InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Add Scheduler Sleep

Instructions for Enabling Sleep Functionality for the InsightCloudSec Internal Scheduler

📘

Value Names (DivvyCloud vs. InsightCloudSec)

Some components use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.

Overview

The following documentation provides details on enabling scheduler sleep on InsightCloudSec (for versions 20.5.0 and newer). This feature allows users to upgrade InsightCloudSec without manually scaling down to an old version.

Details are included for ECS based deployments using Terraform and CFT, and Docker on EC2-based Deployments for Terraform and CFT. For any questions or issues reach out to us through support.

Note: The content/steps provided on this page apply to self-hosted customers. For hosted customers we recommend that you contact your CSM or [email protected] with any questions or concerns.

Configuring ECS based deployments

Terraform

1. Edit your main template and locate the locals / environment section:

locals {
    environment = [
{
    name  = "VIRTUAL_ENV"
    value = "/"
},
{
    name  = "DIVVY_REDIS_HOST"
    value = "${aws_elasticache_replication_group.DivvyCloud-Redis-RG.primary_endpoint_address}"
},
...
...
...
{
    name  = "DIVVY_SECRET_DB_NAME"
    value = "divvykeys"
},
{
    name  = "DIVVY_SECRETS_PROVIDER_CONFIG"
    value = "AWSAssumeRole,region=${var.region},secret_name=${aws_secretsmanager_secret.divvycloud-credentials.name}"
}
    ]
}

2. Add a new local environment variable (SCHEDULER_SLEEP) that will only be applied to the scheduler.

locals {
  environment = [
    {
      name = "VIRTUAL_ENV"
      value = "/"
    },
    {
      name = "DIVVY_REDIS_HOST"
      value = var.redis-endpoint
    },
    ...
    ...
    ...
    {
      name = "DIVVY_SECRET_DB_NAME"
      value = "divvykeys"
    },
    {
      name = "DIVVY_SECRETS_PROVIDER_CONFIG"
      value = "AWSAssumeRole,region=${var.region},secret_name=${var.db_secret}"
    }
  ]
  scheduler_environment = [
  {
    name = "SCHEDULER_SLEEP"
    value = "180"
  }
  ]
}

3. Update the environment parameter for scheduler task definition to use the new environment variable:

resource "aws_ecs_task_definition" "scheduler" {
...
...
...
environment = local.environment
...
...
...
}

Becomes

resource "aws_ecs_task_definition" "scheduler" {
...
...
...
environment = concat(local.environment, local.scheduler_environment)
...
...
...
}

4. Apply the Terraform and ensure all schedulers have restarted to complete the change.

Cloud Formation Template

1. Edit the main template and locate the Environment in the schedulerTask section:

schedulerTask:
    Type: 'AWS::ECS::TaskDefinition'
    Properties:
      Family: 'scheduler'
      TaskRoleArn: 
        Fn::ImportValue: !Sub '${ParameterIAMStackName}-DivvyCloudStandardRoleARN'   
      ExecutionRoleArn: 
        Fn::ImportValue: !Sub '${ParameterIAMStackName}-AmazonECSTaskExecutionRoleARN'
      Cpu: '256'
      Memory: '512'
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ContainerDefinitions:
        # scheduler
        - Image: !Ref ParameterDivvyCloudVersion
          Name: scheduler
          Environment:
            - Name: DIVVY_REDIS_SSL_ENABLED
              Value: true
            - Name: VIRTUAL_ENV
              Value: /
            - Name: DIVVY_ENV
              Value: prod
            - Name: DIVVY_DB_NAME
              Value: !FindInMap [Vars, db, name]
            - Name: DIVVY_SECRET_DB_NAME
              Value: !FindInMap [Vars, db, secureName]
            - Name: DIVVY_SECRETS_PROVIDER_CONFIG
              Value: !Join

2. Add a new environment variable (SCHEDULER_SLEEP) that will only be applied to the scheduler.

schedulerTask:
    Type: 'AWS::ECS::TaskDefinition'
    Properties:
      Family: 'scheduler'
      TaskRoleArn: 
        Fn::ImportValue: !Sub '${ParameterIAMStackName}-DivvyCloudStandardRoleARN'   
      ExecutionRoleArn: 
        Fn::ImportValue: !Sub '${ParameterIAMStackName}-AmazonECSTaskExecutionRoleARN'
      Cpu: '256'
      Memory: '512'
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ContainerDefinitions:
        # scheduler
        - Image: !Ref ParameterDivvyCloudVersion
          Name: scheduler
          Environment:
            - Name: DIVVY_REDIS_SSL_ENABLED
              Value: true
            - Name: VIRTUAL_ENV
              Value: /
            - Name: DIVVY_ENV
              Value: prod
            - Name: DIVVY_DB_NAME
              Value: !FindInMap [Vars, db, name]
            - Name: DIVVY_SECRET_DB_NAME
              Value: !FindInMap [Vars, db, secureName]
            - Name: DIVVY_SECRETS_PROVIDER_CONFIG
              Value: !Join
            - Name: "SCHEDULER_SLEEP"
              Value: "180"

3. Apply the updated CFT to your deployment and ensure all schedulers have restarted to complete the change.

Configuring Docker on EC2-based Deployments

Terraform

1. Scheduler/UI: Find the "user-data" local variable for the scheduler in your terraform file. We want to update the existing user-data to use the latest version of docker-compose.yml

- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose.cw.yml -O /divvycloud/docker-compose.yml
- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/prod-sm.env -O /divvycloud/prod.env

Becomes

- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose.cw.yml -O /divvycloud/docker-compose-v4.yml
- mv docker-compose-v4.yml /divvycloud/docker-compose.yml
- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/prod-sm.env -O /divvycloud/prod.env

2. Worker: Find the "user-data" local variable for the workers in your terraform file. Update the existing user-data to use the latest version of docker-compose.yml.

- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose.cw.yml -O /divvycloud/docker-compose.yml
- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/prod-sm.env -O /divvycloud/prod.env

Becomes

- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose.cw.yml -O /divvycloud/docker-compose-v4.yml
- mv docker-compose-v4.yml /divvycloud/docker-compose.yml
- wget -q https://s3.amazonaws.com/get.divvycloud.com/compose/prod-sm.env -O /divvycloud/prod.env

3. Apply the Terraform and ensure all of your ec2 instances have been recreated.

Cloud Formation Template

1. Scheduler/UI: Find the userdata for the scheduler in your Compute CFT file. We want to update the existing user-data to use the latest version of docker-compose.yml.

- curl -O https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose.cw.yml
- mv docker-compose.cw.yml /divvycloud/docker-compose.yml
- sed -i '47,$d' /divvycloud/docker-compose.yml

Becomes

- curl -O https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose-v4.yml
- mv docker-compose-v4.yml /divvycloud/docker-compose.yml
- sed -i '48,$d' /divvycloud/docker-compose.yml

2. Worker: Find the userdata for the workers in your Compute CFT file. We want to update the existing user-data to use the latest version of docker-compose.yml.

- curl -O https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose.cw.yml
- mv docker-compose.cw.yml /divvycloud/docker-compose.yml
...
...
...
- sed -i '3,47d' /divvycloud/docker-compose.yml

Becomes

- curl -O https://s3.amazonaws.com/get.divvycloud.com/compose/docker-compose-v4.yml
- mv docker-compose-v4.yml /divvycloud/docker-compose.yml
...
...
...
- sed -i '3,48d' /divvycloud/docker-compose.yml

3. Apply the CFT and ensure all of your ec2 instances have been recreated.

Updated 4 days ago

Add Scheduler Sleep


Instructions for Enabling Sleep Functionality for the InsightCloudSec Internal Scheduler

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.