Control: AWS > CloudFormation > Hook > Prevention > Discovery

Discover prevention rules from AWS CloudFormation Hooks (Lambda, Guard, and Control Tower/Control Catalog types) and map them to prevention objectives.

This control analyzes hook schemas, configurations, and target resources to automatically create prevention rules that document how each hook implements specific governance objectives. For Control Tower hooks, it directly maps Control IDs (e.g., CT.S3.PR.1) to their corresponding prevention objectives.

Resource Types

This control targets the following resource types:

AWS > CloudFormation > Hook

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-prevention#/control/types/cloudFormationHookPreventionDiscovery

Category URI

tmod:@turbot/turbot#/control/categories/cmdbDiscovery

GraphQL

query controlType(id: "tmod:@turbot/aws-prevention#/control/types/cloudFormationHookPreventionDiscovery") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-prevention#/control/types/cloudFormationHookPreventionDiscovery'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-prevention#/control/types/cloudFormationHookPreventionDiscovery"