Control types for @turbot/aws-waf

• AWS > WAF > IP Set > Active
• AWS > WAF > IP Set > Approved
• AWS > WAF > IP Set > CMDB
• AWS > WAF > IP Set > Discovery
• AWS > WAF > IP Set > Usage
• AWS > WAF > IP Set v2 Global > Active
• AWS > WAF > IP Set v2 Global > Approved
• AWS > WAF > IP Set v2 Global > CMDB
• AWS > WAF > IP Set v2 Global > Discovery
• AWS > WAF > IP Set v2 Global > Tags
• AWS > WAF > IP Set v2 Global > Usage
• AWS > WAF > IP Set v2 Regional > Active
• AWS > WAF > IP Set v2 Regional > Approved
• AWS > WAF > IP Set v2 Regional > CMDB
• AWS > WAF > IP Set v2 Regional > Discovery
• AWS > WAF > IP Set v2 Regional > Tags
• AWS > WAF > IP Set v2 Regional > Usage
• AWS > WAF > Rate Based Rule > Active
• AWS > WAF > Rate Based Rule > Approved
• AWS > WAF > Rate Based Rule > CMDB
• AWS > WAF > Rate Based Rule > Configured
• AWS > WAF > Rate Based Rule > Discovery
• AWS > WAF > Rate Based Rule > Usage
• AWS > WAF > Regex Pattern Set v2 Global > Active
• AWS > WAF > Regex Pattern Set v2 Global > Approved
• AWS > WAF > Regex Pattern Set v2 Global > CMDB
• AWS > WAF > Regex Pattern Set v2 Global > Discovery
• AWS > WAF > Regex Pattern Set v2 Global > Tags
• AWS > WAF > Regex Pattern Set v2 Global > Usage
• AWS > WAF > Regex Pattern Set v2 Regional > Active
• AWS > WAF > Regex Pattern Set v2 Regional > Approved
• AWS > WAF > Regex Pattern Set v2 Regional > CMDB
• AWS > WAF > Regex Pattern Set v2 Regional > Discovery
• AWS > WAF > Regex Pattern Set v2 Regional > Tags
• AWS > WAF > Regex Pattern Set v2 Regional > Usage
• AWS > WAF > Rule > Active
• AWS > WAF > Rule > Approved
• AWS > WAF > Rule > CMDB
• AWS > WAF > Rule > Discovery
• AWS > WAF > Rule > Usage
• AWS > WAF > Rule Group v2 Global > Active
• AWS > WAF > Rule Group v2 Global > Approved
• AWS > WAF > Rule Group v2 Global > CMDB
• AWS > WAF > Rule Group v2 Global > Discovery
• AWS > WAF > Rule Group v2 Global > Tags
• AWS > WAF > Rule Group v2 Global > Usage
• AWS > WAF > Rule Group v2 Regional > Active
• AWS > WAF > Rule Group v2 Regional > Approved
• AWS > WAF > Rule Group v2 Regional > CMDB
• AWS > WAF > Rule Group v2 Regional > Discovery
• AWS > WAF > Rule Group v2 Regional > Tags
• AWS > WAF > Rule Group v2 Regional > Usage
• AWS > WAF > Web ACL > Active
• AWS > WAF > Web ACL > Approved
• AWS > WAF > Web ACL > CMDB
• AWS > WAF > Web ACL > Discovery
• AWS > WAF > Web ACL > Tags
• AWS > WAF > Web ACL > Usage
• AWS > WAF > Web ACL v2 Global > Active
• AWS > WAF > Web ACL v2 Global > Approved
• AWS > WAF > Web ACL v2 Global > CMDB
• AWS > WAF > Web ACL v2 Global > Discovery
• AWS > WAF > Web ACL v2 Global > Tags
• AWS > WAF > Web ACL v2 Global > Usage
• AWS > WAF > Web ACL v2 Regional > Active
• AWS > WAF > Web ACL v2 Regional > Approved
• AWS > WAF > Web ACL v2 Regional > CMDB
• AWS > WAF > Web ACL v2 Regional > Discovery
• AWS > WAF > Web ACL v2 Regional > Tags
• AWS > WAF > Web ACL v2 Regional > Usage

AWS > WAF > IP Set > Active

Take an action when an AWS WAF ip set is not active based on the
AWS > WAF > IP Set > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > IP Set > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > IP Set > Approved

Take an action when an AWS WAF ip set is not approved based on AWS > WAF > IP Set > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > IP Set > CMDB

Record and synchronize details for the AWS WAF ip set into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > IP Set > Discovery

Discover all AWS WAF ip set resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > IP Set > Usage

The Usage control determines whether the number of AWS WAF ip set resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > IP Set > Usage policy, and set the limit with the AWS > WAF > IP Set > Usage > Limit policy.

AWS > WAF > IP Set v2 Global > Active

Take an action when an AWS WAF ip set v2 global is not active based on the
AWS > WAF > IP Set v2 Global > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > IP Set v2 Global > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > IP Set v2 Global > Approved

Take an action when an AWS WAF ip set v2 global is not approved based on AWS > WAF > IP Set v2 Global > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > IP Set v2 Global > CMDB

Record and synchronize details for the AWS WAF ip set v2 global into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > IP Set v2 Global > Discovery

Discover all AWS WAF ip set v2 global resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > IP Set v2 Global > Tags

Take an action when an AWS WAF ip set v2 global tags is not updated based on the AWS > WAF > IP Set v2 Global > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > IP Set v2 Global > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > IP Set v2 Global > Usage

The Usage control determines whether the number of AWS WAF ip set v2 global resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > IP Set v2 Global > Usage policy, and set the limit with the AWS > WAF > IP Set v2 Global > Usage > Limit policy.

AWS > WAF > IP Set v2 Regional > Active

Take an action when an AWS WAF ip set v2 regional is not active based on the
AWS > WAF > IP Set v2 Regional > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > IP Set v2 Regional > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > IP Set v2 Regional > Approved

Take an action when an AWS WAF ip set v2 regional is not approved based on AWS > WAF > IP Set v2 Regional > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > IP Set v2 Regional > CMDB

Record and synchronize details for the AWS WAF ip set v2 regional into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > IP Set v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > WAF > IP Set v2 Regional > Discovery

Discover all AWS WAF ip set v2 regional resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > IP Set v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > WAF > IP Set v2 Regional > Tags

Take an action when an AWS WAF ip set v2 regional tags is not updated based on the AWS > WAF > IP Set v2 Regional > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > IP Set v2 Regional > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > IP Set v2 Regional > Usage

The Usage control determines whether the number of AWS WAF ip set v2 regional resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > WAF > IP Set v2 Regional > Usage policy, and set the limit with the AWS > WAF > IP Set v2 Regional > Usage > Limit policy.

AWS > WAF > Rate Based Rule > Active

Take an action when an AWS WAF rate based rule is not active based on the
AWS > WAF > Rate Based Rule > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rate Based Rule > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Rate Based Rule > Approved

Take an action when an AWS WAF rate based rule is not approved based on AWS > WAF > Rate Based Rule > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Rate Based Rule > CMDB

Record and synchronize details for the AWS WAF rate based rule into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > Rate Based Rule > Configured

Maintain AWS > WAF > Rate Based Rule configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

AWS > WAF > Rate Based Rule > Discovery

Discover all AWS WAF rate based rule resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > Rate Based Rule > Usage

The Usage control determines whether the number of AWS WAF rate based rule resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Rate Based Rule > Usage policy, and set the limit with the AWS > WAF > Rate Based Rule > Usage > Limit policy.

AWS > WAF > Regex Pattern Set v2 Global > Active

Take an action when an AWS WAF regex pattern set v2 global is not active based on the
AWS > WAF > Regex Pattern Set v2 Global > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Regex Pattern Set v2 Global > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Regex Pattern Set v2 Global > Approved

Take an action when an AWS WAF regex pattern set v2 global is not approved based on AWS > WAF > Regex Pattern Set v2 Global > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Regex Pattern Set v2 Global > CMDB

Record and synchronize details for the AWS WAF regex pattern set v2 global into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > Regex Pattern Set v2 Global > Discovery

Discover all AWS WAF regex pattern set v2 global resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > Regex Pattern Set v2 Global > Tags

Take an action when an AWS WAF regex pattern set v2 global tags is not updated based on the AWS > WAF > Regex Pattern Set v2 Global > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > Regex Pattern Set v2 Global > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > Regex Pattern Set v2 Global > Usage

The Usage control determines whether the number of AWS WAF regex pattern set v2 global resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Regex Pattern Set v2 Global > Usage policy, and set the limit with the AWS > WAF > Regex Pattern Set v2 Global > Usage > Limit policy.

AWS > WAF > Regex Pattern Set v2 Regional > Active

Take an action when an AWS WAF regex pattern set v2 regional is not active based on the
AWS > WAF > Regex Pattern Set v2 Regional > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Regex Pattern Set v2 Regional > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Regex Pattern Set v2 Regional > Approved

Take an action when an AWS WAF regex pattern set v2 regional is not approved based on AWS > WAF > Regex Pattern Set v2 Regional > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Regex Pattern Set v2 Regional > CMDB

Record and synchronize details for the AWS WAF regex pattern set v2 regional into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > Regex Pattern Set v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > WAF > Regex Pattern Set v2 Regional > Discovery

Discover all AWS WAF regex pattern set v2 regional resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > Regex Pattern Set v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > WAF > Regex Pattern Set v2 Regional > Tags

Take an action when an AWS WAF regex pattern set v2 regional tags is not updated based on the AWS > WAF > Regex Pattern Set v2 Regional > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > Regex Pattern Set v2 Regional > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > Regex Pattern Set v2 Regional > Usage

The Usage control determines whether the number of AWS WAF regex pattern set v2 regional resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Regex Pattern Set v2 Regional > Usage policy, and set the limit with the AWS > WAF > Regex Pattern Set v2 Regional > Usage > Limit policy.

AWS > WAF > Rule > Active

Take an action when an AWS WAF rule is not active based on the
AWS > WAF > Rule > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rule > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Rule > Approved

Take an action when an AWS WAF rule is not approved based on AWS > WAF > Rule > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Rule > CMDB

Record and synchronize details for the AWS WAF rule into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > Rule > Discovery

Discover all AWS WAF rule resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > Rule > Usage

The Usage control determines whether the number of AWS WAF rule resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Rule > Usage policy, and set the limit with the AWS > WAF > Rule > Usage > Limit policy.

AWS > WAF > Rule Group v2 Global > Active

Take an action when an AWS WAF rule group v2 global is not active based on the
AWS > WAF > Rule Group v2 Global > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rule Group v2 Global > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Rule Group v2 Global > Approved

Take an action when an AWS WAF rule group v2 global is not approved based on AWS > WAF > Rule Group v2 Global > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Rule Group v2 Global > CMDB

Record and synchronize details for the AWS WAF rule group v2 global into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > Rule Group v2 Global > Discovery

Discover all AWS WAF rule group v2 global resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > Rule Group v2 Global > Tags

Take an action when an AWS WAF rule group v2 global tags is not updated based on the AWS > WAF > Rule Group v2 Global > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > Rule Group v2 Global > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > Rule Group v2 Global > Usage

The Usage control determines whether the number of AWS WAF rule group v2 global resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Rule Group v2 Global > Usage policy, and set the limit with the AWS > WAF > Rule Group v2 Global > Usage > Limit policy.

AWS > WAF > Rule Group v2 Regional > Active

Take an action when an AWS WAF rule group v2 regional is not active based on the
AWS > WAF > Rule Group v2 Regional > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rule Group v2 Regional > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Rule Group v2 Regional > Approved

Take an action when an AWS WAF rule group v2 regional is not approved based on AWS > WAF > Rule Group v2 Regional > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Rule Group v2 Regional > CMDB

Record and synchronize details for the AWS WAF rule group v2 regional into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > Rule Group v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > WAF > Rule Group v2 Regional > Discovery

Discover all AWS WAF rule group v2 regional resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > Rule Group v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > WAF > Rule Group v2 Regional > Tags

Take an action when an AWS WAF rule group v2 regional tags is not updated based on the AWS > WAF > Rule Group v2 Regional > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > Rule Group v2 Regional > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > Rule Group v2 Regional > Usage

The Usage control determines whether the number of AWS WAF rule group v2 regional resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Rule Group v2 Regional > Usage policy, and set the limit with the AWS > WAF > Rule Group v2 Regional > Usage > Limit policy.

AWS > WAF > Web ACL > Active

Take an action when an AWS WAF web acl is not active based on the
AWS > WAF > Web ACL > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Web ACL > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Web ACL > Approved

Take an action when an AWS WAF web acl is not approved based on AWS > WAF > Web ACL > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Web ACL > CMDB

Record and synchronize details for the AWS WAF web acl into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > Web ACL > Discovery

Discover all AWS WAF web acl resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > Web ACL > Tags

Take an action when an AWS WAF web acl tags is not updated based on the AWS > WAF > Web ACL > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > Web ACL > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > Web ACL > Usage

The Usage control determines whether the number of AWS WAF web acl resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Web ACL > Usage policy, and set the limit with the AWS > WAF > Web ACL > Usage > Limit policy.

AWS > WAF > Web ACL v2 Global > Active

Take an action when an AWS WAF web acl v2 global is not active based on the
AWS > WAF > Web ACL v2 Global > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Web ACL v2 Global > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Web ACL v2 Global > Approved

Take an action when an AWS WAF web acl v2 global is not approved based on AWS > WAF > Web ACL v2 Global > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Web ACL v2 Global > CMDB

Record and synchronize details for the AWS WAF web acl v2 global into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

AWS > WAF > Web ACL v2 Global > Discovery

Discover all AWS WAF web acl v2 global resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

AWS > WAF > Web ACL v2 Global > Tags

Take an action when an AWS WAF web acl v2 global tags is not updated based on the AWS > WAF > Web ACL v2 Global > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > Web ACL v2 Global > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > Web ACL v2 Global > Usage

The Usage control determines whether the number of AWS WAF web acl v2 global resources exceeds the configured usage limit for this account.

You can configure the behavior of this control with the AWS > WAF > Web ACL v2 Global > Usage policy, and set the limit with the AWS > WAF > Web ACL v2 Global > Usage > Limit policy.

AWS > WAF > Web ACL v2 Regional > Active

Take an action when an AWS WAF web acl v2 regional is not active based on the
AWS > WAF > Web ACL v2 Regional > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Web ACL v2 Regional > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

AWS > WAF > Web ACL v2 Regional > Approved

Take an action when an AWS WAF web acl v2 regional is not approved based on AWS > WAF > Web ACL v2 Regional > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

AWS > WAF > Web ACL v2 Regional > CMDB

Record and synchronize details for the AWS WAF web acl v2 regional into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > Web ACL v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)

AWS > WAF > Web ACL v2 Regional > Discovery

Discover all AWS WAF web acl v2 regional resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > Web ACL v2 Regional > Regions policy, the CMDB control will delete the resource from the CMDB.

AWS > WAF > Web ACL v2 Regional > Tags

Take an action when an AWS WAF web acl v2 regional tags is not updated based on the AWS > WAF > Web ACL v2 Regional > Tags > * policies.

If the resource is not updated with the tags defined in AWS > WAF > Web ACL v2 Regional > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

AWS > WAF > Web ACL v2 Regional > Usage

The Usage control determines whether the number of AWS WAF web acl v2 regional resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the AWS > WAF > Web ACL v2 Regional > Usage policy, and set the limit with the AWS > WAF > Web ACL v2 Regional > Usage > Limit policy.