Turbot v5 Update Digest for 1 Aug to 10 Aug

Current Recommended Versions

  • Turbot Enterprise (TE) 5.27.5
  • Turbot EnterpriseDatabase (TED) 1.11.0
  • Turbot Enterprise Foundation (TEF) 1.23.0
  • Turbot Terraform Provider 1.6.0
  • Turbot CLI 1.20.1

Turbot Enterprise

Highlights

  • Notifications queries optimized to perform better in large environments.
  • GraphQL query policyValues(filter:"policySettingId:1234") to find all policy values derived from a specific setting. Great for calculating the actual impact of a policy setting.
  • Stacks will now claim unclaimed resources even when running in Check mode. This is consistent with our approach to the CMDB in general, and removes a number of weird possible error conditions.
  • Many under-the-hood optimizations and fixes.

Enterprise Highlights

  • TE dashboard now includes details of external events, to help identify noisy tenants.
  • Improved caching and reduced data loading during event handling and task running.
  • Optimized database queries, particularly around stack running at scale.
  • The Turbot ECS task definitions now include Docker labels, for enterprises that are tags all the way down.
  • Careful sequencing of mod Lambda installation relative to SNS trigger registration, which should eliminate or reduce the chance of cases where we see the Lambda and the SNS topic both existing but still not working together.

Alerts

  • None

AWS Mods

Highlights

  • 12 mods released!
  • New policies or changed policy names in: aws-eks, aws-dms, aws-ecs, aws-rds, aws-cloudformation
  • Initial release:
  • In aws-vpc-core mod: Improved handling when claiming a security group that allowed access to all ports.
  • In aws-eks: Support for EKS > Node Group.
  • In aws-dms: Support for DMS > Endpoint.
  • In aws-ecs: Support for ECS > Task Definition.
  • In aws-rds and aws-redshift: Support for cluster scheduling.
  • In aws-cloudformation: Support for Cloudformation > Stack > Tags and Cloudformation > StackSet > Tags
  • We’ve improved our event handling configuration and now filter which AWS events Turbot listens for based on resources’ CMDB policies. If a resource’s CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.
  • Various bug fixes.

Alerts

  • None

Release Notes

Azure

Highlights

  • 2 mods released!
  • New policies or changed policy names in:
  • In azure-iam: When creating role assignments based on Turbot Azure grants, we were often inconsistent in which username we selected to use from the Azure > IAM > Login Names policy for different profiles. We now always select the first username in that policy for a more consistent role assignment creation process.
  • In azure-cisv1: Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored) is now included.

Alerts

  • None

Release Notes

GCP

Highlights

  • 14 mods released!
  • New policies or changed policy names in:
  • Terraform Version policies for GCP > Turbot > Event Handlers > Logging and GCP > Turbot > Event Handlers > Pub/Sub
  • Better handling of SQL_ACTIVATION_POLICY_UNSPECIFIED or NEVER values in gcp-sql activation policies.
  • Various bug fixes and back-end GraphQL query improvements

Alerts

  • None

Release Notes

Turbot Mods

Highlights

  • New policies or changed policy names in: turbot

Alerts

  • turbot (5.21.0) and later require TE 5.27.1

Release Notes

  • New control type: CMDB > Discovery
Was this article helpful?
0 out of 0 found this helpful