Advanced Network Exposure Use Cases
Explore the list of network exposure use cases available in Sysdig Secure across AWS, Azure, GCP, and IBM Cloud environments.
Supported Cloud Providers
Network Exposure Paths by Cloud Provider
Below are the available use cases for each cloud provider and resource type. Each use case analyzes specific network paths to determine if a resource is exposed to the internet.
AWS Exposure Paths
| S3 Bucket | • S3 via ACL • S3 via Policy • S3 via ACL without Account • S3 via Policy without Account • S3 via ACL without Block Configuration • S3 via Policy without Block Configuration • S3 via ACL without Account and Block Configuration • S3 via Policy without Account and Block Configuration • S3 via Policy and ACL without Account and Block Configuration |
| EC2 Instance | • EC2 via Classical Load Balancer • EC2 via Subnet • EC2 via ELBV2 Load Balancer |
| Lambda Function | • Lambda Edge via CloudFront • Lambda via Function URL • Lambda via ALB |
| RDS Instance | • RDS via Subnet • RDS via EC2 Instance |
| API Gateway | • API Gateway V1 via Stage • API Gateway V2 via Stage |
| EFS File System | • EFS via VPC |
| ElastiCache Cluster | • ElastiCache via EC2 Instance |
| App Runner | • AppRunner Public Endpoint • AppRunner with VPC Ingress via NLB |
Azure Exposure Paths
| Virtual Machine | • Virtual Machine with NIC Security Group • Virtual Machine without Security Group • Virtual Machine with Virtual Network Security Group • Virtual Machine with All Security Groups |
| Storage Blob | • Storage Blob via Storage Account |
| Functions/Websites | • Website via Config |
| SQL Server | • SQL Server |
| Redis Cache | • Redis Cache |
| Deployment | • Deployment via Service • Deployment via Service and Network Policy • Deployment via Service and Ingress • Deployment via All |
GCP Exposure Paths
| Cloud Storage Bucket | • Storage Bucket via IAM Config • Storage Bucket via IAM Config Alone • Storage Bucket via IAM Policy • Storage Bucket via IAM Policy Alone |
| Compute Instance | • Compute Instance via Network Interface |
| Cloud SQL | • Cloud SQL Instance |
| App Engine | • App Engine Public |
| BigQuery Dataset | • BigQuery Dataset via IAM Policy |
| External Load Balancer | • Global External Load Balancer |
| Deployment | • Deployment via Service • Deployment via Service and Network Policy • Deployment via Service and Ingress • Deployment via All |
IBM Cloud Exposure Paths
| Cloud Object Storage Bucket | • Cloud Object Storage Bucket via Access Policy |
| Virtual Server Instance for VPC | • Virtual Server Instance via Network Security Group |
