Skip to content

v0.16.0
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 16 Oct 21:20
0.16.0
5f5c4e1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Update Datadog policies. Allow attaching `SecurityAudit` policy to the Datadog IAM role @aknysh (#38)

what

  • Update Datadog policies
  • Allow attaching SecurityAudit policy to the Datadog IAM role

why

  • Datadog has updated the required permissions for the "All" and 'Core" IAM policy configurations - keep up to date
  • Attaching the SecurityAudit policy allows Datadog to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata)
  • Datadog Cloud Security Posture Management (CSPM) makes it easier to assess and visualize the current and historic security posture of cloud environments, automate audit evidence collection, and catch misconfigurations that leave your organization vulnerable to attacks
  • Cloud Security Posture Management (CSPM) can be accessed at https://app.datadoghq.com/security/compliance/home

notes

  • The process to enable Datadog Cloud Security Posture Management (CSPM) consists of two steps (one automated, the other manual):

    • Enable SecurityAudit policy and provision it with terraform
    • In Datadog UI, perform the following manual steps:
    Go to the Datadog AWS integration tile
Click on the AWS account where you wish to enable resource collection
Go to the Resource collection section for that account and check the box "Route resource data to the Cloud Security Posture Management product"
At the bottom left of the tile, click Update Configuration

image

references

Contributors

aknysh
Assets 2
Loading