Knowledge Base
Along with better visibility, compliance and faster remediation for your cloud infrastructure, Conformity also has a growing public library of 750+ cloud infrastructure configuration best practices for your AWS™, Microsoft® Azure, and Google Cloud™ environments. Providing simple, step-by-step resolutions to rectify any security vulnerabilities, performance, cost inefficiencies, and reliability risks. This catalogue of cloud guardrails is a core part of Conformity which automatically monitors and auto-remediates cloud infrastructure.
Below are the cloud, services and their associated best practice rules with clear instructions on how to perform the updates – made either through the console or via the Command Line Interface (CLI).
-
AWS Certificate Manager
To easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources
-
Amazon API Gateway
Create, maintain, and secure APIs at any scale
-
Amazon AccessAnalyzer
Start querying data instantly. Get results in seconds. Pay only for the queries you run.
-
Amazon Athena
Start querying data instantly. Get results in seconds. Pay only for the queries you run.
-
AWS Auto Scaling
Application scaling to optimize performance and costs
-
AWS Backup
Centrally manage and automate backups across AWS services
-
AWS Budgets
Set custom budgets that alert you when you exceed your budgeted thresholds.
-
AWS CloudFormation
Model and provision all your cloud infrastructure resources
-
Amazon CloudFront
Fast, highly secure and programmable content delivery network (CDN)
-
AWS CloudTrail
Track user activity and API usage
-
Amazon CloudWatch
Observability of your AWS resources and applications on AWS and on-premises
-
Amazon CloudWatch Events
Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in AWS resources
-
Amazon CloudWatch Logs
Monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources
-
Amazon Comprehend
Discover insights and relationships in text
-
AWS Compute Optimizer
Recommends optimal AWS resources to reduce costs and improve performance for your workloads
-
AWS Config
Record and evaluate configurations of your AWS resources
-
AWS ConfigService
AWS ConfigService is a fully managed service that provides you with a detailed inventory of your AWS resources and their current configurations.
-
AWS Cost Explorer
-
Amazon DynamoDB Accelerator
Fully managed, in-memory cache for DynamoDB
-
Amazon Data Lifecycle Manager
Manage the lifecycle of your AWS resources
-
AWS Database Migration Service
Migrate your databases to AWS with minimal downtim
-
Amazon DocumentDB
Fast, scalable, highly available MongoDB-compatible database service
-
Amazon DynamoDB
Fast and flexible NoSQL database service for any scale
-
Amazon Elastic Block Store (EBS)
Easy to use, high performance block storage at any scale
-
Amazon EC2
Secure and resizable compute capacity in the cloud. Launch applications when needed without upfront commitments
-
Amazon Elastic Container Registry
Easily store, manage, and deploy container images
-
Amazon Elastic Container Service (ECS)
Run containerized applications in production
-
Amazon Elastic File System (EFS)
Scalable, elastic, cloud-native file system for Linux
-
Amazon Elastic Kubernetes Service (EKS)
Highly available, scalable, and secure Kubernetes service
-
Elastic Load Balancing
Achieve fault tolerance for any application by ensuring scalability, performance, and security
-
Elastic Load Balancing V2
Achieve fault tolerance for any application by ensuring scalability, performance, and security
-
Amazon EMR
Easily Run and Scale Apache Spark, Hadoop, HBase, Presto, Hive, and other Big Data Frameworks
-
Amazon ElastiCache
Managed, Redis or Memcached-compatible in-memory data store
-
AWS Elastic Beanstalk
Easy to begin, Impossible to outgrow
-
Amazon Elasticsearch Service
Fully managed, scalable, and secure Elasticsearch service
-
Amazon FSx
Fully managed third-party file systems
-
Amazon Kinesis Data Firehose
Prepare and load real-time data streams into data stores and analytics tools
-
AWS Glue
Simple, flexible, and cost-effective ETL
-
Amazon GuardDuty
Protect your AWS accounts and workloads with intelligent threat detection and continuous monitoring
-
AWS Health
Provides ongoing visibility into the state of your AWS resources, services, and accounts
-
AWS Identity and Access Management (IAM)
Securely manage access to AWS services and resources
-
Amazon Inspector
Automated security assessment service to help improve the security and compliance of applications deployed on AWS
-
AWS Key Management Service
Easily create and control the keys used to encrypt your data
-
Amazon Kinesis
Easily collect, process, and analyze video and data streams in real time
-
AWS Lambda
Run code without thinking about servers. Pay only for the compute time you consume
-
Amazon MQ
Managed message broker service for Apache ActiveMQ
-
Amazon Managed Streaming for Apache Kafka
Fully managed, highly available, and secure Apache Kafka service
-
Amazon Macie
A machine learning-powered security service to discover, classify, and protect sensitive data
-
AWS Macie v2
-
Compliance and Certifications
Ensure your AWS services are compliant towards certification classification.
-
Amazon Neptune
Fast, reliable graph database built for the cloud
-
AWS Network Firewall
-
AWS Organizations
Central governance and management across AWS accounts
-
Amazon Relational Database Service
Set up, operate, and scale a relational database in the cloud with just a few clicks
-
Conformity Real-Time Threat monitoring
A Real-time threat detection tool
-
Amazon Redshift
The most popular and fastest growing cloud data warehouse
-
AWS Resource Groups
Organize your AWS resources
-
Amazon Route 53
A reliable and cost-effective way to route end users to Internet applications
-
Amazon Route 53 Domains
A reliable and cost-effective way to manage domain names
-
Amazon S3
Object storage built to store and retrieve any amount of data from anywhere
-
Amazon Simple Email Service
Flexible, affordable, and highly-scalable email sending and receiving service for businesses and developers
-
Amazon Simple Notification Service (SNS)
Fully managed pub/sub messaging for microservices, distributed systems, and serverless applications
-
Amazon Simple Queue Service
Fully managed message queues for microservices, distributed systems, and serverless applications
-
AWS Systems Manager
Gain operational insights and take action on AWS resources
-
Amazon SageMaker
Machine learning for every developer and data scientist
-
AWS Secrets Manager
Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle
-
AWS Security Hub
Centrally view and manage security alerts and automate compliance checks
-
AWS Shield
Managed DDoS protection
-
AWS Storage Gateway
Hybrid cloud storage with local caching
-
AWS Support
AWS Support
-
AWS Transfer
Fully managed SFTP service
-
AWS Trusted Advisor
Reduce Costs, Increase Performance, and Improve Security
-
Amazon Virtual Private Cloud (VPC)
Provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define
-
AWS WAF - Web Application Firewall
Protect your web applications from common web exploits
-
AWS Well-Architected
Learn, measure, and build using architectural best practices
-
AWS WorkDocs
Secure content collaboration, simplified
-
Amazon WorkSpaces
Access your desktop anywhere, anytime, from any device
-
AWS X-Ray
Analyze and debug production, distributed applications
-
AKS
Microsoft AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure
-
Access Control
Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS) is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services
-
Active Directory
Azure Active Directory provides an identity platform with enhanced security, access management, scalability, and reliability for connecting users with all the apps they need.
-
Activity Log
The Azure Activity Log provides insight into subscription-level events that have occurred in Azure
-
Advisor
Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments.
-
AppService
Azure AppService
-
CosmosDB
Microsoft Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide.
-
KeyVault
Microsoft Azure Key Vault enables you to securely store and access secrets within your Azure cloud environment
-
Locks
Microsoft Azure Locks provide a way for administrators to lock down resources to prevent deletion or changing of a resource
-
Monitor
Monitor your applications and infrastructure
-
MySQL
Azure Database for MySQL servers
-
Network
Network
-
Policy
Policy
-
PostgreSQL
Azure Database for PostgreSQL servers
-
Recovery Services
Azure Recovery Services provides multiple backup solutions based on the backup requirement and infrastructure topology
-
Redis Cache
-
Resources
-
Search
-
Security Center
Security posture management for cloud workloads
-
Sql
Azure Database for SQL servers
-
Storage Accounts
An Azure storage account contains all of your Azure Storage data objects
-
Subscriptions
-
Virtual Machines
VirtualMachines your applications and infrastructure