Control types for @turbot/aws-waf
- AWS > WAF > IP Set > Active
- AWS > WAF > IP Set > Approved
- AWS > WAF > IP Set > CMDB
- AWS > WAF > IP Set > Discovery
- AWS > WAF > IP Set > Usage
- AWS > WAF > IP Set v2 Global > Active
- AWS > WAF > IP Set v2 Global > Approved
- AWS > WAF > IP Set v2 Global > CMDB
- AWS > WAF > IP Set v2 Global > Discovery
- AWS > WAF > IP Set v2 Global > Tags
- AWS > WAF > IP Set v2 Global > Usage
- AWS > WAF > IP Set v2 Regional > Active
- AWS > WAF > IP Set v2 Regional > Approved
- AWS > WAF > IP Set v2 Regional > CMDB
- AWS > WAF > IP Set v2 Regional > Discovery
- AWS > WAF > IP Set v2 Regional > Tags
- AWS > WAF > IP Set v2 Regional > Usage
- AWS > WAF > Rate Based Rule > Active
- AWS > WAF > Rate Based Rule > Approved
- AWS > WAF > Rate Based Rule > CMDB
- AWS > WAF > Rate Based Rule > Configured
- AWS > WAF > Rate Based Rule > Discovery
- AWS > WAF > Rate Based Rule > Usage
- AWS > WAF > Regex Pattern Set v2 Global > Active
- AWS > WAF > Regex Pattern Set v2 Global > Approved
- AWS > WAF > Regex Pattern Set v2 Global > CMDB
- AWS > WAF > Regex Pattern Set v2 Global > Discovery
- AWS > WAF > Regex Pattern Set v2 Global > Tags
- AWS > WAF > Regex Pattern Set v2 Global > Usage
- AWS > WAF > Regex Pattern Set v2 Regional > Active
- AWS > WAF > Regex Pattern Set v2 Regional > Approved
- AWS > WAF > Regex Pattern Set v2 Regional > CMDB
- AWS > WAF > Regex Pattern Set v2 Regional > Discovery
- AWS > WAF > Regex Pattern Set v2 Regional > Tags
- AWS > WAF > Regex Pattern Set v2 Regional > Usage
- AWS > WAF > Rule > Active
- AWS > WAF > Rule > Approved
- AWS > WAF > Rule > CMDB
- AWS > WAF > Rule > Discovery
- AWS > WAF > Rule > Usage
- AWS > WAF > Rule Group v2 Global > Active
- AWS > WAF > Rule Group v2 Global > Approved
- AWS > WAF > Rule Group v2 Global > CMDB
- AWS > WAF > Rule Group v2 Global > Discovery
- AWS > WAF > Rule Group v2 Global > Tags
- AWS > WAF > Rule Group v2 Global > Usage
- AWS > WAF > Rule Group v2 Regional > Active
- AWS > WAF > Rule Group v2 Regional > Approved
- AWS > WAF > Rule Group v2 Regional > CMDB
- AWS > WAF > Rule Group v2 Regional > Discovery
- AWS > WAF > Rule Group v2 Regional > Tags
- AWS > WAF > Rule Group v2 Regional > Usage
- AWS > WAF > Web ACL > Active
- AWS > WAF > Web ACL > Approved
- AWS > WAF > Web ACL > CMDB
- AWS > WAF > Web ACL > Discovery
- AWS > WAF > Web ACL > Tags
- AWS > WAF > Web ACL > Usage
- AWS > WAF > Web ACL v2 Global > Active
- AWS > WAF > Web ACL v2 Global > Approved
- AWS > WAF > Web ACL v2 Global > CMDB
- AWS > WAF > Web ACL v2 Global > Discovery
- AWS > WAF > Web ACL v2 Global > Tags
- AWS > WAF > Web ACL v2 Global > Usage
- AWS > WAF > Web ACL v2 Regional > Active
- AWS > WAF > Web ACL v2 Regional > Approved
- AWS > WAF > Web ACL v2 Regional > CMDB
- AWS > WAF > Web ACL v2 Regional > Discovery
- AWS > WAF > Web ACL v2 Regional > Tags
- AWS > WAF > Web ACL v2 Regional > Usage
AWS > WAF > IP Set > Active
Take an action when an AWS WAF ip set is not active based on theAWS > WAF > IP Set > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > IP Set > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/ipSetActive
AWS > WAF > IP Set > Approved
Take an action when an AWS WAF ip set is not approved based on AWS > WAF > IP Set > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/ipSetApproved
AWS > WAF > IP Set > CMDB
Record and synchronize details for the AWS WAF ip set into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/ipSetCmdb
AWS > WAF > IP Set > Discovery
Discover all AWS WAF ip set resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/ipSetDiscovery
AWS > WAF > IP Set > Usage
The Usage control determines whether the number of AWS WAF ip set resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > IP Set > Usage
policy, and set the limit with the AWS > WAF > IP Set > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/ipSetUsage
AWS > WAF > IP Set v2 Global > Active
Take an action when an AWS WAF ip set v2 global is not active based on theAWS > WAF > IP Set v2 Global > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > IP Set v2 Global > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/ipSetV2GlobalActive
AWS > WAF > IP Set v2 Global > Approved
Take an action when an AWS WAF ip set v2 global is not approved based on AWS > WAF > IP Set v2 Global > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/ipSetV2GlobalApproved
AWS > WAF > IP Set v2 Global > CMDB
Record and synchronize details for the AWS WAF ip set v2 global into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/ipSetV2GlobalCmdb
AWS > WAF > IP Set v2 Global > Discovery
Discover all AWS WAF ip set v2 global resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/ipSetV2GlobalDiscovery
AWS > WAF > IP Set v2 Global > Tags
Take an action when an AWS WAF ip set v2 global tags is not updated based on the AWS > WAF > IP Set v2 Global > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > IP Set v2 Global > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/ipSetV2GlobalTags
AWS > WAF > IP Set v2 Global > Usage
The Usage control determines whether the number of AWS WAF ip set v2 global resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > IP Set v2 Global > Usage
policy, and set the limit with the AWS > WAF > IP Set v2 Global > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/ipSetV2GlobalUsage
AWS > WAF > IP Set v2 Regional > Active
Take an action when an AWS WAF ip set v2 regional is not active based on theAWS > WAF > IP Set v2 Regional > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > IP Set v2 Regional > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/ipSetV2RegionalActive
AWS > WAF > IP Set v2 Regional > Approved
Take an action when an AWS WAF ip set v2 regional is not approved based on AWS > WAF > IP Set v2 Regional > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/ipSetV2RegionalApproved
AWS > WAF > IP Set v2 Regional > CMDB
Record and synchronize details for the AWS WAF ip set v2 regional into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > IP Set v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-waf#/control/types/ipSetV2RegionalCmdb
AWS > WAF > IP Set v2 Regional > Discovery
Discover all AWS WAF ip set v2 regional resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > IP Set v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-waf#/control/types/ipSetV2RegionalDiscovery
AWS > WAF > IP Set v2 Regional > Tags
Take an action when an AWS WAF ip set v2 regional tags is not updated based on the AWS > WAF > IP Set v2 Regional > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > IP Set v2 Regional > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/ipSetV2RegionalTags
AWS > WAF > IP Set v2 Regional > Usage
The Usage control determines whether the number of AWS WAF ip set v2 regional resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > WAF > IP Set v2 Regional > Usage
policy, and set the limit with the AWS > WAF > IP Set v2 Regional > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/ipSetV2RegionalUsage
AWS > WAF > Rate Based Rule > Active
Take an action when an AWS WAF rate based rule is not active based on theAWS > WAF > Rate Based Rule > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rate Based Rule > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/rateBasedRuleActive
AWS > WAF > Rate Based Rule > Approved
Take an action when an AWS WAF rate based rule is not approved based on AWS > WAF > Rate Based Rule > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/rateBasedRuleApproved
AWS > WAF > Rate Based Rule > CMDB
Record and synchronize details for the AWS WAF rate based rule into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/rateBasedRuleCmdb
AWS > WAF > Rate Based Rule > Configured
Maintain AWS > WAF > Rate Based Rule configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/aws-waf#/control/types/rateBasedRuleConfigured
AWS > WAF > Rate Based Rule > Discovery
Discover all AWS WAF rate based rule resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/rateBasedRuleDiscovery
AWS > WAF > Rate Based Rule > Usage
The Usage control determines whether the number of AWS WAF rate based rule resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Rate Based Rule > Usage
policy, and set the limit with the AWS > WAF > Rate Based Rule > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/rateBasedRuleUsage
AWS > WAF > Regex Pattern Set v2 Global > Active
Take an action when an AWS WAF regex pattern set v2 global is not active based on theAWS > WAF > Regex Pattern Set v2 Global > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Regex Pattern Set v2 Global > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2GlobalActive
AWS > WAF > Regex Pattern Set v2 Global > Approved
Take an action when an AWS WAF regex pattern set v2 global is not approved based on AWS > WAF > Regex Pattern Set v2 Global > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2GlobalApproved
AWS > WAF > Regex Pattern Set v2 Global > CMDB
Record and synchronize details for the AWS WAF regex pattern set v2 global into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2GlobalCmdb
AWS > WAF > Regex Pattern Set v2 Global > Discovery
Discover all AWS WAF regex pattern set v2 global resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2GlobalDiscovery
AWS > WAF > Regex Pattern Set v2 Global > Tags
Take an action when an AWS WAF regex pattern set v2 global tags is not updated based on the AWS > WAF > Regex Pattern Set v2 Global > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > Regex Pattern Set v2 Global > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2GlobalTags
AWS > WAF > Regex Pattern Set v2 Global > Usage
The Usage control determines whether the number of AWS WAF regex pattern set v2 global resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Regex Pattern Set v2 Global > Usage
policy, and set the limit with the AWS > WAF > Regex Pattern Set v2 Global > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2GlobalUsage
AWS > WAF > Regex Pattern Set v2 Regional > Active
Take an action when an AWS WAF regex pattern set v2 regional is not active based on theAWS > WAF > Regex Pattern Set v2 Regional > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Regex Pattern Set v2 Regional > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2RegionalActive
AWS > WAF > Regex Pattern Set v2 Regional > Approved
Take an action when an AWS WAF regex pattern set v2 regional is not approved based on AWS > WAF > Regex Pattern Set v2 Regional > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2RegionalApproved
AWS > WAF > Regex Pattern Set v2 Regional > CMDB
Record and synchronize details for the AWS WAF regex pattern set v2 regional into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > Regex Pattern Set v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2RegionalCmdb
AWS > WAF > Regex Pattern Set v2 Regional > Discovery
Discover all AWS WAF regex pattern set v2 regional resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > Regex Pattern Set v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2RegionalDiscovery
AWS > WAF > Regex Pattern Set v2 Regional > Tags
Take an action when an AWS WAF regex pattern set v2 regional tags is not updated based on the AWS > WAF > Regex Pattern Set v2 Regional > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > Regex Pattern Set v2 Regional > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2RegionalTags
AWS > WAF > Regex Pattern Set v2 Regional > Usage
The Usage control determines whether the number of AWS WAF regex pattern set v2 regional resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Regex Pattern Set v2 Regional > Usage
policy, and set the limit with the AWS > WAF > Regex Pattern Set v2 Regional > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/regexPatternSetV2RegionalUsage
AWS > WAF > Rule > Active
Take an action when an AWS WAF rule is not active based on theAWS > WAF > Rule > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rule > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/ruleActive
AWS > WAF > Rule > Approved
Take an action when an AWS WAF rule is not approved based on AWS > WAF > Rule > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/ruleApproved
AWS > WAF > Rule > CMDB
Record and synchronize details for the AWS WAF rule into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/ruleCmdb
AWS > WAF > Rule > Discovery
Discover all AWS WAF rule resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/ruleDiscovery
AWS > WAF > Rule > Usage
The Usage control determines whether the number of AWS WAF rule resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Rule > Usage
policy, and set the limit with the AWS > WAF > Rule > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/ruleUsage
AWS > WAF > Rule Group v2 Global > Active
Take an action when an AWS WAF rule group v2 global is not active based on theAWS > WAF > Rule Group v2 Global > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rule Group v2 Global > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2GlobalActive
AWS > WAF > Rule Group v2 Global > Approved
Take an action when an AWS WAF rule group v2 global is not approved based on AWS > WAF > Rule Group v2 Global > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2GlobalApproved
AWS > WAF > Rule Group v2 Global > CMDB
Record and synchronize details for the AWS WAF rule group v2 global into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/ruleGroupV2GlobalCmdb
AWS > WAF > Rule Group v2 Global > Discovery
Discover all AWS WAF rule group v2 global resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2GlobalDiscovery
AWS > WAF > Rule Group v2 Global > Tags
Take an action when an AWS WAF rule group v2 global tags is not updated based on the AWS > WAF > Rule Group v2 Global > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > Rule Group v2 Global > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2GlobalTags
AWS > WAF > Rule Group v2 Global > Usage
The Usage control determines whether the number of AWS WAF rule group v2 global resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Rule Group v2 Global > Usage
policy, and set the limit with the AWS > WAF > Rule Group v2 Global > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2GlobalUsage
AWS > WAF > Rule Group v2 Regional > Active
Take an action when an AWS WAF rule group v2 regional is not active based on theAWS > WAF > Rule Group v2 Regional > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Rule Group v2 Regional > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2RegionalActive
AWS > WAF > Rule Group v2 Regional > Approved
Take an action when an AWS WAF rule group v2 regional is not approved based on AWS > WAF > Rule Group v2 Regional > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2RegionalApproved
AWS > WAF > Rule Group v2 Regional > CMDB
Record and synchronize details for the AWS WAF rule group v2 regional into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > Rule Group v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-waf#/control/types/ruleGroupV2RegionalCmdb
AWS > WAF > Rule Group v2 Regional > Discovery
Discover all AWS WAF rule group v2 regional resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > Rule Group v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2RegionalDiscovery
AWS > WAF > Rule Group v2 Regional > Tags
Take an action when an AWS WAF rule group v2 regional tags is not updated based on the AWS > WAF > Rule Group v2 Regional > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > Rule Group v2 Regional > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2RegionalTags
AWS > WAF > Rule Group v2 Regional > Usage
The Usage control determines whether the number of AWS WAF rule group v2 regional resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Rule Group v2 Regional > Usage
policy, and set the limit with the AWS > WAF > Rule Group v2 Regional > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/ruleGroupV2RegionalUsage
AWS > WAF > Web ACL > Active
Take an action when an AWS WAF web acl is not active based on theAWS > WAF > Web ACL > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Web ACL > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/webaclActive
AWS > WAF > Web ACL > Approved
Take an action when an AWS WAF web acl is not approved based on AWS > WAF > Web ACL > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/webaclApproved
AWS > WAF > Web ACL > CMDB
Record and synchronize details for the AWS WAF web acl into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/webaclCmdb
AWS > WAF > Web ACL > Discovery
Discover all AWS WAF web acl resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/webaclDiscovery
AWS > WAF > Web ACL > Tags
Take an action when an AWS WAF web acl tags is not updated based on the AWS > WAF > Web ACL > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > Web ACL > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/webaclTags
AWS > WAF > Web ACL > Usage
The Usage control determines whether the number of AWS WAF web acl resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Web ACL > Usage
policy, and set the limit with the AWS > WAF > Web ACL > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/webaclUsage
AWS > WAF > Web ACL v2 Global > Active
Take an action when an AWS WAF web acl v2 global is not active based on theAWS > WAF > Web ACL v2 Global > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Web ACL v2 Global > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/webAclV2GlobalActive
AWS > WAF > Web ACL v2 Global > Approved
Take an action when an AWS WAF web acl v2 global is not approved based on AWS > WAF > Web ACL v2 Global > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/webAclV2GlobalApproved
AWS > WAF > Web ACL v2 Global > CMDB
Record and synchronize details for the AWS WAF web acl v2 global into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
tmod:@turbot/aws-waf#/control/types/webAclV2GlobalCmdb
AWS > WAF > Web ACL v2 Global > Discovery
Discover all AWS WAF web acl v2 global resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/aws-waf#/control/types/webAclV2GlobalDiscovery
AWS > WAF > Web ACL v2 Global > Tags
Take an action when an AWS WAF web acl v2 global tags is not updated based on the AWS > WAF > Web ACL v2 Global > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > Web ACL v2 Global > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/webAclV2GlobalTags
AWS > WAF > Web ACL v2 Global > Usage
The Usage control determines whether the number of AWS WAF web acl v2 global resources exceeds the configured usage limit for this account.
You can configure the behavior of this control with the AWS > WAF > Web ACL v2 Global > Usage
policy, and set the limit with the AWS > WAF > Web ACL v2 Global > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/webAclV2GlobalUsage
AWS > WAF > Web ACL v2 Regional > Active
Take an action when an AWS WAF web acl v2 regional is not active based on theAWS > WAF > Web ACL v2 Regional > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (AWS > WAF > Web ACL v2 Regional > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/aws-waf#/control/types/webAclV2RegionalActive
AWS > WAF > Web ACL v2 Regional > Approved
Take an action when an AWS WAF web acl v2 regional is not approved based on AWS > WAF > Web ACL v2 Regional > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/aws-waf#/control/types/webAclV2RegionalApproved
AWS > WAF > Web ACL v2 Regional > CMDB
Record and synchronize details for the AWS WAF web acl v2 regional into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > WAF > Web ACL v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
tmod:@turbot/aws-waf#/control/types/webAclV2RegionalCmdb
AWS > WAF > Web ACL v2 Regional > Discovery
Discover all AWS WAF web acl v2 regional resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note that Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in AWS > WAF > Web ACL v2 Regional > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/aws-waf#/control/types/webAclV2RegionalDiscovery
AWS > WAF > Web ACL v2 Regional > Tags
Take an action when an AWS WAF web acl v2 regional tags is not updated based on the AWS > WAF > Web ACL v2 Regional > Tags > * policies
.
If the resource is not updated with the tags defined in AWS > WAF > Web ACL v2 Regional > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/aws-waf#/control/types/webAclV2RegionalTags
AWS > WAF > Web ACL v2 Regional > Usage
The Usage control determines whether the number of AWS WAF web acl v2 regional resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the AWS > WAF > Web ACL v2 Regional > Usage
policy, and set the limit with the AWS > WAF > Web ACL v2 Regional > Usage > Limit
policy.
tmod:@turbot/aws-waf#/control/types/webAclV2RegionalUsage