Netflix promised us more monkeys and now it’s delivered yet another member of its Simian Army — the streaming media giant has open-sourced the code for Security Monkey, the tool it has used internally since 2011 to keep tabs on and evaluate security-related changes to its Amazon Web Services configurations.
For years, Netflix, probably AWS’s highest-profile customer, has augmented Amazon’s own services with its own tools and capabilities and has open sourced many of them. Chaos Monkey, which shuts down malfunctioning cloud resources in an orderly way so the application can keep running, has proven very popular, for example.
The Security Monkey which Netflix started using to monitor a limited number of AWS services, has grown to handle Netflix’ growing use of more services. It performs several functions: (1) it keeps tabs on Amazon S3 storage, identity access management (IAM) and EC2 compute workloads to detect and record changes to those configurations; (2) it notifies the designated user or users about those changes; and (3) it follows business rules set to run a configuration and assesses risks associated with that configuration.
Netflix acknowledged that Security Monkey overlaps somewhat with some AWS services that came later — specifically CloudTrail and Trusted Advisor — but said it provides its own unique value.
While CloudTrail “provides verbose data on API calls” it has no sense of state in terms of how a particular configuration item changes over time. Security Monkey fills that gap, according to the Netflix Tech Blog. And Trusted Advisor, a premium (read “paid”) Amazon service runs security checks, but will not allow customers to build their own custom checks, which Security Monkey facilitates.