Turbot v5 Update Digest for 22 Sept to 28 Sept

Current Recommended Versions

  • Turbot Enterprise (TE) 5.29.14
  • Turbot Enterprise Database (TED) 1.11.1
  • Turbot Enterprise Foundation (TEF) 1.25.0
  • Turbot Terraform Provider 1.6.3
  • Turbot CLI 1.23.0

Turbot Enterprise

Required versions

TED: 1.9.1

TEF: 1.25.0

Enterprise Highlights

  • Optimized dependency checking during resource, control and policy value creation.
  • SAML callback URL now uses the domain name specified in Turbot > Workspace > Domain Name.
  • SNS topic policies created during mod installation will restrict IAM permissions by organization ID when possible.
  • SQS and SNS policies in Turbot primary account will restrict IAM permissions by organization ID when possible.

Alerts

  • None

AWS Mods

Highlights

  • New policies or changed policy names in: aws-sns
  • We’ve made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There’s no noticeable difference, but things should run more reliably now.
  • Trusted Account access comes to aws-sns
  • In aws-cloudwatch: AWS > CloudWatch > Alarm > CMDB control would go into an error state if the alarm name had a colon :. This issue has now been fixed.
  • Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
  • We’ve renamed the service’s default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

Alerts

  • None

Release Notes

Azure Mods

Highlights

  • New policies or changed policy names in: azure-monitor
  • We’ve made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource’s CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource’s CMDB control has run at least once to ensure the required data is available.
  • In azure-activedirectory: Active Directories can now be imported at the Turbot level (previously they could only be imported in a Turbot folder).
  • In azure-monitor: There are new policy values
    • Skip (unless claimed by a stack)
    • Check: Per Configured > Source (unless claimed by a stack)
    • Enforce: Per Configured > Source (unless claimed by a stack)

Alerts

  • In azure-network: New policy values for the Azure > Network > Network Interface > Configured and Azure > Network > Subnet > Configured. We recommend that you update your policy settings to use the new values, as these have replaced the deprecated values and are backward compatible.
  • In azure-iam: New policy values for Azure > IAM > Role Assignment > Configured and Azure > IAM > Role Definition > Configured. We recommend that you update your policy settings to use the new values, as these have replaced the deprecated values and are backward compatible.
  • In azure-recoveryservice: New policy values for Azure > Network > Network Interface > Configured and Azure > Network > Subnet > Configured. We recommend that you update your policy settings to use the new values, as these have replaced the deprecated values and are backward compatible.

Release Notes

GCP Mods

Highlights

  • New policies or changed policy names in: gcp
  • We’ve added a new region type, GCP > Global Region, which is a special multi-region that is only used for certain services, like Dataproc and KMS. This region type will be created in CMDB for a given project if the global value is included in the GCP > Project > Region policy (the default values includes global). Check the release notes for more details.
  • We’ve made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource’s CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource’s CMDB control has run at least once to ensure the required data is available.
  • In gcp-dataflow: GCP > Dataflow > Job > Discovery and GCP > Dataflow > Job > CMDB controls remained in an error state when the Dataflow API was disabled for the project. This happened since the default value of the GCP > Dataflow > Job > CMDB policy was set as Enforce: Enabled. This issue has now been resolved by setting the default value of the policy to Enforce: Enabled if Dataflow API is enabled.

Alerts

  • None

Release Notes

Was this article helpful?
0 out of 0 found this helpful