Control: AWS > S3 > Bucket > CMDB
Record and synchronize details for the AWS S3 bucket into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.
To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".
CMDB controls also use the Regions policy associated with the resource. If region is not in AWS > S3 > Bucket > Regions
policy, the CMDB control will delete the resource from the CMDB. (Note: Setting CMDB to Skip will also pause these changes.)
Resource Types
This control targets the following resource types:
Policies
The following policies can be used to configure this control:
This control type relies on these other policies when running actions:
Permissions
Cloud permissions used by this control and its actions:
s3:GetBucketAccelerateConfiguration
s3:GetBucketAcl
s3:GetBucketCORS
s3:GetBucketEncryption
s3:GetBucketLifecycleConfiguration
s3:GetBucketLocation
s3:GetBucketLogging
s3:GetBucketNotification
s3:GetBucketNotificationConfiguration
s3:GetBucketPolicy
s3:GetBucketPolicyStatus
s3:GetBucketPublicAccessBlock
s3:GetBucketReplication
s3:GetBucketRequestPayment
s3:GetBucketTagging
s3:GetBucketVersioning
s3:GetBucketWebsite
s3:GetObjectLockConfiguration
s3:GetPublicAccessBlock
s3:HeadBucket
s3:ListBucketIntelligentTieringConfigurations
Category
In Your Workspace
Developers
- tmod:@turbot/aws-s3#/control/types/bucketCmdb
- tmod:@turbot/turbot#/control/categories/cmdb
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-s3#/control/types/bucketCmdb"
Get Controls