diff --git a/content/docs/en/project/dependency/index.mdx b/content/docs/en/project/dependency/index.mdx index 8b8e20cc3..672407a72 100644 --- a/content/docs/en/project/dependency/index.mdx +++ b/content/docs/en/project/dependency/index.mdx @@ -106,3 +106,70 @@ To move forward choose between the following guides. [Memcached](/docs/project/dependency/memcached-aws). [OpenSearch](/docs/project/dependency/opensearch-aws). [SQS](/docs/project/dependency/sqs-aws). + +## Dependency Access + +Dependency access refers to the security and connectivity mechanisms that let your application's workloads interact securely with external dependencies. SleakOps automatically manages these access patterns to ensure secure communication between your services and their dependencies. + +### Access Management + +#### Automatic Service Account Configuration +When you create a dependency, SleakOps automatically: +- **Creates IAM roles** with appropriate permissions for the specific dependency type +- **Configures service accounts** in your Kubernetes namespace +- **Establishes secure connections** between your workloads and the dependency +- **Manages credentials** through Kubernetes secrets and IAM roles + +#### Network Security +- **VPC Integration**: Dependencies are created inside your project's VPC for secure network access +- **Security Groups**: Automatically configured to allow the traffic needed between services +- **Private Endpoints**: Dependencies use private endpoints when available to minimize exposure + +### Access Patterns + +#### Database Access +For database dependencies (MySQL, PostgreSQL, etc.): +- **Connection Strings**: Automatically generated and stored as Kubernetes secrets +- **Authentication**: Managed through IAM roles and database-specific credentials +- **SSL/TLS**: Encrypted connections are configured by default +- **At-Rest Encryption**: Enabled by default on new dependencies + - You can turn it off or configure your own KMS key when you create it + - Aurora (PostgreSQL/MySQL) is always encrypted, with no way to opt out + - If the dependency was created before this improvement shipped, check the specific case: it may not be encrypted +- **Connection Pooling**: Optimized connection management for better performance + +#### Cache Access +For caching services (Redis, Memcached): +- **Endpoint Configuration**: Automatically configured in your application's environment +- **Authentication**: Secure access through IAM roles and service-specific credentials +- **Network Policies**: Access restricted to authorized workloads only + +#### Storage Access +For storage services (S3, etc.): +- **Bucket Policies**: Automatically configured with least-privilege access +- **IAM Permissions**: Service accounts receive only the permissions they need +- **Access Keys**: Managed through AWS IAM roles for greater security + +### Security Best Practices + +#### Principle of Least Privilege +- **Minimal Permissions**: Dependencies receive only the minimum required permissions +- **Resource-Specific Access**: Access is scoped to specific resources whenever possible +- **Regular Audits**: SleakOps provides tools to review and audit dependency access + +#### Credential Management +- **Automatic Rotation**: Credentials are rotated automatically when possible +- **Secure Storage**: All credentials are stored as Kubernetes secrets +- **No Hardcoded Secrets**: Applications access dependencies through environment variables + +:::info Access Monitoring +SleakOps provides monitoring and logging capabilities to track dependency access patterns, helping you identify potential security issues and optimize performance. +::: + +:::tip Troubleshooting Access Issues +If you run into access issues with dependencies: +1. Check the dependency's status in the SleakOps console +2. Confirm your workload has the correct service account +3. Review the IAM role permissions for the dependency +4. Verify network connectivity and security group configurations +::: diff --git a/content/docs/es/project/dependency/index.mdx b/content/docs/es/project/dependency/index.mdx index 3783b5588..9b93d4f23 100644 --- a/content/docs/es/project/dependency/index.mdx +++ b/content/docs/es/project/dependency/index.mdx @@ -134,6 +134,10 @@ Para dependencias de base de datos (MySQL, PostgreSQL, etc.): - **Cadenas de Conexión**: Generadas automáticamente y almacenadas como secrets de Kubernetes - **Autenticación**: Gestionada a través de roles IAM y credenciales específicas de la base de datos - **SSL/TLS**: Las conexiones encriptadas se configuran por defecto +- **Encriptación at-rest**: Habilitada por defecto en dependencias nuevas + - Podés desactivarla o configurar tu propia KMS key al crearla + - Aurora (PostgreSQL/MySQL) siempre está encriptada, sin opción de desactivarlo + - Si la dependencia ya existía antes de esta mejora, verificá el caso puntual: puede no estar encriptada - **Connection Pooling**: Gestión optimizada de conexiones para mejor rendimiento #### Acceso a Cache @@ -170,4 +174,4 @@ Si encuentras problemas de acceso con dependencias: 2. Confirma que tu carga de trabajo tiene la service account correcta 3. Revisa los permisos del rol IAM para la dependencia 4. Verifica la conectividad de red y configuraciones de security groups -::: \ No newline at end of file +:::