Turbot v5 Update Digest for 16 Nov to 30 Nov 2020

Current Recommended Versions

  • Turbot Enterprise (TE) 5.32.6
  • Turbot Enterprise Database (TED) 1.13.0
  • Turbot Enterprise Foundation (TEF) 1.27.0
  • Turbot Terraform Provider 1.7.0
  • Turbot CLI 1.25.0
  • Turbot Mod 5.29.0

Note: Turbot Customer Support recommends running the above versions as a “known good” configuration that incorporates the latest bug fixes and optimizations.

Turbot Enterprise


  • Sort resource results by their full hierarchy title. (e.g. resources(filter: "sort:trunkTitle")).
  • A lock can now be optionally shared across controls, avoiding contention in similar operations.

Bug fixes

  • Moving a resource with higher level smart folders was not properly updating policy values. This could cause the resource policies to be out of sync with the settings in their new location. We’ve fixed this, and repaired existing policy values.
  • Prior to v5.31.0 some policy value primitives were stored with the wrong type (e.g. as "2" instead of 2 for an integer policy). This version goes back and repairs previously stored values to have the correct type per their schema.
  • Do not retry a control or policy calculation if the control or policy type is no longer available (e.g. been uninstalled).
  • Reduced possible deadlocks in policy type updates.
  • Get resource types optimized to only target resource types (not policy types, control types, etc).
  • Pre-release version information is now included when calculating mod peer dependencies & engine dependencies.


  • Tightened IAM permissions for access to the S3 logging buckets in the Turbot primary account.
  • Workspaces now have a database health control to raise up many issues and statistics about underlying database performance for their schema. This will make initial troubleshooting considerably easier for many environments.

AWS Mods


  • Added AWS > Kinesis > Stream > Encryption at Rest control, which can be used to set a minimum level of encryption for streams
  • Added initial AWS > SES mod with permissions support, resource types and initial guardrails will be added in an upcoming release
  • The inline policies and policy documents for AWS > IAM > Group > Inline Policy, AWS > IAM > Role > Inline Policy and AWS > IAM > User > Inline Policy resources will now be consistently sorted when stored in the CMDB.

Release Notes

Azure Mods


  • Added Azure > Storage > Storage Account > Firewall control, which can be used to set a storage account’s firewall default access, exceptions, approved subnets, and approved IP ranges

Release Notes

GCP Mods


  • All GCP Discovery controls now move to skipped instead of invalid if the service API is disabled in the project and the GCP > {service} > API Enabled policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.

Release Notes

Was this article helpful?
0 out of 0 found this helpful