Turbot Mods Release Notes

For more mod release information as well as policy, control, and resource info, head over to the Mods page. This list is a compilation of mod releases dating back 6 months.

azure-storage 5.10.0 (2021-08-06)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • Previously, if the Azure > Storage > Storage Account > CMDB control was in an error state, we'd still try and run the Azure > Storage > Queue > Discovery control to discover queues under the storage account, which resulted in an error. The Azure > Storage > Queue > Discovery control now will be dependent on the Azure > Storage > Storage Account > CMDB control and will try and discover queues only if the parent storage account's CMDB control is not in an error state.
  • We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

Control Types - Added

  • Azure > Storage > Storage Account > Minimum TLS Version

Policy Types - Added

  • Azure > Storage > Storage Account > Minimum TLS Version

Action Types - Added

  • Azure > Storage > Storage Account > Set Minimum TLS Version

aws-appstream 5.2.0 (2021-08-05)

What's new? We have introduced a number of new resource types, control types, policy types, and action types that is too long to list. Find the list of new additions on the aws-appstream mod version page.

gcp-kms 5.6.0 (2021-08-05)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-rds 5.17.0 (2021-08-04)

Control Types - Added

  • AWS > RDS > DB Cluster > Copy Tags to Snapshot
  • AWS > RDS > DB Cluster > Deletion Protection
  • AWS > RDS > DB Instance > Auto Minor Version Upgrade
  • AWS > RDS > DB Instance > Copy Tags to Snapshot
  • AWS > RDS > DB Instance > Deletion Protection
  • AWS > RDS > DB Instance > Multi-AZ

Policy Types - Added

  • AWS > RDS > DB Cluster > Copy Tags to Snapshot
  • AWS > RDS > DB Cluster > Deletion Protection
  • AWS > RDS > DB Instance > Auto Minor Version Upgrade
  • AWS > RDS > DB Instance > Copy Tags to Snapshot
  • AWS > RDS > DB Instance > Deletion Protection
  • AWS > RDS > DB Instance > Multi-AZ

Action Types - Added

  • AWS > RDS > DB Cluster > Update Copy Tags to Snapshot
  • AWS > RDS > DB Cluster > Update Deletion Protection
  • AWS > RDS > DB Instance > Update Auto Minor Version Upgrade
  • AWS > RDS > DB Instance > Update Copy Tags to Snapshot
  • AWS > RDS > DB Instance > Update Deletion Protection
  • AWS > RDS > DB Instance > Update Multi-AZ

gcp-sql 5.5.0 (2021-08-02)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

gcp-storage 5.7.0 (2021-07-30)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

gcp-iam 5.8.0 (2021-07-29)

What's new?

  • The GCP > Turbot > Permissions > Terraform Version policy will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

gcp 5.16.0 (2021-07-29)

What's new?

  • The GCP > Turbot > Event Handlers > Logging > Terraform Version and GCP > Turbot > Event Handlers > Pub/Sub > Terraform Version policies will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

aws-rds 5.16.1 (2021-07-28)

Bug fixes

  • The DB Instance CMDB data did not update automatically after listening to the rds:ModifyDBInstance event. This is now fixed.

aws-iam 5.18.0 (2021-07-28)

What's new?

  • The AWS > Turbot > Permissions > Terraform Version policy will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

aws-kms 5.10.0 (2021-07-28)

What's new?

  • The AWS > Turbot > Encryption > Terraform Version policy will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

aws 5.18.0 (2021-07-28)

What's new?

  • For workspaces on TE v5.37.7 or higher, the Terraform Version policy for various Turbot managed stack controls will now be set to 0.15.* by default. For workspaces on TE versions lower than 5.37.7, those policies will remain set to 0.11.* by default.

Bug fixes

  • The AWS > Turbot > Event Handlers control went into an error state if configured for ap-northeast-3 (Osaka) region. This is now fixed.

turbot-iam 5.9.5 (2021-07-26)

What's new?

  • We've made a few improvements in the GraphQL queries for Turbot > IAM > Permissions > Compiled > Levels. You won't notice any difference, but things should run lighter and quicker than before.

azure-postgresql 5.8.0 (2021-07-23)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-iam 5.17.0 (2021-07-23)

Policy Types - Added

  • AWS > Turbot > Permissions > Role > Session Timeout
  • AWS > Turbot > Permissions > User > Access Keys Enabled
  • AWS > Turbot > Permissions > User > Session Timeout

aws 5.17.0 (2021-07-22)

Policy Types - Added

  • AWS > Account > Turbot IAM Role > Assume Role Timeout

aws-backup 5.6.0 (2021-07-22)

Resource Types - Added

  • AWS > Backup > Region Settings

Control Types - Added

  • AWS > Backup > Region Settings > CMDB
  • AWS > Backup > Region Settings > Discovery
  • AWS > Backup > Region Settings > Service Opt-In

Policy Types - Added

  • AWS > Backup > Region Settings > CMDB
  • AWS > Backup > Region Settings > Regions
  • AWS > Backup > Region Settings > Service Opt-In
  • AWS > Backup > Region Settings > Service Opt-In > Resources

Action Types - Added

  • AWS > Backup > Region Settings > Router
  • AWS > Backup > Region Settings > Update Service Opt-In

gcp-network 5.9.1 (2021-07-22)

Bug fixes

  • The GCP > Network > Subnetwork > CMDB control would remain in TBD state because of incorrect precheck dependencies. This is fixed and now the control will work as expected.

aws-ec2 5.25.0 (2021-07-22)

What's new?

  • AWS/EC2 permission levels now include autoscaling plans, autoscaling instance refresh and public Ipv4 Pool permissions.

aws-sqs 5.10.1 (2021-07-22)

Bug fixes

  • The AWS > SQS > Queue > Policy > Trusted Access control would go into an error state if the policy statement did not contain Principal. This is now fixed.

aws-vpc-internet 5.8.0 (2021-07-22)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-iam 5.16.0 (2021-07-22)

What's new?

  • AWS/IAM/Metadata now includes cost explorer permissions.

Bug fixes

  • The AWS > IAM > Role > Policy > Trusted Access control incorrectly evaluated a policy statement if the statement's Principal was a Federated user and the AWS > IAM > Role > Policy > Trusted Access > Identity Providers policy was set to *. This is now fixed.

    The trusted access control also didn't evaluate a policy statement as expected if the statement included an empty Condition. This is also fixed.

aws-route53 6.2.0 (2021-07-21)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

azure-activedirectory 5.2.1 (2021-07-21)

Bug fixes

  • The Azure > Active Directory > User > Discovery control would fail to upsert more than 100 users in a directory due to a lack of paging support. This is now fixed.

azure-network 5.7.0 (2021-07-20)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-rds 5.16.0 (2021-07-20)

What's new?

  • AWS/RDS/Admin and AWS/RDS/Metadata now includes DBQMS permissions for favorite query and query history and RDS-Data permissions to execute SQL statements.

aws-s3 5.11.0 (2021-07-20)

What's new?

  • AWS/S3 permission levels now include Job, Object Lock Config, Public Access Block and Replicate related permissions.

aws-vpc-security 5.6.0 (2021-07-20)

What's new?

  • We've added support for ec2:ModifySecurityGroupRules event and the AWS > VPC > Security Group > CMDB and AWS > VPC > Security Group Rule > CMDB controls will now be updated automatically if an ec2:ModifySecurityGroupRules event is raised in Turbot.
  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-vpc-core 5.12.0 (2021-07-20)

What's new?

  • AWS/VPC/Admin now includes traffic mirror filter permissions.
  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-cloudwatch 5.4.0 (2021-07-19)

What's new?

  • AWS/Cloudwatch/Metadata now includes get metric widget image permissions.

Control Types - Added

  • AWS > CloudWatch > Stack

Policy Types - Added

  • AWS > CloudWatch > Stack
  • AWS > CloudWatch > Stack > Secret Variables
  • AWS > CloudWatch > Stack > Source
  • AWS > CloudWatch > Stack > Terraform Version
  • AWS > CloudWatch > Stack > Variables

aws-cloudformation 5.9.0 (2021-07-19)

What's new?

  • AWS/CloudFormation/Metadata now includes template validation permissions.
  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-dynamodb 5.5.0 (2021-07-16)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-sqs 5.10.0 (2021-07-16)

Control Types - Added

  • AWS > SQS > Queue > Configured
  • AWS > SQS > Stack

Policy Types - Added

  • AWS > SQS > Queue > Configured
  • AWS > SQS > Queue > Configured > Claim Precedence
  • AWS > SQS > Queue > Configured > Source
  • AWS > SQS > Stack
  • AWS > SQS > Stack > Secret Variables
  • AWS > SQS > Stack > Source
  • AWS > SQS > Stack > Terraform Version
  • AWS > SQS > Stack > Variables

azure-frontdoorservice 5.6.0 (2021-07-16)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-vpc-connect 5.6.0 (2021-07-15)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

azure-monitor 5.5.1 (2021-07-15)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-redshift 5.14.0 (2021-07-14)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

azure-iam 5.7.0 (2021-07-14)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.
  • The Azure > Turbot > IAM control will now use the Azure > Turbot > Permissions > Terraform Version policy instead of Turbot > Stack Terraform Version [Default] policy to configure resources. The Azure > Turbot > Permissions > Terraform Version policy is read-only as it's managed by Turbot and by default set to 0.15.* for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will be set to 0.11.* by default.

Policy Types - Added

  • Azure > Turbot > Permissions > Terraform Version

aws-ssm 5.9.0 (2021-07-14)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-qldb 5.2.0 (2021-07-13)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-stepfunctions 5.4.0 (2021-07-12)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-kinesis 5.6.0 (2021-07-12)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-secretsmanager 5.4.0 (2021-07-12)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-codestar 5.1.1 (2021-07-12)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-codedeploy 5.1.1 (2021-07-12)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-dms 5.4.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-acm 5.6.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-kms 5.9.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • Keys deleted after their scheduled deletion period were not cleaned up automatically in Turbot. This is now fixed.

    The AWS > KMS > Key > Rotation control will now be skipped for keys in PendingDeletion state.

aws-rds 5.15.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-glue 5.4.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-config 5.7.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-amplify 5.3.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-s3 5.10.0 (2021-07-09)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-sns 5.8.0 (2021-07-08)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-sqs 5.9.0 (2021-07-08)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-swf 5.3.0 (2021-07-08)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-elasticsearch 5.4.0 (2021-07-08)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-cloudwatch 5.3.0 (2021-07-08)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-iam 5.15.0 (2021-07-08)

What's new?

  • In a previous version, we added the ability to delete and stop tracking changes to group inline policies and group policy attachments in Turbot CMDB. We've now added this ability across all IAM resource types to help you manage IAM resources better.
  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-ec2 5.24.0 (2021-07-08)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-appmesh 5.3.0 (2021-07-07)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-ecr 5.7.0 (2021-07-07)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-iam 5.14.0 (2021-07-06)

What's new?

  • Users can now delete and stop tracking changes to group inline policies and group policy attachments in Turbot CMDB by setting the AWS > IAM > Group > Inline Policy > CMDB and AWS > IAM > Group > Group Policy Attachments > CMDB policies to Enforce: Disabled respectively.
  • The AWS > Turbot > IAM control will now use the AWS > Turbot > Permissions > Terraform Version policy instead of Turbot > Stack Terraform Version [Default] policy to configure resources. The AWS > Turbot > Permissions > Terraform Version policy is read-only and by default set to 0.11.* as it's managed by Turbot.
  • We've updated the AWS > Turbot > Permissions > Source policy to be read-only as it's managed by Turbot.

Policy Types - Added

  • AWS > Turbot > Permissions > Terraform Version

aws-cloudwatch 5.2.0 (2021-07-02)

What's new?

  • AWS/CloudWatch/Operator now includes synthetic monitoring permissions.

Bug fixes

  • The AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-cloudwatch policy no longer includes aws.tagging as an event source. This event source was unnecessary as CloudWatch has its own tagging events, which are captured through the aws.monitoring event source. Removal of the aws.tagging event source will greatly reduce the number of unnecessary tagging events that Turbot listens for and handles today.

aws-stepfunctions 5.3.0 (2021-07-02)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • The AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-stepfunctions policy no longer includes aws.tagging as an event source. This event source was unnecessary as Step Functions has its own tagging events, which are captured through the aws.states event source. Removal of the aws.tagging event source will greatly reduce the number of unnecessary tagging events that Turbot listens for and handles today.

aws-swf 5.2.0 (2021-07-02)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've fixed tagging event handling for domains and we will now listen for swf:TagResource and swf:UntagResource events instead of tagging:TagResources and tagging:UntagResources events respectively. The AWS > SWF > Domain > Tags control will continue to work consistently as expected.
  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-glue 5.3.0 (2021-07-01)

What's new?

  • We've added new policies, controls, and action types targeting the following AWS Glue resource types:

    • AWS > Glue > Development Endpoint
    • AWS > Glue > ML Transform
    • AWS > Glue > Table
    • AWS > Glue > Workflow

    Find specifics on the aws-glue mod versions page.

aws-computeoptimizer 5.0.0 (2021-06-30)

Resource Types - Added

  • AWS > Compute Optimizer

Policy Types - Added

  • AWS > Compute Optimizer > API Enabled
  • AWS > Compute Optimizer > Approved Regions [Default]
  • AWS > Compute Optimizer > Enabled
  • AWS > Compute Optimizer > Permissions
  • AWS > Compute Optimizer > Permissions > Levels
  • AWS > Compute Optimizer > Permissions > Levels > Modifiers
  • AWS > Compute Optimizer > Permissions > Lockdown
  • AWS > Compute Optimizer > Permissions > Lockdown > API Boundary
  • AWS > Compute Optimizer > Regions
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-computeoptimizer
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-computeoptimizer
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-computeoptimizer

gcp-bigtable 5.5.0 (2021-06-29)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-rds 5.14.0 (2021-06-28)

Control Types - Added

  • AWS > RDS > DB Cluster > Backup Retention Period
  • AWS > RDS > DB Instance > Backup Retention Period

Policy Types - Added

  • AWS > RDS > DB Cluster > Backup Retention Period
  • AWS > RDS > DB Cluster > Backup Retention Period > Days
  • AWS > RDS > DB Instance > Backup Retention Period
  • AWS > RDS > DB Instance > Backup Retention Period > Days

Action Types - Added

  • AWS > RDS > DB Cluster > Update Backup Retention Period
  • AWS > RDS > DB Instance > Update Backup Retention Period

aws-elasticache 5.5.0 (2021-06-25)

What's new?

  • AWS/ElastiCache/Admin now includes batch update permissions.

aws-guardduty 5.5.0 (2021-06-25)

What's new?

  • AWS/GuardDuty/Admin now includes publishing destination permissions.

aws-iam 5.13.0 (2021-06-25)

What's new?

  • AWS/IAM/Owner now includes service specific credential and SAML provider permissions.

    AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-iam policy now includes access-analyzer:*.

aws-redshift 5.13.0 (2021-06-25)

Control Types - Added

  • AWS > Redshift > Cluster > Backup Retention Period

Policy Types - Added

  • AWS > Redshift > Cluster > Backup Retention Period
  • AWS > Redshift > Cluster > Backup Retention Period > Days

Action Types - Added

  • AWS > Redshift > Cluster > Update Backup Retention Period

aws-signer 5.0.0 (2021-06-25)

Resource Types - Added

  • AWS > Signer

Policy Types - Added

  • AWS > Signer > API Enabled
  • AWS > Signer > Approved Regions [Default]
  • AWS > Signer > Enabled
  • AWS > Signer > Permissions
  • AWS > Signer > Permissions > Levels
  • AWS > Signer > Permissions > Levels > Modifiers
  • AWS > Signer > Permissions > Lockdown
  • AWS > Signer > Permissions > Lockdown > API Boundary
  • AWS > Signer > Regions
  • AWS > Signer > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-signer
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-signer
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-signer

aws-cloudshell 5.0.0 (2021-06-25)

Resource Types - Added

  • AWS > CloudShell

Policy Types - Added

  • AWS > CloudShell > API Enabled
  • AWS > CloudShell > Approved Regions [Default]
  • AWS > CloudShell > Enabled
  • AWS > CloudShell > Permissions
  • AWS > CloudShell > Permissions > Levels
  • AWS > CloudShell > Permissions > Levels > Modifiers
  • AWS > CloudShell > Permissions > Lockdown
  • AWS > CloudShell > Permissions > Lockdown > API Boundary
  • AWS > CloudShell > Regions
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-cloudshell
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-cloudshell
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-cloudshell

aws-appconfig 5.0.0 (2021-06-25)

Resource Types - Added

  • AWS > AppConfig

Policy Types - Added

  • AWS > AppConfig > API Enabled
  • AWS > AppConfig > Approved Regions [Default]
  • AWS > AppConfig > Enabled
  • AWS > AppConfig > Permissions
  • AWS > AppConfig > Permissions > Levels
  • AWS > AppConfig > Permissions > Levels > Modifiers
  • AWS > AppConfig > Permissions > Lockdown
  • AWS > AppConfig > Permissions > Lockdown > API Boundary
  • AWS > AppConfig > Regions
  • AWS > AppConfig > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-appconfig
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-appconfig
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-appconfig

aws-directoryservice 5.3.0 (2021-06-24)

What's new?

  • AWS/Directory Service/Admin now includes certificate, identity pool directory, and LDAPS permissions.

aws-amplify 5.2.0 (2021-06-24)

What's new?

  • AWS/Amplify/Admin now includes backend environment permissions.

aws-quicksight 5.1.0 (2021-06-24)

What's new?

  • AWS/QuickSight/Metadata now includes ec2:DescribeSubnets and ec2:DescribeVpcs permissions.

aws-batch 5.1.0 (2021-06-24)

What's new?

  • AWS/QuickSight/Metadata now includes ec2:DescribeSubnets and ec2:DescribeVpcs permissions.

aws-batch 5.3.0 (2021-06-24)

What's new?

  • AWS/Batch/Operator now includes tagging permissions.

aws-events 5.5.0 (2021-06-24)

What's new?

  • AWS/Events/Admin now includes event source, partner event source, and event bus permissions.

    AWS/Events/Operator now includes put partner events permissions.

aws-s3 5.9.0 (2021-06-24)

What's new?

  • AWS/S3/Admin now includes storage lens management permissions.

aws-ssm 5.8.0 (2021-06-24)

What's new?

  • AWS/SSM/Admin now includes ops item, service setting, and session permissions.

aws-cloudformation 5.8.0 (2021-06-24)

What's new?

  • AWS/CloudFormation/Admin now includes record handler progress and type permissions.

aws-backup 5.5.0 (2021-06-24)

What's new?

  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-backup policy now includes backup-storage:* permissions.

aws-ecs 5.3.0 (2021-06-24)

What's new?

  • AWS/ECS/Admin now includes ecs:ExecuteCommand.

aws-rds 5.13.0 (2021-06-24)

What's new?

  • AWS/RDS/Admin now includes global cluster, activity stream, RDS data, and performance insights permissions.

    AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-rds policy now includes pi:*, rds-data:*, and rds-db:*.

aws-vpc-core 5.11.0 (2021-06-23)

What's new?

  • AWS/VPC/Admin now includes client VPN, network insights, traffic mirror filter, transit gateway, and VPC reachability analyzer permissions.

aws-ec2 5.23.0 (2021-06-23)

What's new?

  • AWS/EC2/Admin now includes capacity reservation, fleet permissions, and elastic inference permissions.

    AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-ec2 policy now includes elastic-inference:* and tiros:*.

aws-glue 5.2.0 (2021-06-23)

What's new?

  • We have added a large number of new resource, control, and policy types with this release. Find the list on the aws-glue mod versions page.

aws-kinesis 5.5.1 (2021-06-23)

Bug fixes

  • We've made improvements to GraphQL queries in the AWS > Kinesis > Stream > Encryption at Rest control. You won't notice any difference, but the control should run lighter and quicker than before.

aws-ecr 5.6.0 (2021-06-23)

Control Types - Added

  • AWS > ECR > Repository > Scan on Push

Policy Types - Added

  • AWS > ECR > Repository > Scan on Push

Action Types - Added

  • AWS > ECR > Repository > Update Scan on Push

aws-config 5.6.0 (2021-06-22)

What's new?

  • AWS/Config/Admin now includes conformance pack, organization config rule, and remediation permissions.

Bug fixes

  • We've made improvements to GraphQL queries in the AWS > Config > Configuration Recording > Source policy. You won't notice any difference, but the policy should run lighter and quicker than before.

aws-ec2 5.22.0 (2021-06-21)

Resource Types - Added

  • AWS > EC2 > Account Attributes

Control Types - Added

  • AWS > EC2 > Account Attributes > CMDB
  • AWS > EC2 > Account Attributes > Discovery
  • AWS > EC2 > Account Attributes > EBS Encryption by Default

Policy Types - Added

  • AWS > EC2 > Account Attributes > CMDB
  • AWS > EC2 > Account Attributes > EBS Encryption by Default
  • AWS > EC2 > Account Attributes > EBS Encryption by Default > Customer Managed Key
  • AWS > EC2 > Account Attributes > Regions

Action Types - Added

  • AWS > EC2 > Account Attributes > Router
  • AWS > EC2 > Account Attributes > Update EBS Encryption by Default

turbot 5.34.2 (2021-06-21)

Policy Types

  • Updated: Turbot > Stack Ansible Version [Default] default value to accept any 2.* version.

aws-iam 5.12.0 (2021-06-18)

What's new?

  • IAM user mode is now available to use for permission management in AWS accounts. User mode is another way to manage permissions in an AWS account, with role mode being the primary way today. Instead of using IAM roles, user mode uses IAM users and groups to grant users access to AWS accounts.
  • We recommend using role mode unless you have a specific requirement to use IAM users and groups.
  • To get started with user mode, set the policy AWS > Turbot > Permissions to Enforce: User Mode.

Control Types - Added

  • AWS > IAM > User > Turbot Access Key
  • AWS > IAM > User > Turbot Access Key > Rotation

Policy Types - Added

  • AWS > IAM > User > Turbot Access Key
  • AWS > IAM > User > Turbot Access Key > Rotation
  • AWS > IAM > User > Turbot Secret Access Key
  • AWS > Turbot > Permissions > User Boundary

Removed

  • AWS > Turbot > Permissions > User > Name Prefix

Action Types - Added

  • AWS > IAM > User > Create or Rotate Turbot Access Key

aws-backup 5.4.0 (2021-06-17)

Control Types - Added

  • AWS > Backup > Stack

Policy Types - Added

  • AWS > Backup > Stack
  • AWS > Backup > Stack > Secret Variables
  • AWS > Backup > Stack > Source
  • AWS > Backup > Stack > Terraform Version
  • AWS > Backup > Stack > Variables

gcp-network 5.9.0 (2021-06-16)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws 5.16.1 (2021-06-15)

Bug fixes

  • We've improved the way we handle duplicate events fetched via the AWS > Turbot > Event Poller control. You won't notice any difference, but the control should run lighter than before.
  • Please note that this improvement will only be enabled for workspaces on TE v5.37.5 or higher.

azure-synapseanalytics 5.5.0 (2021-06-14)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-sagemaker 5.6.0 (2021-06-11)

Resource Types - Added

  • AWS > SageMaker > Notebook Instance

Control Types - Added

  • AWS > SageMaker > Notebook Instance > Active
  • AWS > SageMaker > Notebook Instance > Approved
  • AWS > SageMaker > Notebook Instance > CMDB
  • AWS > SageMaker > Notebook Instance > Discovery
  • AWS > SageMaker > Notebook Instance > Tags
  • AWS > SageMaker > Notebook Instance > Usage

Policy Types - Added

  • AWS > SageMaker > Notebook Instance > Active
  • AWS > SageMaker > Notebook Instance > Active > Age
  • AWS > SageMaker > Notebook Instance > Active > Budget
  • AWS > SageMaker > Notebook Instance > Active > Last Modified
  • AWS > SageMaker > Notebook Instance > Approved
  • AWS > SageMaker > Notebook Instance > Approved > Budget
  • AWS > SageMaker > Notebook Instance > Approved > Regions
  • AWS > SageMaker > Notebook Instance > Approved > Usage
  • AWS > SageMaker > Notebook Instance > CMDB
  • AWS > SageMaker > Notebook Instance > Regions
  • AWS > SageMaker > Notebook Instance > Tags
  • AWS > SageMaker > Notebook Instance > Tags > Template
  • AWS > SageMaker > Notebook Instance > Usage
  • AWS > SageMaker > Notebook Instance > Usage > Limit

Action Types - Added

  • AWS > SageMaker > Notebook Instance > Delete
  • AWS > SageMaker > Notebook Instance > Router
  • AWS > SageMaker > Notebook Instance > Stop
  • AWS > SageMaker > Notebook Instance > Update Tags

aws 5.16.0 (2021-06-11)

What's new?

  • Users can now define a list of events to filter out while polling for events using the AWS > Turbot > Event Poller. To get started, set the AWS > Turbot > Event Poller > Excluded Events policy.

Policy Types - Added

  • AWS > Turbot > Event Poller > Excluded Events

aws-ecs 5.2.1 (2021-06-11)

Bug fixes

  • Container Instances terminated via Auto Scaling were not cleaned up automatically in Turbot. This is now fixed.

aws-wellarchitected-framework 5.0.1 (2021-06-10)

Bug fixes

  • The AWS Well-Architected Framework controls would incorrectly move to an Alarm state if the controls' policy was set to Check: Choices based on sub policies or Enforce: Choices based on sub policies and all the sub-policies for choices were set to Skip. This is fixed and the controls will now move to an Invalid state for such cases.

azure-cisv1 5.1.6 (2021-06-08)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-iam 5.11.3 (2021-06-07)

Bug fixes

  • The ResponseMetadata.RequestId property for AWS > IAM > User has now been made dynamic to avoid unnecessary notifications in the activity tab.

aws-ssm 5.7.2 (2021-06-07)

Bug fixes

  • The AWS > SSM > Document > CMDB control will now also fetch the document's permission details and store them in CMDB.

aws-ecr 5.5.0 (2021-06-07)

Policy Types - Added

  • AWS > ECR > Repository > Approved > Encryption at Rest
  • AWS > ECR > Repository > Approved > Encryption at Rest > Customer Managed Key

aws-billing 5.0.1 (2021-06-03)

Bug fixes

  • AWS/Billing/Owner now includes budget permissions, which allows you to set custom budgets to track your cost and usage and setup alerts.

aws-datapipeline 5.2.0 (2021-06-03)

Resource Types - Added

  • AWS > Data Pipeline > Pipeline

Control Types - Added

  • AWS > Data Pipeline > Pipeline > Active
  • AWS > Data Pipeline > Pipeline > Approved
  • AWS > Data Pipeline > Pipeline > CMDB
  • AWS > Data Pipeline > Pipeline > Discovery
  • AWS > Data Pipeline > Pipeline > Tags

Policy Types - Added

  • AWS > Data Pipeline > Pipeline > Active
  • AWS > Data Pipeline > Pipeline > Active > Age
  • AWS > Data Pipeline > Pipeline > Active > Last Modified
  • AWS > Data Pipeline > Pipeline > Approved
  • AWS > Data Pipeline > Pipeline > Approved > Regions
  • AWS > Data Pipeline > Pipeline > Approved > Usage
  • AWS > Data Pipeline > Pipeline > CMDB
  • AWS > Data Pipeline > Pipeline > Regions
  • AWS > Data Pipeline > Pipeline > Tags
  • AWS > Data Pipeline > Pipeline > Tags > Template
  • AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-datapipeline

Action Types - Added

  • AWS > Data Pipeline > Pipeline > Delete
  • AWS > Data Pipeline > Pipeline > Router
  • AWS > Data Pipeline > Pipeline > Update Tags

aws 5.15.3 (2021-06-02)

Control Types - Removed

  • AWS > Account > Resource AKA Cleanup

Policy Types - Removed

  • AWS > Account > Resource AKA Cleanup

azure-compute 5.9.0 (2021-06-02)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-wellarchitected-framework 5.0.0 (2012-06-01)

What's new?

  • This mod release includes over 300 new policies and over 50 new controls defining AWS Well Architected Framework objectives. Refer to the aws-wellarchitected-framework version page for more details on the controls and policies added.

aws-wellarchitected 5.5.0 (2021-06-01)

Bug fixes

  • AWS > Well-Architected Tool > Workload > Discovery control will no longer upsert workloads into our CMDB if they are shared from a different account.

Resource Types - Added

  • AWS > Well-Architected Tool > AWS Well-Architected Framework

Control Types - Added

  • AWS > Well-Architected Tool > AWS Well-Architected Framework > CMDB
  • AWS > Well-Architected Tool > AWS Well-Architected Framework > Discovery

Policy Types - Added

  • AWS > Well-Architected Tool > AWS Well-Architected Framework > CMDB

Action Types - Added

  • AWS > Well-Architected Tool > AWS Well-Architected Framework > Update Answer

azure-mysql 5.5.0 (2021-05-31)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-vpc-connect 5.5.1 (2021-05-25)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws 5.15.2 (2021-05-25)

Bug fixes

  • We've updated the description for AWS > Turbot > Audit Trail > CloudTrail > Trail > Name Prefix policy to indicate that the policy will be ignored when the AWS > Turbot > Audit Trail > CloudTrail > Trail > Name policy has a policy setting defined explicitly.
  • The AWS > Account > CMDB control would go into an error state if Turbot had insufficient permissions to fetch the account's organization details. This is fixed and the control will now work as expected.

firehose-aws-sns 1.1.1 (2021-05-24)

Policy Types - Updated

  • Resource Created, Resource Updated, Resource Deleted and Control Updated templates.

turbot 5.34.1 (2021-05-24)

Policy Types - Updated

  • Minimum value for Turbot > Workspace > Policy Values History Cleanup Batch Size decreased to 0.

aws-ec2 5.2.0 (2021-05-24)

Resource Types - Added

  • AWS > ECS > Service

Control Types - Added

  • AWS > ECS > Service > Active
  • AWS > ECS > Service > Approved
  • AWS > ECS > Service > CMDB
  • AWS > ECS > Service > Discovery
  • AWS > ECS > Service > Tags

Policy Types - Added

  • AWS > ECS > Service > Active
  • AWS > ECS > Service > Active > Age
  • AWS > ECS > Service > Active > Last Modified
  • AWS > ECS > Service > Approved
  • AWS > ECS > Service > Approved > Regions
  • AWS > ECS > Service > Approved > Usage
  • AWS > ECS > Service > CMDB
  • AWS > ECS > Service > Regions
  • AWS > ECS > Service > Tags
  • AWS > ECS > Service > Tags > Template

Action Types - Added

  • AWS > ECS > Service > Delete
  • AWS > ECS > Service > Router
  • AWS > ECS > Service > Update Tags

aws-vpc-security 5.5.1 (2021-05-21)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-vpc-core 5.10.1 (2021-05-21)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

gcp-kms 5.5.1 (2021-05-20)

Bug fixes

  • The GCP > KMS > Crypto Key > Discovery control would incorrectly go into a skipped state by default for the global region. This is now fixed.

aws-shield 5.1.3 (2021-05-20)

Bug fixes

  • The AWS > Shield > Protection > CMDB control would go into an error state for protections configured in regions other than Virginia (us-east-1). This is now fixed.

aws-ec2 5.21.6 (2021-05-18)

Bug fixes

  • We've improved our retry mechanism for throttling errors on API calls to be more efficient. You won't notice any difference, but things should run better than before.

aws-dynamodb 5.4.5 (2021-05-18)

Bug fixes

  • We've updated the AWS > DynamoDB > Permissions > Lockdown > Table Approved Regions policy's default value to be [*]. This will allow the policy to run much lighter and faster than before.

    We recommend that users include the approved regions from all AWS > DynamoDB > Table > Approved > Regions policy settings in their respective lockdown policies to ensure that these lockdown policies do not restrict any approved regions for tables.

aws-iam 5.11.2 (2021-05-17)

Bug fixes

  • The AWS > IAM > Credential Report > CMDB control sometimes wouldn't run at a six-hour interval on a consistent basis. This is now fixed.

turbot-iam v5.9.4 (2021-05-17)

What's new?

Remove the reference of awsFingerprint from resource type Turbot > IAM > SSH Key.

aws-ec2 5.21.5 (2021-05-13)

Bug fixes

  • We've updated the AWS > EC2 > Permissions > Lockdown > Instance Types and AWS > EC2 > Permissions > Lockdown > Volume Types policies' default values to be [*]. This will allow these policies to run much lighter and faster than before.

    We recommend that users include instance types from all AWS > EC2 > Instance > Approved > Instance Types policy settings and volume types from all AWS > EC2 > Volume > Approved > Volume Types policy settings in their respective lockdown policies to ensure that these lockdown policies do not restrict any approved instance or volume types.

aws-kms 5.8.1 (2021-05-13)

Bug fixes

  • We've updated the EventBridge rule for KMS to filter out a few real-time events like kms:CreateGrant and kms:RetireGrant to reduce unnecessary noise caused by the processing of such events in Turbot.

Policy Types - Renamed

  • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > KMS to AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-kms

aws-sagemaker 5.5.0 (2021-05-11)

Resource Types - Added

  • AWS > SageMaker > Endpoint

Control Types - Added

  • AWS > SageMaker > Endpoint > Active
  • AWS > SageMaker > Endpoint > Approved
  • AWS > SageMaker > Endpoint > CMDB
  • AWS > SageMaker > Endpoint > Discovery
  • AWS > SageMaker > Endpoint > Tags

Policy Types - Added

  • AWS > SageMaker > Endpoint > Active
  • AWS > SageMaker > Endpoint > Active > Age
  • AWS > SageMaker > Endpoint > Active > Last Modified
  • AWS > SageMaker > Endpoint > Approved
  • AWS > SageMaker > Endpoint > Approved > Regions
  • AWS > SageMaker > Endpoint > Approved > Usage
  • AWS > SageMaker > Endpoint > CMDB
  • AWS > SageMaker > Endpoint > Regions
  • AWS > SageMaker > Endpoint > Tags
  • AWS > SageMaker > Endpoint > Tags > Template

Action Types - Added

  • AWS > SageMaker > Endpoint > Delete
  • AWS > SageMaker > Endpoint > Router
  • AWS > SageMaker > Endpoint > Update Tags

aws-ec2 5.21.4 (2021-05-06)

Bug fixes

  • We made some improvements earlier to upsert snapshots automatically if they were created from instances, but that wouldn't work since we did not add the ec2:CreateSnapshots event in the EventBridge rule for EC2. This is now fixed and snapshots created from instances will now be upserted automatically via real-time event handling in Turbot.
  • We recommend that users run the AWS > EC2 > Snapshot > Discovery control to upsert all snapshots that Turbot might have missed upserting earlier. This will help Turbot manage all such snapshots correctly.

aws-ec2 5.21.3 (2021-05-05)

Bug fixes

  • The AWS > EC2 > Instance > CMDB control would sometimes go into an error state for terminated instances and would fail to delete such instances from Turbot. This is now fixed.
  • Turbot will now raise EC2:BidEvictedEvent events correctly to handle spot instance interruptions for spot instances.
  • Snapshots created from instances were not upserted automatically into Turbot. This is now fixed.

aws-events 5.4.4 (2021-05-05)

Bug fixes

  • We've updated the AWS > Events > Rule > Discovery control to sort the EventPattern.source and EventPattern.detail.eventName properties in the same way the AWS > Events > Rule > CMDB control sorts them to ensure rules' CMDB data remains consistent.

aws-sagemaker 5.4.0 (2021-05-03)

Resource Types - Added

  • AWS > SageMaker > Model
  • AWS > SageMaker > Training Job

Control Types - Added

  • AWS > SageMaker > Model > Active
  • AWS > SageMaker > Model > Approved
  • AWS > SageMaker > Model > CMDB
  • AWS > SageMaker > Model > Discovery
  • AWS > SageMaker > Model > Tags
  • AWS > SageMaker > Training Job > Active
  • AWS > SageMaker > Training Job > Approved
  • AWS > SageMaker > Training Job > CMDB
  • AWS > SageMaker > Training Job > Discovery
  • AWS > SageMaker > Training Job > Tags

Policy Types - Added

  • AWS > SageMaker > Model > Active
  • AWS > SageMaker > Model > Active > Age
  • AWS > SageMaker > Model > Active > Last Modified
  • AWS > SageMaker > Model > Approved
  • AWS > SageMaker > Model > Approved > Regions
  • AWS > SageMaker > Model > Approved > Usage
  • AWS > SageMaker > Model > CMDB
  • AWS > SageMaker > Model > Regions
  • AWS > SageMaker > Model > Tags
  • AWS > SageMaker > Model > Tags > Template
  • AWS > SageMaker > Training Job > Active
  • AWS > SageMaker > Training Job > Active > Age
  • AWS > SageMaker > Training Job > Active > Last Modified
  • AWS > SageMaker > Training Job > Approved
  • AWS > SageMaker > Training Job > Approved > Regions
  • AWS > SageMaker > Training Job > Approved > Usage
  • AWS > SageMaker > Training Job > CMDB
  • AWS > SageMaker > Training Job > Regions
  • AWS > SageMaker > Training Job > Tags
  • AWS > SageMaker > Training Job > Tags > Template

Action Types - Added

  • AWS > SageMaker > Model > Delete
  • AWS > SageMaker > Model > Router
  • AWS > SageMaker > Model > Update Tags
  • AWS > SageMaker > Training Job > Router
  • AWS > SageMaker > Training Job > Update Tags

azure-provider 5.4.1 (2021-04-30)

Bug fixes

  • We sometimes failed to automatically update the CMDB controls of Azure providers when their state changes from Registering or Unregistering to Registered or Unregistered. This is now fixed and the CMDB controls would get updated automatically to reflect the correct state of the providers.

aws-civs1 5.0.8 (2021-04-28)

Bug fixes

  • The AWS > CIS v1 > 2 Logging > 2.05 Ensure AWS Config is enabled in all regions (Scored) control would incorrectly remain in TBD state if the configuration recorder was not enabled for all regions. This is fixed and the control will now work correctly, as expected.

aws-sns 5.7.2 (2021-04-27)

Bug fixes

  • AWS > SNS > Subscription > CMDB control would show a transformation warning message when EffectiveDeliveryPolicy was undefined. This issue has now been fixed.

aws-s3 5.8.1 (2021-04-27)

Bug fixes

  • We've improved the descriptions for AWS > S3 > Bucket > Public Access Block > Settings and AWS > S3 > Account > Public Access Block > Settings policies to clearly indicate what each policy value means.

aws-ec2 5.21.2 (2021-04-23)

Bug fixes

  • We've improved the way we refresh the CMDB data for instances, snapshots and volumes for tagging events like EC2:CreateTags and EC2:DeleteTags. We understand that API calls are expensive and we'll now make fewer of them for such events, and the respective CMDB controls will run lighter than before.

aws-rds 5.12.0 (2021-04-23)

What's new?

  • AWS > RDS > DB Instance > Approved control will now run faster when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.
  • We've improved the state reasons and details tables in the Approved and Active controls for resources like DB cluster, DB instance and DB cluster parameter group to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-lambda 5.8.0 (2021-04-23)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

gcp-computeengine 5.10.2 (2021-04-22)

Bug fixes

  • Instances created and deleted via dataflow jobs were not cleaned up automatically in Turbot. This is now fixed.

aws-cloudformation 5.7.1 (2021-04-21)

Bug fixes

  • The AWS > CloudFormation > Stack > Discovery control would fail to upsert all the stacks in a region if the size of the Discovery API response was more than 1 MB, due to lack of paging support. This is now fixed.

aws-sagemaker 5.3.0 (2021-04-21)

Resource Types - Added

  • AWS > SageMaker > Endpoint Configuration
  • AWS > SageMaker > Lifecycle Configuration

Control Types - Added

  • AWS > SageMaker > Endpoint Configuration > Active
  • AWS > SageMaker > Endpoint Configuration > Approved
  • AWS > SageMaker > Endpoint Configuration > CMDB
  • AWS > SageMaker > Endpoint Configuration > Discovery
  • AWS > SageMaker > Endpoint Configuration > Tags
  • AWS > SageMaker > Lifecycle Configuration > Active
  • AWS > SageMaker > Lifecycle Configuration > Approved
  • AWS > SageMaker > Lifecycle Configuration > CMDB
  • AWS > SageMaker > Lifecycle Configuration > Discovery

Policy Types - Added

  • AWS > SageMaker > Endpoint Configuration > Active
  • AWS > SageMaker > Endpoint Configuration > Active > Age
  • AWS > SageMaker > Endpoint Configuration > Active > Last Modified
  • AWS > SageMaker > Endpoint Configuration > Approved
  • AWS > SageMaker > Endpoint Configuration > Approved > Regions
  • AWS > SageMaker > Endpoint Configuration > Approved > Usage
  • AWS > SageMaker > Endpoint Configuration > CMDB
  • AWS > SageMaker > Endpoint Configuration > Regions
  • AWS > SageMaker > Endpoint Configuration > Tags
  • AWS > SageMaker > Endpoint Configuration > Tags > Template
  • AWS > SageMaker > Lifecycle Configuration > Active
  • AWS > SageMaker > Lifecycle Configuration > Active > Age
  • AWS > SageMaker > Lifecycle Configuration > Active > Last Modified
  • AWS > SageMaker > Lifecycle Configuration > Approved
  • AWS > SageMaker > Lifecycle Configuration > Approved > Regions
  • AWS > SageMaker > Lifecycle Configuration > Approved > Usage
  • AWS > SageMaker > Lifecycle Configuration > CMDB
  • AWS > SageMaker > Lifecycle Configuration > Regions

Action Types - Added

  • AWS > SageMaker > Endpoint Configuration > Delete
  • AWS > SageMaker > Endpoint Configuration > Router
  • AWS > SageMaker > Endpoint Configuration > Update Tags
  • AWS > SageMaker > Lifecycle Configuration > Delete
  • AWS > SageMaker > Lifecycle Configuration > Router

azure 5.11.3 (2021-04-21)

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-ecr 5.4.1 (2021-04-19)

Bug fixes

  • The AWS > ECR > Image > CMDB control would go into an error state if there were no imageTags on the image. This is now fixed.

aws-billing 5.0.0 (2021-04-19)

Resource Types - Added

  • AWS > Billing

Policy Types - Added

  • AWS > Billing > API Enabled
  • AWS > Billing > Enabled
  • AWS > Billing > Permissions
  • AWS > Billing > Permissions > Levels
  • AWS > Billing > Permissions > Levels > Modifiers
  • AWS > Billing > Permissions > Lockdown
  • AWS > Billing > Permissions > Lockdown > API Boundary
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-billing
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-billing
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-billing

azure-network 5.6.0 (2021-04-16)

What's new?

  • Users can now manage which service tags are approved for use as network security group rule sources and destinations. A service tag represents a group of IP address prefixes from a given Azure service, simplifying access control from and to Azure services.

    To get started with these new features, you can add the list of approved service tags to the Azure > Network > Network Security Group > Ingress Rules > Approved > Service Tags and Azure > Network > Network Security Group > Egress Rules > Approved > Service Tags policies.

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Policy Types - Added

  • Azure > Network > Network Security Group > Egress Rules > Approved > Service Tags
  • Azure > Network > Network Security Group > Ingress Rules > Approved > Service Tags

aws-iam 5.11.1 (2021-04-16)

Bug fixes

  • We've made some changes that are too small to notice or too difficult to explain. Everything will continue to run smoothly and as expected.

aws-workspaces 5.2.0 (2021-04-16)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
  • We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
  • Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.

Bug fixes

  • The AWS > WorkSpaces > WorkSpace > Approved control did not stop a workspace correctly if the workspace's state was AVAILABLE. This is now fixed.
  • Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

turbot 5.34.0 (2021-04-16)

Control Types - Added

Turbot > Workspace > Background Tasks. It will update the policy values after resource movement and smart folder attachment.

aws-elasticbeanstalk 5.2.0 (2021-04-16)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • The AWS > Elastic Beanstalk > Environment > Approved control will now not attempt to delete an environment if the environment's Status is not Ready.
  • For an application that had a version deployed to a running environment, the AWS > Elastic Beanstalk > Application > Approved control would incorrectly try to delete that application if the AWS > Elastic Beanstalk > Application > Approved policy was set to Enforce: Delete unapproved if new. This is now fixed.

turbot-iam 5.9.3 (2021-04-15)

Bug fixes

  • We’ve made a few improvements in the GraphQL queries for various policies. You won’t notice any difference, but things should run lighter and quicker than before

azure-keyvault 5.6.0 (2021-04-15)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • The Azure > Keyvault > Secret > CMDB control would go into an error state if the creation date of the secret was unavailable in its CMDB data. This issue has now been fixed.

aws-ec2 5.21.1 (2021-04-13)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-appmesh 5.2.0 (2021-04-13)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-ssm 5.7.1 (2021-04-13)

Bug fixes

  • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-appflow 5.2.0 (2021-04-12)

What's new?

  • Permissions for Appflow flows, connector profiles and connector entities will now also be managed under the AWS > Appflow > Enabled policy. To get started, set this policy to Enabled.

aws-ecr 5.4.0 (2021-04-12)

Resource Types - Added

  • AWS > ECR > Image

Control Types - Added

  • AWS > ECR > Image > Active
  • AWS > ECR > Image > Approved
  • AWS > ECR > Image > CMDB
  • AWS > ECR > Image > Discovery
  • AWS > ECR > Image > Usage

Policy Types -Added

  • AWS > ECR > Image > Active
  • AWS > ECR > Image > Active > Age
  • AWS > ECR > Image > Active > Last Modified
  • AWS > ECR > Image > Approved
  • AWS > ECR > Image > Approved > Regions
  • AWS > ECR > Image > Approved > Usage
  • AWS > ECR > Image > CMDB
  • AWS > ECR > Image > Regions
  • AWS > ECR > Image > Usage
  • AWS > ECR > Image > Usage > Limit

Action Types - Added

  • AWS > ECR > Image > Delete
  • AWS > ECR > Image > Router

aws-macie 5.2.0 (2021-04-12)

What's new?

  • Permissions for macie2 will now also be managed under the AWS > Macie > Enabled policy. To get started, set this policy to Enabled.

aws-polly 5.0.0 (2021-04-12)

Resource Types - Added

  • AWS > Polly

Policy Types - Added

  • AWS > Polly > API Enabled
  • AWS > Polly > Approved Regions [Default]
  • AWS > Polly > Enabled
  • AWS > Polly > Permissions
  • AWS > Polly > Permissions > Levels
  • AWS > Polly > Permissions > Levels > Modifiers
  • AWS > Polly > Permissions > Lockdown
  • AWS > Polly > Permissions > Lockdown > API Boundary
  • AWS > Polly > Regions
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-polly
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-polly
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-polly

aws-devicefarm 5.0.0 (2021-04-12)

Resource Types - Added

  • AWS > Device Farm

Policy Types - Added

  • AWS > Device Farm > API Enabled
  • AWS > Device Farm > Approved Regions [Default]
  • AWS > Device Farm > Enabled
  • AWS > Device Farm > Permissions
  • AWS > Device Farm > Permissions > Levels
  • AWS > Device Farm > Permissions > Levels > Modifiers
  • AWS > Device Farm > Permissions > Lockdown
  • AWS > Device Farm > Permissions > Lockdown > API Boundary
  • AWS > Device Farm > Regions
  • AWS > Device Farm > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-devicefarm
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-devicefarm
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-devicefarm

aws-chatbot 5.0.0 (2021-04-12)

Resource Types - Added

  • AWS > Chatbot

Policy Types - Added

  • AWS > Chatbot > API Enabled
  • AWS > Chatbot > Enabled
  • AWS > Chatbot > Permissions
  • AWS > Chatbot > Permissions > Levels
  • AWS > Chatbot > Permissions > Levels > Modifiers
  • AWS > Chatbot > Permissions > Lockdown
  • AWS > Chatbot > Permissions > Lockdown > API Boundary
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-chatbot
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-chatbot
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-chatbot

aws-tagging 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Tagging

Policy Types - Added

  • AWS > Tagging > API Enabled
  • AWS > Tagging > Approved Regions [Default]
  • AWS > Tagging > Enabled
  • AWS > Tagging > Permissions
  • AWS > Tagging > Permissions > Levels
  • AWS > Tagging > Permissions > Levels > Modifiers
  • AWS > Tagging > Permissions > Lockdown
  • AWS > Tagging > Permissions > Lockdown > API Boundary
  • AWS > Tagging > Regions
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-tagging
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-tagging
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-tagging

aws-cognito 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Cognito

Policy Types - Added

  • AWS > Cognito > API Enabled
  • AWS > Cognito > Approved Regions [Default]
  • AWS > Cognito > Enabled
  • AWS > Cognito > Permissions
  • AWS > Cognito > Permissions > Levels
  • AWS > Cognito > Permissions > Levels > Modifiers
  • AWS > Cognito > Permissions > Lockdown
  • AWS > Cognito > Permissions > Lockdown > API Boundary
  • AWS > Cognito > Regions
  • AWS > Cognito > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-cognito
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-cognito
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-cognito

aws-rekognition 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Rekognition

Policy Types - Added

  • AWS > Rekognition > API Enabled
  • AWS > Rekognition > Approved Regions [Default]
  • AWS > Rekognition > Enabled
  • AWS > Rekognition > Permissions
  • AWS > Rekognition > Permissions > Levels
  • AWS > Rekognition > Permissions > Levels > Modifiers
  • AWS > Rekognition > Permissions > Lockdown
  • AWS > Rekognition > Permissions > Lockdown > API Boundary
  • AWS > Rekognition > Regions
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-rekognition
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-rekognition
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-rekognition

aws-translate 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Translate

Policy Types - Added

  • AWS > Translate > API Enabled
  • AWS > Translate > Approved Regions [Default]
  • AWS > Translate > Enabled
  • AWS > Translate > Permissions
  • AWS > Translate > Permissions > Levels
  • AWS > Translate > Permissions > Levels > Modifiers
  • AWS > Translate > Permissions > Lockdown
  • AWS > Translate > Permissions > Lockdown > API Boundary
  • AWS > Translate > Regions
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-translate
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-translate
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-translate

aws-directconnect 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Direct Connect

Policy Types - Added

  • AWS > Direct Connect > API Enabled
  • AWS > Direct Connect > Enabled
  • AWS > Direct Connect > Permissions
  • AWS > Direct Connect > Permissions > Levels
  • AWS > Direct Connect > Permissions > Levels > Modifiers
  • AWS > Direct Connect > Permissions > Lockdown
  • AWS > Direct Connect > Permissions > Lockdown > API Boundary
  • AWS > Direct Connect > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-directconnect
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-directconnect
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-directconnect

aws-cloudmap 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Cloud Map

Policy Types - Added

  • AWS > Cloud Map > API Enabled
  • AWS > Cloud Map > Approved Regions [Default]
  • AWS > Cloud Map > Enabled
  • AWS > Cloud Map > Permissions
  • AWS > Cloud Map > Permissions > Levels
  • AWS > Cloud Map > Permissions > Levels > Modifiers
  • AWS > Cloud Map > Permissions > Lockdown
  • AWS > Cloud Map > Permissions > Lockdown > API Boundary
  • AWS > Cloud Map > Regions
  • AWS > Cloud Map > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-cloudmap
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-cloudmap
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-cloudmap

aws-mwaa 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > MWAA

Policy Types - Added

  • AWS > MWAA > API Enabled
  • AWS > MWAA > Approved Regions [Default]
  • AWS > MWAA > Enabled
  • AWS > MWAA > Permissions
  • AWS > MWAA > Permissions > Levels
  • AWS > MWAA > Permissions > Levels > Modifiers
  • AWS > MWAA > Permissions > Lockdown
  • AWS > MWAA > Permissions > Lockdown > API Boundary
  • AWS > MWAA > Regions
  • AWS > MWAA > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-mwaa
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-mwaa
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-mwaa

aws-datasync 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > DataSync

Policy Types - Added

  • AWS > DataSync > API Enabled
  • AWS > DataSync > Approved Regions [Default]
  • AWS > DataSync > Enabled
  • AWS > DataSync > Permissions
  • AWS > DataSync > Permissions > Levels
  • AWS > DataSync > Permissions > Levels > Modifiers
  • AWS > DataSync > Permissions > Lockdown
  • AWS > DataSync > Permissions > Lockdown > API Boundary
  • AWS > DataSync > Regions
  • AWS > DataSync > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-datasync
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-datasync
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-datasync

aws-clouddirectory 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Cloud Directory

Policy Types - Added

  • AWS > Cloud Directory > API Enabled
  • AWS > Cloud Directory > Approved Regions [Default]
  • AWS > Cloud Directory > Enabled
  • AWS > Cloud Directory > Permissions
  • AWS > Cloud Directory > Permissions > Levels
  • AWS > Cloud Directory > Permissions > Levels > Modifiers
  • AWS > Cloud Directory > Permissions > Lockdown
  • AWS > Cloud Directory > Permissions > Lockdown > API Boundary
  • AWS > Cloud Directory > Regions
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-clouddirectory
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-clouddirectory
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-clouddirectory

aws-connect 5.0.0 (2021-04-09)

Resource Types - Added

  • AWS > Connect

Policy Types - Added

  • AWS > Connect > API Enabled
  • AWS > Connect > Approved Regions [Default]
  • AWS > Connect > Enabled
  • AWS > Connect > Permissions
  • AWS > Connect > Permissions > Levels
  • AWS > Connect > Permissions > Levels > Modifiers
  • AWS > Connect > Permissions > Lockdown
  • AWS > Connect > Permissions > Lockdown > API Boundary
  • AWS > Connect > Regions
  • AWS > Connect > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-connect
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-connect
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-connect

aws-sagemaker 5.2.0 (2021-04-09)

Resource Types - Added

  • AWS > SageMaker > Code Repository

Control Types - Added

  • AWS > SageMaker > Code Repository > Active
  • AWS > SageMaker > Code Repository > Approved
  • AWS > SageMaker > Code Repository > CMDB
  • AWS > SageMaker > Code Repository > Discovery

Policy Types - Added

  • AWS > SageMaker > Code Repository > Active
  • AWS > SageMaker > Code Repository > Active > Age
  • AWS > SageMaker > Code Repository > Active > Last Modified
  • AWS > SageMaker > Code Repository > Approved
  • AWS > SageMaker > Code Repository > Approved > Regions
  • AWS > SageMaker > Code Repository > Approved > Usage
  • AWS > SageMaker > Code Repository > CMDB
  • AWS > SageMaker > Code Repository > Regions

Action Types - Added

  • AWS > SageMaker > Code Repository > Delete
  • AWS > SageMaker > Code Repository > Router

aws-iam 5.11.0 (2021-04-08)

What's new? • Permissions for IAM access analyzers will now also be managed under the AWS > IAM > Enabled policy. To get started, set this policy to Enabled.

Bug fixes • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws 5.15.1 (2021-04-08)

Bug fixes • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

azure-networkwatcher 5.6.0 (2021-04-08)

What's new? • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-stepfunctions 5.2.3 (2021-04-06)

Bug fixes • Updating tags for a state machine did not automatically update its CMDB data. This issue has now been fixed.

aws-sqs 5.8.1 (2021-04-06)

Bug fixes • We've updated the description of the AWS > SQS > Queue > Trusted Access policy and control to include more information about its working and scope.

aws-sns 5.7.1 (2021-04-06)

Bug fixes • We've updated the description of the AWS > SNS > Topic > Trusted Access policy and control to include more information about its working and scope.

aws-vpc-internet 5.7.0 (2021-04-05)

What's new? • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes • We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-internet

aws-vpc-security 5.5.0 (2021-04-02)

Bug fixes • We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-security

aws-vpc-connect 5.5.0 (2021-04-02)

Bug fixes • We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-connect

aws-vpc-core 5.10.0 (2021-04-02)

Bug fixes • We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today. • Users can now configure the log record format in the AWS > VPC > VPC > Flow Logging control to specify the fields to include in the flow log record. To get started, set the AWS > VPC > VPC > Flow Logging > Log Record Format policy.

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-core • AWS > VPC > VPC > Flow Logging > Log Record Format

aws-ec2 5.21.0 (2021-04-02)

What's new? We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.

Please note that this feature will only be enabled for workspaces on TE v5.36.0 or higher, and the following VPC mods aws-vpc-core, aws-vpc-internet, aws-vpc-connect or aws-vpc-security, for the ones installed, are on v5.10.0, 5.7.0, 5.5.0 and 5.5.0 or higher respectively, since these VPC mods also use EC2 events for their respective resources.

We recommend upgrading the aws-ec2 mod to v5.21.0 first and then upgrade the installed VPC mods to the versions mentioned above for a smooth transition to using the events filtering capability.

Policy Types - Added

AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-ec2

Policy Types - Removed

AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-ec2

azure-datafactory 5.4.0 (2021-04-02)

What's new? • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

azure-searchmanagement 5.5.0 (2021-04-02)

What's new? • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

gcp-firebase 5.0.0 (2021-04-01)

What's new?

Resource Types - Added

  • GCP > Firebase
  • GCP > Firebase > Android App
  • GCP > Firebase > Firebase Project
  • GCP > Firebase > Web App
  • GCP > Firebase > iOS App

Control Types - Added

  • GCP > Firebase > Android App > Active
  • GCP > Firebase > Android App > Approved
  • GCP > Firebase > Android App > CMDB
  • GCP > Firebase > Android App > Discovery
  • GCP > Firebase > Android App > Usage
  • GCP > Firebase > CMDB
  • GCP > Firebase > Discovery
  • GCP > Firebase > Firebase Project > CMDB
  • GCP > Firebase > Firebase Project > Discovery
  • GCP > Firebase > Web App > Active
  • GCP > Firebase > Web App > Approved
  • GCP > Firebase > Web App > CMDB
  • GCP > Firebase > Web App > Discovery
  • GCP > Firebase > Web App > Usage
  • GCP > Firebase > iOS App > Active
  • GCP > Firebase > iOS App > Approved
  • GCP > Firebase > iOS App > CMDB
  • GCP > Firebase > iOS App > Discovery
  • GCP > Firebase > iOS App > Usage

Policy Types - Added

  • GCP > Firebase > Android App > Active
  • GCP > Firebase > Android App > Active > Age
  • GCP > Firebase > Android App > Active > Last Modified
  • GCP > Firebase > Android App > Approved
  • GCP > Firebase > Android App > Approved > Usage
  • GCP > Firebase > Android App > CMDB
  • GCP > Firebase > Android App > Usage
  • GCP > Firebase > Android App > Usage > Limit
  • GCP > Firebase > Approved Regions [Default]
  • GCP > Firebase > CMDB
  • GCP > Firebase > Enabled
  • GCP > Firebase > Firebase Project > CMDB
  • GCP > Firebase > Permissions
  • GCP > Firebase > Permissions > Levels
  • GCP > Firebase > Permissions > Levels > Modifiers
  • GCP > Firebase > Regions
  • GCP > Firebase > Web App > Active
  • GCP > Firebase > Web App > Active > Age
  • GCP > Firebase > Web App > Active > Last Modified
  • GCP > Firebase > Web App > Approved
  • GCP > Firebase > Web App > Approved > Usage
  • GCP > Firebase > Web App > CMDB
  • GCP > Firebase > Web App > Usage
  • GCP > Firebase > Web App > Usage > Limit
  • GCP > Firebase > iOS App > Active
  • GCP > Firebase > iOS App > Active > Age
  • GCP > Firebase > iOS App > Active > Last Modified
  • GCP > Firebase > iOS App > Approved
  • GCP > Firebase > iOS App > Approved > Usage
  • GCP > Firebase > iOS App > CMDB
  • GCP > Firebase > iOS App > Usage
  • GCP > Firebase > iOS App > Usage > Limit
  • GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-firebase
  • GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-firebase

aws-wellarchitected 5.4.0 (2021-04-01)

Control Types - Added • AWS > Well-Architected Tool > Workload > Tags

Policy Types - Added • AWS > Well-Architected Tool > Workload > Tags • AWS > Well-Architected Tool > Workload > Tags > Template

Action Types - Added • AWS > Well-Architected Tool > Workload > Update Tags