DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

AliCloud, also known as Alibaba Cloud or Aliyun, is the largest cloud computing company in China. Headquartered in Singapore, Alibaba Cloud operates in 18 data center regions and 42 availability zones around the globe.

📘

Support for AliCloud

At this time, DivvyCloud's support of AliCloud is limited to read-only access.

High level process steps:
Step 1. Create a custom policy
Step 2. Create a user
Step 3. Save the Access Key for your user
Step 4. Assign your policy to your user
Step 5. Add your cloud to DivvyCloud

The first four steps are taken in the Alibaba Cloud console; the last is taken in the DivvyCloud tool.

Setup in AliCloud Console

Create a Custom Policy

  1. From the Alibaba Cloud console, go to the Resource Access Control page:
    a. Select Products from the navigation menu.
    b. Select Resource Access Management under the Monitor and Management group.
  1. Create the RAM Policy.
    a. Select Policies under Permissions on the RAM navigation menu.
    b. Select Create Policy.
  1. Give the policy a name. Note rules for special characters in the policy name e.g., spaces are not allowed.
  2. Add a note/description if desired.
  3. Select "Script" for the Configuration Mode.
  4. Copy the following JSON RAM policy (below) into the numbered policy document space on the Alibaba Cloud console.

🚧

Be sure to copy the entire policy, from the first '{' to the last '}'.

DivvyCloud Standard User Policy

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:DescribeRegions",
        "ecs:DescribeZones",
        "ecs:DescribeInstances",
        "ecs:DescribeInstanceTypes",
        "ecs:DescribeDisks",
        "ecs:DescribeSnapshots",
        "ecs:DescribeEipAddresses",
        "ecs:DescribeImages",
        "ecs:DescribeKeyPairs",
        "ecs:DescribeNetworkInterfaces",
        "ecs:DescribeSecurityGroups",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSnapshots",
        "oss:ListBuckets",
        "oss:GetBucketAcl",
        "oss:GetBucketInfo",
        "oss:GetBucketLifecycle",
        "oss:GetBucketLogging",
        "oss:GetWebsite",
        "rds:DescribeDBInstances",
        "rds:DescribeDBInstanceNetInfo",
        "rds:DescribeBackupPolicy",
        "rds:DescribeBackups",
        "ram:ListGroupsForUser",
        "ram:ListGroups",
        "ram:ListUsers",
        "ram:ListPolicies",
        "ram:ListPoliciesForRole",
        "ram:ListPoliciesForUser",
        "ram:ListPoliciesForGroup",
        "ram:ListRoles",
        "ram:GetUser",
        "ram:GetUserMFAInfo",
        "ram:GetLoginProfile",
        "ram:GetPasswordPolicy",
        "ram:ListAccessKeys",
        "kms:ListKeys",
        "kms:DescribeKey",
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches",
        "vpc:DescribeRouteTable",
        "vpc:DescribeRouteEntry",
        "kvstore:DescribeKVInstances",
        "actiontrail:DescribeTrails",
        "actiontrail:GetTrailStatus"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}
  1. Select "OK".
  1. Confirm that your policy has been created. You should see a screen that looks like this:

Create a User

  1. Select "Users" under the "Identity" section of the navigation menu; select "Create User".
  1. Select a login name. Note rules for special characters in the policy name e.g., spaces are not allowed. You may also select a display name, if you wish.
  2. Select "Programmatic Access" for the Access Mode.
  3. Select "OK".

Save the Access Key for Your User

  1. With a new user successfully created, a new User Information screen opens. This screen contains the AccessKeyID and AccessKeySecret.

❗️

Save the Information for the Access Key

Either download a csv file or copy to secure location the Access Key ID and the Access Key Secret.

Assign Your Policy to Your User

  1. Once the user is created, go back to that user and click on it. Then select the Permissions tab under Identities/Users from the navigation menu; select "Add Permissions".
  1. Select "Custom Policy" as the type of policy to add.
  2. Select the name of the policy you created.
  3. Select "OK".
  1. Confirm permissions have been authorized.
  2. Select "Finished".
  1. Confirm that the policy (permissions) have been added for this user.

Add Your Cloud to DivvyCloud

  1. From the DivvyCloud dashboard, navigate to the Clouds main page (under Cloud on the left-side navigation menu). Then select Add Cloud.
  1. Select 'AliCloud' from the technology drop-down list.
  2. Give the cloud account a name.
  3. Add the Access Key and Secret Key you saved in Save the Access Key for Your User: Step 1.
  4. Select Submit.
  1. Confirm the cloud account was successfully added.
    a. Return to the Clouds page from the navigation menu (or select the Listing tab at the top of the Clouds page).
    b. Confirm that your newly added cloud account appears in the listing.

Updated 3 months ago

AliCloud


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.