GKE Nodepool creating nodes without Secure Boot
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components,...
Blog
GKE cluster is not using Cloud KMS Key for database encryption
When Using Application-layer Secrets Encryption you can use a key that you manage in Cloud KMS, to encrypt data at...
Auto Scaling group (ASG) should cover multiple availability zones
Auto Scaling group is a logical grouping of instances for the purposes of automatic scaling and management. Auto Scaling helps...
Auto Scaling Group (ASG) health checks misconfiguration
Auto Scaling group is a logical grouping of instances for the purposes of automatic scaling and management. Auto Scaling helps...
API Gateway is not using AWS WAF
API Gateway {AwsApiGatewayEndpoint} is not using Web Application Firewall (WAF). WAF helps protect APIs from common web exploits
CloudFront distributions origin failover is not configured
We have found that the Cloudfront distribution {AwsCloudFront} origin failover is not configured. Amazon CloudFront is a high-performance content delivery...
CloudFront distributions logging is disabled
We have found that server access logging is disabled for CloudFront Distribution {AwsCloudFront}. Amazon CloudFront is a high-performance content delivery...
AKS is running without Azure Policy for Kubernetes clusters
An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to the persistence...
AKS cluster is not using Azure Active Directory authentication
Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (AD) for user authentication. In this configuration, you...