Cloud Control
We use best-in-breed tools that provide customers with powerful insight into their cloud environments. With real-time alerting, scheduled reporting, and automated remediation, each customer gets access to tools that suits their unique business needs.
Our base plan is what we consider "industry table stakes" and includes, but is not limited to the following:
Cost Management
-
EC2 RI Types with Unused Hours
-
Excessive Costs for a Glacier Restore
-
RDS Reserved Instance Payment Failed
-
Idle RDS DB Instances
-
Idle SQL Database Instances
-
Redis Cache Using Basic-Tier Pricing
-
Stopped or Deallocated Virtual Machines with Disks Attached
Security & Compliance
​
-
S3 Public Sensitive Objects Stored
-
CloudTrail Unauthorized Access Attempts
-
Publicly Accessible RDS Instances
-
SNS Topic w/ Permission Set to All
-
Blob Containers Set to Full Public Read Access
-
Dangerous Ports Exposed
-
Publicly Accessible SQL Servers
-
Server Firewall Allows a Broad range of IPs
Utilization & Performance
​
-
Under-Utilized EC2 Instances/VMs
-
Auto Scaling Groups Not Being Utilized
-
Excessive Log Files
-
Failed Activities in RDS Events
-
Under-Utilized App Service Plan CPU
-
Unused Network Interfaces
-
App Service Has Exceeded Usage Quota
-
App Service Without Backup Service Enabled
​
Availability
​​
-
EBS Volumes Without A Snapshot
-
EC2 Errors in Console Output
-
RDS Instance <10% Free Storage
-
AWS CloudFormation Stack w/ no Policy
-
Managed Disk Without Backup Protection
-
SQL Server Database <10% of Free Storage
-
Unhealthy Virtual Machines
-
App Service Plan is Unavailable
​
600+
Best Practices
Checks
Get Secure, Reduce Spend and Improve Control with bash9.io
Advanced Automation
Bash9 can augment and optimize your operational capabilities in both new and existing AWS environments, providing operational flexibility, enhanced security and compliance. Our services help you operate your cloud infrastructure more efficiently and securely by leveraging our growing library of automation, configurations, and run books. In addition to custom too integrations, here are some of the automated we can assist with:
Get control (Lockdown)
Lockdown a secure baseline for services, permissions, networks and access.
Maintain control (Guardrails)
Add automated policy enforcement, with drift detection & repair.
Protect applications (Isolation)
Separate applications for control, cost, network access and change management.
Clarify responsibilities (IAM)
Establish a hierarchy of permissions with clear ownership, named users & activity audit trails.
Empower (Self Service)
Self service and infrastruction automation by app teams within policy guardrails.
Accelerate (DevOps)
Monitor applications, support teams and automate best practices.
Audit trail & Log management
Ensure audit logging of all actions, with named users and protection of records.
Separate AWS, Azure & GCP accounts
Separate apps into different cloud accounts for easier management & control.
Data protection
Automatic encryption, backup, rotation and deletion protection for all data.
Credential management
Management of credentials, with reminders and automatic rotation.
User & Permission management
LDAP & SAML integration with predefined policies. Simple cross account user management.
Monitoring
Automatic setup and removal of monitoring with centralized alarms & ticketing.
Save some time with bash9.io
