AWSBest Practices
Redshift SSL Not Required: Enforce Encrypted Connections
Learn why Amazon Redshift clusters must enforce SSL, how to set require_ssl=true via CLI and Terraform, and how to prevent plaintext connections for good.
Lensix Blog
Cloud Operations Insights
Practical guides on security, cost, performance, reliability, and operations across AWS, Azure, and GCP.
592 posts — page 22 of 33
Best PracticesCloud Security
VM Integrity Monitoring Not Enabled on GCP Compute Engine
Learn why GCP Shielded VM integrity monitoring matters, how it detects boot-level tampering, and how to enable it with gcloud, Terraform, and org policy.
AzureBest Practices
No Alert for Security Solution Changes in Azure
Learn why a missing Azure activity log alert for security solution changes is a risk, and how to fix it with CLI, Terraform, and Azure Policy.
AzureBest Practices
NSG Allows Public Oracle: Closing Port 1521 to the Internet
Learn how to detect and fix Azure NSG rules that expose Oracle port 1521 to the public internet, with CLI fixes, Terraform, and Azure Policy guardrails.
Cloud SecurityDatabases
PostgreSQL Connection Logging Disabled on GCP Cloud SQL
Cloud SQL PostgreSQL instances without log_connections leave you blind during audits and incidents. Learn why it matters and how to enable connection logging.
Best PracticesCloud Security
DNSSEC Uses Deprecated RSASHA1 in GCP Cloud DNS
GCP Cloud DNS zones signed with deprecated RSASHA1 weaken DNSSEC. Learn why SHA-1 is broken and how to rotate to RSASHA256 or ECDSAP256SHA256 safely.
AWSBest Practices
ASG Not Using ELB Health Checks: Why It Breaks Self-Healing
Learn why Auto Scaling groups behind a load balancer must use ELB health checks, the outage risks of EC2-only checks, and how to fix and prevent it.
Best PracticesCloud Security
Service Account Has User-Managed Keys: Why GCP Keyless Auth Wins
Learn why GCP user-managed service account keys are a security risk, how to remove them safely, and how to enforce keyless authentication with org policies.
AzureBest Practices
Custom Role Has Owner-Equivalent Permissions in Azure
Learn how to detect and fix Azure custom roles that grant Microsoft.Authorization write access, an Owner-equivalent privilege escalation risk, with CLI and IaC remediation.
AWSBest Practices
ALB Does Not Drop Invalid Headers: Closing an HTTP Smuggling Gap on AWS
Learn why your AWS ALB should drop invalid HTTP headers, how request smuggling exploits this gap, and how to fix and enforce the setting with CLI, Terraform, and policy-as-code.
AzureBest Practices
NSG Allows All Inbound Traffic: Why It's Dangerous and How to Fix It
An Azure NSG rule that allows all inbound traffic from the internet exposes every port to attackers. Learn how to detect, fix, and prevent it.
Best PracticesCloud Security
No Unfiltered Log Sinks Configured: Exporting GCP Audit Logs the Right Way
Learn why every GCP org needs an aggregated log sink for audit logs, the risks of skipping it, and how to fix and automate it with gcloud, Console, and Terraform.
AWSBest Practices
AWS IAM Password Policy Has No Expiration: Risk and Fix
Learn why an AWS IAM password policy with no expiration is a security risk, how to enable rotation via CLI and Terraform, and how to prevent drift.
AWSBest Practices
Glue Security Config Log Encryption Disabled: Why It Matters and How to Fix It
Learn why AWS Glue security configs without CloudWatch log encryption are a risk, and how to enable SSE-KMS encryption with CLI, console, and Terraform fixes.
AzureBest Practices
App Service Authentication Not Configured: Closing the Anonymous Access Gap in Azure
Learn why Azure App Services without authentication are a risk, how to enable Easy Auth with CLI and Bicep, and how to enforce it with policy and CI/CD.
AWSBest Practices
IAM User Inactive for 90+ Days: Why It Matters and How to Fix It
Dormant IAM users with console access are open doors for attackers. Learn how to detect, remediate, and prevent inactive AWS IAM accounts over 90 days old.
AzureCloud Security
Log Container Has Public Access: Fixing Anonymous Azure Storage Logs
Azure log containers with public access leak IPs, tokens, and request data. Learn how to detect anonymous access and lock it down at the container and account level.
Best PracticesCloud Security
Pub/Sub Subscription Has No Dead Letter Topic
Learn why GCP Pub/Sub subscriptions need a dead letter topic, how to configure one with the right IAM bindings, and how to prevent the misconfiguration in CI.