Resource Group Curation¶
Resource groups are a very powerful feature of DivvyCloud. They simplify cloud automation, management, and permissions at scale. End-users can leverage DivvyCloud curation capabilities to automatically add/remove resources to these groups. Information on the two types of curation are listed below as well as an example use case.
DivvyCloud ships with an action named
Curate Resource Group, which, when
added to a bot’s instruction set, assumes responsibility for maintaining the
state of the resource group. It is important to note that this action can be
used only as a one-to-one relationship between a single bot and single group.
The bot will autonomously move resources in and out of the group as needed
based on the configured policy.
Add Only Curation¶
Occasionally, end-users may want to use multiple bots to add resources to a
group. If so, using the bot action
Add To Group can be useful. As the
name implies, this action will only add resources to a group and will not
automatically remove resources that no longer apply.
Let’s go ahead and work through an in/out curation policy as an example. For
this example, we build a resource group named
Production Resources that
includes resources with the tag “environment” and a value of “production”. The
scope of the bot inspects resources across Microsoft Azure, Amazon Web
Services, and Google Compute Engine.
1.) Create a new resource group
Navigate to the Groups section of the tool and create a new shared group called “Production Resources”. Refer to the image for reference.
2.) Create a new bot
Click on the Create Bot button and enter the name, description, and category. Refer to the image below for reference.
3.) Configure scope
The scope defines the resource type(s) and cloud account(s) we want to inspect. For this example, we audit billable resource types such as instances, database instances (e.g., AWS RDS), volumes, and snapshots. We inspect three cloud accounts. Note that if we selected Scan All Groups it would scan every configured cloud account.
4.) Configure Conditions
Conditions can be as simple or complex as you want them to be. For this example, we use a single condition that inspects resource tags and looks for a single key Environment with a single value Production. You can include as many values as you want in the form, but for this example we only look for the value Production. Note that if you check the Case Sensitive box it will enforce case sensitivity.
5.) Configure Actions
Similar to conditions, we can use as many actions as we want. The action we use for this example is Curate Resource. Select that action from the listing and then use the dropdown to select the desired group
6.) When to run
The final step of the process identifies when you want the bot to run. For this type of bot, we recommend using resource created and resource modified. By doing so, the bot acts any time a new resource is spun up in the cloud or its tags are modified. Also, by enabling batch execution, the bot can perform a retroactive scan to build the group based on previously discovered resources.
7.) Save the botYou can now save the bot. Once done, you can perform a retroactive scan and if you have resources that meet the configured conditions, they should show up in the Production Resources group.