Best PracticesDatabases
PostgreSQL Lock-Wait Logging Disabled on Cloud SQL
Learn why log_lock_waits should be enabled on GCP Cloud SQL PostgreSQL instances, how to fix it with gcloud and Terraform, and how to prevent drift.
Lensix Blog
Cloud Operations Insights
Practical guides on security, cost, performance, reliability, and operations across AWS, Azure, and GCP.
592 posts — page 21 of 33
AWSBest Practices
EBS Snapshot Is Publicly Accessible: Risk and Remediation
A public EBS snapshot lets any AWS account copy your disk data. Learn how to detect, remediate, and prevent public EBS snapshots with CLI, IaC, and policy gates.
AzureBest Practices
Event Hub Namespace Has Public Access: Why It Matters and How to Fix It
Learn why a publicly accessible Azure Event Hub namespace is a security risk and how to disable public access with private endpoints, firewall rules, and policy.
Best PracticesCloud Security
Pub/Sub Topic Not Encrypted With CMEK: Why It Matters and How to Fix It
Learn why GCP Pub/Sub topics need customer-managed encryption keys (CMEK), the risks of default encryption, and step-by-step remediation with gcloud and Terraform.
AWSBest Practices
Stopped EC2 Instances With EBS Volumes: The Hidden Cost That Keeps Billing
Stopped EC2 instances still bill full price for attached EBS volumes. Learn how to find, snapshot, and clean up this hidden AWS cost, and prevent it for good.
AzureBest Practices
Azure VM Has No Backup Policy: Detection, Fix, and Prevention
Learn why Azure VMs without a backup policy are a ransomware and data-loss risk, and how to enable Azure Backup, enforce it with policy, and test restores.
AWSBest Practices
Kinesis Stream Not Encrypted: Why It Matters and How to Fix It
Learn why unencrypted Kinesis Data Streams fail compliance, the real risk of plaintext records at rest, and how to enable KMS server-side encryption fast.
Best PracticesCloud Security
Firewall Rule Allows Large Port Range: Fixing Overly Broad GCP Firewall Rules
Learn why wide GCP firewall port ranges are a security risk, how to scope rules to specific ports, and how to prevent broad rules with policy-as-code.
AWSBest Practices
CloudFront Distribution Has No Access Logs: Why It Matters and How to Fix It
CloudFront access logging off means no forensic trail for attacks or cost spikes. Learn why it matters and how to enable logging via console, CLI, and Terraform.
AWSBest Practices
EBS Volume Has No Recent Backup: Why It Matters and How to Fix It
Learn why an EBS volume with no snapshot in 14 days is a real data-loss risk, and how to fix it with AWS Backup, DLM, Terraform, and policy-as-code.
AWSBest Practices
EC2 Classic Instance Detected: Migrating Off Retired AWS Infrastructure
EC2-Classic is retired and unsupported. Learn how to detect Classic instances, migrate them into a VPC with CLI steps, and prevent regressions with policy-as-code.
Best PracticesCloud Security
Firewall Allows Public VNC: Securing GCP VNC Ports 5900 and 5500
Learn why exposing GCP VNC ports 5900/5500 to the internet is dangerous and how to fix it with IAP, SSH tunnels, source-range restrictions, and policy-as-code.
AzureBest Practices
Azure VM Not in an Availability Set or Zone: Why It Matters and How to Fix It
Learn why Azure VMs outside an availability set or zone have no SLA protection, the failure risks involved, and how to redeploy and prevent it with policy.
Best PracticesCloud Security
BigQuery Dataset Is Publicly Accessible: Risks and Remediation
Learn how to detect and fix publicly accessible BigQuery datasets in GCP, why allUsers and allAuthenticatedUsers are dangerous, and how to prevent recurrence.
AzureBest Practices
Microsoft Defender for App Service Not Enabled: Why It Matters and How to Fix It
Learn why Microsoft Defender for App Service should be enabled on every Azure subscription, the risks of leaving it off, and how to fix and enforce it.
AWSBest Practices
Root Account In Use: Locking Down AWS Root Access
Active AWS root account usage is a top security risk. Learn how to detect root logins, harden root with MFA, block it with SCPs, and prevent drift.
AWSBest Practices
EFS Uses Default KMS Key: Why a CMK Matters and How to Fix It
Learn why EFS file systems on the default AWS KMS key are a risk, and how to migrate to a customer-managed key (CMK) with CLI, Terraform, and policy-as-code.
Best PracticesCloud Security
GCP Firewall Allows Public Telnet: Why It Is Dangerous and How to Fix It
A GCP firewall rule open to public Telnet (port 23) hands attackers an unencrypted way in. Learn the risk and how to remediate it with CLI, Terraform, and IAP.