Turbot v5 Update Digest for 10 Nov to 16 Nov 2020

Current Recommended Versions

  • Turbot Enterprise (TE) 5.32.6
  • Turbot Enterprise Database (TED) 1.13.0
  • Turbot Enterprise Foundation (TEF) 1.27.0
  • Turbot Terraform Provider 1.7.0
  • Turbot CLI 1.25.0
  • Turbot Mod 5.29.0

Note: Turbot Customer Support recommends running the above versions as a “known good” configuration that incorporates the latest bug fixes and optimizations.

Turbot Enterprise


  • Sort resource results by their full hierarchy title. (e.g. resources(filter: "sort:trunkTitle")).
  • A lock can now be optionally shared across controls, avoiding contention in similar operations.

Bug fixes

  • Moving a resource with higher level smart folders was not properly updating policy values. This could cause the resource policies to be out of sync with the settings in their new location. We’ve fixed this, and repaired existing policy values.
  • Prior to v5.31.0 some policy value primitives were stored with the wrong type (e.g. as "2" instead of 2 for an integer policy). This version goes back and repairs previously stored values to have the correct type per their schema.
  • Do not retry a control or policy calculation if the control or policy type is no longer available (e.g. been uninstalled).
  • Reduced possible deadlocks in policy type updates.
  • Get resource types optimized to only target resource types (not policy types, control types, etc).
  • Pre-release version information is now included when calculating mod peer dependencies & engine dependencies.


  • Tightened IAM permissions for access to the S3 logging buckets in the Turbot primary account.
  • Workspaces now have a database health control to raise up many issues and statistics about underlying database performance for their schema. This will make initial troubleshooting considerably easier for many environments.

AWS Mods


  • Support for Kineses > Stream > Encryption at Rest
  • The inline policies and policy documents for AWS > IAM > Group > Inline Policy, AWS > IAM > Role > Inline Policy and AWS > IAM > User > Inline Policy resources will now be consistently sorted and stored in the CMDB.

Release Notes

Azure Mods


  • New support for Azure > Storage > Storage Account > Firewall

Release Notes

GCP Mods


  • We’ve updated the Discovery controls for resources to now move to skipped instead of invalid if the service API is disabled in the project and the GCP > {service} > API Enabled policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.

Release Notes

Was this article helpful?
0 out of 0 found this helpful