Turbot v5 Update Digest for 1 Dec to 7 Dec 2020

Current Recommended Versions

  • Turbot Enterprise (TE) 5.34.3
  • Turbot Enterprise Database (TED) 1.14.2
  • Turbot Enterprise Foundation (TEF) 1.29.0
  • Turbot Terraform Provider 1.7.0
  • Turbot CLI 1.27.0
  • Turbot Mod 5.31.0

Note: Turbot Customer Support recommends running the above versions as a “known good” configuration that incorporates the latest bug fixes and optimizations.

Turbot Enterprise


  • Substantial improvements in DB disk usage through table reindexing. Like, wow.
  • Mod installation runs separate processes for each control type and policy type install. For large environments this still involves a significant amount of work (proportional to the number of target resources), which can be slow or timeout. We now breakup that work into background tasks and run through it progressively.

Enterprise Highlights

  • Support for targeting specific action types with events, reducing duplication and fan out in shared event types.
  • Automatically re-index database tables to free space and improve performance.
  • Allow the maintenance container to have DB access for re-index job (which can be very long running).
  • Only create Turbot’s outbound security group when a custom group is not specified via a parameter.
  • Fixed some TE dashboard log queries that we broke in v5.34.0.


  • IAM permissions updated in Turbot Enterprise stack for v5.34.1. If Turbot provisions these IAM roles then no further action is required.
  • Customers upgrading from versions before 5.29.15, should follow the upgrade instructions in previous release digests. Those migration controls are pretty important.

AWS Mods


  • The AWS > VPC > Security Group > Active control can now check if a security group is attached to any resource or not. To enable this active check, please set the AWS > VPC > Security Group > Active > Attached policy.
  • Added AWS > Lambda > Function > Policy > Trusted Access control to allow cross-account configuration
  • Added AWS > Lambda > Function Version > Policy > Trusted Access control to allow cross-account configuration
  • Added AWS > Redshift > Cluster > Audit Logging control, which can be used to configure database audit logging into S3 and related audit logging parameters
  • Added AWS > Redshift > Cluster > Encryption in Transit, which can be used to configure the encryption in transit parameters
  • The AWS > S3 > Bucket > Policy Statements > Approved control has been deprecated and replaced by the AWS > S3 > Bucket > Policy > Trusted Access control. In the next major version (v6.0.0), the AWS > S3 > Bucket > Policy Statements > Approved control will be removed.
  • Updated various resources’ Discovery and CMDB controls in the aws-events, aws-dynamodb, and aws-lambda mods to ensure array properties are consistently sorted in the CMDB.

Release Notes

Azure Mods


  • Bug fixes in the CISv1 controls to make them more reliable.

Release Notes

GCP Mods


  • Added several controls related to load balancing SSL policies, including:
    • GCP > Network > Region Target HTTPS Proxy > SSL Policy
    • GCP > Network > SSL Policy > Minimum TLS Version
    • GCP > Network > SSL Policy > Profile
    • GCP > Network > Target HTTPS Proxy > SSL Policy
    • GCP > Network > Target SSL Proxy > SSL Policy
  • Updated the GCP > * > Set API Enabled actions to use the latest API calls when checking the state of the service in the GCP project. There’s no noticeable difference, but things should run smoother now.

Release Notes

Turbot CLI


  • turbot template build --rebase command now cleans up the work in progress branch if the template render fails


  • turbot template build --rebase command was failing to re-apply manual changes.
  • turbot template build --fleet-mode - a single failed instance resulted in remaining instances not being built.
Was this article helpful?
0 out of 0 found this helpful