# AWS Tenant Settings
## Configuring Tenant Settings
1. Navigate to **Administrator** -> **Tenants**.
2. In the **NAME** column, select the name of the Tenant you want to configure settings for.
3. Select the **Settings** tab, and click **Add**. The **Add Tenant Feature** pane displays.
4. From the **Select Feature** list box, select the setting (see list of settings below).
5. Click **Enable**, or enter an appropriate value.
6. Click **Add**. The setting is applied to the Infrastructure.
## Configuring Custom Settings
To add a tenant setting that is not listed in the **Select Feature** list box, enter the setting name and value manually, using the following steps.
1. In the DuploCloud Portal, navigate to **Administrator** → **Tenants**.
2. In the **NAME** column, select the tenant you want to configure.
3. Select the **Settings** tab.
4. Click **Add**. The **Add Tenant Feature** pane displays.
Add Tenant Feature pane
5. In the **Tenant Feature** list box, choose **Other**.
6. Enter the name of your custom tenant setting in the **Configuration** field.
7. Enter the value for the setting (for example, `True`) in the adjacent field.
8. Click **Add**. The custom tenant setting is applied.
## Tenant Settings
| **Enable Encryption at Rest** | Enables encryption of data at rest within the Tenant. |
| --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Delete Protection** | Enables delete protection for the Tenant. |
| **Default: Block public access to s3** | Sets the default to block public access to S3 buckets for the Tenant. |
| **Default: Enforce SSL for s3** | Sets the default to enforce SSL for S3 for the Tenant. |
| **Default: Enable bucket versioning for new s3 buckets** | Sets the default to enable bucket versioning for new S3 buckets for the Tenant. |
| **Default: Enable encryption at rest for ES** | Sets the default to enable encryption at rest for Elasticsearch (ES) for the Tenant. |
| **Default: Enable node to node encryption for ES** | Sets the default to enable node-to-node encryption for Elasticsearch (ES). |
| **Default: Enforce SSL for ES** | Sets the default to enforce SSL for Elasticsearch (ES). |
| **Default: Use latest TLS cipher for ES** | Sets the default to use the latest TLS cipher for Elasticsearch (ES) for the Tenant. |
| **Automatically rotate KMS keys** | Enables automatic rotation of KMS (Key Management Service) keys for the Tenant. |
| **AWS Access Token Validity** | Defines the duration of validity for AWS access tokens for the Tenant. |
| **Enable K8S network policy** | Enables Kubernetes network policies for the Tenant. |
| **Enable option to run K8S pods on any Host** | Enables the option to run the Tenant's Kubernetes (K8S) pods on any available Host. |
| **Allow hosts to run K8S pods from other tenants** | Allows the Tenant's Hosts to run Kubernetes (K8S) pods from other Tenants. |
| **Restrict public lb create for non-admin** | Restricts the ability to create public Load Balancers (LB) to admin users only. |
| **Restrict EC2 instance create in public subnet for non-admin** | Restricts the ability to create EC2 instances in public subnets to admin users only. |
| **Restrict non-ssl listener create for non-admin** | Restricts the ability to create non-SSL listeners to admin users only. |
| **Enable Alerting** | Enables alerting for the Tenant. |
| **Enable ECS CloudWatch Logging** | Enables ECS (Elastic Container Service) CloudWatch logging for the Tenant. |
| **Enable ECS ElasticSearch Logging** | Enables ECS (Elastic Container Service) Elasticsearch logging for the Tenant. |
| **Enable k8s job fault logging by default** | Enables Kubernetes job fault logging by default for the Tenant. |
| **Enable AWS IoT** | Enables the integration of IoT devices with AWS services for the Tenant. |
| **AWS IoT Topic Prefix** | Allows setting a topic prefix for AWS IoT within the Tenant. |
| **AWS IoT Thing Prefix** | Allows setting a prefix for naming IoT Things within the Tenant. |
| **AWS Role Max Session Duration** | Specifies the maximum session duration for AWS roles. |
| **Enable Auto Reboot EC2 status check** | Enables automatic reboot of the Tenant's EC2 instances when they fail a status check. |
| **Enable Auto Reboot K8s Nodes if disconnected** | Enables automatic reboot of the Tenant's Kubernetes (K8s) nodes if they become disconnected. |
| **Set SNS Topic Alerts** | Enables setting of SNS (Simple Notification Service) topic alerts for the Tenant. |
| **Enable Cluster Autoscaler OverProvisioning** | Enables Cluster Autoscaler overprovisioning for the Tenant. |
| **Maximum K8s Session Duration** | Specifies the maximum duration for Kubernetes sessions. |
| **Enable Node monitoring** | Enables node monitoring, allowing for the collection and analysis of metrics and logs. |
| **Enable K8S Node Monitoring** | Enables Kubernetes (K8s) node monitoring, allowing for the collection and analysis of metrics and logs. |
| **Enable Docker Monitoring** | Enables Docker monitoring for the Tenant. |
| **Enable K8S Docker Monitoring** | Enable K8S Docker Monitoring for the Tenant. |
| **Enable Docker Container Logging** | Enables Docker container logging, allowing logs from running containers to be captured. |
| **Enable Kubernetes Pods Logging** | Enables Kubernetes pod logging for the Tenant. |
| **Other** | Allows entering a custom or unlisted setting. |
| `raise_fault_on_last_state_pod_failure_reasons` | Generates a fault when a Kubernetes pod is terminated with a specified failure reason. Enter the failure reasons you want to monitor, e.g., `OOMKilled`. Multiple reasons can be comma-separated. |
| `tenant_instances_stopped` | Mutes faults for tenants whose instances are stopped when set to `True`. |
| `enable_aws_lambda_log_forwarding_to_elastic_search` | Enable AWS Lambda log forwarding to Elasticsearch. |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.duplocloud.com/docs/automation-platform/overview/aws-systems-settings/aws-tenant-settings.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.