-
Notifications
You must be signed in to change notification settings - Fork 9
Home
Welcome to the ecc-aws-rulepack wiki! This page contains an overview of the Product and its major features and describes our mission and history regarding product development, improvement, and implementation.
Rulesets for AWS, Azure, GCP, Kubernetes, OpenStack
Rules for different Cloud providers differ in content. However, they are alike. This is necessary because services with instances in AWS, Google, and Azure are called and accessed differently.
Based on their purpose, policies can be conditionally divided into:
- fleet-wide saving policies (off hours stops for dev environments, garbage collection, detection of over-provisioned and unused resources, etc.)
- security policies (data encryption, access control, SSL ciphers, etc.)
- compliance policies (tag compliance, backups, etc.)
A user defines the rules to apply against the infrastructure based on specific needs of the Organization.
Custodian policies are expressed in YAML and include:
- The type of resource to run the policy against
- Filters to narrow down the set of resources
Custodian describes the infrastructure in a specified account. Having done this, it applies the selected rules against the infrastructure and provides information on the resources that brake the defined rules. The result is available as a JSON file.
You can find information about the workflow here.
Our mission is to make cloud security compliance CONTINUOUS and AUTOMATED.
Automated compliance monitoring of cloud environments that ensures round-the-clock protection of your data and increases visibility across cloud environments without the necessity to engage any additional human or other resources is a reality that we are creating day by day. Enforcing continuous compliance increases the overall security posture and reduces the compliance costs.
In 2016, Kapil Thangavelu created Cloud Custodian as a way to enforce governance as a code. EPAM's history with Cloud Custodian started in 2019 when Google invested in the project to enable GCP support. For six months, a team of Python developers within EPAM has been contributing to the project. The same year, EPAM Security competence center started to develop rulesets that would ensure security compliance across clouds - GCP, AWS, and Azure. Currently, we continue creating and actualizing rulesets.