Tag: cross-region aggregation Best practices for cross-Region aggregation of security findings
To cross-reference two security groups in the ingress and egress rules of those security groups, use the AWS::EC2::SecurityGroupEgress and AWS::EC2::SecurityGroupIngress resources to define your rules. Do not use the embedded ingress and egress rules in the AWS::EC2::SecurityGroup. Doing so...
To enable cross-Region aggregation in Security Hub, you must first enable finding aggregation in Security Hub from the Region that will become the aggregation Region. You cannot use a Region that is disabled by default as your aggregation Region. For a list of Regions that are disabled by ...
When you group related IAM actions in this way, you can also avoid exceeding the IAM policy size limits.Note AWS Config should be enabled in all Regions in which you use Security Hub. However, global resource recording can be enabled in a single Region. If you only record global resources...
AWS云部署的最佳实践包括使用多账户和/或多区域。多账户提供了安全和计费边界,可隔离资源并减少问题的影响。多区域可确保高隔离度、低最终用户延迟以及应用程序数据弹性。这些最佳实践可能会伴有一些监控和故障排查难题。 集中式运营团队、开发运营工程师和服务拥有者需要对多个区域和多个账户中运行的应用程序进行监控、故...
静态文件及其它需要同步到灾备region的文件存放在S3上。开启S3 Cross Region Replication,实现S3文件的跨Region自动复制。S3 通过S3FS挂载到 EC2, 作为 WorkPress 媒体文件库。 灾备脚本 按照上述方案,在GitHub aws-dr-samples repo上提供了基于Terraform的可执行脚本,该套脚本可以帮助用户快速构建灾备环境。用户根据所需...
The target logging bucket must be in the same AWS region The logformat is at: docs.aws.amazon.com/AmaS3 Access Logs: Warning Do not set your logging bucket to be the monitored bucket It will create a logging loop, and your bucket will grow exponentiallyS3...
RegionMap: cn-northwest-1: PA1022h2NWCD: ami-0738eadeed7e6b0fa Parameters: EC2InstanceAmiId: Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' Environment: ...
sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required awsRoleArn="arn:aws:iam::123456789012:role/msk_client_role" awsRoleSessionName="producer" awsStsRegion="us-west-2"; In this case, theawsRoleArnspecifies the ARN for the IAM role the client should use andawsRoleSessionName...
EC2 Security Group NOT a part of IAM Belong to a EC2 instance Built-in firewall Recommended Read StackOverflow discussion -Difference between IAM role and IAM user in AWS In addition to IAM policies, AWS offers other types of policies, such as an S3 Bucket Policy, an SNS Topic Policy, a...