AWSBest Practices
CodeCommit Repository Detected: Migrating Off a Deprecated Git Host
AWS CodeCommit is deprecated and closed to new customers. Learn why hosting source there is a long-term risk and how to migrate to GitHub or GitLab cleanly.
Lensix Blog
Cloud Operations Insights
Practical guides on security, cost, performance, reliability, and operations across AWS, Azure, and GCP.
592 posts — page 12 of 33
AzureBest Practices
Azure Application Gateway WAF in Detection Mode: Why It's Not Protecting You
An Azure Application Gateway WAF in Detection mode logs attacks but never blocks them. Learn why it matters and how to switch to Prevention mode safely.
AzureBest Practices
PostgreSQL SSL Not Enforced on Azure: Risks and Remediation
Learn why Azure PostgreSQL servers must enforce SSL connections, the risks of plaintext traffic, and how to remediate and prevent this misconfiguration.
Cloud SecurityGCP
No Alert for Project Ownership Changes in GCP
Learn why missing alerts for GCP project ownership (IAM) changes are a security risk, and how to detect, fix, and prevent them with log-based metrics.
Best PracticesCloud Security
Cloud SQL SSL Certificate Expiring Soon: Detect, Fix, and Prevent
A GCP Cloud SQL SSL certificate expiring within 30 days can take down every client at once. Learn how to rotate it safely and automate future rotations.
AWSBest Practices
CodeBuild Uses Public Source Provider: Securing Your Build Sources
Learn why AWS CodeBuild projects sourcing from GitHub or Bitbucket widen your supply chain attack surface, plus step-by-step remediation and prevention.
AzureBest Practices
Blob Storage Has No Immutability Policy: Securing Azure Data Against Tampering
Learn why missing immutability on Azure Blob Storage is a ransomware and compliance risk, and how to apply WORM policies via CLI, portal, and Terraform.
AzureBest Practices
SQL Server Firewall Allows Public Access on Azure: Risk and Remediation
Learn why an Azure SQL Server firewall rule allowing public IP ranges is dangerous, how to remediate it with CLI and Terraform, and how to prevent it with policy.
AWSBest Practices
CloudFront Origin Bucket Does Not Exist: Fixing Orphaned S3 Origins
A CloudFront distribution pointing at a deleted S3 bucket risks outages and subdomain takeover. Learn how to detect, fix, and prevent orphaned origins on AWS.
AWSCloud Security
No Alarm for Root Account Activity (CIS 3.3): Why It Matters and How to Fix It
Learn why missing a CloudWatch alarm for AWS root account usage is a critical blind spot, plus CLI and Terraform steps to fix CIS 3.3 and prevent drift.
AWSBest Practices
Elasticsearch Node-to-Node Encryption Off: Why It Matters and How to Fix It
Learn what the Elasticsearch node-to-node encryption check catches, the real risk of plaintext cluster traffic, and how to fix and prevent it on AWS.
AzureBest Practices
VNet Has Peering Connection: Reviewing Azure Network Peerings
Learn why active Azure VNet peerings need review, the lateral movement and exposure risks they create, and how to audit, fix, and prevent risky peerings.
AzureBest Practices
AKS API Server Has No Authorized IP Ranges: Lock Down Your Control Plane
Learn why an AKS API server with no authorized IP ranges is a security risk, plus step-by-step CLI, Terraform, and policy fixes to lock down your control plane.
AWSBest Practices
Elasticsearch Domain Has No Audit Logging: Why It Matters and How to Fix It
Learn why AWS Elasticsearch/OpenSearch domains without audit logging are a security risk, and how to enable audit and application logs with CLI and Terraform.
AWSBest Practices
Instance May Be Oversized: Right-Sizing EC2 to Cut Waste
Learn how to detect and fix oversized EC2 instances with low CPU utilisation, right-size safely with CLI and Terraform, and prevent waste from creeping back.
Best PracticesCloud Security
GKE Alpha Features Enabled: Why Alpha Clusters Don't Belong in Production
GKE alpha clusters auto-expire in 30 days and run unstable APIs with no SLA. Learn why this check matters and how to migrate off alpha clusters safely.
AWSCloud Security
API Gateway Stage Missing Access Logging: Why It Matters and How to Fix It
Learn why AWS API Gateway stages need access logging, the risks of running without it, and how to enable it via console, CLI, and Terraform with CI gates.
AWSCloud Security
RDS Has No CloudWatch Log Exports: Why It Matters and How to Fix It
Learn why RDS instances without CloudWatch log exports leave you blind during incidents and audits, plus CLI, Terraform, and policy-as-code fixes.