Our team of cloud tamers has spent the past several weeks on our latest release. Here are just a few of the new features in Release 2.8.1, available now for customers.
Automate AMI distribution using Cloud Rules
We’ve made it easier for you to share Amazon Machine Images (AMIs) via Cloud Rules. Now you can include an AMI within a Cloud Rule and take advantage of the inheritance properties of other components we share to AWS accounts via these Rules, like Identify and Access Management (IAM) policies and CloudFormation templates (CFTs). So, you get the ‘set once/use many’ benefits when you want to apply AMIs across your organization.
Increase security by enforcing a lifespan for AWS keys
Access keys shouldn’t live forever. However, the keys created in AWS live forever by default. We’ve added a lifespan setting in cloudtamer.io so you can specify the number of days before AWS access keys created from cloudtamer.io will expire. After you set the lifespan, cloudtamer.io will automatically expire the access keys once the specified time has elapsed.
Facilitate forensics via enhanced audit log
We now include an entry in the audit log when a cloudtamer.io user accesses the AWS console. This is a new addition to the existing actions audited, which contains every user login attempt and change to any object within the system. You can filter the audit log to view these actions to determine who accessed the console and when access occurred. Coupled with enabling services like AWS CloudTrail, this level of audit detail provides enhanced reporting capability for determining provenance of user activities in the event of a security compromise.
Save time with inherited Cloud Access Roles
You can now create and apply a Cloud Access Role at the OU level and have this role applied to all projects that are descendants of that OU. So, for example, if you want an auditor role to be available everywhere within an organization, you can apply it once at the top-level OU, and the role, IAM policies, and user mappings will be added to all projects.
Simplify end user cloud access using AWS Service Catalog
In our biggest release news, cloudtamer.io now supports sharing AWS Service Catalog portfolios and products across your organization. AWS Service Catalog helps you package together IT services that are approved for use on AWS and helps less experienced AWS users by providing an easy-to-use list of products they can deploy in their accounts. AWS Service Catalog products are very flexible and can encompass almost anything…from marketplace applications to custom CloudFormation templates to setup a LAMP stack. Cloud PMOs can use AWS Service Catalog to help standardize deployments of key architectural components of their AWS architecture to help automate setup and reduce errors that result from manual processes.
Because the AWS Service Catalog portfolio lives in a cloudtamer.io Cloud Rule you can share the portfolio across OUs and projects directly or via inheritance. For example, within your Marketing OU, you may designate an inherited Rule that includes a Service Catalog product that enables creation of campaign websites. This can then be deployed 1, 10, or even 100+ times depending on the use case.
For a high-level overview of how cloudtamer.io and AWS Service Catalog work together, view our short video Governance@Scale with AWS Service Catalog and cloudtamer.io.
Marianna is the cloudtamer.io Product Marketing Manager.