►
From YouTube: Cloud Native Live: In the Cloud with CloudMatos
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
This
is
an
official
live
stream
of
the
cncf
and,
as
such
is
subject
to
the
cncf
code
of
conduct.
So
please
don't
add
anything
to
the
chat
or
questions
that
would
be
in
violation
of
that
code
of
conduct.
Basically,
please
be
respectful
to
all
of
your
fellow
participants
and
presenters
be
excellent
to
one
another,
and
with
that
I'd
like
to
hand
it
over
to
the
team
to
kick
off
today's
presentation
team,
please
take
it
away.
B
Thank
you,
taylor,
hi
everyone.
Thank
you
for
being
here
with
us.
While
we
talk
a
little
bit
about
our
project
that
we
have
going
on
prior
to
introductions
and
everything,
I'm
gonna
go
ahead
and
share.
My
green
just
makes
it
a
little
easier
to
have
visual
aid
with
us.
B
Awesome:
okay,
thanks
everyone
for
being
here,
as
we
introduce
to
you
nato's,
so
the
three
of
us.
We
are.
We
work
with
cloud
natives,
hence
the
title
in
the
cloud
with
cloud:
nato's.
I
am
elizabeth
meza.
I
am
the
project
manager
with
cloud
cloudnatos.
I
have
been
with
the
company
for
over
a
year
and
overall,
I've
been
in
the
tech
space
for
over
five
years,
and
in
case
you
were
wondering
cloudmato's
spawned.
Nato
is
our
open
source
project
that
we
will
go
into
that
later
on
during
the
book.
B
But
that's
that's
it
for
me
and
just
a
little
fun
tidbit.
I
have
a
little
puppy
that
I
adore
barney,
but
he's
in
his
room.
He
has
his
own
room,
but
thank
you.
I
look
forward
to
the
rest
of
this
call.
C
D
Thank
you.
So
my
name
is
edward
and
I've
been
with
the
company.
For
a
couple
of
years,
we've
worked
in
cloud
native
space
for
pretty
much
the
entirety
of
it
and
yeah.
We're
excited
to
be
here
and
introduce
to
you
matos,
which
is
a
great
platform
that
we're
very
sure
will
change
a
lot
of
the
landscape
in
terms
of
cncf
world,
so
excited
to
introduce
this
to
you,
nice
to
meet
you
all.
B
Awesome,
so
that
is
those
are
the
three
of
us,
and
this
is
so
just
to
kind
of
get
you
an
idea
of
what
the
rest
of
this
call
would
look
like.
I
will
be
going
to
give
an
overview
as
to
what
meetup
is
who
our
intended
audience
is.
What
the
architecture
is
some
use
cases
as
well
as
remediation
we'll
go
over
those.
B
For
the
overview,
formatos
matos
is
an
open
source
cloud
tool
for
analyzing
multi-cloud
infrastructure
security,
and
I
know
that
alone
sounds
pretty
vague,
perhaps
not
really
giving
much
detail.
But
again,
it's
just
the
overview.
I
promise
it
will
make
sense
as
we
go
on
nato's
interacts
with
your
cloud
computing
services
to
collect
configurations
metadata
of
your
infrastructure
infrastructure
misfiguration,
which
I
think
is
rather
important,
as
well
as
the
stress
it
will
perform
best
security,
best
practices,
assessments
and
it'll
check
compliance
and
security
controls
for
you
as
well.
B
It
does
quite
a
bit
actually,
it
also
supports
aws,
azure
and
gcp
services,
so
whatever
you
may
be
on
we'll
be
there
with
you
as
well.
It
also
provides
a
standalone
and
full
script
to
easily
mediate
your
problem,
so
it
does
quite
a
bit
again.
It'll
definitely
make
sense.
The
more
rajesh
and
ed
will
expand
on
it,
but
this
is
just
the
overall
overview
for
our
audience.
B
Knowing
that
we
that
there
are
issues
with
remediation
and
getting
things
going
with
the
configuration
we
wanted
to
keep
in
mind
an
audience
a
wide
audience.
Honestly,
it's
anyone
who
builds
touches
maintains
manages
the
cloud
infrastructure.
Mados
is
for
you,
so
it's
for
a
a
lot
of
people.
We
wanted
to
help
out
as
many
people
as
possible.
D
You
know
just
to
introduce
there
just
a
little
bit.
You
know.
Matus
is
actually
specifically
designed
to
help
people
who
are
working
in
cloud
space.
That's
why
we're
here
at
cncf
right
presenting
this
and
where
that
space
sits,
is
a
lot
in
your
compliance
and
security
posture
right.
So
this
is
a
tool
that's
going
to
help
across
the
board,
whether
you're
working
in
the
security
space
from
a
devsecops
perspective,
from
an
sre
perspective
or
as
an
architect
or
developer
of
cloud
space
right.
D
So
it's
very
versatile
in
what
in
where
it
can
sit
in
your
infrastructure
as
well
as
versatility,
what
it
can
do
for
you
in
cloud
and
compliance
space
so
back
to.
B
D
Yeah
sure
so
maples
itself
is
written
as
a
python
tool,
wrapped
around
some
libraries
and
other
nifty
things
like
that
right
and
what
that
means
is
that
we
can
actually
package
it
with
all
its
dependencies
together
and
send
it
around
wherever
we
need
to.
So
the
architecture
of
mados
makes
it
really
portable.
D
You
can
run
it
in
containers,
you
know
which,
of
course,
cncf
we
love
here.
You
can
run
it
in
serverless
workloads.
You
can
run
it
in
vms
if
you
like,
pretty
much
anything
that
can
run,
python
can
probably
run
mados,
and
so
what
makes
that
useful
is
that
you
can
really
use
it
in
any
context
that
you
prefer
right.
D
So
what's
mados's
purpose
is
to
help
you
detect
all
these
misconfigurations
anomalies,
security,
risks,
compliance
violations
and
all
of
these
pieces
right,
and
to
do
that,
you
may
have
to
look
at
it
from
different
perspectives.
You
may
run
it
at
different
points
of
your
life
cycle
for
your
cloud
architecture,
and
so
manus
can
sit
anywhere
from
a
pod
in
your
kubernetes
environment,
to
a
cron
job
to
a
serverless
run
and
many
other
places.
D
It's
also
really
modular,
because
it's
python
right
and
we
use
it
as
a
data
and
data
out
kind
of
setup
and
so
the
way
we've
designed
matos
it
allows
you
to
actually
integrate
it
into
your
own
scripts.
You
can
use
it
as
part
of
a
reporting
model
for
an
in-house
tool
or
add
it
in
as
part
of
another
platform
that
you're
using
to
maintain
some
other
portion
of
your
cloud
environment.
D
D
It's
really
purpose
driven,
so
it's
very
specific
in
what
it
does
no
extra
fluff
here
and
there.
You
won't
see
a
lot
of
human
readable
jargon
roll
by,
but
you
will
see
a
lot
of
the
useful
remediations
and
scripts
that
allow
you
to
use
it
in
a
pragmatic
and
capable
way.
So.
Lastly,
it
is
atomic.
So
if
there's
a
version
you
like-
and
you
don't
like
some
of
the
changes
that
are
going
forward-
pin
your
versions
yep
simple
enough.
B
D
So
how
does
it
fit
into
the
big
picture
right?
I
did
mention
exactly
where
it
could
slip
in
into
your
environments.
You
can
also
do
places
within
your
like
ci,
cd,
for
example.
So
maybe,
when
you
deploy
to
production,
you
have
nato
still
run
where
it
scans
your
environment
and
gives
your
report
back
lets.
You
know
if
you're
still
in
compliance,
if
there's
any
policy
violations
configurations,
you
can
also
have
it
sit
where
you're
designing
the
actual
environment.
D
So
now
your
engineers
are
building
out
a
cloud
native
infrastructure
right,
so
you're
building,
let's
say
some
gcp
architecture
deploying
up
some
resources,
and
you
need
to
be
sure
that
before
you
even
use
this
in
any
forward
production
or
development,
it's
compliant
so
you're
the
design
phase,
and
you
can
actually
just
use
mados
to
run
it
against
this
environment
and
see
for
yourself.
Okay,
this
this
thing
that
I'm
building
is
it
compliant?
Is
it
following
stock?
Three?
Is
it
following
nipple
compliance?
Whatever
you
know,
policies
or
compliance
frameworks?
We
want
to
test.
D
So,
as
I
mentioned,
you
can
use
it
as
compliance
testing
scripts,
which
means
that
you
can
fit
it
in
any
point
in
your
phases
where
you're,
testing
and
auditing
your
own
workloads
for
compliance
and
wherever
that
may
fit
within
your
I.t
infrastructure,
mados
can
likely
slip
right
in
and
help
you
along
that
journey.
D
D
We
all
know
this
and,
as
we
walk
in,
we
want
to
be
sure
that
we've
done
everything
we
can
to
feasibly
ensure
that
we've
tested
our
environment
and
we're
ready
to
go
so
mados
being
an
open
source
tool,
allows
you
to
take
that
and
use
it
as
a
policy
engine
to
test
your
environment
for
audit
before
you
go
into
the
audit,
and
this
allows
you
to
be
certain
that
you've
tested
against
the
policies
and
the
violations
and
all
the
possible
check
boxes
that
follow
your
infrastructure
from
one
big
bucket.
D
D
B
Thank
you
for
going
over
the
architecture.
I
really
appreciate
that
we
will
be
going
over
some
use
cases
with
rajesh
next
and
then
we'll
take
a
little
break
from
the
slide
show
to
show
you
how
easy
nato.
C
So
before
I
jump
into
the
use
cases,
I
would
like
to
also
explain
the
capability
of
metos.
So
two
things:
if
anybody
have
to
remember
about
meadows
one
is,
it
is
very
simple.
At
the
same
time,
it
is
very
powerful
powerful
in
the
sense
it
has
the
key
thing.
It
deals
with
data
with
the
data
we
can
make
powerful
decisions.
C
So
one
of
the
thing
what
matos
does
is
it
tries
to
discover
all
the
infrastructure
resource
in
the
cloud.
So
when
we
started
the
metos
project,
we
were
supporting
very
selected
resources
like
virtual
machines,
storage
database
and
containers,
but
now
we
have
grown
to
state
that
we
are
able
to
support
almost
all
the
critical
services
that
is
available
in
aws,
be
it
redshift,
be
it
ec2,
be
it
amr
any
any
resource.
C
So
we
we
cover
a
whole
gamut
of
resource.
So
we
what
primary
matters
does
is
it
uses
the
native
sdks
of
the
cloud
service
provider?
So
in
our
case
we
deal
with
multi-cloud.
That
means
we
talk
to
aws.
We
talk
to
jcp
google
cloud.
We
also
talk
to
azure
and
in
future,
we'll
also
be
extending
this
capability
to
all
the
other
cloud
service
providers.
C
So
at
the
same
time,
in
in
within
the
each
of
this
cloud
service
providers,
we
are
also
trying
to
cover
as
many
resource
which
we
can
collect
the
data
metadata
information,
so
the
materials,
what
it
does
it
brilliantly.
It
does
a
it
collects
data
and
it
organizes
the
data
in
a
way.
So
it
is
easy
and
effective
for
analysis,
we'll
talk
about
what
this
analysis
are
meant
for
and
how
it
will
be
used
useful.
So
that's
when
this
use
cases
will
make
more
sense
when
I
walk
through
this,
so
so
the
data.
C
What
we
talk
about
here
is
it's
not
about
metrics,
it's
not
about
logs.
We
talk
about
the
data.
What
the
metos
is
interested
in
is
infrastructure
data,
and
we
we
don't
collect
any
data
from
workloads
what
it
means
that
it
is
purely
it
uses
a
native
sdks
and
talk
to
the
cloud.
There
is
no
agent,
so
we
are
completely
agentless
and
it
is
also
platform
independent.
C
C
So
what
do
we
do?
Basically,
after
collecting
all
this
data,
so
these
data
is
what
we
collect
essentially
will
help
us
to
ensure
cloud
security
and
the
best
practice
assessment,
as
well
as
a
compliance
check.
So
we
cover
a
wide
range
of
complaints
check.
It
could
be
like
bca
dsa
standards
shock
to
hipaa
gdpr
and
we
are.
We
are
also
planning
to
cover
in
future
for
fedramp
and
other
legal
controls.
D
D
C
Customer
please
so
we
have
published
our
open
source
project
and
we
have
all
the
resources
available
here.
So
the
same,
I
have
cloned
in
my
personal
and
official
laptop
here,
I'm
not
going
to
walk
through
all
the
steps.
Essentially,
the
steps
are
very
easy
to
follow
and
it's
all
documented
so
feel
free
to
explore
the
metros,
and
we
are
happy
to
have
your
comments.
So
what
I'm
going
to
do
now
is
briefly
launch
the
editor
and
show
things
what
are
essential.
C
C
C
So
in
this
example,
I'm
going
to
select
aws
what
essentially
it
is
going
to
do.
Is
it's
going
to
talk
to
the
account
which
I
have
configured
it's
going
to
talk
to
my
cloud
and
it
will
fetch
all
the
resource
information
like
it
will
get
apa
gateway,
containers
database
clusters,
all
the
information
about
the
interaction
infrastructure
will
be
collected.
C
A
A
C
C
Similarly,
for
azure
and
google
google
cloud
in
case
of
azure,
you
need
the
10
and
subscription
details
in
case
of
google.
We
need
the
service
accounts
to
fetch
all
the
resource
information.
So
it's
a
very
handy
tool.
So
let
me
go
and
show
the
response
which
I
have
it
handy
so
that
I
can.
It
gives
a
clear
picture
what
it
does.
C
So
here
we
have
the
information
fetched
from
cloud,
so
it
the
matos
has
fetched
information
about
all
the
infrastructure.
That
is
there
in
your
cloud
environment
and
this
data
is
utilized
for
performing
all
the
misconfiguration
checks
changes
in
the
configuration
compliance
non-compliance,
whether
it
follows
the
best
practices,
so
essentially
it
collects
all
the
data.
C
Yeah,
so
coming
back
to
the
presentation,
so
we
will
now
talk
about
the
use
cases.
So
what
can
I
use
methods
for?
So
I
think
we
had
a
brief
overview
about
the
capabilities
of
nato's.
Now,
how
do
we
use
tomatoes
and
how
is
it
useful
for
the
community
so
basically,
inter
in
cloud
security,
the
misconfiguration
leads
to
a
lot
of
security
issues.
C
Meadows
is
going
to
help
the
community
in
finding
the
miss
configuration.
As
I
mentioned,
the
data
which
we
got
it
from
cloud
will
be
efficiently
used
for
identifying
this
misconfiguration.
I
will
also
show
some
cases:
how
do
we?
How
can
we
do
that
and
we
can
extend
as
we
also
made
it
open
source?
The
platform
is
extensible.
C
What
it
means
is
the
community
can
add
more
controls
to
improve
the
capability
and
add
more
security
checks.
So
so
we
do
have
this
misconfiguration
detection
and
also
we
also
follow
cas
best
practices.
These
controls
are
already
being
available.
It's
available
it's
out
of
the
box
available,
and
we
also
have
added
recently
a
lot
of
security
checks
and
compliance
checks
covering
pci,
dss,
hipaa
and
other
standards
as
well.
C
It
also
helps
to
identify
the
drift.
The
drift
is
one
of
the
interesting
topics,
so
once
the
cloud
infrastructure
is
deployed
post
deployment,
if
there
is
any
change,
if
you,
if
you
are
able
to
baseline
the
data
which
we
have
collected,
it
can
essentially
also
be
used
to
identify
the
drift.
C
C
So
moving
on
to
remediations,
so
when,
when
we
initially
started
off
the
project,
we
were
more
focused
on
analyzing
the
data
and
later
we
realized
the
community
needed
a
solution.
So
we
started
thinking
about
out-of-the-box
solution
which
can
be
utilized
what
it
means
is.
We
have
provided
a
ready-made
fixes,
site,
reliability,
engineer
or
idea,
operators
or
devops
engineers
devsecops
anybody
can
utilize
the
remediation
what
we
have
developed.
C
C
Let
me
switch
the
context
back
to
the
middle
sphere,
so
in
metasphere
we
have
published
the
source
code
as
well
as
the
remediation
the
path,
the
platform
we
have
built
it
for
multi-cloud.
As
I
mentioned
earlier
so
right
now,
I'm
going
to
talk
about
aws
remediation,
some
of
the
cases
we
are
also
building
use
cases
for
azure
as
well
as
gcp.
We
also
welcome
the
contribution
from
the
open
source
community.
So
anybody
can
contribute
provide
remediations.
C
C
So
so,
as
you
see
here,
we
have
given
the
documentation.
How
did
it,
and
essentially
we
provide
a
playbook?
The
playbook
is
very
simple
and
easy
to
use.
All
it
needs
is
the
access
to
your
cloud
and
if,
if
you
have
identified
the
resource
which
is
non-compliant,
this
is
a
parameter
which
need
to
be
passed
to
our
script,
along
with
the
access
and
where
this
resource
lies
the
region.
So
it's
very
simple
to
use,
and
once
you
apply
this
remediation
it
it
is
it
it.
C
C
C
When
we
design
it,
it
is
intended
to
be
used
within
a
cloud
which
means
within
a
private
network,
so
the
database
is
kind
of
a
back
end
and
it's
it
talks
to
any
compute
application
or
the
front
end
or
anything.
So
it's
not
intended
to
be
public.
So
there
are
cases
where
the
changes
from
the
developers
accidentally
expose
the
rds.
So
it
becomes
a
severe
case
wherein
the
anonymous
users
get
access
to
the
data,
so
the
once
the
user
get
access
to
the
data.
C
C
Yeah
I'll
walk
I'll
talk
a
little
bit
about
similar
use
case
for
s3
bucket,
so
the
s3
bucket
is
very
prominently
used
in
the
cloud
community
and
what
happens
is
in
the
last
couple
of
years
the
most
of
the
sd
buckets
were
available
public
and
it
was
all
sensitive.
Data
was
leaked.
So
it's
not
it's
not
necessarily
that
the
bucket
need
to
be
right
protected.
Even
if
it
is
the
read
access
is
given.
C
You
may
lose
your
sensitive
data,
so,
for
example,
if
you
are
having
health
information
about
patient
or
patient
health
information
or
any
credit
card
information
stored
as
a
blog
in
history
bucket
and
if
it
is
accidentally
exposed
to
the
public
and
anybody
can
misuse
the
data.
So
what
this
check
does
is
it
ensures
the
sd
bucket
is
not
public
and
it
blocks
through
all
the
controls,
through
access
controllers,
access
points,
bucket
policies
and.
B
Saying
that
I'm
sorry
did
I
interrupt
you.
C
B
B
Another
thing
that
I
did
want
to
mention
is
that
obviously
we
would
like
to
restrict
all
traffic
on
the
default
security
by
not
doing
so
not
restricting
access
on
all
our
ports
that
can
lead
to
attacks
against
the
availability,
integrity
and
confidentiality
of
your
system.
So
we
want
to
avoid
that
meetows
fixes
that
mados
helps
you
with
that.
It
ensures
that
your
traffic
on
the
default
security
group
is
restricted
and
it
controls
the
remote
access
to
all
of
your
resources.
C
Authentication,
so
if
any
user
has
any
administrator
who
has
the
username
and
password
in
order
to
have
a
higher
order
of
protection,
it
is
always
recommended,
as
a
best
practice
to
have
multi-factor
authentication
enabled
so
so
it
it's
add
one
more
layer
of
protection,
so
the
essentially
they
can
give
authorization
through
their
mobile
or
scanning
a
barcode,
any
any
particular
form
so
from
it
is
possible.
So
it's
natively
supported
in
aws
and
other
platform
as
well.
C
So
this
is
a
check
essentially
to
make
sure
that,
so
what
is
easy
to
do
is
not
actually
secure
or
a
best
practice
to
do
so.
What
generally
a
developer
or
community
does?
Is
they
store
the
credentials
directly
on
the
ec2
instance,
which
is
actually
not
recommended,
so
instead
we
could
actually
attach
an
imim
role
to
an
ec2
instance
and
allow
the
applications.
C
So
there
are
a
lot
of
operational
difficulties
also
can
be
resolved
by
doing
this,
for
example,
if
you
have
to
rotate
credentials
for
every
30
days,
you
don't
have
to
manually
go
and
change
the
credentials
in
the
instance.
So
if
I
I
aws,
im
roll
is
used,
so
all
the
operational
difficulties
can
also
be
simplified,
so
essentially,
this
control,
what
it
does
is
it
will
attach.
B
Awesome,
thank
you
rajesh.
Thank
you
ed.
This
actually,
I
believe,
concludes
our
our
little
presentation
for
you.
So
if
there
are
any
questions
anything
we
could
perhaps
clarify
for
you.
Please
please
let
us
know.
A
Awesome,
and
so
if,
if
anyone
does
have
any
questions,
please
feel
free
to
add
that
to
the
chat
wherever
you
are
watching
and
we
can
get
those
questions
answered
for
you
as
best
we
can.
There
were
a
few
that
I
had
would
love
to
kind
of
kick
things
off,
while
we're
waiting
for
some
people
to
submit
their
questions,
and
one
of
those
questions
is
what
makes
mottos
different
from
similar
services.
Is
there
anything
that
you
do
that's
unique
or
something?
That's
that's
helpful
in
ways
that
folks
might
find
useful,
yeah.
D
C
D
That
it's
it's
actually
able
to
offer
remediations
right,
so
you
can
actually
take
one
of
these
tools
and
not
only
detect
these
things.
You
know
there's
tons
of
observability
tools
out
there
tons
of
things
that
do
detection.
You
know
standardized
tools
that
do
alerting
like
prometheus.
You
know
those
are
all
great
and
wonderful,
but
this
one
helps
you
actually
remediate
those
compliances
right.
D
So
it's
focused
around
that
compliance
stuff,
the
big
ticket
and
it's
really
focused
around
being
able
to
actually
solve
the
problem
rather
than
simply
know
that
there
is
a
problem
right,
and
so
I
think
that's
what
makes
nato
stand
out.
You
know
you
don't
have
to
be
a
cloud
expert.
That
also
is
a
compliance
or
security
expert.
To
use
this
tool,
you
can,
with
very
little
effort
kind
of
just
hit
the
ground
running
right.
That
could
be
an
app
dev
who's
like
hey.
They
just
told
me.
D
I
got
to
take
care
of
the
cloud
and
it's
got
to
be
compliant.
Add
this
with
a
little
bit
of
aws
and
you
can
get
your
ball
rolling,
no
problem
right,
so
it
really
reduces
that
level
of
effort.
It
takes
to
get
into
that
world
and
I
think,
that's
a
you
know
a
very
set
apart
feature
for
mates.
A
Yeah,
that's
that's
great
to
hear
I
I
feel
like
there
are
so
many
teams
that
are,
you
know
that
are
having
to
adjust
security
moves
so
fast
and
it's
hard
to
be
on
top
of
all
those
things,
especially
with
day
zero
exploits
and
all
of
these
other
things
that
are
kind
of
coming
out
right
or,
if,
like
you
said,
if
you're
new
to
whether
it
be
amazon,
azure,
google,
whatever
cloud
that
you're
using
you,
might
not
have
that
expertise
right
away.
So
it's
nice
to
nice
to
know
that
you
have
that
capability.
A
D
A
I
did
see
a
question
come
in
as
well.
I
didn't
want
to
cut
you
off.
Was
there
was
a
response?
There.
A
Please
go
ahead.
I
saw
this
question.
Security
groups
in
aws
are
pretty
strong.
How
is
this
becoming
a
use
case?.
D
So
security
groups
in
aws
are
absolutely
great,
but
they
require
a
form
of
control
where
you're
still
having
to
manually
set
these
parameters
and
policies.
D
A
lot
of
what
you
could
do
in
matos
makes
it
agnostic
to
both
the
cloud
as
well
as
the
security
control
itself.
So,
for
example,
if
you
were
to
implement
stock
3
compliance
in
your
aws
environment,
that
would
be
a
set
of
policies
within
nato's
and
then
you
would
choose
you
know.
This
is
the
cloud
that
I
want
to
apply
that
on
and
it
would
take
a
certain
set
of
rules
that
apply
for
sock,
3
and
test
them
all
against
your
environment
right.
So
that
would
include
things
like
security
groups.
D
It
would
include
things
like
firewalling.
It
would
include
things
like
encryption
at
rest.
You
know
even
iam
or
you
know,
service
account
permissions
and
things
like
that.
It
includes
all
those
resources
in
its
checks,
and
so
rather
than
just
be
assured
that
your
workloads
are
protected
from
a
security
group
standpoint
you're,
actually
looking
at
the
entire
cloud
holistically
and
able
to
look
at
your
security
and
compliance
from
that
perspective,
so
that
this
is
a
more
of
a
bigger
picture
kind
of
tool.
D
In
that
way,
security
groups
are
great,
they're
very
focused,
and
we
use
them
as
part
of
our
compliances,
but
they
are
a
smaller
set
of
the
largest
set
of
remediations
and
compliances
that
mados
can
help.
You
manage.
C
So
generally,
what
happens
is
so
the
security
groups
actually
inherently
gives
a
lot
of
protection,
but
the
problem
happens
when
we
tend
to
rely
on
the
default
security
groups
that
are
provided
by
the
service
providers.
So
we
don't
realize
that
there
is
a
lot
of
open
means
in
order
for
convenience.
It
connects
directly
to
internet
and
when
you
put
a
production
system
to
a
default
security
group,
you
you
you
come
to
a
lot
of
problems.
C
You
encounter
a
lot
of
problems
and
there
are
cases
where
accidentally
people
give
ingress
controls
and
checking
on
this
ingress
like,
for
example,
ssh
ports.
Rdp
ports
means
these
are
the
ports
most
often
get
provides
a
vulnerable
access
to
your
system,
so
protecting
that
through
your
security
group,
is
very
essential.
D
D
You
know
this
tool
allows
you
to
kind
of.
Take
that
whole
bucket
and
scan
everything.
Computers,
don't
make
mistakes
it'll
find
it.
Don't
you
worry
so
this
really?
This
really
helps
make
sure
that
that
human
error
element
is
reduced
as
well.
So
as
rajesh
was
saying,
you
know
a
lot
of
the
default
things
that
you
may
not
know
that
you
need
to
change,
or
maybe
you
forgot
to
change
it
for
one
project
in
a
managed
projection.
You
know
all
of
these
things
kind
of
get
smoothed
out
with
a
tool
like
this.
A
It
sounds
like
mata's
kind
of
gives
you
that
I
I
like
what
you
said
about.
You
know
you
can
turn
on
all
these
default
things,
but
it
really
helps
to
tune
those
and
make
sure
that
you
know
what
you're
covering
you
know
and
and
and
also
you
know,
working
in
the
cloud.
There
are
so
many
unforeseen
kinds
of
outcomes
like
I
know
in
the
earlier
days
of
kubernetes,
the
security
groups
that
get
managed
you
know
by
certain
ingresses,
would
add
and
remove
security
groups
and
even
iem
roles
within
aws.
A
You
know
some
were
like
really
privileged.
Some
were
not,
and
you
saw
all
of
this
activity
going
on
which,
which
kind
of
threw
a
lot
of
security
postures
for
a
loop
just
because,
like
oh
my
goodness,
I
can't
believe
that
this
is
what's
happening
behind
the
scenes
and
then
we've
worked
to
secure
that
over
time
within
the
community,
kubernetes
etc
as
one
specific
use
case,
but
as
security
changes
is
that
something
that
modest
is
able
to
help
you
out
with
you
know,
adjust
your
security
posture
set,
what
your
policies
will
be,
etc.
D
So
I
mean
yeah,
you
kind
of
you
know,
take
it
digest
it.
However,
you
need
it
right,
but
as
far
as
menos
itself,
it's
constantly
being
developed
in
terms
of
the
ability
to
do
what
it
does
any
functionality
that
we
find
that
might
help
have
more
coverage
in
terms
of
compliance
and
security
within
your
cloud
that
those
features
are
being
added
as
fast
as
possible.
D
We
are
also
making
sure
to
add
you
know
more
compliance
and
audit
options
available,
so
you
know
you'll
be
able
to
have
more
coverage
in
terms
of
what
compliances
you
can
use
in
this
tool
and
so
on
the
templating
system.
You
know
it's
always
being
updated
and
you
know
you're
able
to
actually
write
these
policies
yourself.
So
you
know
you
can
take
it
from
a
standpoint
of
I
have
stock
three
compliance
that
I
need
and
go
to.
D
I
have
saw
three
plus
some
details
right
and
it
becomes
something
that
you
can
really
personalize
to
your
infrastructure
and
it
really
is
kind
of
agnostic
to
where
you
run
and
how
you
run
it
right
so
yeah.
I
would
say
that
we're
constantly
developing
capabilities
and
coverage
for
what
this
tool
is
able
to
do
specifically
because
we
wanted
to
be
able
to
help
in
the
compliance
and
security
space
right
and
it
becomes
useless.
If
we
don't
so
absolutely
is
one
of
the
things
that
we
focus
heavily
on
in
its
development.
A
That's
awesome,
that's
awesome,
I
feel
like
that's.
Those
are
the
best
tools
or
the
ones
that
can
kind
of
grow.
With
you
help
you
learn,
you
can
teach
the
tool
and
train
it
with
what
you
set
up
in
tune
and
then
vice
versa.
I
know
that
some
of
those
learnings
can
be
kind
of
you
know
mind-blowing
as
well.
In
some
cases
like
I
didn't
know
that
could
happen
so.
A
Never
boring,
I
did
see
another
question
that
came
in
that's
this
question
was:
what
is
your?
What
is
the
stance
with
eu
regulations,
so
my
guess
is
potentially
gdpr
and
some
other
some
other
things
on
that
front.
Yeah.
D
Sure
so
I
guess
I'll
rather
take
a
slightly
broader
answer
for
that,
and
anyone
else
is
welcome
to
jump
in
if
they
feel
interested.
So
it
we're
we're
building
this
tool
to
specifically
look
at
infrastructure
resources
so
when
it
comes
to
things
like
gdpr
and
those
types
of
compliances,
the
aspects
of
it
that
are
specific
to
infrastructure.
So
not
your
application
data,
for
example.
D
Those
are
the
parts
that
this
tool
would
help
you
assess
and
remediate,
and
when
it
comes
to
doing
things
like
that,
the
workflow
would
essentially
be
you
set
up
meadows.
You
set
up
the
credentials
that
you
need.
You
set
up
the
cloud
that
you're
pointing
to
and
project,
and
then
you
just
check
off
the
boxes
that
allow
you
to
target
a
policy
that
would
give
you
that
gdpr
compliance
in
your
eu
project
right
and
so
once
you've
set
this
up
anytime.
You
run
the
tool
with
this
policy
checked
off
for
the
project.
D
You've
checked
with
and
credentials,
it'll
give
you
feedback
on
what
either
you
have
complete
compliance,
or
you
have
violations
of
that
and
it
offers
you
options
for
remediating
those
violations
as
well.
So
stance
wise,
we
cover
pretty
much
all
the
major
compliances
and
we're
constantly
kind
of
covering
more
as
we
can,
and
so
if
you
were
to
want
to
use
it
for
gdpr,
and
it
was
specific
to
your
use
case.
D
Even
if
you
weren't
able
to
find
the
specific
controls
for
gdpr,
the
platform
is
designed
to
be
extensible
so
that
you
can
build
it
exactly
as
you
need
it
for
your
personal
needs
right,
so
you'd
be
able
to
build
a
template
to
you
know,
take
a
look
at
your
environment,
specific
to
your
resources
and
over
time
you
know
we're
building
in
more
and
more
of
these
types
of
remediations,
and
eventually
they
may
cover
all
of
gdpr
in
eu
with
one
checkbox.
D
But
that's
that's
a
ways
away.
I
will
say.
A
Awesome
awesome:
if
you
have
any
other
questions,
please
feel
free
to
throw
those
in
the
chat
and
I
can
get
those
asked.
I
had
one
other
question
and
that
was:
are
there
any
plans
for
growing
your
platform
or
opportunities
to
contribute?
Can
you
tell
us
a
little
bit
about
that.
D
The
short
answer
is
yes
and
I'll
just
touch
on
it
a
little
bit
real,
quick,
so
ways
you
can
contribute.
This
is
actually
a
really
great
one,
so
we
made
modus
open
because
we
wanted
the
community
community
to
be
engaged.
We
built
this
with
the
idea
that
you
know
we
took
best
practices
and
the
best
approaches
from
our
experiences
throughout
the
cloud
environments.
D
You
know
throughout
our
experience
in
the
cloud
space
and
the
industry
and
built
a
tool
that
would
help
you
know,
people
like
ourselves
and
other
customers
we've
worked
with,
and
so
now
we
wanted
to
share
it
and
have
the
feedback
and
the
help
of
you
guys
to
drive
that
forward
right
and
that's
kind
of
the
spirit
of
cncf.
We
all
help
each
other
build
these
tools
that
make
our
work
and
lives
easier.
D
So,
as
far
as
contributing
you
know,
we
try
to
have
the
best
approach
to
make
all
of
this
portable
and
pragmatic,
where
we
always
will
need
in
contributions
and
involvement
is
along
those
remediations.
So,
as
we
mentioned,
we
offer
remediations
for
violations
that
we
find
and
we're
always
building
these
policies
and
sets
of
scripts.
That
help
you
maintain
those
compliances
for
like
stock
three
have
been
so
on.
D
We
would
love
for
the
community
to
get
involved
and
help
add
to
those
repositories
of
scripts,
because
the
more
we
have
in
there,
the
more
valuable
it
is
to
each
ever
and
every
one
of
you,
and
so
that's
definitely
a
great
way
that
you
guys
can
all
contribute
and
one
of
those
places
that
we
would
love
to
interact
with
you
right.
So
just
wait
for.
C
D
And
also
you
know
this
goes
without
saying,
but
feedback
lots
of
feedback.
We
want
to
hear
all
of
your
issues
feel
free
to
jump
on
github
and
pop
an
issue
open.
You
know,
give
us
as
much
detail
as
you
can
feature
requests.
You
know
the
more
traction
we're
happy
to
work
on
this
platform
with
you
guys,
and
we
need
to
hear
what
you
want
for
us
to
build
it
in
a
way
that
you
want
it
right.
D
A
Awesome
awesome,
I
love
those
two
steps
of
of
working
within
an
open
source
community
is
step,
one
show
up
step
two
stick
around
and,
and
we
can
make
awesome
things
together.
So
thank
you
very
much.
This
is
this
is
exciting.
I
went
ahead
and
shared
that
that
link
to
your
github
repository,
so
I
definitely
hope
some
folks
are
able
to
star
that
and
take
a
look
and
and
join
in
the
fun,
keep
help
us
with
with
staying
secure.
A
D
I
would
say
you
know
we're
pretty
excited
to
have.
Have
you
guys
take
a
look
at
this
and
you
know
really
appreciate
the
time
that
you've
given
us
to
share
it,
and
I
hope
that
you
guys
find
it
useful
and
look
forward
to
your
feedback.
B
Yes,
just
to
echo
ed,
I
think
we're
really
happy
and
grateful
to
have
been
a
goal
to
share
what
we
do
with
you
guys
and
with
the
instant
you
have
to
kind
of
include
us
to
be
able
to
do
this
live
stream.
A
A
Yeah
committed
folks
making
commits
I
really
enjoy
it
awesome
awesome.
Thank
you
all
very
much.
Thank
you.
Everyone
for
joining
us
for
this
episode
of
cloud
native
live.
It
was
great
to
learn
from
the
cloud
meet
us
team.
We
really
enjoyed
the
interaction
and
questions
from
everyone
and
yeah.
Thank
you
so
much
for
joining
us.
We
hope
to
see
you
again
soon
and
stay
secure
out
there
check
out
some
awesome
cloud
native
tools,
see
you
soon.