Networks Not on Whitelist Has Instances

This bot identifies unapproved networks that contain instances. It can be used to identify risks presented by hosting instances in networks that do not have the security policies and monitoring in place that approved networks do.

Recommended Action

Customize actions to generate alerts, e.g., via Slack or email, that use Jinja2 templating to communicate when an instance is spun up in an unapproved network and to provide instance details such as cloud account, region, network, and instance owner. Customize the action a step further by scheduling an instance shutdown after a given period of time and notifying the instance owner why the shutdown will occur.

Severity

Medium

Resource Types Inspected

Private Network

Reactive Hookpoints

resource.modified