Workload identity federation is the process of impersonating an identity in one cloud provider from the other without long lived keys. In this blog post we will walk through how to setup federation between a workload running on AWS EKS (In this case CloudQuery so you can also fetch configuration from your GCP accounts) to GCP.
In this blog post, we will walk you through how to set up CloudQuery to build your own customizable compliance, CSPM (Cloud Security Posture Management) dashboard with PostgreSQL and Grafana.
CSPMs are probably the biggest offenders of yet another dashboard and here in CloudQuery we believe it’s time to unbundle those and apply the best practices in data engineering and the modern data stack to cloud security.
In this blog we will walk through how to create a role an external account that we want to AssumeRole into. In our example we will provide the new role in the external account with broad ReadOnly permissions (but you are free to change to whatever you want).
As of the writing of this blog, CloudQuery supports over 155 resources across 61 services in AWS! and many more in GCP, Azure, etc. Although this gives users the capabilities to answer many of their questions regarding your security, visibility and infrastructure, it would be great to have a single view of all your AWS resources, right?
So here at CloudQuery we built a simple
aws_resources view, to demonstrate the power of using a SQL database to create a single pane for all your fetched AWS resources. The
aws_resources view allows us to ask questions on all our resources allowing us to filter by service, region, account and more!
In this short tutorial we will go through what to do if you accidentally deleted the
AWSSSO_asd123456678_DO_NO_DELETE identity provider from an org account which is used by AWS SSO (take a look at our previous blog setting up AWS SSO with Google Workspace).
AWSSSO_1233424_DO_NOT_DELETE identity provider will prevent you from accessing the account via the AWS SSO screen.