DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Access Explorer - Setup

Overview

This page covers the first-time user experience for installing and configuring Access Explorer. It walks you through the process and components (required and optional) necessary to set up Access Explorer.

To ensure you can complete the installation process we recommend that you gather all of the requirements and verify these details before you start.

If this is not your first time setting up Access Explorer, you can skip over to Access Explorer - Configuration and Settings for specific details on configuration and settings.

📘

Installation Recommendations

While most of the steps included in the setup are optional and can be skipped or configured later, we recommend completing all of these steps to provide the best overall user experience. The more data you provide, the more useful the tool will be. You will have better context, relationship data, and understanding around your cloud IAM configurations

General Infrastructure Requirements

DivvyCloud's Cloud IAM Governance module typically relies on the same infrastructure requirements as the main DivvyCloud platform. If you are concerned about performance for your individual environment we are happy to work with you directly to make recommendations, reach out to us via [email protected], otherwise refer to details on our Product Architecture page.

Recommend Prerequisites

  • A DivvyCloud platform installation with administrative permissions
  • At least one AWS cloud connected to DivvyCloud
    • For instructions on adding a cloud account to your DivvyCloud platform refer to our Cloud Account Setup page
  • Details on your Tagging or Name strategy to define your applications
  • To complete the optional steps for configuring CMDB and EIAM you will need the following:
    • An appropriately formatted CMDB CSV file (for upload or fetched from S3)
    • An appropriately formatted EIAM JSON file (for upload or fetched from S3)
  • A list of principals you want to exclude from your configuration (optional)

First-Time Setup

Users launching Access Explorer for the first time will be met with a guided "Getting Started with Access Explorer" process. This process walks users through the required and optional steps to complete the setup and configuration for Access Explorer.

Note: While only "Step 1 - Choose Cloud Accounts to Whitelist" and building the cache are required to complete the setup, we strongly recommend completing the optional steps to provide a better experience.

Step 1 - Choose Cloud Accounts to Whitelist

In this step you will select the cloud accounts (currently AWS) that you have connected to your DivvyCloud platform to include for analysis in Access Explorer.

Getting Started with Access Explorer - Step 1 (Whitelisting Cloud Accounts)

Step 2 - Create Application Groups

In this optional step you can define rules to create applications. By understanding your tagging or naming schema, we can dynamically group resources in Application Groups.

  • Refer to the complete documentation on [Configuring Application Groups].(https://docs.divvycloud.com/docs/access-explorer-configuration-and-settings#configuring-application-groups)
  • Add as many rules as you want to include.
  • Select "Save Application Group" to save your application and reset the form. This will allow you to create a new application. (Note: You can also add applications after you complete the initial setup.)
  • To verify that your rules are working as intended click "Test Group Rule," which will provide a list of resources that match (including a count) each rule provided.

Getting Started with Access Explorer - Step 2 (Application Groups)

Step 3 - Configure CMDB Settings

In this optional step users provide their CMDB settings in a CSV file. There are two options to share the CSV file: You can upload the file or point to an AWS S3 bucket to fetch the file.

  • Refer to the Configuring CMDB documentation for the complete details on this step (file format requirements and details for both options).
  • Review the details on the required CSV file here.

Getting Started with Access Explorer - Step 3 (CMDB)

Step 4 - Configure EIAM Settings

In this optional step users provide their EIAM settings in a JSON file. There are two options to share the JSON file: You can upload the file or point to an AWS S3 bucket to fetch the file.

Getting Started with Access Explorer - Step 4 (EIAM)

Step 5 - Principal Ignore List

In this optional step you can choose to define principals that you would like the analyzer to ignore. By excluding principals like IAM superusers or other users that have extensive permissions you can reduce your cache build time.

  • Select "Add Role" to specify a Principal you would like to add to the ignore list.
  • Click the "test" option for any role to see a list of matches before adding it to your list.

To revise the list of principals after the setup is complete you can visit the settings in Access Explorer. Read more about those on the Access Explorer - Configuration and Settings page.

Getting Started with Access Explorer - Step 5 (Principal Ignore List)

Final Step - Finish Setup & Start Cache Build

When you have added all of the details you want to include for your Access Explorer installation, select the "Finish Setup & Start Cache Build" button to complete the setup process.

If everything has been added correctly, you will receive the following confirmation.

Getting Started with Access Explorer - Confirmation

What's Next?

Once you have completed your initial setup for Access Explorer, after the cache-building process completes, your installation will be ready to use.

From your DivvyCloud platform navigate to "Security --> Access Explorer" and select "Access Explorer."

Access Explorer Landing Page

You can also check out the Using Access Explorer - Feature Guide for details on using the Cloud IAM Governance module through Access Explorer.

For instructions on configuring any of the components included in the initial setup process outside of this guided setup, check out the Access Explorer - Configuration and Settings documentation.

Updated 13 days ago


Access Explorer - Setup


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.