Turbot Policies and Controls provide a flexible framework for auditing and enforcing configuration across hundreds of cloud services, networking, OS, and DB tiers. While this model is extensible, there are many guardrails that are common and consistent across resources.

Guardrail Description
Access Logging Monitor and enable access logging on various cloud resources.
Active Use a variety of criteria to determine if a cloud resource is Active, i.e. number of days the resource has existed, and take action (shutdown, delete, alarm, etc).
Approved Verify whether a particular resource is allowed to exist and take an appropriate action if not (shutdown, delete, alarm, etc).
Audit Logging Audit Logging configuration tools for cloud resources.
Budget A mechanism for tracking current spend against a planned target and taking appropriate action to control cost.
CMDB Responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.
Discovery Mechanism by which Turbot initially adds a resource to the CMDB.
Encryption at Rest A mechanism to manage data encryption at rest (i.e. AWS S3 Buckets).
Encryption in Transit A mechanism to manage data encryption in transit (i.e. AWS S3 Buckets).
Public Access Configure public access settings on cloud resources.
Scheduling Define schedules to control cloud resource usage.
Stacks/ Configured Manage resource configuration using Terraform.
Tagging Tagging of both Turbot resources, such as a folder, and Cloud Provider resources, such as an Azure Subscription or AWS EC2 instance.
Trusted Access Trusted Access allow you to define whom and what you trust and enforce those limitations on your cloud resources.
Usage Generate alarms if the number of resources in a specific service exceeds a set amount.

Standard Controls