CMDB Guardrails

Overview

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.

The Resource Type AWS > SQS > Queue defines a Control AWS > SQS > Queue > CMDB with a target Resource Type of AWS > SQS > Queue.

Policies to control CMDB

CMDB controls have an associated policy that allows them to be enforced or skipped. Note, however, that if CMDB is set to Skip for a resource, then it will not exist in the CMDB, and no controls that target it will run.

The AWS > S3 > Bucket > CMDB policy may be set to `Skip` or `Enforce: Enabled`

CMDB controls also use the Region policy associated with the resource. If region is not in Regions policy, the CMDB control should delete the resource from the CMDB (since we don’t want to capture any resources in that region, we should also cleanup).

The AWS > S3 > Bucket > CMDB will add/modify a resource in the CMDB if the resource is in region specified in AWS > S3 > Bucket > Regions, and delete it from the CMDB if it is not.