Open Source Auto-Remediation
As some failures are simply too critical to wait for manual intervention, Cloud Conformity offers self-healing in the form of rule failure auto-remediation.
50 of the rules in our Security package are enabled to trigger a Lambda function to automatically remediate a failure once it’s been discovered. Auto-remediated failures are, as standard, included in reports to enable traceability and to encourage best practice implementation.
When combined with Real-Time Monitoring, Auto-Remediation creates instant security and governance automation.
This management of controls gives users the ability to set up several distinct workflows within specified user-defined parameters, with automation at the very heart of it. Each strand of your team’s unique processes can now be met without any compromise or risk as automation becomes more accessible.
Here's an example:
A user makes an S3 bucket publicly readable via S3 Access Control Lists (ACLs)
Cloud Conformity identifies the risk in real-time
Cloud Conformity publishes a message to the specified SNS Topic
SNS topic triggers the Orchestrator lambda function which in turns calls S3 bucket auto-remediate function
S3 BucketPublicReadAccess Auto Remediate Function (AutoRemediateS3-001) updates the S3 bucket ACL and closes the security gap