New Security Zone policies offer more security controls

Security Zones has released 19 new policies to ensure that resources in security zones comply with security best practices.

Some new policies manage several actions under one policy. For example, deny manage_bastion_resource prevents a bastion or bastion session from being created, updated, or deleted in the security zone.

You can read the details for each of the following new policies in the user guide:

• deny DRG_gateway
• deny LPG_gateway
• deny NAT_gateway
• deny SGW_gateway
• deny create_or_modify_vcn_security_list
• deny create_drg
• deny create_vcn_security_list
• deny delete_all_load_balancer_back_end_sets
• deny terminate_instance
• deny update_network_security_group_egress_rules
• deny manage_bastion_resource
• deny manage_compute_and_block_storage_resource
• deny manage_DHCP_options_resource
• deny manage_DNS_resource
• deny manage_file_storage_resource
• deny manage_image_resource
• deny manage_oke_service
• deny manage_vcn_route_tables
• deny manage_virtual_network_resource

You can enable the new policies in security zone recipes.