K8s etcd is using –peer-auto-tls argument
etcd is a highly-available key value store used by Kubernetes deployments for persistent storage of all of its REST API...
Blog
VM disk without Customer-Supplied Encryption Key
Customer-Supplied Encryption Keys (CSEK) are a feature in Google Cloud Storage and Google Compute Engine. If you supply your own...
ECS cluster has services without running tasks
A task is the instantiation of a task definition within a cluster. Amazon ECS service instantiates and maintains the specified...
ECS cluster without active services
Amazon ECS service allows you to run and maintain a specified number of instances of a task definition simultaneously in...
AWS CloudFormation stack notifications are disabled
AWS CloudFormation is a service that provides infrastructure as code (IaC), which practically means writing code using a descriptive language...
K8s controller-manager configuration file permissions are too permissive
It was found that the K8s controller-manager configuration file's permissions are too broad. Setting the file's permissions to be permissive...
IP address is reserved but not in use
An IP address enables machines to communicate with each other. GCP IP address type can be ephemeral or static (fixed...
SQL Server instance with ‘external scripts enabled’ flag set to ‘on’
We have found that {GcpSQLInstance} has 'external scripts enabled' flag set to 'on'. 'external scripts enabled' allows the execution of...
Etcd directory ownership is not set to etcd:etcd
It was found that the etcd directory file's owner is not set to etcd:etcd. Setting the file's owner to a...