Ensure a new AWS Service added to your existing infrastructure is cloud best practice compliant
Last updated: 14 January 2020
Relevant users
| Technical Team member |  |
| DevOps Team member | |
| Security Analyst | |
| Security Engineer | |
| Compliance Manager | |
| Project Manager | |
| Security Team Management | |
| Consultant | |
Example
I am about to deploy a new service into Dev that my company has no experience with. How can I ensure that we built it securely, that it will be cost effective, and perform well from day one?
Trend Micro Cloud One™ – Conformity Solution
Step 1. Launch the new service using AWS console, CLI or CloudFormation.
Hint: If you use a CloudFormation template to manage your infrastructure stack, and have used it to deploy your new AWS service, then use Template Scanner to check that your CloudFormation template is compliant with cloud infrastructure best practices.
Step 2. In Conformity open the account containing the new AWS service.
Step 3. Conformity bot needs to run in order to run Conformity’s rule set against the new AWS service’s resources. Either wait for the next scheduled Conformity Bot run or run it manually from the main account dashboard.
After the Conformity bot run, rule Checks will be accessible in your Conformity reports. Checks will be displayed as Passed or Failed.
Step 4. Go to the All Checks Report and Filter All Checks by the newly launched AWS service.
Hint: If your organisation has a custom governance policy, this can be configured as a Profile and applied to the account. Checks will then reflect this custom rule Profile.
Step 5. Remediate failed checks for the new AWS service using the resolution steps provided in the knowledge base.
Optional: RTM can be enabled for real-time event monitoring of security best practice compliance.
Optional: Make use of Conformity’s auto-remediation capabilities to automate remediation of failed checks.