Full Protection Mode

In CloudGuard, there are two modes to manage Amazon AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. Security Groups:

  • Full Protection

  • Read-Only

Full Protection provides the CloudGuard administrator with full control of AWS security policy definition, access leases, and can interact with dynamic policy objects.

Full Protection

In Full Protection mode, you can manage an AWS Security GroupClosed A set of access control rules that acts as a virtual firewall for your virtual machine instances to control incoming and outgoing traffic. only through CloudGuard. CloudGuard detects attempts to change a security group from the AWS environment (such as the AWS console), which starts Tamper Protection and can send an alert/notification. CloudGuard overrides the change that is made and reverts to the definition of the Security Group defined in CloudGuard.

The alerts and notifications initiated from Tamper Protection occur when you start Full Protection for the necessary regions in your cloud account. CloudGuard locks down the configuration of the security groups in that region to make sure that the security group stays correctly configured.

To make a change in a Security Group that has Tamper Protection enabled, the change is made in CloudGuard.

  1. Navigate to the Security Groups page in the Network Security menu.

  2. Select the Security Group to be modified.

  3. Make the necessary changes to the Security Group (for example, add or change Inbound or Outbound services). See AWS Security Groups for details on how to create or change Security Groups.

  4. Save the changes.

When you receive an alert or notification in regards to Tamper Protection, this is seen in the CloudGuard Audit Log. To view and verify the action of CloudGuard Tamper Protection and its associated information, you can navigate to the System Audit Log and view the CloudTrail details.

  1. From the menu, select Events > Operational > System Audit Logs .

  2. Filter events by the Event Name Security group tamper detected and handled.

  3. Select the event to see its details.