Tenant Security settings
Configure Tenant Security settings for specific DuploCloud Tenants
Last updated
Configure Tenant Security settings for specific DuploCloud Tenants
Last updated
© DuploCloud, Inc. All rights reserved. DuploCloud trademarks used herein are registered trademarks of DuploCloud and affiliates
Configure these settings (properties) by navigating to Administrator -> Tenants in the DuploCloud Portal. Select the Tenant for which you want to configure the settings listed below and click the Settings tab. The Tenant Feature Properties are listed in the Name column in the Settings tab.
To edit or remove an existing property, click the icon to the left of the property Name and select Edit Setting or Remove Setting. To add any of these settings, click Add. Select and Enable the feature using the Add Tenant Feature pane.
A Default Value of Enabled in the table below displays a property value of True in the UI.
A Default Value of Disabled in the table below displays a property value of False in the UI.
Tenant Feature Property | Description | Default Value |
---|---|---|
Enable Encryption at Rest
Configure encryption at rest for AWS resources such as RDS, ElastiCache, ElasticSearch
Disabled
Block Public Access
Blocks (disables) public access to S3Default
Enabled
Maximum Session Duration
Configure AWS IAM Role Maximum session duration for the tenant role
Provide input in Hours. Additional details can be found here
3600 seconds (1 Hour)
Enforce SSL for ES
Require SSL encryption for AWS Elasticsearch
Enabled
Enforce SSL for S3
Require SSL encryption for AWS S3 Buckets
Enabled
Enable node to node encryption for ES
Enables Node-to-node encryption to protects data transferred between nodes using SSL encryption
Enabled
Automatically rotate KMS keys
Enables automatic rotation of KMS keys to prevent extensive key reuse
Enabled
Delete protection
Protects Tenants from accidental deletion. See Deleting a Tenant
Enabled
AWS Access Token Validity
AWS Console JIT (Just-In-Time) session token validation time in seconds before time-out
3600 seconds (1 Hour)
Restrict Pubic IP for Non-Admin
Restricts Non-Administrators from creating a load balancer that uses a Public IP address
Disabled
Restrict EC2 instance create in public subnet for non-admin
Restricts Non-Administrators from creating EC2 Instances that use a Public IP address
Disabled
Restrict non-ssl listener create for non-admin
Restricts Non-Administrators from creating a load balancer without SSL certificates
Disabled