Is it possible to manually exclude assets in Dome9
Hello Dome9 Experts,
Please help with few questions:
1. Is it possible to onboard (half) of the AWS account, while manually excluding some assets? Or is the only boundary is AWS Account and once on-boarded all billable assets are counted? Obviously the only options in GUI are a. Read-Only (Monitor mode) b. Full protection (CloudGuard managed)
2. Imagine customer is interested in Serverless protection only, is it possible to onboard Serverless protection only, without scanning and licensing general compute?
I think it is already answered here Dome9 AWS Lambda Serverless monitoring - pre-requrements but just want to double check. The prior answer was:
this is how it looks to onboard and what is needed.
1. Have to have an on boarded cloud account of course.
3. When onboarding Serverless, can you select what Lambda function to onboard? For example there are Prod, Test, Dev clones for each Lambda, can i select Lambdas i want to protect?
4. Is it the same license requirement for CloudGuard (Dome9) Proact Assessment as CloudGuard Serverless protection? That is "6 functions constitute one billable asset" no matter what is your plan, if you are only inspecting the config or actively protecting the Lambda.
I tried to ask this question here - How to secure your Serverless Functions with CloudGuard Workload with a Open Serverless CICD Job
As per documentation in Billable Assets :
The CloudGuard license is based on average monthly use of billable protected assets, and not on the peak number of assets used. Every hour or part of an hour for an asset contributes 1/24 to the daily average, and the daily average contributes to the weekly and monthly ones.
Asset typeComments & exclusions
|EC2||Micro and Nano are not billable|
|RDS||Micro and Nano are not billable|
|Lambda||6 functions constitute one billable asset (latest version of function only is counted)|