All security best practices like Encryption, SSL certs, Role based access are pre-configured by default
Private Networking is On
Exclusive network and cluster for each environment
Each environment you spin up gets its own VPC and Kubernetes cluster to isolate stage and production workload.
Private network and private IPs only
All your services running within an environment, run only within a virtual private network (VPC in aws) that is exclusive to the environment.
Outbound calls using NAT gateway
NAT gateway is configured by default in each environment. So any outbound call that your code makes to the internet uses the NAT gateway’s IP.
Inbound calls using load balancer
Any in-bound call from the internet to your public-facing services flow through a defined AWS managed network load balancer.
Data Encryption is On
By default, all data is encrypted within the environment
By default, all data is encrypted within the environment
At rest
All volumes used within the environment are encrypted volumes.
At transit
All public facing services are exposed only via HTTPS and get auto-renewing SSL certificates.
And more controls in your environments by default
And more
Encrypted secrets
Secrets are encrypted and stored in your cloud account's secret manager (Parameter store in AWS)
Managed compute instances
All compute servers created in your environment are managed compute instances. Cloud provider takes care of patching instance, OS and system level packages.
Role based access
LocalOps creates standard roles for you to use to define permissions to access any managed cloud resource like S3. Your code then skip handling un-safe long living IAM keys.
