Supported Idem states in VMware Tanzu Guardrails desired state templates

When you create desired state templates in Tanzu Guardrails, you can use the following supported Idem states for governance of your Amazon AWS and Microsoft Azure cloud provider accounts.

Supported Idem resource states for governance

The desired state templates support Idem states for Amazon AWS, Microsoft Azure, VMware Aria Automation for Secure Hosts, VMware Aria Automation for Secure Clouds, and Amazon EKS. The desired state templates also support Idem states for data loss protection, the Kubernetes manifest, and more.

For more information about the desired state templates, refer to:

Note: When you create a desired state template for Amazon AWS, Microsoft Azure, VMware Aria Automation for Secure Clouds, or VMware Aria Automation for Secure Hosts, each finding name of the desired state must be less than 256 characters, including values of dynamic variables.

Amazon AWS resource states

The supported Idem resource states for use in Amazon AWS desired state templates include many of the AWS resources.

Some resources do not support event-driven triggering for continuous monitoring. In the following table, those resources indicate that they only support manual triggering.

Resource states supported Resource states supported
- aws.budgets.budget_action
- aws.budgets.budget
- aws.cloudtrail.trail
- aws.cloudwatch.metric_alarm
- aws.cloudwatch.log_group
- aws.config.config_recorder
- aws.config.delivery_channel
- aws.config.config_recorder_status
- aws.config.configuration_aggregator
- aws.config.rule
- aws.costexplorer.anomaly_monitor
- aws.costexplorer.anomaly_subscription
- aws.costexplorer.cost_category
- aws.ec2.ami
- aws.ec2.elastic_ip
- aws.ec2.internet_gateway, only supports manual trigger
- aws.ec2.route_table, only supports manual trigger
- aws.ec2.route_table_association
- aws.ec2.snapshot
- aws.ec2.subnet, only supports manual trigger
- aws.ec2.volume
- aws.ec2.vpc, only supports manual trigger
- aws.events.rule
- aws.eks.cluster
- aws.eks.nodegroup
- aws.guardduty.detector
- aws.guardduty.organization_admin_account
- aws.guardduty.organization_configuration
- aws.iam.policy
- aws.iam.role
- aws.iam.role_policy
- aws.iam.role_policy_attachment
- aws.iam.user
- aws.iam.user_policy
- aws.iam.user_policy_attachment
- aws.iam.service_linked_role
- aws.iam.group
- aws.iam.group_membership
- aws.iam.group_policy_attachment
- aws.iam.password_policy
- aws.organizations.account, only supports manual trigger
- aws.organizations.organization
- aws.organizations.organization_unit, only supports manual trigger
- aws.organizations.policy, only supports manual trigger
- aws.organizations.policy_attachment
- aws.s3.bucket
- aws.s3.bucket_policy
- aws.s3.public_access_block
- aws.s3.bucket_versioning
- aws.s3.bucket_encryption
- aws.s3.bucket_logging
- aws.s3.bucket_notification
- aws.s3.bucket_lifecycle
- aws.s3.bucket_replication
- aws.sns.topic
- aws.sns.subscription
- aws.sns.topic_policy
- aws.wafv2.associate_web_acl
- aws.wafv2.web_acl
- aws.kms.key
- aws.kms.alias

Microsoft Azure resource states

The supported Idem resource states for use in the Microsoft Azure desired state templates include the following resources.

  • azure.authorization.role_assignments
  • azure.authorization.role_definitions
  • azure.compute.log_analytics_workspace
  • azure.compute.virtual_machines
  • azure.key_vault.vault
  • azure.policy.policy_assignments
  • azure.policy.policy_definitions
  • azure.management_groups.management_groups
  • azure.network.firewall
  • azure.network.network_interfaces
  • azure.network.public_ip_addresses
  • azure.network.route_tables
  • azure.network.subnets
  • azure.network.virtual_networks
  • azure.resource_management.resource_groups
  • azure.storage_account.blob
  • azure.storage_resource_provider.storage_accounts
  • azure.storage_resource_provider.storage_blob
  • azure.subscription.attach_subscriptions
  • azure.subscription.subscriptions

VMware Aria Automation for Secure Hosts resource states

The supported Idem resource states for use in the Automation for Secure Hosts desired state templates include:

  • saltstack.compliance_policy
  • saltstack.vulnerability_policy
  • saltstack.target

VMware Aria Automation for Secure Clouds resource states

The supported Idem resource states for use in the VMware Aria Automation for Secure Clouds desired state templates include:

  • securestate.framework
  • securestate.rule
  • securestate.account

DLP resource states

The desired state templates support these Idem states for data loss protection (DLP).

  • dlp.integrations
  • dlp.scans

Additional supported Idem resource states

The desired state templates support these Idem states for Amazon Elastic Kubernetes Service (Amazon EKS) token, Kubernetes manifests, Idem, accounts, and more.

  • ekstoken.token
  • kubernetes.manifest
  • exec
  • acct
  • profile
  • template

Parent topic:Learn more about desired state templates in VMware Tanzu Guardrails and VMware Tanzu Hub

check-circle-line exclamation-circle-line close-line
Scroll to top icon