > Endpoint Service > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Endpoint Service > CMDB

Record and synchronize details for the AWS VPC endpoint service into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Endpoint Service > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Endpoint Service > Configured

Maintain AWS > VPC > Endpoint Service configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

AWS > VPC > Endpoint Service > Discovery

Discover all AWS VPC endpoint service resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Endpoint Service > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Endpoint Service > Tags

Take an action when an AWS VPC endpoint service tags is not updated based on the AWS > VPC > Endpoint Service > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Endpoint Service > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Endpoint Service > Usage

The Usage control determines whether the number of AWS VPC endpoint service resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Endpoint Service > Usage policy, and set the limit with the AWS > VPC > Endpoint Service > Usage > Limit policy.

AWS > VPC > Internet Gateway > Active

Take an action when an AWS VPC internet gateway is not active based on the
AWS > VPC > Internet Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > Internet Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > Internet Gateway > Approved

Take an action when an AWS VPC internet gateway is not approved based on AWS > VPC > Internet Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > Internet Gateway > CMDB

Record and synchronize details for the AWS VPC internet gateway into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > Internet Gateway > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > Internet Gateway > Configured

Maintain AWS > VPC > Internet Gateway configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

AWS > VPC > Internet Gateway > Discovery

Discover all AWS VPC internet gateway resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > Internet Gateway > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > Internet Gateway > Tags

Take an action when an AWS VPC internet gateway tags is not updated based on the AWS > VPC > Internet Gateway > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > Internet Gateway > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > Internet Gateway > Usage

The Usage control determines whether the number of AWS VPC internet gateway resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > Internet Gateway > Usage policy, and set the limit with the AWS > VPC > Internet Gateway > Usage > Limit policy.

AWS > VPC > NAT Gateway > Active

Take an action when an AWS VPC nat gateway is not active based on the
AWS > VPC > NAT Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > VPC > NAT Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > VPC > NAT Gateway > Approved

Take an action when an AWS VPC nat gateway is not approved based on AWS > VPC > NAT Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > VPC > NAT Gateway > CMDB

Record and synchronize details for the AWS VPC nat gateway into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > VPC > NAT Gateway > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > VPC > NAT Gateway > Configured

Maintain AWS > VPC > NAT Gateway configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

AWS > VPC > NAT Gateway > Discovery

Discover all AWS VPC nat gateway resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > VPC > NAT Gateway > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > VPC > NAT Gateway > Tags

Take an action when an AWS VPC nat gateway tags is not updated based on the AWS > VPC > NAT Gateway > Tags > * policies.

If the resource is not updated with the tags defined in AWS > VPC > NAT Gateway > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > VPC > NAT Gateway > Usage

The Usage control determines whether the number of AWS VPC nat gateway resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > VPC > NAT Gateway > Usage policy, and set the limit with the AWS > VPC > NAT Gateway > Usage > Limit policy.