In a flexible and dynamic environment of the cloud, developers and admins have the flexibility to launch, configure, use, and terminate processing, storage, networking, and other resources as needed. Security guidelines and policies can be overlooked in the rush to get a new product or update to market before the other guys.
Enter nOps Rules.
nOps Rules is a powerful rule system that allows you to use existing rules from AWS, from other partner, and/or your own custom rules. Rules can be targeted at specific resources (by id), types of resources, or at resources tagged in your custom method. Rules are run when those resources are created or changed. They are also evaluated periodically.
Notification & Collaboration
One of the behavior we observe is that simply reporting violations is not effective. nOps divides the alerts into two section: summary of the alerts and real time alerts. Often times, if you have many violations in your account, you get numb to the these alerts. In nOps, you can snooze the daily alert notification so you don’t get alert fatigue. At the same time, you’ll receive real time notification for the same violation, allowing you to make sure all the new changes are in compliance with your policy while you fix existing violations. For increased visibility, you can send these notification to Slack and Hipchat. This powerful workflow is incredibly effective for change management and continuous compliance for your cloud environments.
Monitoring for tag compliance is the most effective way to ensure compliance for your cloud environments. If your organization doesn’t enforce proper tagging policies, eventually, no one..
AWS CloudTrail provides audit trail for your cloud infrastructure. This is one of the services that should be enabled by default, but it’s not. Enabling AWS CloudTrail on all your AWS accounts is good security practice..
Users without MFA
Multi-factor authentication is hard to enforce in AWS, yet is it recommended through AWS SEcurity best practices to have it enabled for all users. nOps allows you receive real time alerts when any of your..
Unused resources accumulate in AWS as your workflows change and evolve. We do not tend to think about tidying up loose ends every time a workflow change occurs. For example, when you stop EC2 instance..
Allowing SSH access to everyone is not a secure practice. Once you configure Unrestricted SSH monitoring, any time someone open port 22 to all, you’ll receive real time notification.
Enabling Root user multi-factor authentication is great security practice. Some companies go as far as enabling physical MFA and locking it down in vault somewhere. nOps provide easy overview which
Inactive access keys Check
checks the keys to your infrastructure to see which keys are being used and which are not. You can set the number of days of key activity to match your key management policies.