11. Review Secure Configuration (overview)

Chapter 11 - Review Secure Configuration

Some security outcomes depend on platform configuration, not application source alone. Network policies, role grants, sharing rules, and clean-room boundaries must be reviewed with the same evidence standard as code.

Use these chapters during design review, IaC pull requests, and production change tickets for data platforms and cloud estates.

How to Use These Chapters

• Trace who can access data (identity, role, network path).
• Trace what crosses a trust boundary (shares, clean rooms, exports, linked accounts).
• Confirm audit and logging prove access decisions.
• Pair configuration review with Part III code review when apps embed SDK credentials or build SQL dynamically.

Data Platforms

• 11.1 Review Snowflake Security Configuration
• 11.2 Review Databricks Clean Room Configuration

Cloud and Runtime

• 11.3 Review AWS IAM and Secrets Configuration
• 11.4 Review Kubernetes Security Configuration
• 11.5 Review PostgreSQL Security Configuration

Suggested Topics for Future Chapters

• Azure Entra ID / AWS IAM Identity Center — federation, permission sets, break-glass roles
• GCP BigQuery sharing & VPC-SC — dataset IAM, egress controls
• Terraform / OpenTofu guardrails — state secrets, policy-as-code (Sentinel, OPA)
• MongoDB Atlas / Redis Cloud — TLS, IP allowlists, admin API keys