Cloud Advisor maintains an up-to-date list of publicly exposed databases, virtual machines, buckets, Kubernetes clusters, and cloud functions.
Calculation of public exposure
To determine the public exposure of a resource, not only the fact of assigning a public IP address is checked, but also a network connectivity analysis is performed, which allows calculating the public exposure behind load balancers and NAT. By examining security group rules assigned to a particular resource, it is possible to determine the resource's true level of public accessibility. This entails distinguishing between public access from all IP addresses and public access from a restricted number of IP addresses.
In this case, the security group prevents all connections except for those from the office network via VPN, so there is no public exposure, despite having a public IP.
In this case, the security group allows all connections and there is public exposure despite the absence of a public IP.
Cloud Advisor provides a detailed report on all public IPs in the multi-cloud infrastructure with data on which of the resources they are assigned to.
Cloud Advisor allows you to set up alerts when publicly exposed resources appear in the cloud. When such a resource becomes available, Cloud Advisor will notify the person responsible by email, Telegram, or create a task in Jira.
Cloud Advisor is embedded in CI/CD processes and checks Terraform files for publicly exposed resources before the infrastructure is deployed.