@turbot/azure-monitor
The azure-monitor mod contains resource, control and policy definitions for Azure Monitor service.
- Setting Policies Tutorial
- Mods Overview
- Policies Overview
- Resources Overview
- Common Policies and Controls
Recommended Version
Version
5.7.0
Released On
Feb 05, 2024
Depends On
@turbot/azure ^5.0.0
@turbot/azure-iam ^5.0.0
@turbot/azure-provider ^5.0.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.1.0
@turbot/azure-iam ^5.0.0
@turbot/azure-provider ^5.0.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.1.0
Resource Types
Control Types
- Azure > Monitor > Action Group > Active
- Azure > Monitor > Action Group > Approved
- Azure > Monitor > Action Group > CMDB
- Azure > Monitor > Action Group > Configured
- Azure > Monitor > Action Group > Discovery
- Azure > Monitor > Alerts > Active
- Azure > Monitor > Alerts > Approved
- Azure > Monitor > Alerts > CMDB
- Azure > Monitor > Alerts > Configured
- Azure > Monitor > Alerts > Discovery
- Azure > Monitor > Log Profile > Active
- Azure > Monitor > Log Profile > Approved
- Azure > Monitor > Log Profile > CMDB
- Azure > Monitor > Log Profile > Discovery
- Azure > Monitor > Stack
Policy Types
- Azure > Monitor > Action Group > Active
- Azure > Monitor > Action Group > Active > Age
- Azure > Monitor > Action Group > Active > Last Modified
- Azure > Monitor > Action Group > Approved
- Azure > Monitor > Action Group > Approved > Custom
- Azure > Monitor > Action Group > Approved > Usage
- Azure > Monitor > Action Group > CMDB
- Azure > Monitor > Action Group > Configured
- Azure > Monitor > Action Group > Configured > Claim Precedence
- Azure > Monitor > Action Group > Configured > Source
- Azure > Monitor > Alerts > Active
- Azure > Monitor > Alerts > Active > Age
- Azure > Monitor > Alerts > Active > Last Modified
- Azure > Monitor > Alerts > Approved
- Azure > Monitor > Alerts > Approved > Custom
- Azure > Monitor > Alerts > Approved > Usage
- Azure > Monitor > Alerts > CMDB
- Azure > Monitor > Alerts > Configured
- Azure > Monitor > Alerts > Configured > Precedence
- Azure > Monitor > Alerts > Configured > Source
- Azure > Monitor > Enabled
- Azure > Monitor > Log Profile > Active
- Azure > Monitor > Log Profile > Active > Age
- Azure > Monitor > Log Profile > Active > Last Modified
- Azure > Monitor > Log Profile > Approved
- Azure > Monitor > Log Profile > Approved > Custom
- Azure > Monitor > Log Profile > Approved > Usage
- Azure > Monitor > Log Profile > CMDB
- Azure > Monitor > Permissions
- Azure > Monitor > Permissions > Levels
- Azure > Monitor > Permissions > Levels > Modifiers
- Azure > Monitor > Stack
- Azure > Monitor > Stack > Secret Variables
- Azure > Monitor > Stack > Source
- Azure > Monitor > Stack > Terraform Version
- Azure > Monitor > Stack > Variables
- Azure > Turbot > Permissions > Compiled > Levels > @turbot/azure-monitor
- Azure > Turbot > Permissions > Compiled > Service Permissions > @turbot/azure-monitor
Release Notes
5.7.0 (2024-02-05)
What's new?
- Resource's metadata will now also include
createdBy
details in Turbot CMDB. - We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.6.0 (2022-11-10)
What's new?
- Users can now create their own custom checks against resource attributes in the Approved control using the
Approved > Custom
policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.
Bug fixes
- We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Policy Types
- Azure > Monitor > Action Group > Approved > Custom
- Azure > Monitor > Alerts > Approved > Custom
- Azure > Monitor > Log Profile > Approved > Custom
5.5.1 (2021-07-15)
Bug fixes
- We’ve made a few improvements in the GraphQL queries for various controls, policies, and actions. You won’t notice any difference, but things should run lighter and quicker than before.
5.5.0 (2021-03-25)
What's new?
- We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
5.4.2 (2021-01-22)
Bug fixes
- Controls run faster now when in the
tbd
andskipped
states thanks to the new Guardrails Precheck feature (not to be confused with TSA PreCheck). With Guardrails Precheck, controls avoid running GraphQL input queries when intbd
andskipped
, resulting in faster and lighter control runs.
5.4.1 (2020-11-03)
Bug fixes
- We've updated the Discovery controls for resources to now move to skipped instead of invalid if the provider is disabled in the subscription and the
Azure > Provider > {service} > Registered
policy is checking if the provider is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the provider.
5.4.0 (2020-10-22)
What's new?
- We've made improvements to how Approved controls interact with CMDB policies and controls for more reliable approved checks. Now, if a resource's CMDB policy is set to
Skip
, its Approved control will move toinvalid
to prevent the Approved control from making a decision based on outdated information. Also, Approved controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
5.3.1 (2020-10-07)
Bug fixes
Azure > Monitor > Alerts > Discovery
control would go into an error state if the Alert name had[]
(brackets). This issue has now been fixed.
5.3.0 (2020-09-27)
What's new?
- We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to
Skip
, its Active control will move toinvalid
to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
5.2.0 (2020-09-23)
Warning
- The
Azure > Monitor > Action Group > Configured
policy now includes the following new policy values:
These new values will replace the following current values, which have been deprecated and will be removed in the next major version:- Skip (unless claimed by a stack)- Check: Per Configured > Source (unless claimed by a stack)- Enforce: Per Configured > Source (unless claimed by a stack)
We recommend that you update your policy settings to use the new values, as these have replaced the deprecated values and are backwards compatible.- Skip if using Configured > Source- Check: Configured if using Configured > Source- Enforce: Configured if using Configured > Source
What's new?
- Discovery controls now have their own control category,
CMDB > Discovery
, to allow for easier filtering separately from other CMDB controls. - We've renamed the service's default regions policy from
Regions [Default]
toRegions
to be consistent with our other regions policies.
Policy Types
- Azure > Monitor > Stack > Terraform Version
Renamed
- Azure > Monitor > Action Group > Configured > Precedence to Azure > Monitor > Action Group > Configured > Claim Precedence
5.1.1 (2020-07-24)
Bug fixes
- When deleting inactive resources through an Active control, different warning periods in days can be set to delay deletion. We recently identified a bug that would cause these warning periods to be ignored, and any inactive resources would be deleted immediately. This bug has been fixed and now all Active controls will abide by the warning period set in the policy value.
5.1.0 (2020-07-13)
Control Types
- Azure > Monitor > Stack
Policy Types
- Azure > Monitor > Stack
- Azure > Monitor > Stack > Secret Variables
- Azure > Monitor > Stack > Source
- Azure > Monitor > Stack > Variables
5.0.4 (2020-06-03)
What's new?
- All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.
5.0.3 (2020-05-20)
Bug fixes
- Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.