- Apply Jumpstart standards to AWS Account
- Deploy CIS Benchmarks throughout AWS account
- CIS Benchmark Alerts o GuardDuty
- VPC Flow Logs
- CloudTrail
- CloudWatch Logs
- S3 Buckets collecting the logs, etc.
- Resiliency – Utilize Route 53
- Elastic Load Balancer and instances in Multi AZs.
- Monitoring - Compute resources & alerts
- Systems Manager – Patching, Cloud Watch Agent
Security
Current state from 31% to 83% CIS compliant
- SCP policies
- GuardDuty
- Centralize logs
- Config rules
- Security Hub (CIS
compliance)
Identity Access Management
- Clean up unnecessary IAM
users and roles
Logging and Monitoring
- Install SSM Agent in
the front-end instances to easily manage, patch, and run commands to
multiples instances via AWS Systems Manager.
- Installed CloudWatch
agent in the front-end instances and sending the application logs to
Cloudwatch
- Configured CloudWatch Alerts and SNS Topic
- Monitoring the health of the front-end instances
Reliability
- Help to define a plan
for DR (disaster recovery) (RPO and RTO)
- Potentially deploy AWS
Backups to centrally manage and automate backups across AWS services
- Provide a Network
topology diagram
Cost Optimization
- Use Reserved Instances
for baseline workloads and capacity reservation
Use On-Demand Instances for short-term or unpredictable
workloads
No comments:
Post a Comment