InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

AWS Support Reference

AWS Services and APIs for Which InsightCloudSec Supports

Supported Services

Listed below are all of the AWS services (and their components) supported by InsightCloudSec. If you have questions related to AWS or specific services and their support, contact us through [email protected].

📘

AWS Supported Services & Regions

In general, InsightCloudSec provides support for the AWS resources listed below for all regions in which they are available. In some scenarios, some resources or services may not be available in certain regions (or for AWS GovCloud in general). This is typically the result of restrictions related to the region itself or otherwise imposed by AWS to comply with regional policies. We recommend that you refer to the AWS documentation on those specific regions for official details.

For example, refer to the table for AWS services in China here or refer to the list of available AWS GovCloud services here.

Also note that InsightCloudSec now recognizes the EC2 Serial Console as part of general EC2 service support.

API Gateway (Domain, Key, Stage)
Amazon DocumentDB
Amazon Kendra (Index)
Amazon Macie
Amazon MemoryDB for Redis
Amazon MQ
Amazon SageMaker (Notebook)
Amazon Simple Email Service
Amazon Redshift (Snapshot)
Amazon Timestream
Athena (Workgroup)
AWS App Runner
AWS AppSync
AWS Auto Scaling (Group, Launch Configurations)
AWS Backup (Vault)
AWS Glue (Data Catalog, Security Configuration)
AWS Organizations (Consolidated Bill, Service Control Policy)
AWS Outposts
AWS Transfer Family (SFTP Server)
Batch (Compute Environment)
CloudFormation (Templates)
CloudFront
CloudSearch (Cluster)
CloudTrail
CloudWatch (Alarm, Log Group, Logs Destination, Rule, EventBridge event bus)
CodeBuild (Project)
Cognito (User Pool)
Database Migration Service (Replication Instance)
DataSync (Task)
Direct Connect
Directory Service
DynamoDB (Accelerator (DAX))
EC2 (Amazon EBS Snapshot, Amazon EBS Volume, Dedicated Instance, Instance, Reserved Instance, Resource/Service Limit/Quota, SSH Key Pairs)
EFS
Elastic Beanstalk (Application, Environment)
Elastic Container Registry (Container Image, Container Registry)
Elastic Container Service/Fargate (Cluster, Container, Container Task, Task Definition)
Elastic Kubernetes Service (Cluster, Container Instance)
Elastic Load Balancer (Application Load Balancer, Gateway Load Balancer, Network Load Balancer)
Elastic Transcoder (Pipeline)
ElastiCache (Snapshot)
Elasticsearch Service
EMR
FSx
GuardDuty (Detector)
IAM (Access Analyzer, Cloud Account, Group, Policy (Customer Managed), Role, IAM/ACM SSL Certificate, User, User Access Key)
Key Management Service
Kinesis (Data Firehose)
Kinesis Video Stream
Lambda
Lightsail
Managed Apache Airflow (Environment)
MSK (Instance)
Neptune
RDS (Aurora, Cluster, Event Subscription, Instance, Proxy, Snapshot)
Region
Route 53 (DNS Zone, Domain, Resolver Configuration)
S3 (Access Point)
S3 Glacier
SAML Identity Provider
Secrets Manager (Secret)
Serverless Application Repository
Simple Queue Service
Simple Notification Service (Subscription, Topic)
Storage Gateway (NFS/SMB File Share)
Systems Manager (Parameter Store (Parameter), Document)
Trusted Advisor
VPC (Elastic IP, Elastic Network Interface (ENI), Endpoint Service, Endpoint/PrivateLink, Flow Log, Internet Gateway, Managed Prefix List, NACL/Security Group, NACL/Security Group Rules, NAT Gateway, Peer, Route, Route Table, Site-to-Site VPN, Subnet, Traffic Mirror Target, Transit Gateway, Virtual Private Gateway)
WAF & Shield
WorkSpaces (Instances)

Supported API Calls

Listed below are all of the API calls supported across AWS services based on the many policies that InsightCloudSec provides. This list is for administrators who may want to fine tune a policy with granular read/write operations.

EC2 Commands
============

AllocateAddress
AssociateAddress
AssociateRouteTable
AttachInternetGateway
AttachNetworkInterface
AttachVolume
AuthorizeSecurityGroupIngress
CopyImage
CopySnapshot
CreateDefaultVpc
CreateImage
CreateInstanceExportTask
CreateInternetGateway
CreateKeyPair
CreateNetworkAcl
CreateNetworkInterface
CreateRole
CreateRoute
CreateRouteTable
CreateSecurityGroup
CreateSnapshot
CreateSubnet
CreateTags
CreateVolume
CreateVpc
DeleteInternetGateway
DeleteKeyPair
DeleteNetworkAcl
DeleteNetworkAclEntry
DeleteNetworkInterface
DeleteRoute
DeleteRouteTable
DeleteSecurityGroup
DeleteSnapshot
DeleteSubnet SubnetId
DeleteTags
DeleteVolume
DeleteVpc VpcId
DeleteVpcPeeringConnection
DeregisterImage
DescribeAddresses
DescribeAddresses
DescribeAvailabilityZones
DescribeAvailabilityZones
DescribeFlowLogs
DescribeHosts
DescribeImageAttribute
DescribeImages
DescribeImportImageTasks
DescribeInstanceAttribute
DescribeInstanceStatus
DescribeInstanceTypes
DescribeInstances
DescribeInternetGateways
DescribeKeyPairs
DescribeKeyPairs
DescribeKeyPairs
DescribeNetworkAcls
DescribeNetworkInterfaceAttribute
DescribeNetworkInterfaces
DescribePlacementGroups
DescribeRegions
DescribeReservedInstances
DescribeRouteTables
DescribeSecurityGroups
DescribeSnapshots
DescribeSubnets
DescribeTags
DescribeVolumeStatus
DescribeVolumes
DescribeVpcAttribute
DescribeVpcPeeringConnections
DescribeVpcs
DetachInternetGateway
DetachNetworkInterface
DetachVolume
DisassociateAddress
DisassociateRouteTable
GetConsoleOutput
GetPasswordData
ImportImage
ImportInstance
ImportKeyPair
ModifyImageAttribute
ModifyImageAttribute
ModifyInstanceAttribute
ModifyNetworkInterfaceAttribute
ModifyVolume
ModifyVpcAttribute
RegisterImage
ReleaseAddress
ReplaceRouteTableAssociation
RunInstances
TerminateInstances

Redshift Commands
=================
CreateClusterSnapshot
CreateTags
DeleteClusterSnapshot
DeleteTags
DescribeClusterSnapshots
DescribeClusters
DescribeTags

IAM Commands
============
DeleteUser
DeletePolicy
GetAccessKeyLastUsed
GetAccountPasswordPolicy
GetAccountSummary
GetLoginProfile
GetUser
ListAccessKeys
ListAttachedRolePolicies
ListAttachedUserPolicies
ListMFADevices
ListPolicies
ListRolePolicies
ListRoles
ListServerCertificates
ListUsers
UpdateAccessKey
UpdateAssumeRolePolicy

Autoscale Commands
==================
AttachInstances
CreateAutoScalingGroup
CreateLaunchConfiguration
DeleteAutoScalingGroup
DeleteLaunchConfiguration
DetachInstances
PutScalingPolicy
PutScalingPolicy
SetDesiredCapacity

RDS Commands
============
AddTagsToResource
CreateDBSnapshot
DeleteDBInstance
DeleteDBSnapshot
DescribeDBEngineVersions
DescribeDBInstances
DescribeDBSnapshots
DescribeReservedDBInstances
ListTagsForResource
RebootDBInstance
RemoveTagsFromResource
StartDBInstance
StopDBInstance

Elasticache Commands
====================
AddTagsToResource
CreateSnapshot
DeleteCacheCluster
DeleteSnapshot
DescribeCacheClusters
DescribeSnapshots
ListTagsForResource
RebootCacheCluster
RemoveTagsFromResource

LoadBalancer Commands
============
AddTags
ApplySecurityGroupsToLoadBalancer
AttachLoadBalancerToSubnets
CreateLoadBalancer
CreateLoadBalancerListeners
CreateLoadBalancerPolicy
DeleteLoadBalancer
DeleteLoadBalancerListeners
DeleteLoadBalancerPolicy
DeregisterInstancesFromLoadBalancer
DeregisterInstancesFromLoadBalancer
DescribeLoadBalancerAttributes
DescribeLoadBalancerPolicies
DescribeLoadBalancerPolicyTypes
DescribeLoadBalancers
DescribeLoadBalancers
DescribeTags
DetachLoadBalancerFromSubnets
RegisterInstancesWithLoadBalancer
RegisterInstancesWithLoadBalancer
RemoveTags
SetLoadBalancerPoliciesForBackendServer
SetLoadBalancerPoliciesOfListener

CloudTrail Commands
===================
DeleteTrail
DescribeTrails
GetTrailStatus
StartLogging
StopLogging

Route53 Commands
================
ChangeResourceRecordSets
ChangeTagsForResource
CreateHostedZone
DeleteHostedZone
ListHostedZones
ListHostedZonesByName
ListGeoLocations
ListHealthChecks
ListResourceRecordSets
ListTagsForResource
ListTagsForResources
ListVPCAssociationAuthorizations

S3 Commands
===========
DELETE Bucket
DELETE Bucket CORS
DELETE Bucket Policy
DELETE Bucket Tagging
GET Bucket
GET Bucket ACL
GET Bucket CORS
GET Bucket Logging
GET Bucket Policy
GET Bucket Tagging
GET Bucket Versioning
GET Bucket Website
PUT Bucket ACL
PUT Bucket CORS
PUT Bucket Policy
PUT Bucket Tagging
PUT Bucket Logging

Cloudwatch Commands
===================
DescribeAlarms
GetMetricStatistics
ListMetrics

Organizations Commands
======================
ListAccounts
DescribeOrganization

Certificate Manager (ACM) Commands
==================================
ListCertificates
DescribeCertificate

Elastic File System (EFS) Commands
==================================
DescribeFileSystems
DescribeTags
CreateTags
DeleteTags
CreateFileSystem
DescribeMountTargetSecurityGroups
DescribeMountTargets
DeleteMountTarget
CreateMountTarget
ModifyMountTargetSecurityGroups

Lambda Commands
===============
ListFunctions
ListTags

Elasticsearch Commands
======================
ListDomainNames
ListTags
DescribeElasticsearchDomains

Config Commands
===============
DescribeConfigurationRecorders
DescribeConfigurationRecorderStatus
DescribeDeliveryChannels
DescribeDeliveryChannelStatus

STS Commands
============
AssumeRole
GetCallerIdentity

Stack Template Commands
=======================
DescribeStacks
ListStackResources
ListStacks
DescribeStackResource
DescribeStackResources
GetTemplate
DeleteStack

DynamoDB
========
DescribeTable
DescribeGlobalTable
ListBackups
ListTables
ListGlobalTables
ListTagsOfResource

DynamoDB DAX
============
DescribeClusters
DescribeTable
ListTables
ListTags

SQS
===
GetQueueAttributes
ListQueues
ListQueueTags

Workspaces
==========
DescribeTags
DescribeWorkspaces
DescribeWorkspaceBundles
DescribeWorkspacesConnectionStatus
DescribeWorkspaceDirectories

Kinesis
=======
ListStreams
DescribeStream
DeleteStream
ListShards
AddTagsToStream
ListTagsForStream
RemoveTagsFromStream

Firehose
========
ListDeliveryStreams
DescribeDeliveryStream
DeleteDeliveryStream
TagDeliveryStream
ListTagsForDeliveryStream
UntagDeliveryStream

Updated 10 days ago

AWS Support Reference


AWS Services and APIs for Which InsightCloudSec Supports

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.