Architect-Cloud & Security
Bangalore, India
vibhu.swami@yahoo.com
+91 6361834873
Uses custom resources of AWS CDK.
Advanced selectors get deployed on 'Create' and 'Update' events.
Enabling default/without selectors 'Data Events' create 'logging loop'.
Event driven custom resource triggers ensure optimized resource lifecycle management.
AWS CDK 'Custom Resource' class brings together the best of SDK and CDK paradigms.
Security Technical Implementation Guide acronymed as STIG.
STIG is cyber security configuration standard for various products.
STIGs are developed by the Defense Information Systems Agency (DISA).
STIGs were created to harden IT networks & systems of Federal Deptt of Defense.
Tool tests Oracle WebLogic server's conformance to 'High' severity category STIGs reqmnt.
Tool is developed on Python and tests conformance using REST APIs of WebLogic Scripting Tool(WLST).
Custom scripts with Python can test CIS, STIG and many such standard's requirements.
Traditional CloudTrail Trails are read by SIEM tools thru S3 buckets.
It takes ~15 -20 minutes from time of event till it gets in the Trails and sent to SIEM platforms.
Sensitive events need to be captured immmediately and relevant teams' notified.
The video shows an example of eventing based notifications for such an event type 'createUser'& deleteUser'.
Happening of such events need immediate attention in external IdP integrated AWS platform .
Traditional batch mode alerting with lags of 15-20 minutes are typically unacceptable for enterprises.
The pattern uses SNS to send notifications but different services could be used to notify SOC teams.
Click for design pattern to send such events directly to Sumo Logic cloud SIEM.
CDK Pipeline with pre and post approval stages.
Pre-approval stage can trigger service desk/external approval step.
'SAST test can be linked with 'Synth Shell' step .
Recommends RO-'List' Describe' & 'Get' roles for 'Human' entities in cloud.
Recommends RW-'Update' Create' & 'Delete' roles only for 'CloudFormation' in cloud.
Recommends use of CDK Pipelines for Product Roll-outs, Account Factory, IAM Roles.
End to End automation using Python, no COTS.