For the last few posts Laurent Domb has been explaining how to squeeze CloudForms and AWS integration by teaching you how to:
- Upload the CF images to AWS
- Create all the needed config files in AWS
- Deploy CF on AWS
- Configure the new in 4.6 SmartState Analysis (SSA)
- Use that SSA to add a compliance policy to an instance
- Use AWS authentication in CF
You can find the blog posts here:
Please let us know what are your thoughts and which other series would you like to read in the blog
If you want to use IAM authentication for CloudForms so that IAM users can authenticate with CFME you need to do the following.
The current code requires you to add root (account owner credentials) to the authentication field. So the Access key and the Secret Key are from the root user, not the IAM user.
Continue reading “CloudForms in AWS part 5 (authentication)”
In this post of our series, we will demonstrate what we did in the previous sections in which we configured AWS and CloudForms, to run a SmartStaty analysis to automatically resolve a vulnerability in Java
In the video, I will:
- Perform a SmartState Analysis (SSA) in my instance
- Review the SSA process
- Add a compliance policy to the instance
- Execute the policy
- Verify the remediation action
- Validate the auto-remediation
This part of the blog series is probably the most interesting one: when you launch a SmartState analysis you will see the following in you evm log files.
Continue reading “CloudForms in AWS part 3”
This part of the CloudForms in AWS blog series will walk you through how to make sure that CloudForms reaches its full potential in AWS.
IMPORTANT: If you want SmartState analysis to work you need to register your AWS account with the cloud access program. Use the link below to enable cloud access:
Continue reading “CloudForms in AWS part 2”
Ever wondered what CloudForms can do for you in AWS? The next few blog posts will walk you through step by step how to upload the CloudForms image to AWS, how to assign the correct policies and roles and how to configure it correctly so it can discover your environment. Part 1 is dedicated to the import and configuration of the CloudForms image.
With the release of CloudForms 4.6 you also have the ability to scan instances in AWS. These blog series will show you how this can be achieved:
Continue reading “CloudForms on AWS Part 1 (Series)”
In December 2016, a major vulnerability, CVE-2016-9962 (“on-entry vulnerability”), was found in the Docker engine which allowed local root users in a container to gain access to file-descriptors of a process launched or moved into the container from another namespace. In a Banyan security report, they found that over 30% of official images in Docker Hub contain high priority security vulnerabilities. And FlawCheck surveyed enterprises asking for their top security concern regarding containers in production environments. “Vulnerabilities and malware,” at 42%, was the top security concern among those surveyed. Clearly security is a top concern for organizations that are looking to run containers in production.
At Red Hat, we are continuously improving our security capabilities and introduced a new container scanning feature with CloudForms 4.2 and OpenShift 3.4. This new feature allows CloudForms to flag images in the container registry in which it has found vulnerabilities, and OpenShift to deny execution of that image the next time someone tries to run that image.
Continue reading “Ensuring Container Image Security on OpenShift with Red Hat CloudForms”