| Follow @lancinimarco

Continuous Visibility into Ephemeral Cloud Environments

A collection of resources and tutorials for providing continuous visibility into ephemeral cloud environments.

This is the high-level outline of the different sections:

What cloud resources are needed, and how to define them in a manner that safely allows a tool to perform a security audit across a fleet of AWS accounts/GCP projects.

    • AWS Setup
      1. Resource Definition
        1. Setup Role role-security-audit in every account
        2. Setup Role role-security-assume in Hub account
        3. Setup User user-security-audit in Hub account
      2. Setup Tooling for Cross-Account Auditing
        1. Setup ~/.aws/credentials
        2. Setup ~/.aws/config
    • GCP Setup
      1. Resource Definition
      2. Setup Tooling for Cross-Account Auditing

How to leverage Cartography to detect, identify, categorize, and visualize all the assets being deployed in your estate.

    • The Challenges Posed by Ephemeral Environments
    • Enter Cartography
      1. Cartography's Value Proposition
    • Real World Setup
      1. Multi-Cloud Auditing
        1. Access Configuration: AWS IAM
        2. Access Configuration: GCP IAM
      2. Deployment on Kubernetes
        1. Neo4j Deployment
        2. Cartography Deployment
    • Data Consumption
      1. The Basics: Neo4j Browser
      2. The Automation: Programmatic Analysis
        1. Custom Query Format
        2. Creation of New Queries
        3. Query Manager
      3. Repeatability: Jupyter Notebooks
        1. Code Structure
        2. Run Notebooks
        3. Upgrade to Dashboards