search

ssc-spc-ccoe-cei / azure-guardrails-solution-accelerator

This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
11 stars 5 forks source link

GR4 | FinOps Controls #180

Open MathesonSho opened 3 months ago

MathesonSho commented 3 months ago

Multiple controls ItemName N/A : Financial Operations Oversight Tool

Description: This is a new control designed to check the installation status, permissions, and updates of the newly created finops tool for the Government of Canada. In general the control will perform the following checks (similar to the existing APPID ones):

This control aims to streamline the verification process, providing a quick and automated way to ensure that the tool is ready for use with the correct configuration and security settings for clients.

Other details: Check 1: We’ll look for the following Service Principle Application name: “CloudabilityUtilizationDataCollector” at the root tenant level or for each Management group in the environment.

Check 2: Permissions required for the Service Principal  Role = Reader  Assign Access = User, Group or Service Principal  Select = “CloudabilityUtilizationDataCollector”

Comments TBD

Iteration 2/Recommended Control Check 3 : Roles Check (See screenshots from Amrinder)

There will be a separate ticket Check 3

amrinderssc commented 3 months ago

Application Name: CloudabilityUtilizationDataCollector Application ID: 1ba79ced-1862-41d1-95bc-66d6bc5aff7f

amrinderssc commented 3 months ago

Application Roles:

image

amrinderssc commented 3 months ago

Application Permissions:

image

singhgss commented 1 month ago

EN = "Service Principal 'CloudabilityUtilizationDataCollector' does not exist." FR = "Le principal de service « CloudabilityUtilizationDataCollector » n'existe pas." EN = "Service Principal does not have the required Cloud Application Administrator and Reports Reader roles."

FR = "Le principal de service n'a pas les rôles requis d'Administrateur d'application infonuagique et Lecteur de rapports." EN = "The FinOps tool is compliant with all requirements."

FR = "L'outil FinOps est conforme à toutes les exigences." EN = "The FinOps tool is not compliant. Reasons:"

FR = "L'outil FinOps n'est pas conforme. Raisons:" ItemName: FinOps Tool Status (M)

ItemNameFR: Statut de l'outil FinOps (M) ItemName: FinOps Tool Permissions (M)

ItemNameFR: Autorisations de l'outil FinOps (M) ItemName: FinOps Tool Role Assignments (M)

ItemNameFR: Attributions des rôles de l'outil FinOps (M)

Msgs used above. Discussed with @MathesonSho and @dutt0 we are using 1 control instead of multiple controls as all checks are related to single service principal