Thant Zin Phyo

About the use case Amazon GuardDuty  is a managed threat detection service that continuously monitors AWS accounts and workloads for malicious or unauthorized activity using machine learning, anomaly detection, and integrated threat intelligence. GuardDuty supports  managing multiple accounts with AWS Organizations  via the delegated administrator feature, with which you designate an AWS account in the organization to centrally manage GuardDuty for all members. This is great for managing a multi-account landing zone by centralizing management of GuardDuty settings in a consistent manner. Since it is increasingly common to establish an AWS landing zone using  AWS Control Tower , we will use the  standard account structure  in a Control Tower landing zone to demonstrate how to configure GuardDuty in Terraform: The relevant accounts for our use case in the landing zone are: The Management account for the organization where AWS Orga...

Azure Web Application Firewall (WAF) protects web applications from common exploits and vulnerabilities including SQL injection, cross-site scripting, and other OWASP Top 10 threats. This guide covers deploying WAF on both Application Gateway and Azure Front Door with managed rules, custom rules, and bot protection. Overview Azure WAF can be deployed on three services: Application Gateway : Regional layer 7 load balancer with WAF Azure Front Door : Global CDN and load balancer with edge WAF Azure CDN : Content delivery network with WAF capabilities This guide focuses on Application Gateway and Front Door, the most common deployment options. Prerequisites Before deploying Azure WAF: Azure subscription  with Contributor access Virtual Network  with dedicated subnet for Application Gateway Backend application  to protect (App Service, VMs, AKS, etc.) Azure CLI  (2.50.0+) or  Azure Portal  access Public DNS  for custom domain configuration (optional) Under...