Trend Micro

Knowledge Base

Along with better visibility, compliance and faster remediation for your cloud infrastructure, Conformity also has a growing public library of 750+ cloud infrastructure configuration best practices for your AWS™ and Microsoft® Azure environments. Providing simple, step-by-step resolutions to rectify any security vulnerabilities, performance, cost inefficiencies, and reliability risks. This catalogue of cloud guardrails is a core part of Conformity which automatically monitors and auto-remediates cloud infrastructure.

Below are the cloud, services and their associated best practice rules with clear instructions on how to perform the updates – made either through the console or via the Command Line Interface (CLI).

View all AWS rules

View all Azure rules

Service coverage for

AWS Certificate Manager

To easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources
Amazon API Gateway

Create, maintain, and secure APIs at any scale
Amazon AccessAnalyzer

Start querying data instantly. Get results in seconds. Pay only for the queries you run.
Amazon Athena

Start querying data instantly. Get results in seconds. Pay only for the queries you run.
AWS Auto Scaling

Application scaling to optimize performance and costs
AWS Backup

Centrally manage and automate backups across AWS services
AWS Budgets

Set custom budgets that alert you when you exceed your budgeted thresholds.
AWS CloudFormation

Model and provision all your cloud infrastructure resources
Amazon CloudFront

Fast, highly secure and programmable content delivery network (CDN)
AWS CloudTrail

Track user activity and API usage
Amazon CloudWatch

Observability of your AWS resources and applications on AWS and on-premises
Amazon CloudWatch Events

Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in AWS resources
Amazon CloudWatch Logs

Monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources
Amazon Comprehend

Discover insights and relationships in text
AWS Compute Optimizer

Recommends optimal AWS resources to reduce costs and improve performance for your workloads
AWS Config

Record and evaluate configurations of your AWS resources
AWS ConfigService

AWS ConfigService is a fully managed service that provides you with a detailed inventory of your AWS resources and their current configurations.
Amazon DynamoDB Accelerator

Fully managed, in-memory cache for DynamoDB
Amazon Data Lifecycle Manager

Manage the lifecycle of your AWS resources
AWS Database Migration Service

Migrate your databases to AWS with minimal downtim
Amazon DocumentDB

Fast, scalable, highly available MongoDB-compatible database service
Amazon DynamoDB

Fast and flexible NoSQL database service for any scale
Amazon Elastic Block Store (EBS)

Easy to use, high performance block storage at any scale
Amazon EC2

Secure and resizable compute capacity in the cloud. Launch applications when needed without upfront commitments
Amazon Elastic Container Registry

Easily store, manage, and deploy container images
Amazon Elastic Container Service (ECS)

Run containerized applications in production
Amazon Elastic File System (EFS)

Scalable, elastic, cloud-native file system for Linux
Amazon Elastic Kubernetes Service (EKS)

Highly available, scalable, and secure Kubernetes service
Elastic Load Balancing

Achieve fault tolerance for any application by ensuring scalability, performance, and security
Elastic Load Balancing V2

Achieve fault tolerance for any application by ensuring scalability, performance, and security
Amazon EMR

Easily Run and Scale Apache Spark, Hadoop, HBase, Presto, Hive, and other Big Data Frameworks
Amazon ElastiCache

Managed, Redis or Memcached-compatible in-memory data store
AWS Elastic Beanstalk

Easy to begin, Impossible to outgrow
Amazon Elasticsearch Service

Fully managed, scalable, and secure Elasticsearch service
Amazon FSx

Fully managed third-party file systems
Amazon Kinesis Data Firehose

Prepare and load real-time data streams into data stores and analytics tools
AWS Glue

Simple, flexible, and cost-effective ETL
Amazon GuardDuty

Protect your AWS accounts and workloads with intelligent threat detection and continuous monitoring
AWS Health

Provides ongoing visibility into the state of your AWS resources, services, and accounts
AWS Identity and Access Management (IAM)

Securely manage access to AWS services and resources
Amazon Inspector

Automated security assessment service to help improve the security and compliance of applications deployed on AWS
AWS Key Management Service

Easily create and control the keys used to encrypt your data
Amazon Kinesis

Easily collect, process, and analyze video and data streams in real time
AWS Lambda

Run code without thinking about servers. Pay only for the compute time you consume
Amazon MQ

Managed message broker service for Apache ActiveMQ
Amazon Managed Streaming for Apache Kafka

Fully managed, highly available, and secure Apache Kafka service
Amazon Macie

A machine learning-powered security service to discover, classify, and protect sensitive data
Compliance and Certifications

Ensure your AWS services are compliant towards certification classification.
Amazon Neptune

Fast, reliable graph database built for the cloud
AWS Organizations

Central governance and management across AWS accounts
Amazon Relational Database Service

Set up, operate, and scale a relational database in the cloud with just a few clicks
Conformity Real-Time Threat monitoring

A Real-time threat detection tool
Amazon Redshift

The most popular and fastest growing cloud data warehouse
AWS Resource Groups

Organize your AWS resources
Amazon Route 53

A reliable and cost-effective way to route end users to Internet applications
Amazon Route 53 Domains

A reliable and cost-effective way to manage domain names
Amazon S3

Object storage built to store and retrieve any amount of data from anywhere
Amazon Simple Email Service

Flexible, affordable, and highly-scalable email sending and receiving service for businesses and developers
Amazon Simple Notification Service (SNS)

Fully managed pub/sub messaging for microservices, distributed systems, and serverless applications
Amazon Simple Queue Service

Fully managed message queues for microservices, distributed systems, and serverless applications
AWS Systems Manager

Gain operational insights and take action on AWS resources
Amazon SageMaker

Machine learning for every developer and data scientist
AWS Secrets Manager

Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle
AWS Security Hub

Centrally view and manage security alerts and automate compliance checks
AWS Shield

Managed DDoS protection
AWS Storage Gateway

Hybrid cloud storage with local caching
AWS Support

AWS Support
AWS Transfer

Fully managed SFTP service
AWS Trusted Advisor

Reduce Costs, Increase Performance, and Improve Security
Amazon Virtual Private Cloud (VPC)

Provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define
AWS WAF - Web Application Firewall

Protect your web applications from common web exploits
AWS Well-Architected

Learn, measure, and build using architectural best practices
AWS WorkDocs

Secure content collaboration, simplified
Amazon WorkSpaces

Access your desktop anywhere, anytime, from any device
AWS X-Ray

Analyze and debug production, distributed applications

Service coverage for

AKS

Microsoft AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure
Access Control

Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS) is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services
Active Directory

Azure Active Directory provides an identity platform with enhanced security, access management, scalability, and reliability for connecting users with all the apps they need.
Activity Log

The Azure Activity Log provides insight into subscription-level events that have occurred in Azure
Advisor

Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments.
AppService

Azure AppService
CosmosDB

Microsoft Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide.
KeyVault

Microsoft Azure Key Vault enables you to securely store and access secrets within your Azure cloud environment
Locks

Microsoft Azure Locks provide a way for administrators to lock down resources to prevent deletion or changing of a resource
Monitor

Monitor your applications and infrastructure
MySQL

Azure Database for MySQL servers
Network

Network
PostgreSQL

Azure Database for PostgreSQL servers
Recovery Services

Azure Recovery Services provides multiple backup solutions based on the backup requirement and infrastructure topology
Redis Cache
Resources
Search
Security Center

Security posture management for cloud workloads
Sql

Azure Database for SQL servers
Storage Accounts

An Azure storage account contains all of your Azure Storage data objects
Subscriptions
Virtual Machines

VirtualMachines your applications and infrastructure