Maestro Blog

As cloud infrastructures grow, they become highly "entangled," making it difficult to detect non-trivial security issues using conventional methods. While standard Cloud Custodian filters excel at evaluating individual resource attributes, they struggle to identify risks defined by these relationships. As a result, the most significant cloud vulnerabilities often emerge not from a single misconfigured entity but from the complex interplay between multiple resources For ensuring security & compliance, Maestro widely engages EPAM Syndicate Rule Engine (SRE), based on the Clou Custodian tool. Dmytro Afanasiev, one of SRE key developers, introduces a concept of generic resource filtering as a first step in complex issues resolution. The key idea is that you can filter resources of one type based on directly related resources of some other type. The relation between them can be inferred by foreign key attributes, so it's quite trivial to implement. In his blog...