Discovery control is tasked with identifying instances for a particular resource. If there are any resources that are not captured in the CMDB as part of the events that AWS triggers, Turbot will capture them through the Discovery controls.
A Discovery control is run on the parent resource (e.g. an AWS Region) to periodically search for new target resources (e.g. S3 Buckets) and save them to the Turbot CMDB.
Once discovered, the resource is then responsible for tracking changes to itself through the CMDB control.
AWS > SQS > Queuedefines a Control
AWS > SQS > Queue > Discoverywith a target Resource Type of
AWS > Region.
Discovery controls are enforced or skipped based on the associated CMDB policy.
AWS > S3 > Bucket > Discoverycontrol relies on the value of the
AWS > S3 > Bucket > CMDBpolicy for its configuration.
AWS > S3 > Bucket > CMDBmay be set to `Skip` or `Enforce: Enabled`
Discovery controls also use the
Region policy associated with the resource. If region is not in
Regions policy, the CMDB control should delete the resource from the CMDB (since we don’t want to capture any resources in that region, we should also cleanup).
AWS > S3 > Bucket > Discoverycontrol will search for S3 buckets in a the regions specified in
AWS > S3 > Bucket > Regions, and will add any buckets it finds to the CMDB as
AWS > S3 > Bucketresources.