Turbot Mod Changes

• AWS EC2 Mod improvements when tagging events occurred

• AWS ECR Image controls added

• AWS SageMaker controls for Code Repository, Endpoint Configuration, Lifecycle Configuration

• AWS Well-Architected Tool Tagging control

• Azure Network Security Group rules have an added condition for service tags approved

• GCP Firebase controls for Android App, Firebase Project, Web App, and iOS App

• New services and resources added for Turbot AWS Permissions; Connect, Cloud Directory, DataSync, MWAA, Cloud Map, Direct Connect, Translate, Rekognition, Cognito, AWS Tagging, Chatbot, Device Farm, Polly, Macie2, IAM Access Analyzer, AppFlow, Billing

• Turbot Event Handler custom rules -- custom options to reduce unused high volume AWS EC2 and AWS VPC events

• Additional updates can be found in the full Release Notes.

Turbot UI Changes

Turbot Best Practice Reports

Turbot’s best practice reports combine key controls for given resources into a single easy to read report. The image below shows a combined report for S3 buckets pulling to together results for nine separate controls into a single line item for each bucket. These reports are based on your policies settings and can be exported to CSV.

15 New Turbot Reports: 

• Turbot Best Practice - AWS S3 Buckets (See above)

• Oldest Azure Compute Disks

• Well-Architected Tool Workloads

• Azure Compute Disks Resource Details

• Unencrypted AWS CloudWatch Log Groups

• AWS EC2 Instance AMI usage

• AWS Default VPC

• AWS EC2 AMIs

• AWS Public Route 53 Hosted Zones

• Recent User Login

• Detached GCP Compute Engine Disks

• Unencrypted AWS CloudTrail Trails

• Aging AWS Access Keys

• Aging Turbot Access Keys

• Mods Admin List shows more information on the latest available version and last updated

Additional updates can be found in the full TE Release Notes.

Turbot Enterprise Changes

The current recommended deployment versions for Turbot Enterprise are updated here: https://turbot.com/v5/docs/releases

External ID Best Practices

The Turbot UI now auto-generates complex random external IDs to adhere to best practices and organizations can enforce use of unique external IDs using the `AWS > Account > Turbot IAM Role > External ID > Protection` policy. See the v5 FAQs for more info.

Apollo becoming new default UI

In the upcoming v5.37.0 release, the default UI for all Turbot users will become the Turbot Console Apollo UI. For users already using the Apollo UI, no change will occur, and for users who still prefer the original UI, you can switch back with a link in the header of the console. For Turbot Cloud (SaaS) customers this change will occur automatically.  For Turbot Enterprise customers this change will occur when you upgrade to the v5.37.0 release or higher.

The existing (non-Apollo) console will be considered deprecated in the v5.37.0 release, and in a few months, the v5.40.0 release will fully remove the non-Apollo UI. This will not impact APIs, but will impact saved URLs pointing to specific screens in the old UI.

Since its release in Nov 2020, the Apollo UI is the preferred UI among Turbot users. You can learn more about Apollo in our highlights video.

Postgres 13 support

Starting with TED v1.20.1 new installations will default to using Postgres 13. Existing Postgres 11 & 12 installs will not be impacted and no action needs to be taken now. When appropriate, we will recommend an update path.

Key Performance Improvements: 

• Moving resources to new locations in the hierarchy is more responsive in the UI.

• Process logs are saved to S3 as a single operation, reducing request costs.

• Cleanup of unused tables (action_history) and unused indexes (controls_history, resources_history, and policy_values_history) to reduce DB disk space.

• Critical database indexes are now re-created weekly to improve performance.

• Workspace will now pause on processing events during a TE upgrade.

Full Release Notes:

• Turbot Enterprise

• Turbot Enterprise Foundation (TEF)

• Turbot Enterprise Database (TED)

Turbot Developer Tools:

Terraform - https://turbot.com/v5/docs/releases/terraform

• Turbot’s Terraform Provider v1.8.2 has been tested compatible with Terraform version 14 and 15.

Turbot CLI - https://turbot.com/v5/docs/releases/cli

• FAQ guide - Can I generate AWS Access Keys programmatically?

Turbot On Posts:

• [Turbot On] Tagging with Context - how to automate the application of resource tags from CMDB metadata. 

• [Turbot On] S3 Public Access Blocks - how to automate AWS S3 account and bucket level public access blocks. 

• [Turbot On] GCP Firewall Rule Logging - how to automatically enable GCP Firewall Logging for one or more firewall rules.

• [Turbot On] Automated Snapshot Cleanup - how to save big by cleaning up older snapshots on a retention schedule.