Author Archives: anuj - Page 21
Azure equivalents of GCP Resources
GCP Service Account --> Azure Managed Identity GCP Project --> Azure Resource group GCP VPC FW Rules --> Azure NSGs
Palo Alto CSPM (Prisma) on GCP, AWS, Azure – demo links
This content is password protected. To view it please enter your password below: Password:
Cloudwatch Metrics, Log Group Metrics and Dashboards in AWS
When you start creating a new dashboard in Cloudwatch, you will be prompted to add a widget. The widget can contain pre-built metrics ( CPU Utilization, VPN datain, dataout) or…
AWS NACLs vs Security Groups
Use Case — A single public subnet, multiple private subnets in AWS Access to all private subnet instances is via instances in the public subnet. Say you have a bastion host in…
VPC Logs in GCP (or AWS) and IP Addresses
This content is password protected. To view it please enter your password below: Password:
Google Cloud KMS FAQ
What is Envelope Encryption? Cloud KMS generates a key called the KEK (key encrypting key). This key DOES NOT encrypt your payload data. It just encrypts the key that is…
Cloud Monitoring on GCP
Also read Logging in GCP Cloud Monitoring collects metrics, events, and metadata from Google Cloud and applications hosted on GCP. GCP provides several built in metrics What about ALERTING and…
Public Access and Cloud Storage
Public Access to Storage Buckets Regardless of the ACL settings (uniform bucket access), disabling public access will disallow content to be READ from the bucket. This means, that no website…
MFA for IAM Users, Service Accounts and CLI Access
Do you need MFA on your IAM User accounts? What about Service Accounts or IAM users used for CLI access only? It depends on what the user account is used…
Metadata Access Disabled
Also read, metadata on GCP Compute Engine and IP Addressing on Compute Engine VMs Overview Metadata (of an EC2 instance) can contain access key and secrets. This is all that…