Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
aws.mirror-session
addedaws.mirror-target
addedaws.elasticsearch
cross-cluster
aws.glue-job
toggle-metrics
aws.rds
consecutive-snapshots
aws.rds-cluster
consecutive-snapshots
AWS users should upgrade prior to dec 6th, 2021 to accomodate for a behavior change in lambda provisioning, which will otherwise cause errors when updating policies. See https://aws.amazon.com/blogs/compute/coming-soon-expansion-of-aws-lambda-states-to-all-functions/ for details.
aws.airflow
addedaws.codedeploy-app
addedaws.codedeploy-deployment
addedaws.codedeploy-group
addedaws.prefix-list
addedaws.s3-access-point
addedaws.s3-access-point-multi
addedaws.workspaces-directory
addedaws.workspaces-image
addedazure.advisor-recommendation
addedaws.backup-plan
json-diff
aws.backup-vault
json-diff
aws.ecr
json-diff
aws.ecs
json-diff
aws.efs
json-diff
aws.elasticache-group
auto-tag-user
, copy-related-tag
, mark-for-op
, remove-tag
, tag
marked-for-op
aws.log-group
subscription-filter
aws.workspaces
terminate
gcp.bucket
iam-policy
gcp.kms-cryptokey
iam-policy
gcp.project
iam-policy
aws.ec2-spot-fleet-request
addedaws.service-quota
addedaws.service-quota-request
addedaws.ssm-data-sync
addedaws.cloudtrail
event-selectors
aws.ecs-service
aws.iam-policy
auto-tag-user
, copy-related-tag
, mark-for-op
, remove-tag
, tag
marked-for-op
gcp.sql-instance
start
or
blocks (#6757)aws.eks-nodegroup
addedaws.firewall
addedaws.kinesis-analyticsv2
addedaws.log-metric
addedaws.ssm-document
addedaws.swf-domain
addedazure.application-gateway
addedazure.container-registry
addedazure.containerregistry
removedazure.front-door
addedazure.logic-app-workflow
addedazure.mysql
addedazure.service-fabric-cluster
addedazure.service-fabric-cluster-managed
addedazure.traffic-manager-profile
addedgcp.service-account-key
addedaws.alarm
auto-tag-user
, copy-related-tag
, mark-for-op
, remove-tag
, tag
marked-for-op
aws.asg
update
aws.ecs-service
json-diff
aws.ecs-task-definition
json-diff
aws.eks
json-diff
aws.kafka
kms-key
azure.sql-database
data-masking-policy
, transparent-data-encryption
azure.sql-server
azure-ad-administrators
, vulnerability-assessment
azure.vm
vm-extensions
gcp.app-engine
metrics
, scc-findings
gcp.app-engine-certificate
metrics
, scc-findings
gcp.app-engine-domain
metrics
, scc-findings
gcp.app-engine-domain-mapping
metrics
, scc-findings
gcp.app-engine-firewall-ingress-rule
metrics
, scc-findings
gcp.autoscaler
metrics
, scc-findings
gcp.bq-dataset
metrics
, scc-findings
gcp.bq-job
metrics
, scc-findings
gcp.bq-table
metrics
, scc-findings
gcp.bucket
metrics
, scc-findings
gcp.build
metrics
, scc-findings
gcp.cloudbilling-account
metrics
, scc-findings
gcp.dataflow-job
metrics
, scc-findings
gcp.disk
metrics
, scc-findings
gcp.dm-deployment
metrics
, scc-findings
gcp.dns-managed-zone
metrics
, scc-findings
gcp.dns-policy
metrics
, scc-findings
gcp.firewall
metrics
, scc-findings
gcp.folder
metrics
, scc-findings
gcp.function
metrics
, scc-findings
gcp.gke-cluster
metrics
, scc-findings
gcp.gke-nodepool
metrics
, scc-findings
gcp.iam-role
metrics
, scc-findings
gcp.image
metrics
, scc-findings
gcp.instance
effective-firewall
, metrics
, scc-findings
gcp.instance-template
metrics
, scc-findings
gcp.interconnect
metrics
, scc-findings
gcp.interconnect-attachment
metrics
, scc-findings
gcp.kms-cryptokey
metrics
, scc-findings
gcp.kms-cryptokey-version
metrics
, scc-findings
gcp.kms-keyring
metrics
, scc-findings
gcp.loadbalancer-address
metrics
, scc-findings
gcp.loadbalancer-backend-bucket
metrics
, scc-findings
gcp.loadbalancer-backend-service
metrics
, scc-findings
gcp.loadbalancer-forwarding-rule
metrics
, scc-findings
gcp.loadbalancer-global-address
metrics
, scc-findings
gcp.loadbalancer-global-forwarding-rule
metrics
, scc-findings
gcp.loadbalancer-health-check
metrics
, scc-findings
gcp.loadbalancer-http-health-check
metrics
, scc-findings
gcp.loadbalancer-https-health-check
metrics
, scc-findings
gcp.loadbalancer-ssl-certificate
metrics
, scc-findings
gcp.loadbalancer-ssl-policy
metrics
, scc-findings
gcp.loadbalancer-target-http-proxy
metrics
, scc-findings
gcp.loadbalancer-target-https-proxy
metrics
, scc-findings
gcp.loadbalancer-target-instance
metrics
, scc-findings
gcp.loadbalancer-target-pool
metrics
, scc-findings
gcp.loadbalancer-target-ssl-proxy
metrics
, scc-findings
gcp.loadbalancer-target-tcp-proxy
metrics
, scc-findings
gcp.loadbalancer-url-map
metrics
, scc-findings
gcp.log-exclusion
metrics
, scc-findings
gcp.log-project-metric
metrics
, scc-findings
gcp.log-project-sink
metrics
, scc-findings
gcp.ml-job
metrics
, scc-findings
gcp.ml-model
metrics
, scc-findings
gcp.organization
metrics
, scc-findings
gcp.project
metrics
, scc-findings
gcp.project-role
metrics
, scc-findings
gcp.pubsub-snapshot
metrics
, scc-findings
gcp.pubsub-subscription
metrics
, scc-findings
gcp.pubsub-topic
metrics
, scc-findings
gcp.route
metrics
, scc-findings
gcp.router
metrics
, scc-findings
gcp.service
metrics
, scc-findings
gcp.service-account
delete
, disable
, enable
metrics
, scc-findings
gcp.snapshot
metrics
, scc-findings
gcp.sourcerepo
metrics
, scc-findings
gcp.spanner-database-instance
metrics
, scc-findings
gcp.spanner-instance
metrics
, scc-findings
gcp.sql-backup-run
metrics
, scc-findings
gcp.sql-instance
metrics
, scc-findings
gcp.sql-ssl-cert
metrics
, scc-findings
gcp.sql-user
metrics
, scc-findings
gcp.subnet
metrics
, scc-findings
gcp.vpc
metrics
, scc-findings
This release contains some breaking changes for the azure provider. The azure sdks from microsoft have dropped compatibility with several resources, specifically azure.keyvault-storage of note.
This release also sees the inclusion of a new openstack provider (alpha).
openstack.flavor
added
openstack.project
added
openstack.server
added
openstack.user
added
openstack.volume
added
aws.app-flow
added
aws.kinesis-video
added
aws.scaling-policy
added
aws.asg
scaling-policy
aws.config-rule
auto-tag-user
, copy-related-tag
, mark
, mark-for-op
, remove-tag
, tag
, unmark
, untag
marked-for-op
, tag-count
aws.ebs-snapshot
volume
aws.ecs-service
subnet
aws.ecs-task
subnet
aws.event-rule
delete
event-rule-target
, invalid-targets
aws.lambda
trim-versions
aws.log-group
kms-key
aws.message-broker
kms-key
aws.rds-cluster
kms-key
aws.rds-cluster-snapshot
set-permissions
aws.rds-snapshot
set-permissions
aws.workspaces
kms-key
azure.keyvault-storage
removed
azure.storage-container
delete
, lock
cost
, metric
, offhour
, onhour
, policy-compliant
, resource-lock
gcp.firewall
aws.event-bus
addedaws.rest-client-certificate
addedaws.config-recorder
cross-account
aws.iam-group
delete-inline-policies
aws.iam-user
delete-ssh-keys
ssh-key
aws.rest-stage
client-certificate
aws.secrets-manager
json-diff
aws.account
check-macie
aws.app-elb
modify-attributes
aws.ebs-snapshot
set-permissions
aws.elasticsearch
remove-statements
cross-account
aws.iam-certificate
delete
aws.batch-queue
addedaws.iam-oidc-provider
addedaws.iam-saml-provider
addedaws.message-config
addedazure.vm
resize
gcp.instance
create-machine-image
gcp.project
delete
, mark-for-op
, propagate-labels
, set-labels
marked-for-op
aws.artifact-domain
addedaws.artifact-repo
addedaws.catalog-portfolio
addedaws.ec2-host
addedaws.insight-rule
addedaws.account
access-analyzer
aws.cloudhsm-cluster
delete
, mark-for-op
marked-for-op
, subnet
aws.directory
mark-for-op
marked-for-op
aws.elasticsearch
kms-key
aws.hostedzone
delete
aws.iam-group
delete
aws.nat-gateway
metrics
aws.redshift-subnet-group
auto-tag-user
, copy-related-tag
, mark-for-op
, remove-tag
, tag
marked-for-op
aws.subnet
vpc-endpoint
aws.vpc
vpc-endpoint
gcp.dns-managed-zone
delete
gcp.gke-cluster
delete