Versions Compared

Old Version 17

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version 18

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Change Management is a part of Cloudaware CMDB. Any object from your inventory added into Cloudaware CMDB can be tracked in regard to changes.

...

  • Unauthorized security group changes

  • Changes that were approved for a short period of time but still linger

  • IAM Users who should not longer have access

  • IAM Users who should not have the level of access that they do

  • Unauthorized AMIs

  • Unauthorized objects instances and databases that were created under the cover.

Prepackaged Approval Processes

There is a list of default approval processes that are prepackaged with Cloudaware. These approval processes are de-activated deactivated by default. Users can review, modify and activate them depending on their security program requirements.

Assigned To General AWS Security Queue

Assigned To Data Security Queue

  • CloudTail is disabled

  • Snapshot shared into another account or made public

  • KMS Key Created or Granted

  • KMS Key Policy Modified

Assigned To Network Security Queue

Assigned To Access Control Queue

  • EC2 Instance open to 0.0.0.0/0

  • RDS Instance open to 0.0.0.0/0

  • VPC Peering Request Accepted/Initiated

  • All VPC Network ACL Modifications

  • All VPC Routing modifications

  • New IAM Policy attached to user

  • New IAM Policy attached to group

  • Access Key Granted To User

  • User group membership is modified

  • New IAM Policy attached to role

  • S3 bucket policy modified

  • New SAML Provider is created

Creating an Approval Process

...

  • Send out an email when someone launches a 1st 1st generation instance

  • Create a task if an instance appears to be overutilized for extended period of time

  • Send an email if an instance is launched using un-approved AMI

  • Enable a backup policy on an instance based on its name

  • Auto-attach an instance to an application based on its name

...