Continuous Visibility into Ephemeral Cloud Environments
A collection of resources and tutorials for providing continuous visibility into ephemeral cloud environments.
This is the high-level outline of the different sections:
This is the high-level outline of the different sections:
What cloud resources are needed, and how to define them in a manner that safely allows a tool to perform a security audit across a fleet of AWS accounts/GCP projects.
- AWS Setup
- Resource Definition
- Setup Role role-security-audit in every account
- Setup Role role-security-assume in Hub account
- Setup User user-security-audit in Hub account
- Setup Tooling for Cross-Account Auditing
- Setup ~/.aws/credentials
- Setup ~/.aws/config
- GCP Setup
- Resource Definition
- Setup Tooling for Cross-Account Auditing
How to leverage Cartography to detect, identify, categorize, and visualize all the assets being deployed in your estate.
- The Challenges Posed by Ephemeral Environments
- Enter Cartography
- Cartography's Value Proposition
- Real World Setup
- Multi-Cloud Auditing
- Access Configuration: AWS IAM
- Access Configuration: GCP IAM
- Deployment on Kubernetes
- Neo4j Deployment
- Cartography Deployment
- Data Consumption
- The Basics: Neo4j Browser
- The Automation: Programmatic Analysis
- Custom Query Format
- Creation of New Queries
- Query Manager
- Repeatability: Jupyter Notebooks
- Code Structure
- Run Notebooks
- Upgrade to Dashboards
