Back to Blog
β€’Keita Higaki

v0.6.0: Massive Multi-Cloud Expansion - 25+ New Services

releaseawsgcpmulti-cloudcoverage

🌍 TFDrift-Falco v0.6.0: Multi-Cloud Explosion

Release Date: March 20, 2026

Milestone achieved: Largest service expansion ever β€” AWS now 40+ services (500+ events), GCP now 27+ services (170+ events).

πŸ“ˆ The Growth

From v0.5.0 to v0.6.0:

CloudServicesEventsNew Services
AWS30+ β†’ 40+400+ β†’ 500+EFS, Cognito, AppSync, MSK, OpenSearch, CodePipeline, CodeBuild, CodeDeploy, GuardDuty, AWS Config
GCP12+ β†’ 27+100+ β†’ 170+Cloud Armor, DNS, Redis, Spanner, Artifact Registry, Monitoring, Logging, Dataproc, Cloud Build, + more
Total42+ β†’ 67+500+ β†’ 670+25+ new services, 170+ new events

🎯 New AWS Services (10)

Enterprise & Developer Tools

  • EFS (Elastic File System) - Serverless file storage drift
  • CodePipeline - CI/CD pipeline configuration tracking
  • CodeBuild - Build system drift detection
  • CodeDeploy - Application deployment monitoring
  • AppSync - GraphQL API infrastructure

Data & Messaging

  • MSK (Managed Streaming for Kafka) - Real-time pipeline monitoring
  • OpenSearch - Search engine infrastructure tracking

Identity & Security

  • Cognito - Identity management drift detection
  • GuardDuty - Security threat detection configuration
  • Config - Compliance monitoring infrastructure

πŸš€ New GCP Services (15)

Infrastructure & Security

  • Cloud Armor - DDoS and security policy monitoring
  • Cloud DNS - DNS zone and record management
  • Redis/Memorystore - In-memory database drift
  • Cloud Spanner - Distributed SQL database tracking

Data & Analytics

  • Artifact Registry - Container and artifact repository
  • Dataproc - Spark and Hadoop cluster management
  • Cloud Build - CI/CD infrastructure
  • Cloud Monitoring - Dashboard and alert policies
  • Cloud Logging - Log sink and retention configuration
  • Cloud Tasks - Asynchronous job queue monitoring
  • Cloud Scheduler - Scheduled job orchestration
  • Pub/Sub Schema - Event schema management

🧠 Intelligent Event Disambiguation

The big challenge with 25+ new services: ambiguous event names.

Problem: Both AWS SageMaker and GCP Vertex AI have "CreateModel" events. How do we know which is which?

Solution: Comprehensive conflict resolution engine:

Event Name Conflicts Resolved: 15+

CreateModel       β†’ AWS SageMaker vs GCP Vertex AI
DeleteModel       β†’ AWS SageMaker vs GCP Vertex AI
UpdateJob         β†’ AWS Batch vs GCP Dataflow
CreateEndpoint    β†’ AWS SageMaker vs GCP Vertex AI
CreateFunction    β†’ AWS Lambda vs GCP Cloud Functions

Resolution uses:

  • Event source field (aws_cloudtrail vs gcpaudit)
  • Service identifiers in event payload
  • Resource structure and naming patterns
  • Fallback to comprehensive error logging

πŸ”§ Enhanced Event Parser

Updated parser handles:

  • Provider-specific field variations
  • Ambiguous event auto-detection
  • Graceful fallback with diagnostics
  • Comprehensive error messages

Perfect foundation for scaling to Azure in v0.7.0.

πŸ“Š Coverage Snapshot

AWS Top Services (by event count):

  1. VPC/Networking - 42 events
  2. RDS - 31 events
  3. EC2 - 17 events
  4. SageMaker - 16 events
  5. ELB/ALB - 15 events

GCP Top Services:

  1. Compute Engine - 30+ events
  2. Cloud Storage - 15+ events
  3. Monitoring - 14+ events
  4. Dataproc - 13+ events
  5. Cloud Spanner - 11+ events

βœ… Quality Assurance

  • 500+ AWS tests - Complete event coverage
  • 170+ GCP tests - All new services validated
  • 50+ disambiguation tests - Conflict resolution verified
  • 100% pass rate - Every test passing

πŸš€ Use Cases Unlocked

Use Case 1: Multi-Cloud Compliance

Monitor compliance drift across AWS and GCP simultaneously:

[15:22:03] AWS CRITICAL: GuardDuty detector disabled
[15:22:05] GCP CRITICAL: Cloud Armor policy deleted
[15:22:12] AWS WARNING: CodeBuild project encrypted→unencrypted
β†’ Automatic compliance report generated

Use Case 2: Unified Data Pipeline Monitoring

Track data infrastructure across clouds:

  • AWS: MSK (Kafka), Kinesis, Lambda β†’ Processing
  • GCP: Pub/Sub, Dataflow, Cloud Functions β†’ Processing
  • Unified: Central drift dashboard

Use Case 3: Multi-Cloud ML Deployments

Monitor ML infrastructure:

  • AWS: SageMaker endpoints, training jobs
  • GCP: Vertex AI models, endpoints
  • Unified: Track model deployments across clouds

🎬 Getting Started

Update your configuration:

providers:
  aws:
    enabled: true
    services:
      - efs
      - cognito
      - appsync
      - msk
      - opensearch
      - codepipeline
      - codebuild
      - codedeploy
      - guardduty
      - config

  gcp:
    enabled: true
    services:
      - cloud_armor
      - cloud_dns
      - redis
      - spanner
      - artifact_registry
      - monitoring
      - logging
      - dataproc
      - cloud_build

🀝 Roadmap Glimpse

v0.7.0 (Coming March 22):

  • Dashboard UI with event management
  • Real-time notifications (SSE)
  • Dark/light theme toggle
  • Azure Activity Logs (119+ operations)

Post v0.7.0:

  • Kubernetes cluster monitoring
  • Cost analysis and tracking
  • Auto-remediation workflows
  • ML-powered anomaly detection

TFDrift-Falco v0.6.0 - The Multi-Cloud Powerhouse

67 Services β€’ 670+ Events β€’ Intelligent Disambiguation β€’ Production Ready

Back to All Posts