Introduction
User Guide
Administration Guide
- Lifecycle Management CLI
- Creating an Environment
- Restoring from Backup
- Deleting an Environment
- Monitoring
- Managing Blacklist/Whitelist
- Audit Logging
Authentication
Architecture
- Infrastructure Overview
- REST API
- High Availability
- Security Features
- Files in S3
- Alternative Solutions
Contributing
Infrastructure Overview
Edge Security
Cerberus uses the Amazon WAF to provide edge security. This is automatically setup with the command-line API.
The WAF automatically drops requests with incorrect request body size, SQL injection, and Cross Site Scripting (XSS).
Application Load Balancer (ALB) logs are parsed using a rate limiting lambda that automatically blacklists IP addresses exceeding a configurable request rate limit. The access logs are stored in S3 and every time a new log chunk is written to S3, the Lambda is triggered (every 10 minutes or so).
For more background information, please see:
- AWS white paper on AWS Best Practices for DDoS Resiliency
- Blog post on How to Configure Rate-Based Blacklisting with AWS WAF and AWS Lambda
Cerberus Management Service
The Cerberus Management Service is the main micro-service that makes up a Cerberus environment. It includes features for:
- Management of Safe Deposit Boxes
- User Authentication
- AWS IAM Role Authentication
- Permissions Management
RDS
Amazon Aurora is used as the data store.
S3
S3 is used for storing configuration such as CMS settings and TLS certificates.