Frequently Asked Questions¶
1. Is there a limit to how many clouds I can add?
There is no limit; however, which each new cloud you add it does increase the amount of worker capacity required to continue harvesting in near real time. We strongly encourage administrators to monitor the job backlog (accessible on the dashboard), and if a large backlog is observed for a continued period of time that’s typically an indicator that additional capacity is required.
2. How do I add worker capacity?
Additional workers can be added by modifying the divvy.json and increasing the min property. Please note that running too many worker nodes on a single server can stress the system, so we almost always recommend that administrators scale the system horizontally. Doing this not only adds capacity, but adds resilience.
3. One of my cloud accounts shows Invalid Credentials and I know the credentials are valid.
Cloud accounts go into this state when they’ve exceeded 25 authentication failures in a five minute period. If you’ve double checked the credentials and have verified they do indeed work on other systems, it is recommended to check the system clock. Communicating with vendor APIs typically involves a signature process which uses time as one of the signing components. If your system clock is not synchronized with an NTP server and there is drift, this can result in the signature not matching what the cloud provider thinks it should be.
4. Can I adjust the harvesting cadences to put a priority on select regions?
Yes. This can be done within the cloud settings. There is a table which allows regions to be configured with one of three schedules (Passive, Aggressive and Standard). You can fine tune the harvesting per region, backing down regions you typically do not support to allow harvesting to focus more on those regions which are more important.
5. What resource types are supported?
There is a Cloud Support Matrix that includes this information.
6. Do you support external authentication?
External authentication via LDAP, AD and SAML is supported. SAML requires the installation of a custom plugin which is available via https://github.com/DivvyCloud/DivvySAML
7. What are the views My Visible Resources and My Resources?
My Visible Resources are all of the resources that the user has permission to see. For administrators, this encompasses all resources across all clouds. For Basic Users, it is the total of all resources they have View permission on. My Resources are simple resources that the individual user owns. These are resources that they have either provisioned through the DivvyCloud platform, or that an admin has manually associated them as the owner.
8. What does it mean when a user owns a resource?
When a user owns a resource, he/she has full permission to the resource. They in essence can view, modify and delete the resource. Administrators of the platform can gain quick insight into the number of resources a user owns via the Identity Management section of the tool.
9. Is there a way to enforce two-factor authentication for users?
Yes. Administrators can optionally check the Require Two Factor option when creating a user account. This option can be toggled on/off after the fact for previously created user accounts. The platform uses Google Authenticator for two-factor verification.
10. What is a Resource Group?
Resource groups are one of the most powerful features within DivvyCloud, and lots of advanced functionality is dependent on leveraging resource groups. Put simply, resource groups are a collection of resources. They can be used to apply granular permissions to a subset of your cloud footprint, to improve visibility and to help apply custom policy. Any resource type can be included within a resource group, including, but not limited to:
11. I don’t understand the terminology for the resources, can you help?
We normalize the terminology to ensure consistency across all cloud vendors. More information on this can found under Resource Terminology Overview.
12. Where can I find the version of software I’m running?
The version is always accessible in the top right of the Dashboard.
13. How do I contact support?
You can always reach us at firstname.lastname@example.org. Tickets can be opened in the tool by clicking on the ? icon at the bottom right of the tool.
14. What’s a Bot and when should I use one?
Bots are designed to take autonomous action against one or more resources across a cloud footprint. The action can be as simple as a notification or as invasive as a lifecycle action such as stop, start or delete. There are over 130 bots that our software supports out of the box, which support a variety of actions. More information on Bots can be found in our Bot Templates documentation.
15. I’m building a Bot, can you explain the Reactive events (Created, Modified and Destroyed)?
As the DivvyCloud platform pervasively harvests down infrastructure from the cloud, we compare the state of the resource in our persistent cache to what the cloud provider(s) give us. If there are new resources we have not seen before, such as resources which were recently provisioned, we trigger a Created event. When properties of existing resources change, such as tags, security groups, attachments, lifecycle state, etc. are differ, we trigger a Modified event. Lastly, if resources are deleted upstream and no longer exist when we harvest, we trigger a Destroyed event. These events enable Bots to react to change across a cloud footprint.
16. What are “Non-Compliant” resources?
“Non-Compliant” resources are resources that have been marked “non-compliant” by one or more Bots. Labelling resources non-compliant can be a useful first step in examining issues before taking action to correct. As a best practice when creating Bots, we recommend that you initially limit the Bot’s action to “Mark Non-Compliant”. Once you see the results of the Bot’s execution and confirm that it is behaving as intended, then you can modify the Bot’s actions to include other possibilities, e.g., “Schedule for Deletion”.
17. How are filters under “Resources” different from filters under “Bots”?
With limited exceptions, they are the same. As a best practice, we recommend using filters under Resources to explore your Cloud environment and identify issues and/or areas of focus. Once you have clarified what you wish to accomplish, then construct Bots using those same filters to enforce policies, schedule actions, and/or communicate information.
18. How are Bot actions against resources executed?
Bot actions are executed in the order listed in the Bot. They are executed one at a time until complete and then the next action is executed.
19. Can I use my account to access multiple organizations within DivvyCloud?
In order to enforce organizational isolation, only the Domain Administrator can access multiple organizations with a single account. Other types of users, e.g., Basic Users and Organization Administrators, must have a separate account per organizational unit.
20. Can I create Bots that execute against multiple organizations within DivvyCloud?
In order to enforce organizational isolation, Bots are limited in scope to single organizations. Domain Administrators are able to deploy the identical copies of the same Bot to multiple organizations, but those Bots are distinct and operate only on resources within their distinct organization.
21. How can I receive alerts when there are changes in my Cloud environments? How can I customize those alerts?
DivvyCloud has multiple integrations to provide alerts. These integrations can be used as actions inside Bots. For example, you can create a Bot that sends a slack message to an individual or a channel any time an instance costing more than $500 per month is created. You can customize the alert using Jinja2 Templating Overview to provide information such as cloud account, region, resource ID, monthly cost, and more.