Tenant Security settings

Configure Tenant Security settings for specific DuploCloud Tenants

Configuring Security settings at the Tenant Level

Configure these settings (properties) by navigating to Administrator -> Tenants in the DuploCloud Portal. Select the Tenant for which you want to configure the settings listed below and click the Settings tab. The Tenant Feature Properties are listed in the Name column in the Settings tab.

To edit or remove an existing property, click the icon to the left of the property Name and select Edit Setting or Remove Setting. To add any of these settings, click Add. Select and Enable the feature using the Add Tenant Feature pane.

A Default Value of Enabled in the table below displays a property value of True in the UI.

A Default Value of Disabled in the table below displays a property value of False in the UI.

Tenant Feature Property

Description

Default Value

Enable Encryption at Rest

Configure encryption at rest for AWS resources such as RDS, ElastiCache, ElasticSearch

Disabled

Block Public Access

Blocks (disables) public access to S3Default

Enabled

Maximum Session Duration

Configure AWS IAM Role Maximum session duration for the tenant role

Provide input in Hours. Additional details can be found here

3600 seconds (1 Hour)

Enforce SSL for ES

Require SSL encryption for AWS Elasticsearch

Enabled

Enforce SSL for S3

Require SSL encryption for AWS S3 Buckets

Enabled

Enable node to node encryption for ES

Enables Node-to-node encryption to protects data transferred between nodes using SSL encryption

Enabled

Automatically rotate KMS keys

Enables automatic rotation of KMS keys to prevent extensive key reuse

Enabled

Delete protection

Protects Tenants from accidental deletion. See Deleting a Tenant

Enabled

AWS Access Token Validity

AWS Console JIT (Just-In-Time) session token validation time in seconds before time-out

3600 seconds (1 Hour)

Restrict Pubic IP for Non-Admin

Restricts Non-Administrators from creating a load balancer that uses a Public IP address

Disabled

Restrict EC2 instance create in public subnet for non-admin

Restricts Non-Administrators from creating EC2 Instances that use a Public IP address

Disabled

Restrict non-ssl listener create for non-admin

Restricts Non-Administrators from creating a load balancer without SSL certificates

Disabled

PreviousSecurity Configuration Settings NextInfrastructure Security settings

Last updated 9 months ago