Untitled
unknown
plain_text
10 months ago
4.5 kB
4
Indexable
Infrastructure as Code (IaC) Security: * AWS CloudFormation: Automate provisioning and manage your AWS infrastructure through templates. * AWS Config: Assess, audit, and evaluate the configurations of your AWS resources. * GitLab CI/CD: Integrate IaC security scans into your CI/CD pipeline using tools like Terrascan or Checkov. Cloud Security Posture Management (CSPM): * AWS Security Hub: Provides a comprehensive view of your security state within AWS and helps you check your compliance with security standards. * AWS Config: Continuously monitors and records your AWS resource configurations and helps you to automate the evaluation of recorded configurations against desired configurations. * GitLab Security Dashboard: Visualizes vulnerabilities detected in your project’s dependencies, container images, and IaC configurations. Workload Protection: * AWS Systems Manager: Provides operational insights and security for your applications. * Amazon GuardDuty: Threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. * GitLab CI/CD with security scans: Includes container scanning, dependency scanning, and SAST (Static Application Security Testing) to ensure workload security. Container Security: * Amazon ECR (Elastic Container Registry) with Image Scanning: Automatically scans your container images for vulnerabilities. * AWS Fargate: Provides a serverless compute engine for containers that works with both Amazon ECS and Amazon EKS. * GitLab Container Scanning: Scans Docker images for known vulnerabilities. Serverless Security: * AWS Lambda with AWS IAM (Identity and Access Management): Provides fine-grained access control and ensures that your Lambda functions are secure. * AWS CloudTrail: Logs and monitors activity in your AWS account, including API calls made by Lambda functions. * GitLab CI/CD: Integrate security checks in your serverless application deployment pipeline. API Security: * AWS WAF (Web Application Firewall): Helps protect your web applications and APIs from common web exploits. * Amazon API Gateway: Provides a secure and scalable API management layer with throttling, access control, and monitoring. * GitLab API Fuzzing: Test your APIs for security vulnerabilities by fuzzing. IAM and Key Management: * AWS IAM (Identity and Access Management): Controls access to AWS services and resources securely. * AWS KMS (Key Management Service): Creates and controls the encryption keys used to encrypt your data. * GitLab Secrets Management: Securely manage and inject secrets into your CI/CD jobs. Data Security: * Amazon Macie: Uses machine learning to automatically discover, classify, and protect sensitive data in AWS. * AWS Secrets Manager: Protects access to your applications, services, and IT resources without the upfront cost and complexity of hardware security modules (HSMs). * GitLab Data Masking: Redact sensitive information from job logs to prevent exposure of sensitive data. Threat Detection and Response: * Amazon GuardDuty: Provides intelligent threat detection and continuous monitoring. * AWS Detective: Analyzes, investigates, and quickly identifies the root cause of potential security issues or suspicious activities. * GitLab Security Alerts: Notify and track vulnerabilities found in your projects. Security Information and Event Management (SIEM): * AWS Security Hub: Centralizes and prioritizes security findings from multiple AWS services and partner solutions. * Amazon CloudWatch: Monitors your AWS resources and applications, in real time, providing data and actionable insights. * GitLab Audit Events: Track changes and activities within GitLab for compliance and security purposes. Compliance and Governance: * AWS Artifact: Provides on-demand access to AWS’s security and compliance reports and select online agreements. * AWS Organizations: Helps you centrally manage and govern your environment as you grow and scale your AWS resources. * GitLab Compliance Dashboard: Monitors and enforces compliance policies across your GitLab projects. Cloud Access Security Broker (CASB): * AWS IAM and AWS Organizations: Provide the ability to manage access and permissions across your AWS accounts. * Amazon S3 with IAM policies: Ensures secure access to your data stored in Amazon S3. * GitLab Role-Based Access Control (RBAC): Manage permissions and access controls within your GitLab projects.
Editor is loading...
Leave a Comment