Cloud Security Monitoring

We are using datadog for Cloud Security Monitoring, this continiously scans our infrastructure for any misconfigurations that may weaken security, but also assesses our infra and systems against regulatory frameworks.

It operates in two ways, as an agent in our k8s clusters, and directly with amazon via our apis. We also send cloudtrail logs to it via a lambda.

This gives us visability into host, container and infrastructure vulnerabilties and security risks, as well as compliance data.

We have configured the IAM roles for datadog via the cloudformation template in the UI, and the same for the datadog lambda forwarder. This was done by hand and manually, after a strict review, it is not in terraform as it is not that trivial to automate, and is only done once.

This then feeds into the SIEM system, which is also datadog.