EntropySink

Nothing & Everything => Open Discussion => Topic started by: Mike on October 21, 2022, 11:11:34 AM

Title: AWS security review
Post by: Mike on October 21, 2022, 11:11:34 AM

Anyone have a recommendation for a vendor that'll review an AWS setup for security?  We are in the process of migrating our infrastructure from a colo to AWS and am looking for someone that can review things before we cutover our production systems.

Title: Re: AWS security review
Post by: ober on October 22, 2022, 12:57:06 PM

Why not just ask AWS to do it?  They offer that.

If you're looking for a tool, you could use ermetic.com (not free, but pretty awesome - we use it for Azure and AWS on an ongoing basis).

Title: Re: AWS security review
Post by: Mike on October 22, 2022, 06:40:23 PM

Quote from: ober on October 22, 2022, 12:57:06 PM

Why not just ask AWS to do it?  They offer that.

Hmm, all we've gotten from the rep is general guidance but I'll ask them again.

Quote

If you're looking for a tool, you could use ermetic.com (not free, but pretty awesome - we use it for Azure and AWS on an ongoing basis).

A tool is good but we are still wanting another group to come review it.

Title: Re: AWS security review
Post by: ober on October 24, 2022, 07:50:22 AM

It may depend on your level in AWS or annual spend.  We spend about 150K/mo so we might get a different amount of attention.

Title: Re: AWS security review
Post by: Mike on September 01, 2023, 07:33:17 PM

Not security related but we migrated our servers in June and just had the first few days of school. Shit went smooth! We had time to find some issues during the summer and resolve them, set up the auto scaling groups with target tracking and predictive scaling, and just had everything dialed in.  We did intentionally over allocate the production database size just to make sure it could handle that but otherwise everything else was scaling in and out as needed.  Was great!