Turbot v5 Update Digest for 27 July to 31 July 2020

Current Recommended Versions

  • Turbot Enterprise (TE) 5.27.2
  • Turbot EnterpriseDatabase (TED) 1.11.0
  • Turbot Enterprise Foundation (TEF) 1.23.0
  • Turbot Terraform Provider 1.6.0
  • Turbot CLI 1.20.1

Turbot Enterprise

Highlights

  • GraphQL query policyValues(filter:"policySettingId:1234") to find all policy values derived from a specific setting. Great for calculating the actual impact of a policy setting.
  • Stacks will now claim unclaimed resources even when running in Check mode. This is consistent with our approach to the CMDB in general, and removes a number of weird possible error conditions.
  • Many under-the-hood optimizations and fixes.

Enterprise Highlights

  • TE dashboard now includes details of external events, to help identify noisy tenants.
  • Improved caching and reduced data loading during event handling and task running.
  • Optimized database queries, particularly around stack running at scale.
  • The Turbot ECS task definitions now include Docker labels, for enterprises that are tags all the way down.
  • Careful sequencing of mod Lambda installation relative to SNS trigger registration, which should eliminate or reduce the chance of cases where we see the Lambda and the SNS topic both existing but still not working together.

Alerts

  • IAM permissions updates as described in TEF 1.23.0

AWS Mods

Highlights

  • 8 mods released!
  • New policies or changed policy names in: aws, aws-redshift, aws-rds, aws-ec2
  • Cross-account controls and Trusted Accounts for aws-ec2, aws-redshift, aws-rds
  • Access Logging on the Turbot regional logging buckets via aws
  • In aws-vpc-internet: The AWS > VPC > Elastic IP > Approved control can now be used to disassociate unapproved elastic IPs from instances and network interfaces. To use this new feature, you can set the AWS > VPC > Elastic IP > Approved policy to Enforce: Detach unapproved or Enforce: Detach and delete unapproved if new.

Alerts

  • In aws-events: AWS/Events/Admin now includes permissions which can be used for either allowing or denying specified AWS account to put events to the specified event bus.

Release Notes

Azure

Highlights

  • 3 mods released!
  • New policies or changed policy names in: azure-sql
  • In azure-database: New Encryption at Rest policies and controls.

Alerts

  • None

Release Notes

GCP

Highlights

  • 2 mods released!
  • New policies or changed policy names in: gcp-storage, gcp-iam
  • In gcp-storage: We now support controlling access for buckets to provide automatic protection against unexpected access from projects, domains, groups, users, and service accounts. To get started with this new control, please see the GCP > Storage > Bucket > Policy > Trusted Access policy and all of its sub-policies to specify which IAM resources are allowed to access your buckets.
  • In gcp-iam: We now support controlling access for projects to provide automatic protection against unexpected access from domains, groups, users, and service accounts. To get started with this new control, please see the GCP > IAM > Project > Policy > Trusted Access policy and all of its sub-policies to specify which IAM resources are allowed to access your project.

Alerts

  • None

Release Notes

Turbot Mods

Highlights

  • New policies or changed policy names in: turbot

Alerts

  • turbot v5.21.0 requires Turbot Enterprise 5.27.1

Release Notes

  • Added: Turbot > Workspace > Migration

Turbot Terraform Provider

Highlights

  • Use data source turbot_control to get the status of a specific control for a resource and use it in your stacks.
  • Added allow_idp_initiated_sso to the turbot_saml_directory resource, allowing setup of SAML with IdP-initiated SSO.
  • turbot_mod now supports timeouts (default 15m), giving flexibility for scripting mod installs.

Turbot CLI

Highlights

  • Improved error messages for turbot pack, turbot up and turbot publish for faster troubleshooting.
  • Various bug fixes.
Was this article helpful?
0 out of 0 found this helpful