Securing your cloud accounts
Last updated
Was this helpful?
Last updated
Was this helpful?
Cloud account usage can lead to abuse without the appropriate security policies in place. Always be sure to implement the appropriate policies and restrictions before exposing tracks with cloud accounts to the public.
Costs associated with cloud accounts are in addition to your standard Instruqt billing. Therefore, you should take extra precautions when allowing users to access tracks that have cloud accounts.
Service and region restriction restrictions can be put in place globally or at a track level. In this section we focus on enabling at the track level. If you would like more information on global configuration, read the cloud services and regions section under global sandbox settings.
Providing full access to cloud services/accounts is never recommended. Policy of least possible permissions should be in place according to the requirements of the track. For example, an AWS managed policy with role AmazonEC2FullAccess should only be used for admin managed policies and not for user managed policies. Similarly, user IAM Policies should not provide unnecessary access.