Cloud Scoping

  1. Which Third party Cloud is in use?

  2. How many projects(if GCP) or root accounts(if AWS) are in scope?

(AWS) Number of the root accounts in scope?

(GCP) Names of the projects?

  1. Which cloud regions are in scope?

  2. What are the Cloud resources/services in use?

(AWS) Ec2, EBS, EFS, S3, IAM, Amplify, Lambda, RDS, GKE, etc.

(GCP) https://cloud.google.com/products

  1. What are the Objectives? What is the Cloud project used for?

  2. What Kind of test account will be provided?

(AWS) IAM or SSO account (ADFS, Azure SAML)

 (GCP) IAM or SSO AD account

  1. Permissions required for Cloud Config review

  2. Login URL?

  3. What kind of data is used and operated in Cloud (C4/C3)?

  4. What environment will be provided during testing?

  5. If it requires corporate network, Check if STLAB public Ip can be whitelisted?

  6. Does the project make use of Kubernetes Engine?

Last updated