Benchmark: BP08 Share resources securely within your organization
Description
As the number of workloads grows, you might need to share access to resources in those workloads or provision the resources multiple times across multiple accounts. You might have constructs to compartmentalize your environment, such as having development, testing, and production environments. However, having separation constructs does not limit you from being able to share securely. By sharing components that overlap, you can reduce operational overhead and allow for a consistent experience without guessing what you might have missed while creating the same resource multiple times.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architectedStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select BP08 Share resources securely within your organization.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec03_bp08Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec03_bp08 --shareControls
- DMS replication instances should not be publicly accessible
- ES domains should be in a VPC
- OpenSearch domains should be in a VPC
- EC2 instances should be in a VPC
- Lambda functions should be in a VPC
- SageMaker notebook instances should not have direct internet access
- Secrets Manager secrets that have not been used in 90 days should be removed
- CodeBuild projects should not use an user controlled buildspec