Provides infrastructure layer compute capabilities, including both bare metal and virtual servers with various optimizations includins compute, memory, IO, and disk. Also supports accelerations options such as GPUs, FPGAs, Inferentia and Trainium.
Provides image recognition capability for images (in batch or real-time) and video that provides a analysis of the content such as real-world objects, faces, celebrities, and path mapping.
Provides a publish/subscribe notification service with multiple subscription types including Amazon Simple Queue Service (SQS), Amazon Kinesis Data Firehose, AWS Lambda, generic HTTPS endpoints, SMS and email.
A serverless, fully-managed, message queue service that supports producing, store, and consuming messages and enables loose coupling between applications.
Provides private networking capability spanning multiple availability zones and supporting subnets, routing, network access control groups, security groups and gateways.
Provides tracing of service invocations in distributed applications for observability, allowing users to diagnose issues or optimize their service interactions.
All about Cloud, mostly about Amazon Web Services (AWS)
AWS Config Rules Repository launched
2016-03-01 / 340 words / 2 minutes
Amazon announced AWS Config in November 2014 to provide a historical record of the configuration of an AWS environment. AWS Config Rules is an extension of the AWS Config service. Conig Rules ensure the configuration meets specific parameters. AWS Lambda functions are triggered when the environment deviates from the configuration. The AWS Security Blog for Mar 1st 2016 announced the AWS Config Rules Repository.
AWS Config Rules
Administrators can use AWS Config Rules to automatically detect and remediate changes to an existing AWS environment. Simple misconfigurations like outdated AMI Ids being used in old CloudFormation templates can be detected. Potentially high-impact security related changes such as the unauthorized creation of an internet gateway can be prevented.
Security conscious organizations will still want to restrict users from accidents or malicious activity proactively using AWS Identity and Access Management (IAM)?Policies and Roles. A defense-in-depth strategy benefits from AWS Config Rules as a backup for proactive controls.
AWS Config Rules Repository
Many organizations faces the same concerns related to security and compliance. Many organizations handle security and compliance issues in a very similar way, for example, creating a ticket for the Security Operations Center (SOC) to investigate or closing a port which should never have been opened.
The AWS Config Rules Repository provides examples of how to detect and react to many common scenarios. This is a benefit for organizations looking for advice on what to deny and how to react if other controls failed.
The rules are mostly written in JavaScript to run on the node.js runtime within AWS Lambda. Some may be small enough to be edited using the inline JavaScript editor for AWS Lambda.
Some rules are are written in Python which needs to be packaged.
At the time of this update, there was a lone Java example which included a Maven POM for packaging ready for AWS Lambda which detects if MFA is enabled on the root account.
The AWS Lambda functions can be found on GitHub at GitHub – awslabs/aws-config-rules: Repository of sample Custom Rules for AWS Config.
All data and information provided on this site is for informational
purposes only. cloudninja.cloud makes no representations as to accuracy,
completeness, currentness, suitability, or validity of any information
on this site and will not be liable for any errors, omissions, or
delays in this information or any losses, injuries, or damages
arising from its display or use. All information is provided on an
as-is basis.
This is a personal weblog. The opinions expressed here represent my
own and not those of my employer. My opinions may change over time.