Versions Compared

Old Version 16

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version Current

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Change Management is a part of Cloudaware CMDB. Any object from your inventory added into Cloudaware CMDB can be tracked in regard to changes.

...

  • Unauthorized security group changes

  • Changes that were approved for a short period of time but still linger

  • IAM Users who should not longer have access

  • IAM Users who should not have the level of access that they do

  • Unauthorized AMIs

  • Unauthorized objects instances and databases that were created under the cover.

Prepackaged Approval Processes

There is a list of default approval processes that are prepackaged with Cloudaware. These approval processes are de-activated deactivated by default. Users can review, modify and activate them depending on their security program requirements.

Assigned To General AWS Security Queue

Assigned To Data Security Queue

  • CloudTail is disabled

  • Snapshot shared into another account or made public

  • KMS Key Created or Granted

  • KMS Key Policy Modified

Assigned To Network Security Queue

Assigned To Access Control Queue

  • EC2 Instance open to 0.0.0.0/0

  • RDS Instance open to 0.0.0.0/0

  • VPC Peering Request Accepted/Initiated

  • All VPC Network ACL Modifications

  • All VPC Routing modifications

  • New IAM Policy attached to user

  • New IAM Policy attached to group

  • Access Key Granted To User

  • User group membership is modified

  • New IAM Policy attached to role

  • S3 bucket policy modified

  • New SAML Provider is created

Creating an Approval Process

...

More about working with Salesforce Approval Processes is available here.

Field History Tracking

The section 'Changes History' under the tab 'Change Management' on an instance provides a quick way to view the instance lifetime change log. It is not as detailed as CloudTrail change log but is available on demand and does not require additional searching. For example, you can track any attribute of AWS EC2 instance (instance size change, a tag being applied, HIDS Status changed, etc).

...

  • Send out an email when someone launches a 1st 1st generation instance

  • Create a task if an instance appears to be overutilized for extended period of time

  • Send an email if an instance is launched using un-approved AMI

  • Enable a backup policy on an instance based on its name

  • Auto-attach an instance to an application based on its name

...

More about working with Salesforce Workflows is available here.