Turbot v5 Update Digest for 29 Sept to 5 Oct 2020

Current Recommended Versions

  • Turbot Enterprise (TE) 5.29.14
  • Turbot Enterprise Database (TED) 1.11.1
  • Turbot Enterprise Foundation (TEF) 1.25.0
  • Turbot Terraform Provider 1.6.3
  • Turbot CLI 1.23.0
  • Turbot Mod 5.27.0

Note: Turbot Customer Support recommends running the above versions as a “known good” configuration that incorporates the latest bug fixes and optimizations.

Enterprise Highlights

  • Optimized dependency checking during resource, control and policy value creation.
  • SAML callback URL now uses the domain name specified in Turbot > Workspace > Domain Name.
  • SNS topic policies created during mod installation will restrict IAM permissions by organization ID when possible.
  • SQS and SNS policies in Turbot primary account will restrict IAM permissions by organization ID when possible.


  • In preparation for migrating to 5.30.0 and beyond, please check the below items. The data migration may take some time to complete, dependent on the size of the environment. If these conditions are unsatisfied, do not upgrade to 5.30.0 or beyond.
    • Upgrade to TE 5.29.14 (if not already on 5.29.12 or 5.29.13)
    • Upgrade the turbot mod to 5.27.0.
    • The Turbot > Workspace > Migration control should be in an ok state.
    • The most recent log entry of Turbot > Workspace > Migration should say Migration complete


AWS Mods


  • New policies or changed policy names in: aws-iam, aws-lightsail
  • We’ve made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There’s no noticeable difference, but things should run more reliably now.
  • In aws-efs: The file system policy for the specified EFS file system will now be available in its Policy field.
  • In aws-iam: We’ve improved our event handling configuration and now filter which AWS events Turbot listens for based on resources’ CMDB policies. If a resource’s CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.
  • In aws-lightsail: Support for Lightsail Databases.


  • None

Release Notes

GCP Mods


  • New policies or changed policy names in:
  • In gcp-computeengine: New policies for HTTP(S) Health Checks.
  • In gcp-kms: Crypto keys and key rings created in the special global multi-region are now discovered and created in CMDB, similar to those created in the standard regions. Please note that support for the GCP > Global Region resource type is only available in gcp (5.15.0) and later.
  • In gcp-dataproc: Support for the global region
  • In gcp-network: New Active and Approved controls for GCP > Network > Address

Release Notes

Was this article helpful?
0 out of 0 found this helpful