Trend Micro

Knowledge Base

Along with better visibility, compliance and faster remediation for your cloud infrastructure, Conformity also has a growing public library of 750+ cloud infrastructure configuration best practices for your AWS™, Microsoft® Azure, and Google Cloud™ environments. Providing simple, step-by-step resolutions to rectify any security vulnerabilities, performance, cost inefficiencies, and reliability risks. This catalogue of cloud guardrails is a core part of Conformity which automatically monitors and auto-remediates cloud infrastructure.

Below are the cloud, services and their associated best practice rules with clear instructions on how to perform the updates – made either through the console or via the Command Line Interface (CLI).

View all AWS rules

View all Azure rules

View all GCP rules

Service coverage for

AWS Certificate Manager

To easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources
Amazon API Gateway

Create, maintain, and secure APIs at any scale
Amazon AccessAnalyzer

Start querying data instantly. Get results in seconds. Pay only for the queries you run.
Amazon AppFlow

Amazon AppFlow is a fully-managed integration service that enables you to securely exchange data between software as a service (SaaS) applications
AWS App Mesh

AWS App Mesh is a service mesh that makes it easy to monitor and control services.
Amazon Athena

Start querying data instantly. Get results in seconds. Pay only for the queries you run.
AWS Auto Scaling

Application scaling to optimize performance and costs
AWS Backup

Centrally manage and automate backups across AWS services
AWS Budgets

Set custom budgets that alert you when you exceed your budgeted thresholds.
AWS CloudFormation

Model and provision all your cloud infrastructure resources
Amazon CloudFront

Fast, highly secure and programmable content delivery network (CDN)
AWS CloudTrail

Track user activity and API usage
Amazon CloudWatch

Observability of your AWS resources and applications on AWS and on-premises
Amazon CloudWatch Events

Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in AWS resources
Amazon CloudWatch Logs

Monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources
AWS CodeBuild

Build and test code with automatic scaling
Amazon Comprehend

Discover insights and relationships in text
AWS Compute Optimizer

Recommends optimal AWS resources to reduce costs and improve performance for your workloads
AWS Config

Record and evaluate configurations of your AWS resources
AWS ConfigService

AWS ConfigService is a fully managed service that provides you with a detailed inventory of your AWS resources and their current configurations.
AWS Cost Explorer
Amazon DynamoDB Accelerator

Fully managed, in-memory cache for DynamoDB
Amazon Data Lifecycle Manager

Manage the lifecycle of your AWS resources
AWS Database Migration Service

Migrate your databases to AWS with minimal downtim
Amazon DocumentDB

Fast, scalable, highly available MongoDB-compatible database service
Amazon DynamoDB

Fast and flexible NoSQL database service for any scale
Amazon Elastic Block Store (EBS)

Easy to use, high performance block storage at any scale
Amazon EC2

Secure and resizable compute capacity in the cloud. Launch applications when needed without upfront commitments
Amazon Elastic Container Registry

Easily store, manage, and deploy container images
Amazon Elastic Container Service (ECS)

Run containerized applications in production
Amazon Elastic File System (EFS)

Scalable, elastic, cloud-native file system for Linux
Amazon Elastic Kubernetes Service (EKS)

Highly available, scalable, and secure Kubernetes service
Elastic Load Balancing

Achieve fault tolerance for any application by ensuring scalability, performance, and security
Elastic Load Balancing V2

Achieve fault tolerance for any application by ensuring scalability, performance, and security
Amazon EMR

Easily Run and Scale Apache Spark, Hadoop, HBase, Presto, Hive, and other Big Data Frameworks
Amazon ElastiCache

Managed, Redis or Memcached-compatible in-memory data store
AWS Elastic Beanstalk

Easy to begin, Impossible to outgrow
Amazon Opensearch Service

Fully managed, scalable, and secure Opensearch service
Amazon FSx

Fully managed third-party file systems
Amazon Kinesis Data Firehose

Prepare and load real-time data streams into data stores and analytics tools
AWS Glue

Simple, flexible, and cost-effective ETL
Amazon GuardDuty

Protect your AWS accounts and workloads with intelligent threat detection and continuous monitoring
AWS Health

Provides ongoing visibility into the state of your AWS resources, services, and accounts
AWS Identity and Access Management (IAM)

Securely manage access to AWS services and resources
Amazon Inspector

Automated security assessment service to help improve the security and compliance of applications deployed on AWS
Amazon Inspector 2

The new version of Amazon Inspector has undergone a comprehensive rearchitecture, streamlining vulnerability management by automating processes and promptly delivering findings to swiftly detect emerging vulnerabilities. Once enabled, the new Inspector service diligently locates all your workloads and maintains a continuous cycle of vulnerability scans for both software and unintended network exposures.
AWS Key Management Service

Easily create and control the keys used to encrypt your data
Amazon Kinesis

Easily collect, process, and analyze video and data streams in real time
AWS Lambda

Run code without thinking about servers. Pay only for the compute time you consume
Amazon MQ

Managed message broker service for Apache ActiveMQ
Amazon Managed Streaming for Apache Kafka

Fully managed, highly available, and secure Apache Kafka service
Amazon Macie

A machine learning-powered security service to discover, classify, and protect sensitive data
AWS Macie v2
Compliance and Certifications

Ensure your AWS services are compliant towards certification classification.
Amazon Neptune

Fast, reliable graph database built for the cloud
AWS Network Firewall
AWS Organizations

Central governance and management across AWS accounts
Amazon Relational Database Service

Set up, operate, and scale a relational database in the cloud with just a few clicks
Conformity Real-Time Threat monitoring

A Real-time threat detection tool
Amazon Redshift

The most popular and fastest growing cloud data warehouse
AWS Resource Groups

Organize your AWS resources
Amazon Route 53

A reliable and cost-effective way to route end users to Internet applications
Amazon Route 53 Domains

A reliable and cost-effective way to manage domain names
Amazon S3

Object storage built to store and retrieve any amount of data from anywhere
Amazon Simple Email Service

Flexible, affordable, and highly-scalable email sending and receiving service for businesses and developers
Amazon Simple Notification Service (SNS)

Fully managed pub/sub messaging for microservices, distributed systems, and serverless applications
Amazon Simple Queue Service

Fully managed message queues for microservices, distributed systems, and serverless applications
AWS Systems Manager

Gain operational insights and take action on AWS resources
Amazon SageMaker

Machine learning for every developer and data scientist
AWS Secrets Manager

Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle
AWS Security Hub

Centrally view and manage security alerts and automate compliance checks
Service Quotas

Service Quotas enables you to view and manage your quotas for AWS services from a central location.
AWS Shield

Managed DDoS protection
AWS Storage Gateway

Hybrid cloud storage with local caching
AWS Support

AWS Support
AWS Transfer

Fully managed SFTP service
AWS Trusted Advisor

Reduce Costs, Increase Performance, and Improve Security
Amazon Virtual Private Cloud (VPC)

Provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define
AWS WAF - Web Application Firewall

Protect your web applications from common web exploits
AWS Well-Architected

Learn, measure, and build using architectural best practices
AWS WorkDocs

Secure content collaboration, simplified
Amazon WorkSpaces

Access your desktop anywhere, anytime, from any device
AWS X-Ray

Analyze and debug production, distributed applications

Service coverage for

AKS

Microsoft AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure
API Management

Microsoft Azure API Management is a hybrid, multicloud management platform for APIs across all environments. As a platform-as-a-service, API Management supports the complete API lifecycle.
Access Control

Microsoft Entra ID Access Control (also known as Access Control Service or ACS) is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services
Microsoft Entra ID

Microsoft Entra ID provides an identity platform with enhanced security, access management, scalability, and reliability for connecting users with all the apps they need.
Activity Log

The Azure Activity Log provides insight into subscription-level events that have occurred in Azure
Advisor

Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments.
AppService

Azure AppService
CosmosDB

Microsoft Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide.
Azure Functions

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
KeyVault

Microsoft Azure Key Vault enables you to securely store and access secrets within your Azure cloud environment
Locks

Microsoft Azure Locks provide a way for administrators to lock down resources to prevent deletion or changing of a resource
Monitor

Monitor your applications and infrastructure
MySQL

Azure Database for MySQL servers
Network

Network
Policy

Policy
PostgreSQL

Azure Database for PostgreSQL servers
Recovery Services

Azure Recovery Services provides multiple backup solutions based on the backup requirement and infrastructure topology
Redis Cache
Resources
Search
Defender

Security posture management for cloud workloads
Sql

Azure Database for SQL servers
Storage Accounts

An Azure storage account contains all of your Azure Storage data objects
Subscriptions
Synapse

Azure Synapse is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics.
Virtual Machines

VirtualMachines your applications and infrastructure

Service coverage for

GCP BigQuery

BigQuery's serverless architecture lets you use SQL queries to analyze your data. You can store and analyze your data within BigQuery or use BigQuery to assess your data where it lives. To test how it works for yourself, query data—without a credit card—using the BigQuery sandbox.
GCP CertificateManager

Certificate Manager securely stores and deploys certificates to your selected proxies, which lets you provision certificates in advance and helps ensure zero downtime during migrations.
GCP API

Google Cloud APIs are programmatic interfaces to Google Cloud Platform services. They are a key part of Google Cloud Platform, allowing you to easily add the power of everything from computing to networking to storage to machine-learning-based data analysis to your applications.
GCP CloudCDN

Cloud CDN works with the global external Application Load Balancer or the classic Application Load Balancer to deliver content to your users. The external Application Load Balancer provides the frontend IP addresses and ports that receive requests and the backends that respond to the requests.
GCP Domain Name System (DNS)

Cloud DNS offers both public zones and private managed DNS zones. A public zone is visible to the public internet, while a private zone is visible only from one or more Virtual Private Cloud (VPC) networks that you specify.
GCP Cloud Functions

Cloud Functions is a serverless execution environment for building and connecting cloud services. With Cloud Functions you write simple, single-purpose functions that are attached to events emitted from your cloud infrastructure and services. Your function is triggered when an event being watched is fired, or by an HTTP request.
GCP Identity and Access Management (IAM)

With IAM, you manage access control by defining who (identity) has what access (role) for which resource. For example, Compute Engine virtual machine instances, Google Kubernetes Engine (GKE) clusters, and Cloud Storage buckets are all Google Cloud resources. The organizations, folders, and projects that you use to organize your resources are also resources.
GCP Cloud Key Management Service (KMS)

Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.
GCP Cloud Load Balancing

A load balancer distributes user traffic across multiple instances of your applications. By spreading the load, load balancing reduces the risk that your applications experience performance issues. Google's Cloud Load Balancing is built on reliable, high-performing technologies such as Maglev, Andromeda, Google Front Ends, and Envoy—the same technologies that power Google's own products.
GCP Cloud Logging

Cloud Logging is a fully managed service that allows you to store, search, analyze, monitor, and alert on logging data and events from Google Cloud and Amazon Web Services. Using BindPlane, you can also collect this data from over 50 common application components, on-premise systems, and hybrid cloud systems.
GCP Cloud Pub/Sub Service

Pub/Sub is an asynchronous and scalable messaging service that decouples services producing messages from services processing those messages.
GCP Cloud Run

Cloud Run is a fully managed platform that enables you to run your code directly on top of Google’s scalable infrastructure. Cloud Run is simple, automated, and designed to make you more productive.
GCP Cloud SQL

Cloud SQL manages your databases so you don't have to, so your business can run without disruption. It automates all your backups, replication, patches, encryption, and storage capacity increases to give your applications the reliability, scalability, and security they need.
GCP Cloud Storage

Cloud Storage's nearline storage provides fast, low-cost, highly durable storage for data accessed less than once a month, reducing the cost of backups and archives while still retaining immediate access. Backup data in Cloud Storage can be used for more than just recovery because all storage classes have ms latency and are accessed through a single API.
GCP VPC

Google Cloud Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances, Google Kubernetes Engine (GKE) containers, and serverless workloads. VPC provides networking for your cloud-based services that is global, scalable, and flexible.
GCP Compute Engine

Compute Engine is a computing and hosting service that lets you create and run virtual machines on Google infrastructure, comparable to Amazon EC2 and Azure Virtual Machines. Compute Engine offers scale, performance, and value that lets you easily launch large compute clusters with no up-front investment.
GCP Dataproc Service

Use Dataproc Serverless to run Spark batch workloads without provisioning and managing your own cluster. Specify workload parameters, and then submit the workload to the Dataproc Serverless service. The service will run the workload on a managed compute infrastructure, autoscaling resources as needed. Dataproc Serverless charges apply only to the time when the workload is executing.
GCP Cloud Functions

Cloud Functions is a serverless execution environment for building and connecting cloud services. With Cloud Functions you write simple, single-purpose functions that are attached to events emitted from your cloud infrastructure and services. Your function is triggered when an event being watched is fired, or by an HTTP request.
GCP Google Kubernetes Engine Service

A GKE cluster has a control plane and machines called nodes. Nodes run the services supporting the containers that make up your workload. The control plane decides what runs on those nodes, including scheduling and scaling. Autopilot mode manages this complexity; you simply deploy and run your apps.
GCP Resource Manager

Google Cloud provides resource containers such as organizations, folders, and projects that allow you to group and hierarchically organize other Google Cloud resources. This hierarchical organization lets you easily manage common aspects of your resources such as access control and configuration settings. Resource Manager enables you to programmatically manage these resource containers.