Summer '21 Release
NEW FEATURES
AWS EC2 IMDSv2 Supported
Cloudaware supports AWS EC2 Instance Metadata Service Version 2 (IMDSv2). IMDSv2 protects against Website Application Firewalls, open reverse proxies, SSRF vulnerabilities and open layer 3 firewalls and NATs.
If version 1 is disabled, Cloudaware switches to version 2 to ensure security for your AWS EC2 instances. You can build reports in Cloudaware to check on AWS IMDS version on your cloud servers.
UPDATED FEATURES
Cloudaware List Views
Customers can control access to list view creation in their Cloudaware account. Only those with profiles CloudAware Administrator and CloudAware Collector Only, or a user with custom permission listViewEditor can create public list views. The option to create private list views remains without changes.
External APIs
Cloudaware released API to remove AWS Account. This API allows to mark an AWS Account for removal and automatically approve the removal request. Note that only Admin users are able to leverage this feature.
UPDATED SERVICES
AWS Account
Cloudaware supports checking whether EBS encryption by default is enabled for AWS account in a current region. To demonstrate this, the following fields are added to the object AWS Account Region:
Default EBS Encryption KMS Alias
Default EBS Encryption KMS Alias ARN
Default EBS Encryption KMS Key
Default EBS Encryption KMS Key ARN
Default EBS Encryption KMS Key ID
AWS IAM
The object AWS IAM OpenID Connect Provider has been added.
The object AWS IAM Instance Profile demonstrates the relation to EC2s to let you overview the relationship between IAM Role and all EC2 instances that have it assigned.
AWS EC2
New objects: AWS Availability Zone ID
EC2 Launch Templates
AWS network related objects (are added:
Transit Gateway
...
Transit Gateway VPC Route
...
Table,
Transit Gateway Peering
...
Transit Gateway Route Tables
...
Prefix Lists
...
The field IAM Instance Profile ARN is available on AWS EC2 Instance to indicate the relation between EC2 and an assigned IAM role.
AWS S3
S3 Object Lock settings are detected by Cloudaware by using the following fields: Object Lock Enabled, Default Retention Days, Default Retention Mode, Default Retention Years.
The field Bucket Key Enabled is added to S3 Bucket allowing to define whether the bucket is using a S3 Bucket Key, which is a bucket-level key generated by KMS. These keys are used by AWS S3 service to create unique data keys for objects in a bucket, avoiding the need for additional KMS requests. This reduces KMS operations, and as a result, costs.
AWS Athena
The Athena engine v1 should be deprecated by Amazon in August 2021. Cloudaware added the fields Selected Engine Version and Effective Engine Version are added to objects AWS Athena Work Group and AWS Query Execution . This allows to let customers track the Athena engine version, as v2 was deprecated by Amazon in August 2021.
Azure Storage
New utilization metrics showing 30-day data are added to Azure Storage Accounts.
NEW INTEGRATIONS
Spring '21 Release
NEW FEATURES
Azure Certificate API Authentification
The new object Azure Application stores Application ID (Client ID) and Client Secret required for authentication using AD (for Azure multi-tenant applications).
Policy Templates
Compliance Engine policy templates now can be filtered by the following HIPAA-related labels:
...
Application and Application Tier names can be edited in Cloudaware Virtual Applications.
Org Metadata Backup ?
Add tags to more objects - what objects?
Dataflow in Billing Processing - elaborate
NEW SERVICES
Azure SQL Virtual Machines
...
AWS Backup
AWS Global Accelerator
UPDATED SERVICES
AWS API Gateway
NEW INTEGRATIONS
Winter '21 Release
NEW FEATURES
Azure Foundation v1.1.0
CIS Benchmarks have released a new CIS Microsoft Azure Foundations Version 1.1.0. New Benchmarks for Azure are deployed in Cloudaware Compliance Engine.
...
Setup and Developer Console links are now viewable for admin users only. If you don't have access to them, you won't see them in the menu.
NEW SERVICES
AWS Blockchain
NEW INTEGRATIONS
TunHub
TunHub is a secure proxy connection built to link customer's assets located in private cloud to Cloudaware using Breeze Agent. Fine tune the ingress points for Breeze to access SCCM, vCenter, private JIRA, private Kubernetes Clusters and more.
...
Cloudaware supports Google Directory API to allow you to track users who have access to your Google Cloud and Google Projects with Cloudaware G Suite Integration.
UPDATED SERVICES
AWS Snowball
AWS X-Ray
Azure Application Gateway
Azure Express Route
Azure App Service
Qualys Integration
...