Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Winter '22 Release

NEW FEATURES

Mass-delete Cloud Accounts

Org Metadata Backup

OS Services CIS Scans

Azure Certificate API Authentification

Cloudaware stores Application ID (Client ID) and Client Secret in the object Azure Application which allows to authenticate using AD (for Azure multi-tenant applications).

The object Azure Application stores Application ID (Client ID) and Client Secret required for authentication using AD (for Azure multi-tenant applications).

NEW SERVICES

Azure Analysis Services

Objects:

Azure Analysis Services Server
Azure Analysis Services Server Admin

Azure Monitor Metrics

UPDATED SERVICES

AWS API Gateway 

Applications - more objects attachable, what objects?

Add tags to more objects - what objects

External APIs improvements - what's improved?

Dataflow in Billing Processing - elaborate

Azure Storage

AWS Сost Explorer Coverage & Utilization 
Cloudaware supports record types for ElastiCache, Elasticsearch, Redshift allowing to track costs for these servcies.

AWS Athena

The fields Selected Engine Version and Effective Engine Version are added to objects AWS Athena Work Group and AWS Query Execution. This allows to track the Athena engine version (v2 was deprecated by Amazon in August 2021).

AWS S3

S2 Object Lock settings are detected by Cloudaware (Object Lock Enabled, Default Retention Days, Default Retention Mode, Default Retention Years)

The field Bucket Key Enabled is added to S2 Bucket allowing to define whether the bucket is using a S3 Bucket Key, which is a bucket-level key generated by KMS. These keys are used by S3 to create unique data keys for objects in a bucket, avoiding the need for additional KMS requests. This reduces KMS operations, and as a result, costs.

AWS MSK

The object AWS MSK Configuration Revision is added, with a lookup to objects AWS MSK Cluster, AWS MSK Configuration, AWS MSK Node. This object stores details related to AWS MSK configuration revision and helps to capture the actual cluster configuration.

AWS RDS 

The following AWS Directory fields are added to AWS RDS instance and AWS RDS Cluster layouts: Name, FQDN, IAM Role ARN, ID, Status.

NEW INTEGRATIONS

Rancher

Summer '21 Release

NEW FEATURES

AWS EC2 IMDSv2 Supported

Cloudaware supports AWS EC2 Instance Metadata Service Version 2 (IMDSv2). IMDSv2 protects against Website Application Firewalls, open reverse proxies, SSRF vulnerabilities and open layer 3 firewalls and NATs. 

If version 1 is disabled, Cloudaware switches to version 2 to ensure security for your AWS EC2 instances. You can build reports in Cloudaware to check on AWS IMDS version on your cloud servers. 

UPDATED FEATURESCloudaware Virtual ApplicationsThe following objects can be attached to

Cloudaware Virtual Applications:

AWS EFS File System

AWS EKS Cluster

AWS EKS Cluster Pod

AWS EMR Cluster

AWS Kinesis Firehose Destination

AWS Kinesis Stream

AWS KMS Key

AWS MQ Broker

AWS RDS Cluster

AWS Secrets Manager Secret

AWS SQS Queue

Azure SQL Instance

Azure SQL Instance Database

Cloudaware List Views

Customers can control access to list view creation in their Cloudaware account. Only those with profiles CloudAware Administrator and CloudAware Collector Only, or a user with custom permission listViewEditor can create public list views. The option to create private list views remains without changes.

NEW SERVICES

Azure Data Factory

UPDATED SERVICES

AWS EC2

Support for objects:

AWS Availability Zone ID
EC2 Launch Templates
AWS network related objects (Transit Gateway, Transit Gateway VPC Route Tables, Transit Gateway Peering, Transit Gateway Route Tables, Prefix Lists)Account

Cloudaware supports checking whether EBS encryption by default is enabled for AWS account in a current region. To demonstrate this, the following fields are added to the object AWS Account Region:

  • Default EBS Encryption KMS Alias

  • Default EBS Encryption KMS Alias ARN

  • Default EBS Encryption KMS Key

  • Default EBS Encryption KMS Key ARN

  • Default EBS Encryption KMS Key ID

AWS IAM

The object AWS IAM OpenID Connect Provider has been added.

The object AWS IAM Instance Profile demonstrates the relation to EC2s to let you overview the relationship between IAM Role and all EC2 instances that have it assigned.

AWS EC2

New AWS network related objects are added:

  • Transit Gateway

  • Transit Gateway VPC Route Table,

  • Transit Gateway Peering

  • Transit Gateway Route Tables

  • Prefix Lists

The field IAM Instance Profile ARN is available on AWS EC2 Instance to indicate the relation between EC2 and an assigned IAM role.

AWS IAM

The object AWS IAM OpenID Connect Provider has been added.

The object AWS IAM Instance Profile demonstrates the relation to EC2s to let you overview the relationship between IAM Role and all EC2 instances that have it assigned.

AWS Account

Cloudaware supports checking whether EBS encryption by default is enabled for AWS account in a current region. To demonstrate this, the following fields are added to the object AWS Account Region:

Default EBS Encryption KMS Alias
Default EBS Encryption KMS Alias ARN
Default EBS Encryption KMS Key
Default EBS Encryption KMS Key ARN
Default EBS Encryption KMS Key ID

S3

S3 Object Lock settings are detected by Cloudaware by using the following fields: Object Lock Enabled, Default Retention Days, Default Retention Mode, Default Retention Years.

The field Bucket Key Enabled is added to S3 Bucket allowing to define whether the bucket is using a S3 Bucket Key, which is a bucket-level key generated by KMS. These keys are used by AWS S3 service to create unique data keys for objects in a bucket, avoiding the need for additional KMS requests. This reduces KMS operations, and as a result, costs.

AWS Athena

Athena engine v1 should be deprecated by Amazon in August 2021. Cloudaware added the fields Selected Engine Version and Effective Engine Version to objects AWS Athena Work Group and AWS Query Execution to let customers track Athena engine version.

Azure Storage

New utilization metrics showing 30-day data are added to Azure Storage Accounts.

NEW INTEGRATIONS

Snowflake

Spring '21 Release 

NEW FEATURES

Azure Certificate API Authentification

The new object Azure Application stores Application ID (Client ID) and Client Secret required for authentication using AD (for Azure multi-tenant applications).

Policy Templates

Compliance Engine policy templates now can be filtered by the following HIPAA-related labels:

...

Application and Application Tier names can be edited in Cloudaware Virtual Applications.

NEW SERVICES

Azure SQL Virtual Machines

...

AWS Backup

AWS Global Accelerator

UPDATED SERVICES

AWS API Gateway 

NEW INTEGRATIONS

Rally

Winter '21 Release

NEW FEATURES

Azure Foundation v1.1.0

CIS Benchmarks have released a new CIS Microsoft Azure Foundations Version 1.1.0. New Benchmarks for Azure are deployed in Cloudaware Compliance Engine.

...

Setup and Developer Console links are now viewable for admin users only. If you don't have access to them, you won't see them in the menu.

NEW SERVICES

AWS Blockchain

NEW INTEGRATIONS

TunHub

TunHub is a secure proxy connection built to link customer's assets located in private cloud to Cloudaware using Breeze Agent. Fine tune the ingress points for Breeze to access SCCM, vCenter, private JIRA, private Kubernetes Clusters and more.

...

Cloudaware supports Google Directory API to allow you to track users who have access to your Google Cloud and Google Projects with Cloudaware G Suite Integration.

UPDATED SERVICES

AWS Snowball 
AWS X-Ray
Azure Application Gateway
Azure Express Route 
Azure App Service
Qualys Integration

...