@turbot/azure-postgresql

The azure-postgresql mod contains resource, control and policy definitions for Azure PostgreSQL service.

Recommended Version

Version

5.15.1

Released On

Apr 29, 2024

Depends On

@turbot/azure ^5.0.0
@turbot/azure-iam ^5.0.0
@turbot/azure-provider ^5.0.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.1.0

Resource Types

Control Types

Policy Types

Release Notes

5.15.1 (2024-04-29)

Bug fixes

Action Type for Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges control did not render correctly on mod inspect. This is now fixed.

Action Types

Azure > PostgreSQL > Flexible Server > Update Firewall IP Ranges
Azure > PostgreSQL > Server > Update Firewall IP Ranges

Removed

Azure > PostgreSQL > Server > Update Firewall IP Ranges

5.15.0 (2024-04-26)

What's new?

You can now stop unapproved flexi servers. To get started, set the Azure > PostgreSQL > Flexible Server > Approved policy to Enforce: Stop unapproved or Enforce: Stop unapproved if new.

Control Types

Azure > PostgreSQL > Flexible Server > Firewall
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
Azure > PostgreSQL > Server > Firewall
Azure > PostgreSQL > Server > Firewall > IP Ranges
Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved

Policy Types

Azure > PostgreSQL > Flexible Server > Firewall
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Compiled Rules
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > IP Addresses
Azure > PostgreSQL > Flexible Server > Firewall > IP Ranges > Approved > Rules
Azure > PostgreSQL > Server > Firewall
Azure > PostgreSQL > Server > Firewall > IP Ranges
Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved
Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > IP Addresses
Azure > PostgreSQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

Azure > PostgreSQL > Flexible Server > Stop
Azure > PostgreSQL > Server > Update Firewall IP Ranges

5.14.0 (2024-04-17)

What's new?

You can now configure log checkpoints for Flexi Servers. To get started, set the Azure > PostgreSQL > Flexible Server > Audit Logging > * policies.
We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Control Types

Azure > PostgreSQL > Flexible Server > Audit Logging

Policy Types

Azure > PostgreSQL > Flexible Server > Audit Logging
Azure > PostgreSQL > Flexible Server > Audit Logging > Log Checkpoints

Action Types

Azure > PostgreSQL > Flexible Server > Update Audit Logging

5.13.0 (2024-04-10)

What's new?

You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > PostgresSql > Flexible Server > Encryption in Transit > * policies.

Control Types

Azure > PostgreSQL > Flexible Server > Encryption in Transit

Policy Types

Azure > PostgreSQL > Flexible Server > Encryption in Transit

Action Types

Azure > PostgreSQL > Flexible Server > Update Encryption in Transit

5.12.0 (2024-04-01)

What's new?

You can now configure connection_throttling parameter for PostgreSQL servers. To get started, set the Azure > PostgreSQL > Server > Audit Logging > Connection Throttling policy.

Policy Types

Azure > PostgreSQL > Server > Audit Logging > Connection Throttling

5.11.0 (2023-06-19)

What's new?

Resource's metadata will now also include createdBy details in Guardrails CMDB.
README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

5.10.0 (2023-05-17)

Resource Types

Azure > PostgreSQL > Flexible Server

Control Types

Azure > PostgreSQL > Flexible Server > Active
Azure > PostgreSQL > Flexible Server > Approved
Azure > PostgreSQL > Flexible Server > CMDB
Azure > PostgreSQL > Flexible Server > Discovery
Azure > PostgreSQL > Flexible Server > Tags

Policy Types

Azure > PostgreSQL > Flexible Server > Active
Azure > PostgreSQL > Flexible Server > Active > Age
Azure > PostgreSQL > Flexible Server > Active > Last Modified
Azure > PostgreSQL > Flexible Server > Approved
Azure > PostgreSQL > Flexible Server > Approved > Custom
Azure > PostgreSQL > Flexible Server > Approved > Regions
Azure > PostgreSQL > Flexible Server > Approved > Usage
Azure > PostgreSQL > Flexible Server > CMDB
Azure > PostgreSQL > Flexible Server > Regions
Azure > PostgreSQL > Flexible Server > Tags
Azure > PostgreSQL > Flexible Server > Tags > Template

Action Types

Azure > PostgreSQL > Flexible Server > Delete
Azure > PostgreSQL > Flexible Server > Router
Azure > PostgreSQL > Flexible Server > Set Tags

5.9.0 (2022-02-18)

What's new?

Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

We've improved the process of deleting resources from Guardrails if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Turbot's IAM role while deleting resources from Guardrails. This will allow the CMDB controls to process resource deletions from Guardrails more reliably than before.

Policy Types

Azure > PostgreSQL > Database > Approved > Custom
Azure > PostgreSQL > Server > Approved > Custom

5.8.0 (2021-07-23)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We’ve made a few improvements in the GraphQL queries for various controls, policies, and actions. You won’t notice any difference, but things should run lighter and quicker than before.

5.7.0 (2021-03-24)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

5.6.2 (2021-01-11)

Bug fixes

The category for the Azure > PostgreSQL > Server > Encryption in Transit control has been updated to Resource > Encryption in Transit for better categorization.

5.6.1 (2020-11-04)

Bug fixes

We've updated the Discovery controls for resources to now move to skipped instead of invalid if the provider is disabled in the subscription and the Azure > Provider > {service} > Registered policy is checking if the provider is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the provider.

5.6.0 (2020-10-22)

What's new?

We've made improvements to how Approved controls interact with CMDB policies and controls for more reliable approved checks. Now, if a resource's CMDB policy is set to Skip, its Approved control will move to invalid to prevent the Approved control from making a decision based on outdated information. Also, Approved controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

5.5.0 (2020-09-28)

What's new?

We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

5.4.0 (2020-08-27)

What's new?

Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
We've renamed the service's default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

5.3.1 (2020-07-24)

Bug fixes

When deleting inactive resources through an Active control, different warning periods in days can be set to delay deletion. We recently identified a bug that would cause these warning periods to be ignored, and any inactive resources would be deleted immediately. This bug has been fixed and now all Active controls will abide by the warning period set in the policy value.

5.3.0 (2020-07-13)

Control Types

Azure > PostgreSQL > Server > Audit Logging

Policy Types

Azure > PostgreSQL > Server > Audit Logging
Azure > PostgreSQL > Server > Audit Logging > Log Checkpoints
Azure > PostgreSQL > Server > Audit Logging > Log Connections
Azure > PostgreSQL > Server > Audit Logging > Log Disconnections
Azure > PostgreSQL > Server > Audit Logging > Log Duration
Azure > PostgreSQL > Server > Audit Logging > Log Retention Days

Action Types

Azure > PostgreSQL > Server > Update Audit Logging

5.2.0 (2020-06-03)

What's new?

All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

Control Types

Azure > PostgreSQL > Server > Encryption in Transit

Policy Types

Azure > PostgreSQL > Server > Encryption in Transit

Action Types

Azure > PostgreSQL > Server > Update Encryption in Transit

5.1.1 (2020-05-14)

Bug fixes

Several permissions did not have grant levels assigned, so when this service was enabled, the IAM permission model would be unable to calculate the full permission set across all services. The missing grant levels have been added and permission calculations are now running smoothly again.