Control types for @turbot/aws
- AWS > Account > Budget > Budget
- AWS > Account > CMDB
- AWS > Account > Stack
- AWS > Region > Discovery
- AWS > Region > Stack
- AWS > Turbot
- AWS > Turbot > Audit Trail
- AWS > Turbot > Event Handlers
- AWS > Turbot > Event Handlers [Global]
- AWS > Turbot > Event Poller
- AWS > Turbot > Logging
- AWS > Turbot > Logging > Bucket
- AWS > Turbot > Service Roles
AWS > Account > Budget > Budget
Determine whether budget reporting is enabled for the AWS Account.
If enabled, the Budget control will gather cost data
from the cloud provider, and will alarm if the
Budget > State reaches the configured threshold.
tmod:@turbot/aws#/control/types/budget
AWS > Account > CMDB
Record and synchronize details for the AWS account into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
AWS > Account > Stack
Configure a custom stack on AWS, per the custom Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/aws#/control/types/accountStack
AWS > Region > Discovery
Discover Regions and add them to Guardrails.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB.
Note: The Discovery control also uses the Regions policy associated with
the resource. If the region is not in AWS > Account > Regions
policy, the
Discovery control will delete the region from the CMDB.
Status:
- Enabled
- If the region is in the policy and enabled in AWS
- Disabled
- If the region is in the policy and disabled in AWS
- Skipped
- If the region is not in the policy and enabled in AWS
tmod:@turbot/aws#/control/types/regionDiscovery
AWS > Region > Stack
Configure a custom stack on AWS, per the custom Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/aws#/control/types/regionStack
AWS > Turbot
Turbot control root.
AWS > Turbot > Audit Trail
Configure the Guardrails Audit Trail stack.
This stack configures an AWS CloudTrail which can log, continuously monitor,
and record account activity.
tmod:@turbot/aws#/control/types/auditTrail
AWS > Turbot > Event Handlers
Configure the set of resources in a Guardrails Stack per the Event Handlers ><br />Source
policy.
Guardrails Stacks are used to manage a set of resources via Terraform.
Stacks are responsible for the creation and deletion of multiple resources,
but once created, the resources are responsible for configuring themselves
with their Configured
control, using the Source from the parent stack.
The AWS Event Handlers stack is responsible for configuring the resources
required for the Guardrails Event Handler, which attaches the Guardrails Router to
a cloud provider's audit trail. This is a pre-requisite for Guardrails to
process and respond to real-time events -- a core capability that allows
Guardrails to respond to changes on resources as they occur.
tmod:@turbot/aws#/control/types/eventHandlers
AWS > Turbot > Event Handlers [Global]
Configure the set of resources in a Guardrails Stack per the Event Handlers [Global] ><br />Source
policy.
Guardrails Stacks are used to manage a set of resources via Terraform.
Stacks are responsible for the creation and deletion of multiple resources,
but once created, the resources are responsible for configuring themselves
with their Configured
control, using the Source from the parent stack.
This stack is responsible for configuring the resources
required for the Event Handlers [Global], which attaches the Guardrails Router to
a cloud provider's audit trail. This is a pre-requisite for Guardrails to
process and respond to real-time events -- a core capability that allows
Guardrails to respond to changes on resources as they occur.
tmod:@turbot/aws#/control/types/eventHandlersGlobal
AWS > Turbot > Event Poller
The Guardrails AWS Poller control will query CloudTrail for relevant events on a schedule, and forward them to the router for processing.
tmod:@turbot/aws#/control/types/accountEventPoller
AWS > Turbot > Logging
Logging control root.
AWS > Turbot > Logging > Bucket
Configure the Guardrails Logging Bucket stack.
This stack configures an AWS S3 Bucket for use as a destination
for logs from other AWS services.
tmod:@turbot/aws#/control/types/loggingBucket
AWS > Turbot > Service Roles
Configure a custom stack on the AWS Account, per the Custom Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/aws#/control/types/serviceRolesStack