In the cloud, control objectives and organizational policies can seem simple on the surface, but actual implementation can be a complex set of logic. This set of example configurations will guide users on how to think about control objectives and how Turbot can be used to effectively, efficiently, and safely implement them.
Many organizational requirements can be configured using existing policy settings without the need to query against resources.
- Approve specific RDS instance types and DB engines
- Ship S3 Access Logs to a custom bucket
- AWS AMI Management
Calculated policies can be thought about in a similar way to the more traditional control objectives. However, calculated policies allow users and administrators to define specific queries against resources to pull metadata, and can then use Nunjucks to create rules for evaluation.
Check out Turbot's 7 minute lab, Calculated Policies in 7 minutes for a simple example on using calculated policies to query an S3 bucket for tag metadata, then format the tags to match the defined template.