Cloud
Guardrails

Data-related Guardrail Pack

Get Started with Easy Instructions
Cloud Guardrails

If you're interested in contributing guidance, please start with these instructions.

Filters
Filters
Categories
Clear
Maturity Level
Clear
Functions
Clear
Cloud Provider
Clear
Clear all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Name
Categories
Maturity Level
Functions
CSPS
Author
S3 bucket with lifecycle
Medium
AWS
Will Bengtson
Github Link
Summary
Require lifecycle policy on S3 buckets for things like logs (1 yr deletion recommended)
Applicable to
Always
When to use/avoid
Read More
S3 bucket with replication to another account
Medium
AWS
Will Bengtson
Github Link
Summary
Require replication to another account for disaster recovery
Applicable to
When effective DR is required
When to use/avoid
Read More
S3 bucket with versioning
Low
AWS
Will Bengtson
Github Link
Summary
Enforce a bucket pattern with versioning to prevent malicious tampering and facilitate recovery
Applicable to
All important data
When to use/avoid
Read More
S3 bucket with replication to another account/region pair
High
AWS
Will Bengtson
Github Link
Summary
Require S3 bucket replication to another account and region
Applicable to
When recovery is necessary
When to use/avoid
Read More
RDS Databases with automatic daily snapshot
Low
AWS
Will Bengtson
Github Link
Summary
Configure automatic daily snapshots of RDS databases for backup purposes.
Applicable to
Always
When to use/avoid
Read More
Databackup account
Medium
AWS
Houston Hopkins
Github Link
Summary
Create a Cold account for copying in data that can't be deleted.
Applicable to
Applies if you have data that has to persist for business operation, regulatory or legal reasons.
When to use/avoid
Read More
Protect against data deletion
Medium
AWS
Mark Andersen
Github Link
Summary
Block delete calls on persistent data resources by default on IAM roles to avoid accidentally deleting all your data.
Applicable to
Always
When to use/avoid
Read More
DynamoDB Backup Configured
Medium
AWS
Will Bengtson
Github Link
Summary
Require DynamoDB to have a backup enabled for DR.
Applicable to
To all important data in DynamoDB
When to use/avoid
Read More
Cloud Guardrails

If you're interested in contributing guidance, please start with these instructions.

Filters
Filters
Categories
Clear
Maturity Level
Clear
Functions
Clear
Cloud Provider
Clear
Clear all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Name
S3 bucket with lifecycle
Github Link
Categories
Maturity Level
Medium
Functionality
Cloud Provider
Author
Will Bengtson
Read More
S3 bucket with replication to another account
Github Link
Categories
Maturity Level
Medium
Functionality
Cloud Provider
Author
Will Bengtson
Read More
S3 bucket with versioning
Github Link
Categories
Maturity Level
Low
Functionality
Cloud Provider
Author
Will Bengtson
Read More
S3 bucket with replication to another account/region pair
Github Link
Categories
Maturity Level
High
Functionality
Cloud Provider
Author
Will Bengtson
Read More
RDS Databases with automatic daily snapshot
Github Link
Categories
Maturity Level
Low
Functionality
Cloud Provider
Author
Will Bengtson
Read More
Databackup account
Github Link
Categories
Maturity Level
Medium
Functionality
Cloud Provider
Author
Houston Hopkins
Read More
Protect against data deletion
Github Link
Categories
Maturity Level
Medium
Functionality
Cloud Provider
Author
Mark Andersen
Read More
DynamoDB Backup Configured
Github Link
Categories
Maturity Level
Medium
Functionality
Cloud Provider
Author
Will Bengtson
Read More
Process
Data
Architecture
Configuration
Change Management
Compliance
Identity
Cost Management
Reliability
Security
Standards