Turbot Product Updates
Monthly highlights of Turbot product changes
Turbot Mod Changes
AWS EC2 Mod improvements when tagging events occurred
AWS ECR Image controls added
AWS SageMaker controls for Code Repository, Endpoint Configuration, Lifecycle Configuration
AWS Well-Architected Tool Tagging control
Azure Network Security Group rules have an added condition for service tags approved
GCP Firebase controls for Android App, Firebase Project, Web App, and iOS App
New services and resources added for Turbot AWS Permissions; Connect, Cloud Directory, DataSync, MWAA, Cloud Map, Direct Connect, Translate, Rekognition, Cognito, AWS Tagging, Chatbot, Device Farm, Polly, Macie2, IAM Access Analyzer, AppFlow, Billing
Turbot Event Handler custom rules -- custom options to reduce unused high volume AWS EC2 and AWS VPC events
Additional updates can be found in the full Release Notes.
Turbot UI Changes
Turbot Best Practice Reports
Turbot’s best practice reports combine key controls for given resources into a single easy to read report. The image below shows a combined report for S3 buckets pulling to together results for nine separate controls into a single line item for each bucket. These reports are based on your policies settings and can be exported to CSV.
15 New Turbot Reports:
Turbot Best Practice - AWS S3 Buckets (See above)
Oldest Azure Compute Disks
Well-Architected Tool Workloads
Azure Compute Disks Resource Details
Unencrypted AWS CloudWatch Log Groups
AWS EC2 Instance AMI usage
AWS Default VPC
AWS EC2 AMIs
AWS Public Route 53 Hosted Zones
Recent User Login
Detached GCP Compute Engine Disks
Unencrypted AWS CloudTrail Trails
Aging AWS Access Keys
Aging Turbot Access Keys
Mods Admin List shows more information on the latest available version and last updated
Additional updates can be found in the full TE Release Notes.
Turbot Enterprise Changes
The current recommended deployment versions for Turbot Enterprise are updated here: https://turbot.com/v5/docs/releases
External ID Best Practices
The Turbot UI now auto-generates complex random external IDs to adhere to best practices and organizations can enforce use of unique external IDs using the `AWS > Account > Turbot IAM Role > External ID > Protection` policy. See the v5 FAQs for more info.
Apollo becoming new default UI
In the upcoming v5.37.0 release, the default UI for all Turbot users will become the Turbot Console Apollo UI. For users already using the Apollo UI, no change will occur, and for users who still prefer the original UI, you can switch back with a link in the header of the console. For Turbot Cloud (SaaS) customers this change will occur automatically. For Turbot Enterprise customers this change will occur when you upgrade to the v5.37.0 release or higher.
The existing (non-Apollo) console will be considered deprecated in the v5.37.0 release, and in a few months, the v5.40.0 release will fully remove the non-Apollo UI. This will not impact APIs, but will impact saved URLs pointing to specific screens in the old UI.
Since its release in Nov 2020, the Apollo UI is the preferred UI among Turbot users. You can learn more about Apollo in our highlights video.
Postgres 13 support
Starting with TED v1.20.1 new installations will default to using Postgres 13. Existing Postgres 11 & 12 installs will not be impacted and no action needs to be taken now. When appropriate, we will recommend an update path.
Key Performance Improvements:
Moving resources to new locations in the hierarchy is more responsive in the UI.
Process logs are saved to S3 as a single operation, reducing request costs.
Cleanup of unused tables (action_history) and unused indexes (controls_history, resources_history, and policy_values_history) to reduce DB disk space.
Critical database indexes are now re-created weekly to improve performance.
Workspace will now pause on processing events during a TE upgrade.
Full Release Notes:
Turbot Developer Tools:
Terraform - https://turbot.com/v5/docs/releases/terraform
Turbot’s Terraform Provider v1.8.2 has been tested compatible with Terraform version 14 and 15.
Turbot CLI - https://turbot.com/v5/docs/releases/cli
FAQ guide - Can I generate AWS Access Keys programmatically?
Turbot On Posts:
[Turbot On] Tagging with Context - how to automate the application of resource tags from CMDB metadata.
[Turbot On] S3 Public Access Blocks - how to automate AWS S3 account and bucket level public access blocks.
[Turbot On] GCP Firewall Rule Logging - how to automatically enable GCP Firewall Logging for one or more firewall rules.
[Turbot On] Automated Snapshot Cleanup - how to save big by cleaning up older snapshots on a retention schedule.