Policy: AWS > Organization > Discovery Level
Defines the discovery level for accounts in this organization.
Each entry specifies an account pattern and its discovery level: - none: Account is not discovered - completely ignored by Guardrails - account: Account-level discovery only - visible in UI but policies/controls are NOT materialized - resource: Resource-level discovery - fully managed with policies/controls materialized
Supported patterns: - Account ID: 111122223333 - OU ID: ou-xxxx-xxxxxxxx
Example: yaml - aka: "111122223333" discoveryLevel: none - aka: "sandbox_account" discoveryLevel: account - aka: "my_prod_account" discoveryLevel: resource - aka: "ou-prod-1234" discoveryLevel: resource
Accounts not listed default to resource-level discovery (full management).
Targets
This policy targets the following resource types:
Controls
Setting this policy configures these controls:
- AWS > Account > CMDB
- AWS > Account > Discovery
- AWS > Organization Root > CMDB
- AWS > Organization Root > Discovery
- AWS > Organizational Unit > CMDB
- AWS > Organizational Unit > Discovery
Policy Specification
Schema Type | |
|---|---|
Default | |
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/cmdb
- tmod:@turbot/aws#/policy/types/organizationDiscoveryLevel
- turbot graphql policy-type --id "tmod:@turbot/aws#/policy/types/organizationDiscoveryLevel"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws#/policy/types/organizationDiscoveryLevel"
Get Policy TypeGet Policy Settings