https://github.com/awsdocs/aws-security-hub-user-guide/blob/master/doc_source/securityhub-cloudwatch-events.md

With Amazon EventBridge, you can automate your AWS services to respond automatically to system events such as application availability issues or resource changes. Events from AWS services are delivered to EventBridge in near-real time and on a guaranteed basis. You can write simple rules to indicate which events you are interested in and what automated actions to take when an event matches a rule. The actions that can be automatically triggered include the following:

• Invoking an AWS Lambda function
• Invoking the Amazon EC2 run command
• Relaying the event to Amazon Kinesis Data Streams
• Activating an AWS Step Functions state machine
• Notifying an Amazon SNS topic or an Amazon SQS queue
• Sending a finding to a third-party ticketing, chat, SIEM, or incident response and management tool

Security Hub automatically sends all new findings and all updates to existing findings to EventBridge as EventBridge events. You can also create custom actions that allow you to send selected findings and insight results to EventBridge.

You then configure EventBridge rules to respond to each type of event.

For more information about using EventBridge, see the https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html.

Implementing Automations for AWS WAF. https://aws.amazon.com/solutions/implementations/security-automations-for-aws-waf/

In this blog post, https://aws.amazon.com/blogs/security/how-to-use-amazon-guardduty-and-aws-web-application-firewall-to-automatically-block-suspicious-hosts/ we’ll show you how to use Amazon GuardDuty to automatically update the AWS Web Application Firewall Web Access Control Lists (WebACLs) and VPC Network Access Control Lists (NACLs) in response to GuardDuty findings. After GuardDuty detects a suspicious activity, the solution updates these resources to block communication from the suspicious host while you perform additional investigation and remediation. Once communication has been blocked, further occurrences of a finding are reduced, allowing security and operations teams to focus more on higher priority tasks. 

https://github.com/patrickchugh/terravision

TerraVision is a CLI tool that converts Terraform code into Professional Cloud Architecture Diagrams and solves the problem of keeping the most important document in cloud projects, the architecture document, up to date. With high velocity releases the norm now, machine generated architecture diagrams are more accurate than relying on the freestyle diagram drawn by the cloud architect that doesn't match reality anymore. Terravision securely runs 100% Client Side without any dependency on Terraform or access to your Cloud environment, to dynamically parse your conditionally created resources and variables and generate an automatic visual of your architecture. Terravision is designed to be a 'Docs as Code' (DaC) tool that can be included in your CI/CD pipeline to update architecture diagrams after your build/test/release pipeline phases and supplement other document generators like readthedocs.io alongside it. It currently Supports AWS and soon Google and Azure cloud.

Here is a great article on migrating legacy apps to serverless architecture. Strangler Vine and Event Storming. https://serverlessland.com/event-driven-architecture/visuals/event-driven-migrations

Now you can replace your bastion hosts and use EC2 Instance Connect Endpoint. This blog entry explains it https://aws.amazon.com/blogs/compute/secure-connectivity-from-public-to-private-introducing-ec2-instance-connect-endpoint-june-13-2023/Security groups are important, you must open port 22 to the CIDR of the subnet of the endpoint on the EC2 security group. Read the white papers. Also a policy must be added to the user to allow access to the endpoint. You can find that information here. https://docs.aws.amazon.com/aws-managed-policy/latest/reference/EC2InstanceConnect.html

"In this post https://aws.amazon.com/blogs/compute/adding-approval-notifications-to-ec2-image-builder-before-sharing-amis-2/?trk=global_employee_advocacy&sc_channel=sm&advocacy_source=everyonesocial&es_id=38f88ae532, we will walk through the steps to enable approval notifications before AMIs are shared with other AWS accounts. Image Builder supports automated image testing using test components. The recommended best practice is to automate test steps, however situations can arise where test steps become either challenging to automate or internal compliance policies mandate manual checks be conducted prior to distributing images. In such situations, having a manual approval step is useful if you would like to verify the AMI configuration before it is shared to other AWS accounts or an AWS Organization."

I watched an excellent Webinar about Kong and Confluent (Apache Kafka) on AWS using data streaming and APIs. You can see more about it here: https://www.confluent.io/partner/amazon-web-services/ And there are learning materials here: https://www.confluent.io/training/

foundry.skywalkervtt.com is one of my Foundry servers running on K3s, launched in Proxmox VE using Terraform and Ansible in my Gitlab using the multinic cloud init image. I used the Helm chart with my docker image of Foundry.

I was able to do a good test of the K3 ansible script with my Multi Nic Terraform for Prox Mox that gave me an external static IP address. It is a 2 node K3 cluster, foundry.darthvadervtt.com