Versions Compared

Old Version 4

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version 5

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Change Management is a part of CloudAware CMDB. Any object from your inventory added into CloudAware CMDB can be tracked in regard to changes.

Field History Tracking

You can track any attribute of AWS EC2 instance (instance size change, tag being applied, HIDS Status changed, etc).

Image Removed

Approval Processes

Once a change has been detected and recorded in CloudAware CMDB, several possible actions can happen depending on the customization and the nature of the change detected:

...

Possible outcomes of a change event can be be combined. For example, we can request an approval and then execute an action if change was approved and another action if change was rejected.
Virtually any kind of combination and permutation of workflows and approvals can be performed including multiple approvals by different groups of approvers.

What Constitutes a Change Event?


Any modification of any object attribute within CMDB is a change event. By default, all changes are recorded into CMDB and the object history is updated to reflect what changed and when.

Approval Processes

Approvals processes are necessary in order to be assured that the system is an approved configuration state. Without approvals, we cannot be certain that the environment is in state that complies with corporate security policies. Common problems when approval processes are missing or are not implemented correctly:

  • Unauthorized security group changes

  • Changes that were approved for a short period of time but still linger

  • IAM Users who should not longer have access

  • IAM Users who should not have the level of access that they do

  • Unauthorized AMIs

  • Unauthorized objects instances and databases that were created under the cover.

Prepackaged Approval Processes


There is a list default approval processes that are prepackaged with CloudAware. These approval processes are de-activated by default. Users can review, modify and activate them depending on their security program requirements.

Assigned To General AWS Security Queue

Assigned To Data Security Queue

  • CloudTail is disabled

  • Snapshot shared into another account or made public

  • KMS Key Created or Granted

  • KMS Key Policy Modified

Assigned To Network Security Queue

Assigned To Access Control Queue

  • EC2 Instance open to 0.0.0.0/0

  • RDS Instance open to 0.0.0.0/0

  • VPC Peering Request Accepted/Initiated

  • All VPC Network ACL Modifications

  • All VPC Routing modifications

  • New IAM Policy attached to user

  • New IAM Policy attached to group

  • Access Key Granted To User

  • User group membership is modified

  • New IAM Policy attached to role

  • S3 bucket policy modified

  • New SAML Provider is created

Use approval processes functionality to get any new record to be automatically submitted for your approval. You may be notified by email of each submission. Review a record’s Approval Status to change and take an action. Track approval history directly in CloudAware CMDB.

...

...

Field History Tracking

You can track any attribute of AWS EC2 instance (instance size change, a tag being applied, HIDS Status changed, etc).

...