Resource Group Curation

Resource groups are a very powerful feature of DivvyCloud. They simplify cloud automation, management, and permissions at scale. End-users can leverage DivvyCloud curation capabilities to automatically add/remove resources to these groups. Information on the two types of curation are listed below as well as an example use case.

In/Out Curation

DivvyCloud ships with an action named Curate Resource Group, which, when added to a bot’s instruction set, assumes responsibility for maintaining the state of the resource group. It is important to note that this action can be used only as a one-to-one relationship between a single bot and single group. The bot will autonomously move resources in and out of the group as needed based on the configured policy.

Add Only Curation

Occasionally, end-users may want to use multiple bots to add resources to a group. If so, using the bot action Add To Group can be useful. As the name implies, this action will only add resources to a group and will not automatically remove resources that no longer apply.


Let’s go ahead and work through an in/out curation policy as an example. For this example, we build a resource group named Production Resources that includes resources with the tag “environment” and a value of “production”. The scope of the bot inspects resources across Microsoft Azure, Amazon Web Services, and Google Compute Engine.

1.) Create a new resource group

Navigate to the Groups section of the tool and create a new shared group called “Production Resources”. Refer to the image for reference.


2.) Create a new bot

Click on the Create Bot button and enter the name, description, and category. Refer to the image below for reference.


3.) Configure scope

The scope defines the resource type(s) and cloud account(s) we want to inspect. For this example, we audit billable resource types such as instances, database instances (e.g., AWS RDS), volumes, and snapshots. We inspect three cloud accounts. Note that if we selected Scan All Groups it would scan every configured cloud account.


4.) Configure Conditions

Conditions can be as simple or complex as you want them to be. For this example, we use a single condition that inspects resource tags and looks for a single key Environment with a single value Production. You can include as many values as you want in the form, but for this example we only look for the value Production. Note that if you check the Case Sensitive box it will enforce case sensitivity.


5.) Configure Actions

Similar to conditions, we can use as many actions as we want. The action we use for this example is Curate Resource. Select that action from the listing and then use the dropdown to select the desired group Production Resources.


6.) When to run

The final step of the process identifies when you want the bot to run. For this type of bot, we recommend using resource created and resource modified. By doing so, the bot acts any time a new resource is spun up in the cloud or its tags are modified. Also, by enabling batch execution, the bot can perform a retroactive scan to build the group based on previously discovered resources.


7.) Save the bot

You can now save the bot. Once done, you can perform a retroactive scan and if you have resources that meet the configured conditions, they should show up in the Production Resources group.