Turbot Docs Getting Started Concepts Guides Integrations Mods 7-minute Labs FAQs Reference Release Notes Turbot (TE)TED TEF Mods CLI Terraform Turbot.com Enterprise

Turbot Mods Release Notes

For more mod release information as well as policy, control, and resource info, head over to the Mods page. This list is a compilation of mod releases dating back 6 months.

azure-storage 5.10.0 (2021-08-06)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

Previously, if the Azure > Storage > Storage Account > CMDB control was in an error state, we'd still try and run the Azure > Storage > Queue > Discovery control to discover queues under the storage account, which resulted in an error. The Azure > Storage > Queue > Discovery control now will be dependent on the Azure > Storage > Storage Account > CMDB control and will try and discover queues only if the parent storage account's CMDB control is not in an error state.
We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

Control Types - Added

Azure > Storage > Storage Account > Minimum TLS Version

Policy Types - Added

Azure > Storage > Storage Account > Minimum TLS Version

Action Types - Added

Azure > Storage > Storage Account > Set Minimum TLS Version

aws-appstream 5.2.0 (2021-08-05)

What's new? We have introduced a number of new resource types, control types, policy types, and action types that is too long to list. Find the list of new additions on the aws-appstream mod version page.

gcp-kms 5.6.0 (2021-08-05)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-rds 5.17.0 (2021-08-04)

Control Types - Added

AWS > RDS > DB Cluster > Copy Tags to Snapshot
AWS > RDS > DB Cluster > Deletion Protection
AWS > RDS > DB Instance > Auto Minor Version Upgrade
AWS > RDS > DB Instance > Copy Tags to Snapshot
AWS > RDS > DB Instance > Deletion Protection
AWS > RDS > DB Instance > Multi-AZ

Policy Types - Added

AWS > RDS > DB Cluster > Copy Tags to Snapshot
AWS > RDS > DB Cluster > Deletion Protection
AWS > RDS > DB Instance > Auto Minor Version Upgrade
AWS > RDS > DB Instance > Copy Tags to Snapshot
AWS > RDS > DB Instance > Deletion Protection
AWS > RDS > DB Instance > Multi-AZ

Action Types - Added

AWS > RDS > DB Cluster > Update Copy Tags to Snapshot
AWS > RDS > DB Cluster > Update Deletion Protection
AWS > RDS > DB Instance > Update Auto Minor Version Upgrade
AWS > RDS > DB Instance > Update Copy Tags to Snapshot
AWS > RDS > DB Instance > Update Deletion Protection
AWS > RDS > DB Instance > Update Multi-AZ

gcp-sql 5.5.0 (2021-08-02)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

gcp-storage 5.7.0 (2021-07-30)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

gcp-iam 5.8.0 (2021-07-29)

What's new?

The GCP > Turbot > Permissions > Terraform Version policy will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

gcp 5.16.0 (2021-07-29)

What's new?

The GCP > Turbot > Event Handlers > Logging > Terraform Version and GCP > Turbot > Event Handlers > Pub/Sub > Terraform Version policies will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

aws-rds 5.16.1 (2021-07-28)

Bug fixes

The DB Instance CMDB data did not update automatically after listening to the rds:ModifyDBInstance event. This is now fixed.

aws-iam 5.18.0 (2021-07-28)

What's new?

The AWS > Turbot > Permissions > Terraform Version policy will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

aws-kms 5.10.0 (2021-07-28)

What's new?

The AWS > Turbot > Encryption > Terraform Version policy will now be set to 0.15.* by default for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will remain set to 0.11.* by default.

aws 5.18.0 (2021-07-28)

What's new?

For workspaces on TE v5.37.7 or higher, the Terraform Version policy for various Turbot managed stack controls will now be set to 0.15.* by default. For workspaces on TE versions lower than 5.37.7, those policies will remain set to 0.11.* by default.

Bug fixes

The AWS > Turbot > Event Handlers control went into an error state if configured for ap-northeast-3 (Osaka) region. This is now fixed.

turbot-iam 5.9.5 (2021-07-26)

What's new?

We've made a few improvements in the GraphQL queries for Turbot > IAM > Permissions > Compiled > Levels. You won't notice any difference, but things should run lighter and quicker than before.

azure-postgresql 5.8.0 (2021-07-23)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-iam 5.17.0 (2021-07-23)

Policy Types - Added

AWS > Turbot > Permissions > Role > Session Timeout
AWS > Turbot > Permissions > User > Access Keys Enabled
AWS > Turbot > Permissions > User > Session Timeout

aws 5.17.0 (2021-07-22)

Policy Types - Added

AWS > Account > Turbot IAM Role > Assume Role Timeout

aws-backup 5.6.0 (2021-07-22)

Resource Types - Added

AWS > Backup > Region Settings

Control Types - Added

AWS > Backup > Region Settings > CMDB
AWS > Backup > Region Settings > Discovery
AWS > Backup > Region Settings > Service Opt-In

Policy Types - Added

AWS > Backup > Region Settings > CMDB
AWS > Backup > Region Settings > Regions
AWS > Backup > Region Settings > Service Opt-In
AWS > Backup > Region Settings > Service Opt-In > Resources

Action Types - Added

AWS > Backup > Region Settings > Router
AWS > Backup > Region Settings > Update Service Opt-In

gcp-network 5.9.1 (2021-07-22)

Bug fixes

The GCP > Network > Subnetwork > CMDB control would remain in TBD state because of incorrect precheck dependencies. This is fixed and now the control will work as expected.

aws-ec2 5.25.0 (2021-07-22)

What's new?

AWS/EC2 permission levels now include autoscaling plans, autoscaling instance refresh and public Ipv4 Pool permissions.

aws-sqs 5.10.1 (2021-07-22)

Bug fixes

The AWS > SQS > Queue > Policy > Trusted Access control would go into an error state if the policy statement did not contain Principal. This is now fixed.

aws-vpc-internet 5.8.0 (2021-07-22)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-iam 5.16.0 (2021-07-22)

What's new?

AWS/IAM/Metadata now includes cost explorer permissions.

Bug fixes

The AWS > IAM > Role > Policy > Trusted Access control incorrectly evaluated a policy statement if the statement's Principal was a Federated user and the AWS > IAM > Role > Policy > Trusted Access > Identity Providers policy was set to *. This is now fixed.

The trusted access control also didn't evaluate a policy statement as expected if the statement included an empty Condition. This is also fixed.

aws-route53 6.2.0 (2021-07-21)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

azure-activedirectory 5.2.1 (2021-07-21)

Bug fixes

The Azure > Active Directory > User > Discovery control would fail to upsert more than 100 users in a directory due to a lack of paging support. This is now fixed.

azure-network 5.7.0 (2021-07-20)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-rds 5.16.0 (2021-07-20)

What's new?

AWS/RDS/Admin and AWS/RDS/Metadata now includes DBQMS permissions for favorite query and query history and RDS-Data permissions to execute SQL statements.

aws-s3 5.11.0 (2021-07-20)

What's new?

AWS/S3 permission levels now include Job, Object Lock Config, Public Access Block and Replicate related permissions.

aws-vpc-security 5.6.0 (2021-07-20)

What's new?

We've added support for ec2:ModifySecurityGroupRules event and the AWS > VPC > Security Group > CMDB and AWS > VPC > Security Group Rule > CMDB controls will now be updated automatically if an ec2:ModifySecurityGroupRules event is raised in Turbot.
We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-vpc-core 5.12.0 (2021-07-20)

What's new?

AWS/VPC/Admin now includes traffic mirror filter permissions.
We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-cloudwatch 5.4.0 (2021-07-19)

What's new?

AWS/Cloudwatch/Metadata now includes get metric widget image permissions.

Control Types - Added

AWS > CloudWatch > Stack

Policy Types - Added

AWS > CloudWatch > Stack
AWS > CloudWatch > Stack > Secret Variables
AWS > CloudWatch > Stack > Source
AWS > CloudWatch > Stack > Terraform Version
AWS > CloudWatch > Stack > Variables

aws-cloudformation 5.9.0 (2021-07-19)

What's new?

AWS/CloudFormation/Metadata now includes template validation permissions.
We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-dynamodb 5.5.0 (2021-07-16)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-sqs 5.10.0 (2021-07-16)

Control Types - Added

AWS > SQS > Queue > Configured
AWS > SQS > Stack

Policy Types - Added

AWS > SQS > Queue > Configured
AWS > SQS > Queue > Configured > Claim Precedence
AWS > SQS > Queue > Configured > Source
AWS > SQS > Stack
AWS > SQS > Stack > Secret Variables
AWS > SQS > Stack > Source
AWS > SQS > Stack > Terraform Version
AWS > SQS > Stack > Variables

azure-frontdoorservice 5.6.0 (2021-07-16)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-vpc-connect 5.6.0 (2021-07-15)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

azure-monitor 5.5.1 (2021-07-15)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-redshift 5.14.0 (2021-07-14)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

azure-iam 5.7.0 (2021-07-14)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.
The Azure > Turbot > IAM control will now use the Azure > Turbot > Permissions > Terraform Version policy instead of Turbot > Stack Terraform Version [Default] policy to configure resources. The Azure > Turbot > Permissions > Terraform Version policy is read-only as it's managed by Turbot and by default set to 0.15.* for workspaces on TE v5.37.7 or higher. For workspaces on TE versions lower than 5.37.7, the policy will be set to 0.11.* by default.

Policy Types - Added

Azure > Turbot > Permissions > Terraform Version

aws-ssm 5.9.0 (2021-07-14)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-qldb 5.2.0 (2021-07-13)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-stepfunctions 5.4.0 (2021-07-12)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-kinesis 5.6.0 (2021-07-12)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-secretsmanager 5.4.0 (2021-07-12)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-codestar 5.1.1 (2021-07-12)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-codedeploy 5.1.1 (2021-07-12)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-dms 5.4.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-acm 5.6.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-kms 5.9.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

Keys deleted after their scheduled deletion period were not cleaned up automatically in Turbot. This is now fixed.

The AWS > KMS > Key > Rotation control will now be skipped for keys in PendingDeletion state.

aws-rds 5.15.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-glue 5.4.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-config 5.7.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-amplify 5.3.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-s3 5.10.0 (2021-07-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-sqs 5.9.0 (2021-07-08)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-swf 5.3.0 (2021-07-08)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-elasticsearch 5.4.0 (2021-07-08)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-cloudwatch 5.3.0 (2021-07-08)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-iam 5.15.0 (2021-07-08)

What's new?

In a previous version, we added the ability to delete and stop tracking changes to group inline policies and group policy attachments in Turbot CMDB. We've now added this ability across all IAM resource types to help you manage IAM resources better.
We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-ec2 5.24.0 (2021-07-08)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-appmesh 5.3.0 (2021-07-07)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-ecr 5.7.0 (2021-07-07)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-iam 5.14.0 (2021-07-06)

What's new?

Users can now delete and stop tracking changes to group inline policies and group policy attachments in Turbot CMDB by setting the AWS > IAM > Group > Inline Policy > CMDB and AWS > IAM > Group > Group Policy Attachments > CMDB policies to Enforce: Disabled respectively.
The AWS > Turbot > IAM control will now use the AWS > Turbot > Permissions > Terraform Version policy instead of Turbot > Stack Terraform Version [Default] policy to configure resources. The AWS > Turbot > Permissions > Terraform Version policy is read-only and by default set to 0.11.* as it's managed by Turbot.
We've updated the AWS > Turbot > Permissions > Source policy to be read-only as it's managed by Turbot.

Policy Types - Added

AWS > Turbot > Permissions > Terraform Version

aws-cloudwatch 5.2.0 (2021-07-02)

What's new?

AWS/CloudWatch/Operator now includes synthetic monitoring permissions.

Bug fixes

The AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-cloudwatch policy no longer includes aws.tagging as an event source. This event source was unnecessary as CloudWatch has its own tagging events, which are captured through the aws.monitoring event source. Removal of the aws.tagging event source will greatly reduce the number of unnecessary tagging events that Turbot listens for and handles today.

aws-stepfunctions 5.3.0 (2021-07-02)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

The AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-stepfunctions policy no longer includes aws.tagging as an event source. This event source was unnecessary as Step Functions has its own tagging events, which are captured through the aws.states event source. Removal of the aws.tagging event source will greatly reduce the number of unnecessary tagging events that Turbot listens for and handles today.

aws-swf 5.2.0 (2021-07-02)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've fixed tagging event handling for domains and we will now listen for swf:TagResource and swf:UntagResource events instead of tagging:TagResources and tagging:UntagResources events respectively. The AWS > SWF > Domain > Tags control will continue to work consistently as expected.
Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-glue 5.3.0 (2021-07-01)

What's new?

We've added new policies, controls, and action types targeting the following AWS Glue resource types:
- AWS > Glue > Development Endpoint
- AWS > Glue > ML Transform
- AWS > Glue > Table
- AWS > Glue > Workflow
Find specifics on the aws-glue mod versions page.

aws-computeoptimizer 5.0.0 (2021-06-30)

Resource Types - Added

AWS > Compute Optimizer

Policy Types - Added

AWS > Compute Optimizer > API Enabled
AWS > Compute Optimizer > Approved Regions [Default]
AWS > Compute Optimizer > Enabled
AWS > Compute Optimizer > Permissions
AWS > Compute Optimizer > Permissions > Levels
AWS > Compute Optimizer > Permissions > Levels > Modifiers
AWS > Compute Optimizer > Permissions > Lockdown
AWS > Compute Optimizer > Permissions > Lockdown > API Boundary
AWS > Compute Optimizer > Regions
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-computeoptimizer
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-computeoptimizer
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-computeoptimizer

gcp-bigtable 5.5.0 (2021-06-29)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-rds 5.14.0 (2021-06-28)

Control Types - Added

AWS > RDS > DB Cluster > Backup Retention Period
AWS > RDS > DB Instance > Backup Retention Period

Policy Types - Added

AWS > RDS > DB Cluster > Backup Retention Period
AWS > RDS > DB Cluster > Backup Retention Period > Days
AWS > RDS > DB Instance > Backup Retention Period
AWS > RDS > DB Instance > Backup Retention Period > Days

Action Types - Added

AWS > RDS > DB Cluster > Update Backup Retention Period
AWS > RDS > DB Instance > Update Backup Retention Period

aws-elasticache 5.5.0 (2021-06-25)

What's new?

AWS/ElastiCache/Admin now includes batch update permissions.

aws-guardduty 5.5.0 (2021-06-25)

What's new?

AWS/GuardDuty/Admin now includes publishing destination permissions.

aws-iam 5.13.0 (2021-06-25)

What's new?

AWS/IAM/Owner now includes service specific credential and SAML provider permissions.

AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-iam policy now includes access-analyzer:*.

aws-redshift 5.13.0 (2021-06-25)

Control Types - Added

AWS > Redshift > Cluster > Backup Retention Period

Policy Types - Added

AWS > Redshift > Cluster > Backup Retention Period
AWS > Redshift > Cluster > Backup Retention Period > Days

Action Types - Added

AWS > Redshift > Cluster > Update Backup Retention Period

aws-signer 5.0.0 (2021-06-25)

Resource Types - Added

AWS > Signer

Policy Types - Added

AWS > Signer > API Enabled
AWS > Signer > Approved Regions [Default]
AWS > Signer > Enabled
AWS > Signer > Permissions
AWS > Signer > Permissions > Levels
AWS > Signer > Permissions > Levels > Modifiers
AWS > Signer > Permissions > Lockdown
AWS > Signer > Permissions > Lockdown > API Boundary
AWS > Signer > Regions
AWS > Signer > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-signer
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-signer
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-signer

aws-cloudshell 5.0.0 (2021-06-25)

Resource Types - Added

AWS > CloudShell

Policy Types - Added

AWS > CloudShell > API Enabled
AWS > CloudShell > Approved Regions [Default]
AWS > CloudShell > Enabled
AWS > CloudShell > Permissions
AWS > CloudShell > Permissions > Levels
AWS > CloudShell > Permissions > Levels > Modifiers
AWS > CloudShell > Permissions > Lockdown
AWS > CloudShell > Permissions > Lockdown > API Boundary
AWS > CloudShell > Regions
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-cloudshell
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-cloudshell
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-cloudshell

aws-appconfig 5.0.0 (2021-06-25)

Resource Types - Added

AWS > AppConfig

Policy Types - Added

AWS > AppConfig > API Enabled
AWS > AppConfig > Approved Regions [Default]
AWS > AppConfig > Enabled
AWS > AppConfig > Permissions
AWS > AppConfig > Permissions > Levels
AWS > AppConfig > Permissions > Levels > Modifiers
AWS > AppConfig > Permissions > Lockdown
AWS > AppConfig > Permissions > Lockdown > API Boundary
AWS > AppConfig > Regions
AWS > AppConfig > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-appconfig
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-appconfig
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-appconfig

aws-directoryservice 5.3.0 (2021-06-24)

What's new?

AWS/Directory Service/Admin now includes certificate, identity pool directory, and LDAPS permissions.

aws-amplify 5.2.0 (2021-06-24)

What's new?

AWS/Amplify/Admin now includes backend environment permissions.

aws-quicksight 5.1.0 (2021-06-24)

What's new?

AWS/QuickSight/Metadata now includes ec2:DescribeSubnets and ec2:DescribeVpcs permissions.

aws-batch 5.1.0 (2021-06-24)

What's new?

AWS/QuickSight/Metadata now includes ec2:DescribeSubnets and ec2:DescribeVpcs permissions.

aws-batch 5.3.0 (2021-06-24)

What's new?

AWS/Batch/Operator now includes tagging permissions.

aws-events 5.5.0 (2021-06-24)

What's new?

AWS/Events/Admin now includes event source, partner event source, and event bus permissions.

AWS/Events/Operator now includes put partner events permissions.

aws-s3 5.9.0 (2021-06-24)

What's new?

AWS/S3/Admin now includes storage lens management permissions.

aws-ssm 5.8.0 (2021-06-24)

What's new?

AWS/SSM/Admin now includes ops item, service setting, and session permissions.

aws-cloudformation 5.8.0 (2021-06-24)

What's new?

AWS/CloudFormation/Admin now includes record handler progress and type permissions.

aws-backup 5.5.0 (2021-06-24)

What's new?

AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-backup policy now includes backup-storage:* permissions.

aws-ecs 5.3.0 (2021-06-24)

What's new?

AWS/ECS/Admin now includes ecs:ExecuteCommand.

aws-rds 5.13.0 (2021-06-24)

What's new?

AWS/RDS/Admin now includes global cluster, activity stream, RDS data, and performance insights permissions.

AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-rds policy now includes pi:*, rds-data:*, and rds-db:*.

aws-vpc-core 5.11.0 (2021-06-23)

What's new?

AWS/VPC/Admin now includes client VPN, network insights, traffic mirror filter, transit gateway, and VPC reachability analyzer permissions.

aws-ec2 5.23.0 (2021-06-23)

What's new?

AWS/EC2/Admin now includes capacity reservation, fleet permissions, and elastic inference permissions.

AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-ec2 policy now includes elastic-inference:* and tiros:*.

aws-glue 5.2.0 (2021-06-23)

What's new?

We have added a large number of new resource, control, and policy types with this release. Find the list on the aws-glue mod versions page.

aws-kinesis 5.5.1 (2021-06-23)

Bug fixes

We've made improvements to GraphQL queries in the AWS > Kinesis > Stream > Encryption at Rest control. You won't notice any difference, but the control should run lighter and quicker than before.

aws-ecr 5.6.0 (2021-06-23)

Control Types - Added

AWS > ECR > Repository > Scan on Push

Policy Types - Added

AWS > ECR > Repository > Scan on Push

Action Types - Added

AWS > ECR > Repository > Update Scan on Push

aws-config 5.6.0 (2021-06-22)

What's new?

AWS/Config/Admin now includes conformance pack, organization config rule, and remediation permissions.

Bug fixes

We've made improvements to GraphQL queries in the AWS > Config > Configuration Recording > Source policy. You won't notice any difference, but the policy should run lighter and quicker than before.

aws-ec2 5.22.0 (2021-06-21)

Resource Types - Added

AWS > EC2 > Account Attributes

Control Types - Added

AWS > EC2 > Account Attributes > CMDB
AWS > EC2 > Account Attributes > Discovery
AWS > EC2 > Account Attributes > EBS Encryption by Default

Policy Types - Added

AWS > EC2 > Account Attributes > CMDB
AWS > EC2 > Account Attributes > EBS Encryption by Default
AWS > EC2 > Account Attributes > EBS Encryption by Default > Customer Managed Key
AWS > EC2 > Account Attributes > Regions

Action Types - Added

AWS > EC2 > Account Attributes > Router
AWS > EC2 > Account Attributes > Update EBS Encryption by Default

turbot 5.34.2 (2021-06-21)

Policy Types

Updated: Turbot > Stack Ansible Version [Default] default value to accept any 2.* version.

aws-iam 5.12.0 (2021-06-18)

What's new?

IAM user mode is now available to use for permission management in AWS accounts. User mode is another way to manage permissions in an AWS account, with role mode being the primary way today. Instead of using IAM roles, user mode uses IAM users and groups to grant users access to AWS accounts.
We recommend using role mode unless you have a specific requirement to use IAM users and groups.
To get started with user mode, set the policy AWS > Turbot > Permissions to Enforce: User Mode.

Control Types - Added

AWS > IAM > User > Turbot Access Key
AWS > IAM > User > Turbot Access Key > Rotation

Policy Types - Added

AWS > IAM > User > Turbot Access Key
AWS > IAM > User > Turbot Access Key > Rotation
AWS > IAM > User > Turbot Secret Access Key
AWS > Turbot > Permissions > User Boundary

Removed

AWS > Turbot > Permissions > User > Name Prefix

Action Types - Added

AWS > IAM > User > Create or Rotate Turbot Access Key

aws-backup 5.4.0 (2021-06-17)

Control Types - Added

AWS > Backup > Stack

Policy Types - Added

AWS > Backup > Stack
AWS > Backup > Stack > Secret Variables
AWS > Backup > Stack > Source
AWS > Backup > Stack > Terraform Version
AWS > Backup > Stack > Variables

gcp-network 5.9.0 (2021-06-16)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws 5.16.1 (2021-06-15)

Bug fixes

We've improved the way we handle duplicate events fetched via the AWS > Turbot > Event Poller control. You won't notice any difference, but the control should run lighter than before.
Please note that this improvement will only be enabled for workspaces on TE v5.37.5 or higher.

azure-synapseanalytics 5.5.0 (2021-06-14)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-sagemaker 5.6.0 (2021-06-11)

Resource Types - Added

AWS > SageMaker > Notebook Instance

Control Types - Added

AWS > SageMaker > Notebook Instance > Active
AWS > SageMaker > Notebook Instance > Approved
AWS > SageMaker > Notebook Instance > CMDB
AWS > SageMaker > Notebook Instance > Discovery
AWS > SageMaker > Notebook Instance > Tags
AWS > SageMaker > Notebook Instance > Usage

Policy Types - Added

AWS > SageMaker > Notebook Instance > Active
AWS > SageMaker > Notebook Instance > Active > Age
AWS > SageMaker > Notebook Instance > Active > Budget
AWS > SageMaker > Notebook Instance > Active > Last Modified
AWS > SageMaker > Notebook Instance > Approved
AWS > SageMaker > Notebook Instance > Approved > Budget
AWS > SageMaker > Notebook Instance > Approved > Regions
AWS > SageMaker > Notebook Instance > Approved > Usage
AWS > SageMaker > Notebook Instance > CMDB
AWS > SageMaker > Notebook Instance > Regions
AWS > SageMaker > Notebook Instance > Tags
AWS > SageMaker > Notebook Instance > Tags > Template
AWS > SageMaker > Notebook Instance > Usage
AWS > SageMaker > Notebook Instance > Usage > Limit

Action Types - Added

AWS > SageMaker > Notebook Instance > Delete
AWS > SageMaker > Notebook Instance > Router
AWS > SageMaker > Notebook Instance > Stop
AWS > SageMaker > Notebook Instance > Update Tags

aws 5.16.0 (2021-06-11)

What's new?

Users can now define a list of events to filter out while polling for events using the AWS > Turbot > Event Poller. To get started, set the AWS > Turbot > Event Poller > Excluded Events policy.

Policy Types - Added

AWS > Turbot > Event Poller > Excluded Events

aws-ecs 5.2.1 (2021-06-11)

Bug fixes

Container Instances terminated via Auto Scaling were not cleaned up automatically in Turbot. This is now fixed.

aws-wellarchitected-framework 5.0.1 (2021-06-10)

Bug fixes

The AWS Well-Architected Framework controls would incorrectly move to an Alarm state if the controls' policy was set to Check: Choices based on sub policies or Enforce: Choices based on sub policies and all the sub-policies for choices were set to Skip. This is fixed and the controls will now move to an Invalid state for such cases.

azure-cisv1 5.1.6 (2021-06-08)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-iam 5.11.3 (2021-06-07)

Bug fixes

The ResponseMetadata.RequestId property for AWS > IAM > User has now been made dynamic to avoid unnecessary notifications in the activity tab.

aws-ssm 5.7.2 (2021-06-07)

Bug fixes

The AWS > SSM > Document > CMDB control will now also fetch the document's permission details and store them in CMDB.

aws-ecr 5.5.0 (2021-06-07)

Policy Types - Added

AWS > ECR > Repository > Approved > Encryption at Rest
AWS > ECR > Repository > Approved > Encryption at Rest > Customer Managed Key

aws-billing 5.0.1 (2021-06-03)

Bug fixes

AWS/Billing/Owner now includes budget permissions, which allows you to set custom budgets to track your cost and usage and setup alerts.

aws-datapipeline 5.2.0 (2021-06-03)

Resource Types - Added

AWS > Data Pipeline > Pipeline

Control Types - Added

AWS > Data Pipeline > Pipeline > Active
AWS > Data Pipeline > Pipeline > Approved
AWS > Data Pipeline > Pipeline > CMDB
AWS > Data Pipeline > Pipeline > Discovery
AWS > Data Pipeline > Pipeline > Tags

Policy Types - Added

AWS > Data Pipeline > Pipeline > Active
AWS > Data Pipeline > Pipeline > Active > Age
AWS > Data Pipeline > Pipeline > Active > Last Modified
AWS > Data Pipeline > Pipeline > Approved
AWS > Data Pipeline > Pipeline > Approved > Regions
AWS > Data Pipeline > Pipeline > Approved > Usage
AWS > Data Pipeline > Pipeline > CMDB
AWS > Data Pipeline > Pipeline > Regions
AWS > Data Pipeline > Pipeline > Tags
AWS > Data Pipeline > Pipeline > Tags > Template
AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-datapipeline

Action Types - Added

AWS > Data Pipeline > Pipeline > Delete
AWS > Data Pipeline > Pipeline > Router
AWS > Data Pipeline > Pipeline > Update Tags

aws 5.15.3 (2021-06-02)

Control Types - Removed

AWS > Account > Resource AKA Cleanup

Policy Types - Removed

AWS > Account > Resource AKA Cleanup

azure-compute 5.9.0 (2021-06-02)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-wellarchitected-framework 5.0.0 (2012-06-01)

What's new?

This mod release includes over 300 new policies and over 50 new controls defining AWS Well Architected Framework objectives. Refer to the aws-wellarchitected-framework version page for more details on the controls and policies added.

aws-wellarchitected 5.5.0 (2021-06-01)

Bug fixes

AWS > Well-Architected Tool > Workload > Discovery control will no longer upsert workloads into our CMDB if they are shared from a different account.

Resource Types - Added

AWS > Well-Architected Tool > AWS Well-Architected Framework

Control Types - Added

AWS > Well-Architected Tool > AWS Well-Architected Framework > CMDB
AWS > Well-Architected Tool > AWS Well-Architected Framework > Discovery

Policy Types - Added

AWS > Well-Architected Tool > AWS Well-Architected Framework > CMDB

Action Types - Added

AWS > Well-Architected Tool > AWS Well-Architected Framework > Update Answer

azure-mysql 5.5.0 (2021-05-31)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-vpc-connect 5.5.1 (2021-05-25)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws 5.15.2 (2021-05-25)

Bug fixes

We've updated the description for AWS > Turbot > Audit Trail > CloudTrail > Trail > Name Prefix policy to indicate that the policy will be ignored when the AWS > Turbot > Audit Trail > CloudTrail > Trail > Name policy has a policy setting defined explicitly.
The AWS > Account > CMDB control would go into an error state if Turbot had insufficient permissions to fetch the account's organization details. This is fixed and the control will now work as expected.

Policy Types - Updated

Resource Created, Resource Updated, Resource Deleted and Control Updated templates.

turbot 5.34.1 (2021-05-24)

Policy Types - Updated

Minimum value for Turbot > Workspace > Policy Values History Cleanup Batch Size decreased to 0.

aws-ec2 5.2.0 (2021-05-24)

Resource Types - Added

AWS > ECS > Service

Control Types - Added

AWS > ECS > Service > Active
AWS > ECS > Service > Approved
AWS > ECS > Service > CMDB
AWS > ECS > Service > Discovery
AWS > ECS > Service > Tags

Policy Types - Added

AWS > ECS > Service > Active
AWS > ECS > Service > Active > Age
AWS > ECS > Service > Active > Last Modified
AWS > ECS > Service > Approved
AWS > ECS > Service > Approved > Regions
AWS > ECS > Service > Approved > Usage
AWS > ECS > Service > CMDB
AWS > ECS > Service > Regions
AWS > ECS > Service > Tags
AWS > ECS > Service > Tags > Template

Action Types - Added

AWS > ECS > Service > Delete
AWS > ECS > Service > Router
AWS > ECS > Service > Update Tags

aws-vpc-security 5.5.1 (2021-05-21)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-vpc-core 5.10.1 (2021-05-21)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

gcp-kms 5.5.1 (2021-05-20)

Bug fixes

The GCP > KMS > Crypto Key > Discovery control would incorrectly go into a skipped state by default for the global region. This is now fixed.

aws-shield 5.1.3 (2021-05-20)

Bug fixes

The AWS > Shield > Protection > CMDB control would go into an error state for protections configured in regions other than Virginia (us-east-1). This is now fixed.

aws-ec2 5.21.6 (2021-05-18)

Bug fixes

We've improved our retry mechanism for throttling errors on API calls to be more efficient. You won't notice any difference, but things should run better than before.

aws-dynamodb 5.4.5 (2021-05-18)

Bug fixes

We've updated the AWS > DynamoDB > Permissions > Lockdown > Table Approved Regions policy's default value to be [*]. This will allow the policy to run much lighter and faster than before.

We recommend that users include the approved regions from all AWS > DynamoDB > Table > Approved > Regions policy settings in their respective lockdown policies to ensure that these lockdown policies do not restrict any approved regions for tables.

aws-iam 5.11.2 (2021-05-17)

Bug fixes

The AWS > IAM > Credential Report > CMDB control sometimes wouldn't run at a six-hour interval on a consistent basis. This is now fixed.

turbot-iam v5.9.4 (2021-05-17)

What's new?

Remove the reference of awsFingerprint from resource type Turbot > IAM > SSH Key.

aws-ec2 5.21.5 (2021-05-13)

Bug fixes

We've updated the AWS > EC2 > Permissions > Lockdown > Instance Types and AWS > EC2 > Permissions > Lockdown > Volume Types policies' default values to be [*]. This will allow these policies to run much lighter and faster than before.

We recommend that users include instance types from all AWS > EC2 > Instance > Approved > Instance Types policy settings and volume types from all AWS > EC2 > Volume > Approved > Volume Types policy settings in their respective lockdown policies to ensure that these lockdown policies do not restrict any approved instance or volume types.

aws-kms 5.8.1 (2021-05-13)

Bug fixes

We've updated the EventBridge rule for KMS to filter out a few real-time events like kms:CreateGrant and kms:RetireGrant to reduce unnecessary noise caused by the processing of such events in Turbot.

Policy Types - Renamed

AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > KMS to AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-kms

aws-sagemaker 5.5.0 (2021-05-11)

Resource Types - Added

AWS > SageMaker > Endpoint

Control Types - Added

AWS > SageMaker > Endpoint > Active
AWS > SageMaker > Endpoint > Approved
AWS > SageMaker > Endpoint > CMDB
AWS > SageMaker > Endpoint > Discovery
AWS > SageMaker > Endpoint > Tags

Policy Types - Added

AWS > SageMaker > Endpoint > Active
AWS > SageMaker > Endpoint > Active > Age
AWS > SageMaker > Endpoint > Active > Last Modified
AWS > SageMaker > Endpoint > Approved
AWS > SageMaker > Endpoint > Approved > Regions
AWS > SageMaker > Endpoint > Approved > Usage
AWS > SageMaker > Endpoint > CMDB
AWS > SageMaker > Endpoint > Regions
AWS > SageMaker > Endpoint > Tags
AWS > SageMaker > Endpoint > Tags > Template

Action Types - Added

AWS > SageMaker > Endpoint > Delete
AWS > SageMaker > Endpoint > Router
AWS > SageMaker > Endpoint > Update Tags

aws-ec2 5.21.4 (2021-05-06)

Bug fixes

We made some improvements earlier to upsert snapshots automatically if they were created from instances, but that wouldn't work since we did not add the ec2:CreateSnapshots event in the EventBridge rule for EC2. This is now fixed and snapshots created from instances will now be upserted automatically via real-time event handling in Turbot.
We recommend that users run the AWS > EC2 > Snapshot > Discovery control to upsert all snapshots that Turbot might have missed upserting earlier. This will help Turbot manage all such snapshots correctly.

aws-ec2 5.21.3 (2021-05-05)

Bug fixes

The AWS > EC2 > Instance > CMDB control would sometimes go into an error state for terminated instances and would fail to delete such instances from Turbot. This is now fixed.
Turbot will now raise EC2:BidEvictedEvent events correctly to handle spot instance interruptions for spot instances.
Snapshots created from instances were not upserted automatically into Turbot. This is now fixed.

aws-events 5.4.4 (2021-05-05)

Bug fixes

We've updated the AWS > Events > Rule > Discovery control to sort the EventPattern.source and EventPattern.detail.eventName properties in the same way the AWS > Events > Rule > CMDB control sorts them to ensure rules' CMDB data remains consistent.

aws-sagemaker 5.4.0 (2021-05-03)

Resource Types - Added

AWS > SageMaker > Model
AWS > SageMaker > Training Job

Control Types - Added

AWS > SageMaker > Model > Active
AWS > SageMaker > Model > Approved
AWS > SageMaker > Model > CMDB
AWS > SageMaker > Model > Discovery
AWS > SageMaker > Model > Tags
AWS > SageMaker > Training Job > Active
AWS > SageMaker > Training Job > Approved
AWS > SageMaker > Training Job > CMDB
AWS > SageMaker > Training Job > Discovery
AWS > SageMaker > Training Job > Tags

Policy Types - Added

AWS > SageMaker > Model > Active
AWS > SageMaker > Model > Active > Age
AWS > SageMaker > Model > Active > Last Modified
AWS > SageMaker > Model > Approved
AWS > SageMaker > Model > Approved > Regions
AWS > SageMaker > Model > Approved > Usage
AWS > SageMaker > Model > CMDB
AWS > SageMaker > Model > Regions
AWS > SageMaker > Model > Tags
AWS > SageMaker > Model > Tags > Template
AWS > SageMaker > Training Job > Active
AWS > SageMaker > Training Job > Active > Age
AWS > SageMaker > Training Job > Active > Last Modified
AWS > SageMaker > Training Job > Approved
AWS > SageMaker > Training Job > Approved > Regions
AWS > SageMaker > Training Job > Approved > Usage
AWS > SageMaker > Training Job > CMDB
AWS > SageMaker > Training Job > Regions
AWS > SageMaker > Training Job > Tags
AWS > SageMaker > Training Job > Tags > Template

Action Types - Added

AWS > SageMaker > Model > Delete
AWS > SageMaker > Model > Router
AWS > SageMaker > Model > Update Tags
AWS > SageMaker > Training Job > Router
AWS > SageMaker > Training Job > Update Tags

azure-provider 5.4.1 (2021-04-30)

Bug fixes

We sometimes failed to automatically update the CMDB controls of Azure providers when their state changes from Registering or Unregistering to Registered or Unregistered. This is now fixed and the CMDB controls would get updated automatically to reflect the correct state of the providers.

aws-civs1 5.0.8 (2021-04-28)

Bug fixes

The AWS > CIS v1 > 2 Logging > 2.05 Ensure AWS Config is enabled in all regions (Scored) control would incorrectly remain in TBD state if the configuration recorder was not enabled for all regions. This is fixed and the control will now work correctly, as expected.

Bug fixes

AWS > SNS > Subscription > CMDB control would show a transformation warning message when EffectiveDeliveryPolicy was undefined. This issue has now been fixed.

aws-s3 5.8.1 (2021-04-27)

Bug fixes

We've improved the descriptions for AWS > S3 > Bucket > Public Access Block > Settings and AWS > S3 > Account > Public Access Block > Settings policies to clearly indicate what each policy value means.

aws-ec2 5.21.2 (2021-04-23)

Bug fixes

We've improved the way we refresh the CMDB data for instances, snapshots and volumes for tagging events like EC2:CreateTags and EC2:DeleteTags. We understand that API calls are expensive and we'll now make fewer of them for such events, and the respective CMDB controls will run lighter than before.

aws-rds 5.12.0 (2021-04-23)

What's new?

AWS > RDS > DB Instance > Approved control will now run faster when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.
We've improved the state reasons and details tables in the Approved and Active controls for resources like DB cluster, DB instance and DB cluster parameter group to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-lambda 5.8.0 (2021-04-23)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

gcp-computeengine 5.10.2 (2021-04-22)

Bug fixes

Instances created and deleted via dataflow jobs were not cleaned up automatically in Turbot. This is now fixed.

aws-cloudformation 5.7.1 (2021-04-21)

Bug fixes

The AWS > CloudFormation > Stack > Discovery control would fail to upsert all the stacks in a region if the size of the Discovery API response was more than 1 MB, due to lack of paging support. This is now fixed.

aws-sagemaker 5.3.0 (2021-04-21)

Resource Types - Added

AWS > SageMaker > Endpoint Configuration
AWS > SageMaker > Lifecycle Configuration

Control Types - Added

AWS > SageMaker > Endpoint Configuration > Active
AWS > SageMaker > Endpoint Configuration > Approved
AWS > SageMaker > Endpoint Configuration > CMDB
AWS > SageMaker > Endpoint Configuration > Discovery
AWS > SageMaker > Endpoint Configuration > Tags
AWS > SageMaker > Lifecycle Configuration > Active
AWS > SageMaker > Lifecycle Configuration > Approved
AWS > SageMaker > Lifecycle Configuration > CMDB
AWS > SageMaker > Lifecycle Configuration > Discovery

Policy Types - Added

AWS > SageMaker > Endpoint Configuration > Active
AWS > SageMaker > Endpoint Configuration > Active > Age
AWS > SageMaker > Endpoint Configuration > Active > Last Modified
AWS > SageMaker > Endpoint Configuration > Approved
AWS > SageMaker > Endpoint Configuration > Approved > Regions
AWS > SageMaker > Endpoint Configuration > Approved > Usage
AWS > SageMaker > Endpoint Configuration > CMDB
AWS > SageMaker > Endpoint Configuration > Regions
AWS > SageMaker > Endpoint Configuration > Tags
AWS > SageMaker > Endpoint Configuration > Tags > Template
AWS > SageMaker > Lifecycle Configuration > Active
AWS > SageMaker > Lifecycle Configuration > Active > Age
AWS > SageMaker > Lifecycle Configuration > Active > Last Modified
AWS > SageMaker > Lifecycle Configuration > Approved
AWS > SageMaker > Lifecycle Configuration > Approved > Regions
AWS > SageMaker > Lifecycle Configuration > Approved > Usage
AWS > SageMaker > Lifecycle Configuration > CMDB
AWS > SageMaker > Lifecycle Configuration > Regions

Action Types - Added

AWS > SageMaker > Endpoint Configuration > Delete
AWS > SageMaker > Endpoint Configuration > Router
AWS > SageMaker > Endpoint Configuration > Update Tags
AWS > SageMaker > Lifecycle Configuration > Delete
AWS > SageMaker > Lifecycle Configuration > Router

azure 5.11.3 (2021-04-21)

Bug fixes

Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

aws-ecr 5.4.1 (2021-04-19)

Bug fixes

The AWS > ECR > Image > CMDB control would go into an error state if there were no imageTags on the image. This is now fixed.

aws-billing 5.0.0 (2021-04-19)

Resource Types - Added

AWS > Billing

Policy Types - Added

AWS > Billing > API Enabled
AWS > Billing > Enabled
AWS > Billing > Permissions
AWS > Billing > Permissions > Levels
AWS > Billing > Permissions > Levels > Modifiers
AWS > Billing > Permissions > Lockdown
AWS > Billing > Permissions > Lockdown > API Boundary
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-billing
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-billing
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-billing

azure-network 5.6.0 (2021-04-16)

What's new?

Users can now manage which service tags are approved for use as network security group rule sources and destinations. A service tag represents a group of IP address prefixes from a given Azure service, simplifying access control from and to Azure services.

To get started with these new features, you can add the list of approved service tags to the Azure > Network > Network Security Group > Ingress Rules > Approved > Service Tags and Azure > Network > Network Security Group > Egress Rules > Approved > Service Tags policies.
We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Policy Types - Added

Azure > Network > Network Security Group > Egress Rules > Approved > Service Tags
Azure > Network > Network Security Group > Ingress Rules > Approved > Service Tags

aws-iam 5.11.1 (2021-04-16)

Bug fixes

We've made some changes that are too small to notice or too difficult to explain. Everything will continue to run smoothly and as expected.

aws-workspaces 5.2.0 (2021-04-16)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.

Bug fixes

The AWS > WorkSpaces > WorkSpace > Approved control did not stop a workspace correctly if the workspace's state was AVAILABLE. This is now fixed.
Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

turbot 5.34.0 (2021-04-16)

Control Types - Added

Turbot > Workspace > Background Tasks. It will update the policy values after resource movement and smart folder attachment.

aws-elasticbeanstalk 5.2.0 (2021-04-16)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

The AWS > Elastic Beanstalk > Environment > Approved control will now not attempt to delete an environment if the environment's Status is not Ready.
For an application that had a version deployed to a running environment, the AWS > Elastic Beanstalk > Application > Approved control would incorrectly try to delete that application if the AWS > Elastic Beanstalk > Application > Approved policy was set to Enforce: Delete unapproved if new. This is now fixed.

turbot-iam 5.9.3 (2021-04-15)

Bug fixes

We’ve made a few improvements in the GraphQL queries for various policies. You won’t notice any difference, but things should run lighter and quicker than before

azure-keyvault 5.6.0 (2021-04-15)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

The Azure > Keyvault > Secret > CMDB control would go into an error state if the creation date of the secret was unavailable in its CMDB data. This issue has now been fixed.

aws-ec2 5.21.1 (2021-04-13)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-appmesh 5.2.0 (2021-04-13)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-ssm 5.7.1 (2021-04-13)

Bug fixes

We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws-appflow 5.2.0 (2021-04-12)

What's new?

Permissions for Appflow flows, connector profiles and connector entities will now also be managed under the AWS > Appflow > Enabled policy. To get started, set this policy to Enabled.

aws-ecr 5.4.0 (2021-04-12)

Resource Types - Added

AWS > ECR > Image

Control Types - Added

AWS > ECR > Image > Active
AWS > ECR > Image > Approved
AWS > ECR > Image > CMDB
AWS > ECR > Image > Discovery
AWS > ECR > Image > Usage

Policy Types -Added

AWS > ECR > Image > Active
AWS > ECR > Image > Active > Age
AWS > ECR > Image > Active > Last Modified
AWS > ECR > Image > Approved
AWS > ECR > Image > Approved > Regions
AWS > ECR > Image > Approved > Usage
AWS > ECR > Image > CMDB
AWS > ECR > Image > Regions
AWS > ECR > Image > Usage
AWS > ECR > Image > Usage > Limit

Action Types - Added

AWS > ECR > Image > Delete
AWS > ECR > Image > Router

aws-macie 5.2.0 (2021-04-12)

What's new?

Permissions for macie2 will now also be managed under the AWS > Macie > Enabled policy. To get started, set this policy to Enabled.

aws-polly 5.0.0 (2021-04-12)

Resource Types - Added

AWS > Polly

Policy Types - Added

AWS > Polly > API Enabled
AWS > Polly > Approved Regions [Default]
AWS > Polly > Enabled
AWS > Polly > Permissions
AWS > Polly > Permissions > Levels
AWS > Polly > Permissions > Levels > Modifiers
AWS > Polly > Permissions > Lockdown
AWS > Polly > Permissions > Lockdown > API Boundary
AWS > Polly > Regions
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-polly
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-polly
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-polly

aws-devicefarm 5.0.0 (2021-04-12)

Resource Types - Added

AWS > Device Farm

Policy Types - Added

AWS > Device Farm > API Enabled
AWS > Device Farm > Approved Regions [Default]
AWS > Device Farm > Enabled
AWS > Device Farm > Permissions
AWS > Device Farm > Permissions > Levels
AWS > Device Farm > Permissions > Levels > Modifiers
AWS > Device Farm > Permissions > Lockdown
AWS > Device Farm > Permissions > Lockdown > API Boundary
AWS > Device Farm > Regions
AWS > Device Farm > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-devicefarm
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-devicefarm
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-devicefarm

aws-chatbot 5.0.0 (2021-04-12)

Resource Types - Added

AWS > Chatbot

Policy Types - Added

AWS > Chatbot > API Enabled
AWS > Chatbot > Enabled
AWS > Chatbot > Permissions
AWS > Chatbot > Permissions > Levels
AWS > Chatbot > Permissions > Levels > Modifiers
AWS > Chatbot > Permissions > Lockdown
AWS > Chatbot > Permissions > Lockdown > API Boundary
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-chatbot
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-chatbot
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-chatbot

aws-tagging 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Tagging

Policy Types - Added

AWS > Tagging > API Enabled
AWS > Tagging > Approved Regions [Default]
AWS > Tagging > Enabled
AWS > Tagging > Permissions
AWS > Tagging > Permissions > Levels
AWS > Tagging > Permissions > Levels > Modifiers
AWS > Tagging > Permissions > Lockdown
AWS > Tagging > Permissions > Lockdown > API Boundary
AWS > Tagging > Regions
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-tagging
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-tagging
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-tagging

aws-cognito 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Cognito

Policy Types - Added

AWS > Cognito > API Enabled
AWS > Cognito > Approved Regions [Default]
AWS > Cognito > Enabled
AWS > Cognito > Permissions
AWS > Cognito > Permissions > Levels
AWS > Cognito > Permissions > Levels > Modifiers
AWS > Cognito > Permissions > Lockdown
AWS > Cognito > Permissions > Lockdown > API Boundary
AWS > Cognito > Regions
AWS > Cognito > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-cognito
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-cognito
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-cognito

aws-rekognition 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Rekognition

Policy Types - Added

AWS > Rekognition > API Enabled
AWS > Rekognition > Approved Regions [Default]
AWS > Rekognition > Enabled
AWS > Rekognition > Permissions
AWS > Rekognition > Permissions > Levels
AWS > Rekognition > Permissions > Levels > Modifiers
AWS > Rekognition > Permissions > Lockdown
AWS > Rekognition > Permissions > Lockdown > API Boundary
AWS > Rekognition > Regions
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-rekognition
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-rekognition
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-rekognition

aws-translate 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Translate

Policy Types - Added

AWS > Translate > API Enabled
AWS > Translate > Approved Regions [Default]
AWS > Translate > Enabled
AWS > Translate > Permissions
AWS > Translate > Permissions > Levels
AWS > Translate > Permissions > Levels > Modifiers
AWS > Translate > Permissions > Lockdown
AWS > Translate > Permissions > Lockdown > API Boundary
AWS > Translate > Regions
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-translate
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-translate
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-translate

aws-directconnect 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Direct Connect

Policy Types - Added

AWS > Direct Connect > API Enabled
AWS > Direct Connect > Enabled
AWS > Direct Connect > Permissions
AWS > Direct Connect > Permissions > Levels
AWS > Direct Connect > Permissions > Levels > Modifiers
AWS > Direct Connect > Permissions > Lockdown
AWS > Direct Connect > Permissions > Lockdown > API Boundary
AWS > Direct Connect > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-directconnect
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-directconnect
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-directconnect

aws-cloudmap 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Cloud Map

Policy Types - Added

AWS > Cloud Map > API Enabled
AWS > Cloud Map > Approved Regions [Default]
AWS > Cloud Map > Enabled
AWS > Cloud Map > Permissions
AWS > Cloud Map > Permissions > Levels
AWS > Cloud Map > Permissions > Levels > Modifiers
AWS > Cloud Map > Permissions > Lockdown
AWS > Cloud Map > Permissions > Lockdown > API Boundary
AWS > Cloud Map > Regions
AWS > Cloud Map > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-cloudmap
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-cloudmap
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-cloudmap

aws-mwaa 5.0.0 (2021-04-09)

Resource Types - Added

AWS > MWAA

Policy Types - Added

AWS > MWAA > API Enabled
AWS > MWAA > Approved Regions [Default]
AWS > MWAA > Enabled
AWS > MWAA > Permissions
AWS > MWAA > Permissions > Levels
AWS > MWAA > Permissions > Levels > Modifiers
AWS > MWAA > Permissions > Lockdown
AWS > MWAA > Permissions > Lockdown > API Boundary
AWS > MWAA > Regions
AWS > MWAA > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-mwaa
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-mwaa
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-mwaa

aws-datasync 5.0.0 (2021-04-09)

Resource Types - Added

AWS > DataSync

Policy Types - Added

AWS > DataSync > API Enabled
AWS > DataSync > Approved Regions [Default]
AWS > DataSync > Enabled
AWS > DataSync > Permissions
AWS > DataSync > Permissions > Levels
AWS > DataSync > Permissions > Levels > Modifiers
AWS > DataSync > Permissions > Lockdown
AWS > DataSync > Permissions > Lockdown > API Boundary
AWS > DataSync > Regions
AWS > DataSync > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-datasync
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-datasync
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-datasync

aws-clouddirectory 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Cloud Directory

Policy Types - Added

AWS > Cloud Directory > API Enabled
AWS > Cloud Directory > Approved Regions [Default]
AWS > Cloud Directory > Enabled
AWS > Cloud Directory > Permissions
AWS > Cloud Directory > Permissions > Levels
AWS > Cloud Directory > Permissions > Levels > Modifiers
AWS > Cloud Directory > Permissions > Lockdown
AWS > Cloud Directory > Permissions > Lockdown > API Boundary
AWS > Cloud Directory > Regions
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-clouddirectory
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-clouddirectory
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-clouddirectory

aws-connect 5.0.0 (2021-04-09)

Resource Types - Added

AWS > Connect

Policy Types - Added

AWS > Connect > API Enabled
AWS > Connect > Approved Regions [Default]
AWS > Connect > Enabled
AWS > Connect > Permissions
AWS > Connect > Permissions > Levels
AWS > Connect > Permissions > Levels > Modifiers
AWS > Connect > Permissions > Lockdown
AWS > Connect > Permissions > Lockdown > API Boundary
AWS > Connect > Regions
AWS > Connect > Tags Template [Default]
AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-connect
AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-connect
AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-connect

aws-sagemaker 5.2.0 (2021-04-09)

Resource Types - Added

AWS > SageMaker > Code Repository

Control Types - Added

AWS > SageMaker > Code Repository > Active
AWS > SageMaker > Code Repository > Approved
AWS > SageMaker > Code Repository > CMDB
AWS > SageMaker > Code Repository > Discovery

Policy Types - Added

AWS > SageMaker > Code Repository > Active
AWS > SageMaker > Code Repository > Active > Age
AWS > SageMaker > Code Repository > Active > Last Modified
AWS > SageMaker > Code Repository > Approved
AWS > SageMaker > Code Repository > Approved > Regions
AWS > SageMaker > Code Repository > Approved > Usage
AWS > SageMaker > Code Repository > CMDB
AWS > SageMaker > Code Repository > Regions

Action Types - Added

AWS > SageMaker > Code Repository > Delete
AWS > SageMaker > Code Repository > Router

aws-iam 5.11.0 (2021-04-08)

What's new? • Permissions for IAM access analyzers will now also be managed under the AWS > IAM > Enabled policy. To get started, set this policy to Enabled.

Bug fixes • We've made a few improvements in the GraphQL queries for various controls, policies, and actions. You won't notice any difference, but things should run lighter and quicker than before.

aws 5.15.1 (2021-04-08)

azure-networkwatcher 5.6.0 (2021-04-08)

What's new? • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

aws-stepfunctions 5.2.3 (2021-04-06)

Bug fixes • Updating tags for a state machine did not automatically update its CMDB data. This issue has now been fixed.

aws-sqs 5.8.1 (2021-04-06)

Bug fixes • We've updated the description of the AWS > SQS > Queue > Trusted Access policy and control to include more information about its working and scope.

Bug fixes • We've updated the description of the AWS > SNS > Topic > Trusted Access policy and control to include more information about its working and scope.

aws-vpc-internet 5.7.0 (2021-04-05)

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-internet

aws-vpc-security 5.5.0 (2021-04-02)

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-security

aws-vpc-connect 5.5.0 (2021-04-02)

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-connect

aws-vpc-core 5.10.0 (2021-04-02)

Bug fixes • We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today. • Users can now configure the log record format in the AWS > VPC > VPC > Flow Logging control to specify the fields to include in the flow log record. To get started, set the AWS > VPC > VPC > Flow Logging > Log Record Format policy.

Policy Types - Added • AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-vpc-core • AWS > VPC > VPC > Flow Logging > Log Record Format

aws-ec2 5.21.0 (2021-04-02)

What's new? We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.

Please note that this feature will only be enabled for workspaces on TE v5.36.0 or higher, and the following VPC mods aws-vpc-core, aws-vpc-internet, aws-vpc-connect or aws-vpc-security, for the ones installed, are on v5.10.0, 5.7.0, 5.5.0 and 5.5.0 or higher respectively, since these VPC mods also use EC2 events for their respective resources.

We recommend upgrading the aws-ec2 mod to v5.21.0 first and then upgrade the installed VPC mods to the versions mentioned above for a smooth transition to using the events filtering capability.

Policy Types - Added

AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-ec2

Policy Types - Removed

AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-ec2

azure-datafactory 5.4.0 (2021-04-02)

azure-searchmanagement 5.5.0 (2021-04-02)

gcp-firebase 5.0.0 (2021-04-01)

What's new?

Resource Types - Added

GCP > Firebase
GCP > Firebase > Android App
GCP > Firebase > Firebase Project
GCP > Firebase > Web App
GCP > Firebase > iOS App

Control Types - Added

GCP > Firebase > Android App > Active
GCP > Firebase > Android App > Approved
GCP > Firebase > Android App > CMDB
GCP > Firebase > Android App > Discovery
GCP > Firebase > Android App > Usage
GCP > Firebase > CMDB
GCP > Firebase > Discovery
GCP > Firebase > Firebase Project > CMDB
GCP > Firebase > Firebase Project > Discovery
GCP > Firebase > Web App > Active
GCP > Firebase > Web App > Approved
GCP > Firebase > Web App > CMDB
GCP > Firebase > Web App > Discovery
GCP > Firebase > Web App > Usage
GCP > Firebase > iOS App > Active
GCP > Firebase > iOS App > Approved
GCP > Firebase > iOS App > CMDB
GCP > Firebase > iOS App > Discovery
GCP > Firebase > iOS App > Usage

Policy Types - Added

GCP > Firebase > Android App > Active
GCP > Firebase > Android App > Active > Age
GCP > Firebase > Android App > Active > Last Modified
GCP > Firebase > Android App > Approved
GCP > Firebase > Android App > Approved > Usage
GCP > Firebase > Android App > CMDB
GCP > Firebase > Android App > Usage
GCP > Firebase > Android App > Usage > Limit
GCP > Firebase > Approved Regions [Default]
GCP > Firebase > CMDB
GCP > Firebase > Enabled
GCP > Firebase > Firebase Project > CMDB
GCP > Firebase > Permissions
GCP > Firebase > Permissions > Levels
GCP > Firebase > Permissions > Levels > Modifiers
GCP > Firebase > Regions
GCP > Firebase > Web App > Active
GCP > Firebase > Web App > Active > Age
GCP > Firebase > Web App > Active > Last Modified
GCP > Firebase > Web App > Approved
GCP > Firebase > Web App > Approved > Usage
GCP > Firebase > Web App > CMDB
GCP > Firebase > Web App > Usage
GCP > Firebase > Web App > Usage > Limit
GCP > Firebase > iOS App > Active
GCP > Firebase > iOS App > Active > Age
GCP > Firebase > iOS App > Active > Last Modified
GCP > Firebase > iOS App > Approved
GCP > Firebase > iOS App > Approved > Usage
GCP > Firebase > iOS App > CMDB
GCP > Firebase > iOS App > Usage
GCP > Firebase > iOS App > Usage > Limit
GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-firebase
GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-firebase

aws-wellarchitected 5.4.0 (2021-04-01)

Control Types - Added • AWS > Well-Architected Tool > Workload > Tags

Policy Types - Added • AWS > Well-Architected Tool > Workload > Tags • AWS > Well-Architected Tool > Workload > Tags > Template

Action Types - Added • AWS > Well-Architected Tool > Workload > Update Tags

Turbot Mods Release Notes

azure-storage 5.10.0 (2021-08-06)

aws-appstream 5.2.0 (2021-08-05)

gcp-kms 5.6.0 (2021-08-05)

aws-rds 5.17.0 (2021-08-04)

gcp-sql 5.5.0 (2021-08-02)

gcp-storage 5.7.0 (2021-07-30)

gcp-iam 5.8.0 (2021-07-29)

gcp 5.16.0 (2021-07-29)

aws-rds 5.16.1 (2021-07-28)

aws-iam 5.18.0 (2021-07-28)

aws-kms 5.10.0 (2021-07-28)

aws 5.18.0 (2021-07-28)

turbot-iam 5.9.5 (2021-07-26)

azure-postgresql 5.8.0 (2021-07-23)

aws-iam 5.17.0 (2021-07-23)

aws 5.17.0 (2021-07-22)

aws-backup 5.6.0 (2021-07-22)

gcp-network 5.9.1 (2021-07-22)

aws-ec2 5.25.0 (2021-07-22)

aws-sqs 5.10.1 (2021-07-22)

aws-vpc-internet 5.8.0 (2021-07-22)

aws-iam 5.16.0 (2021-07-22)

aws-route53 6.2.0 (2021-07-21)

azure-activedirectory 5.2.1 (2021-07-21)

azure-network 5.7.0 (2021-07-20)

aws-rds 5.16.0 (2021-07-20)

aws-s3 5.11.0 (2021-07-20)

aws-vpc-security 5.6.0 (2021-07-20)

aws-vpc-core 5.12.0 (2021-07-20)

aws-cloudwatch 5.4.0 (2021-07-19)

aws-cloudformation 5.9.0 (2021-07-19)

aws-dynamodb 5.5.0 (2021-07-16)

aws-sqs 5.10.0 (2021-07-16)

azure-frontdoorservice 5.6.0 (2021-07-16)

aws-vpc-connect 5.6.0 (2021-07-15)

azure-monitor 5.5.1 (2021-07-15)

aws-redshift 5.14.0 (2021-07-14)

azure-iam 5.7.0 (2021-07-14)

aws-ssm 5.9.0 (2021-07-14)

aws-qldb 5.2.0 (2021-07-13)

aws-stepfunctions 5.4.0 (2021-07-12)

aws-kinesis 5.6.0 (2021-07-12)

aws-secretsmanager 5.4.0 (2021-07-12)

aws-codestar 5.1.1 (2021-07-12)

aws-codedeploy 5.1.1 (2021-07-12)

aws-dms 5.4.0 (2021-07-09)

aws-acm 5.6.0 (2021-07-09)

aws-kms 5.9.0 (2021-07-09)

aws-rds 5.15.0 (2021-07-09)

aws-glue 5.4.0 (2021-07-09)

aws-config 5.7.0 (2021-07-09)

aws-amplify 5.3.0 (2021-07-09)

aws-s3 5.10.0 (2021-07-09)

aws-sns 5.8.0 (2021-07-08)

aws-sqs 5.9.0 (2021-07-08)

aws-swf 5.3.0 (2021-07-08)

aws-elasticsearch 5.4.0 (2021-07-08)

aws-cloudwatch 5.3.0 (2021-07-08)

aws-iam 5.15.0 (2021-07-08)

aws-ec2 5.24.0 (2021-07-08)

aws-appmesh 5.3.0 (2021-07-07)

aws-ecr 5.7.0 (2021-07-07)

aws-iam 5.14.0 (2021-07-06)

aws-cloudwatch 5.2.0 (2021-07-02)

aws-stepfunctions 5.3.0 (2021-07-02)

aws-swf 5.2.0 (2021-07-02)

aws-glue 5.3.0 (2021-07-01)

aws-computeoptimizer 5.0.0 (2021-06-30)

gcp-bigtable 5.5.0 (2021-06-29)

aws-rds 5.14.0 (2021-06-28)

aws-elasticache 5.5.0 (2021-06-25)

aws-guardduty 5.5.0 (2021-06-25)

aws-iam 5.13.0 (2021-06-25)

aws-redshift 5.13.0 (2021-06-25)

aws-signer 5.0.0 (2021-06-25)

aws-cloudshell 5.0.0 (2021-06-25)

aws-appconfig 5.0.0 (2021-06-25)

aws-directoryservice 5.3.0 (2021-06-24)

aws-amplify 5.2.0 (2021-06-24)