Automating a no-public-IP governance rule
WHAT IT TESTS: preventive policy-as-code governance. OUTLINE: use organization-level policy guardrails (SCP, Azure Policy, Org Policy) to deny public IP attachment before creation, applied across all accounts.
WHAT IT TESTS: knowing the difference between preventive and detective controls and how to enforce policy at scale. ANSWER OUTLINE: implement a preventive guardrail with native policy-as-code such as AWS Service Control Policies, Azure Policy with a deny effect, or GCP Organization Policy constraints, applied at the org or management-group level so it covers every account by default. The policy denies any VM creation that requests a public IP. Add detective scanning and remediation as backup.
Read the original → interview
- #governance
- #policy-as-code
- #security
- #compliance
- #cloud
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.