An easy way to diagnose if the Cloud Custodian policies are in good health! Now that you have hundreds of Cloud Custodian policies deployed to your AWS cloud environment. It is very important to know that those policies are working as designed and operating without giving any errors. This is…

Understanding the steps on mounting the file share from macOS to Kali In this story, we will cover the steps required to enable the share and mount it to the Kali Linux machine running inside the VMware Fusion. I am running the following versions of the software (in case if…

A setup for Cloud Custodian to deliver the logs into the Sumo Logic In this story, we will discuss all the components that are required to have the logs shipped from the s3 bucket to Sumo Logic. As we all know, the Cloud Custodian does not have a GUI or…

Let’s understand the output produced by the cloud custodian In this story, we will discuss the output produced from the execution of the Cloud Custodian Policy. For the purpose of the story, we will assume that the readers already have the basic knowledge of the Cloud Custodian. Let’s understand this…

Instructions on how to upgrade your Cloud Custodian version In this story, we will discuss three things- 1. how to find the latest version of the cloud custodian 2. how to upgrade the pip, and 3. how to upgrade the c7n version to the latest version. Based on your environment…

All About Tagging What is Tagging? A tag is a label that you attach to an AWS resource to meet different requirements. It makes it easy to identify the owner, service, environment, cost center, data classification, and many other details. Each tag has two components- Key and Value. Both are case-sensitive. The maximum…

CIS Azure Foundations Benchmark v1.4.0–11–26–2021 8.1 Ensure that the expiration date is set on all keys in RBAC Key Vaults (Automated) Level 1 policies: - name: cis-keyvault-keys-older-than-90-days resource: azure.keyvault-key description: | Find all Keys in the KeyVaults that are older than 90 days…

CIS Azure Foundations Benchmark v1.4.0–11–26–2021 We continue to write the policies for CIS Benchmarks using the Cloud Custodian. 4.3 PostgreSQL Database Server 4.3.1 Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server (Automated) policies: - name: cis-postgresql-ssl-connection-not-enabled resource: azure.postgresql-server description: | Identify…

CIS Azure Foundations Benchmark v1.4.0 — 11–26–2021 CIS Microsoft Azure Foundations Security Benchmark provides the guidance for establishing a secure baseline configuration for Azure Cloud. Version 1.4.0 was released on November 26th, 2021. The recommendation covers 9 areas. Every recommendation indicates whether the implementation steps are automatic or require manual…