Archives for AWS
Check when a GKE Cluster was created
Apply this filter to the logs (under operations from the cluster management screen). Default audit logs go back 180 days. "gke_cluster" "" "your-cluster-name" Default audit logs go back 180…
reusable sandbox environments in AWS
AWS innovation sandbox provides a way to create a separate sandbox account that can be managed from a management account. Along with the account level separation, network isolation is provided…
Prisma versus Native CSPM Alerting on GCP and AWS
Native Vulnerability and Misconfiguration Monitoring Tools run for a longer period of time - and capture account level events that may not be captured by Prisma and external CSPM tools.…
AWS SSO Groups and Root Users
Discourage use of local accounts and encourage SSO Groups. With SSO Groups, access can be granted either across multiple accounts or to individual accounts, using Permission Sets. SSO Groups and…
No Ingress EC2 Instances, Public IPs on EC2s
AWS allows for a no-ingress EC2 instance, that can only be accessed via Systems Manager. This is the recommended best practice. Also read - Identity Aware Proxy on GCP for…
Removing Public Access to EC2 Instances
This content is password protected. To view it please enter your password below: Password:
EFS Mount Points versus S3 object stores
This content is password protected. To view it please enter your password below: Password:
How many accounts should your public cloud have?
This content is password protected. To view it please enter your password below: Password:
Extending on premises AD to AWS
This content is password protected. To view it please enter your password below: Password:
Rubrik to AWS S3
Rubrik can be either a SaaS offering or an on premises cluster. If it needs FIPS 140-2 compliance, it will need a FIPs validated S3 endpoint, using AWS Privatelink Amazon…