Control types for @turbot/azure

• Azure > Management Group > CMDB
• Azure > Management Group > Discovery
• Azure > Resource Group > CMDB
• Azure > Resource Group > Configured
• Azure > Resource Group > Discovery
• Azure > Resource Group > Stack
• Azure > Resource Group > Tags
• Azure > Subscription > CMDB
• Azure > Subscription > Discovery
• Azure > Subscription > Stack
• Azure > Tenant > CMDB
• Azure > Turbot
• Azure > Turbot > Event Handlers
• Azure > Turbot > Event Poller
• Azure > Turbot > Management Group Event Poller
• Azure > Turbot > Resource Group

Azure > Management Group > CMDB

Record and synchronize details for the Azure Azure management group into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Management Group > Discovery

Discover Azure Azure management groups and add them to Guardrails.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Azure > Resource Group > CMDB

Record and synchronize details for the Azure resource group into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Resource Group > Configured

Maintain Azure > Azure > Resource Group configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Resource Group > Discovery

Discover all Azure resource group resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Resource Group > Stack

Configure a custom stack on Azure, per the custom Stack > Source.

A Guardrails Stack is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured control.

Azure > Resource Group > Tags

Take an action when an Azure Azure resource group tags is not updated based on the Azure > Azure > Resource Group > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Azure > Resource Group > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Subscription > CMDB

Record and synchronize details for the Azure Subscription into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Subscription > Discovery

Discover Azure Azure subscriptions and add them to Guardrails.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Azure > Subscription > Stack

Configure a custom stack on Azure, per the custom Stack > Source.

A Guardrails Stack is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured control.

Azure > Tenant > CMDB

Azure > Turbot

Turbot control root.

Azure > Turbot > Event Handlers

Configure the set of resources in a Guardrails Stack per the Event Handlers &gt;<br />Source policy.

Guardrails Stacks are used to manage a set of resources via Terraform.
Stacks are responsible for the creation and deletion of multiple resources,
but once created, the resources are responsible for configuring themselves
with their Configured control, using the Source from the parent stack.

The Azure Event Handlers stack is responsible for configuring the resources
required for the Guardrails Event Handler, which attaches the Guardrails Router to
a cloud provider's audit trail. This is a pre-requisite for Guardrails to
process and respond to real-time events -- a core capability that allows
Guardrails to respond to changes on resources as they occur.

Azure > Turbot > Event Poller

The Guardrails Azure Poller control will query the Activity Log for relevant events on a schedule, and forward them to the router for processing.

Azure > Turbot > Management Group Event Poller

Poll Azure management group events to Guardrails.

Azure > Turbot > Resource Group

Configure the Guardrails Event Handler stack. This stack configures
the resourceGroup required for Guardrails real-time event routing.