China Cloud Overview & Support

After InsightCloudSec is successfully installed, you're ready to start harvesting resources from your target cloud accounts. This documentation combines information for configuring your China Cloud environments to "talk" with InsightCloudSec securely. Review the sections below to determine the best starting point for your environment.

China Cloud in InsightCloudSec: Frequently Asked Questions (FAQ)

What does InsightCloudSec support for China Clouds?

What does InsightCloudSec support for China Clouds?

Review the full list of China-specific supported services below.

How do I start seeing my China environments in InsightCloudSec?

How do I start seeing my China environments in InsightCloudSec?

InsightCloudSec relies on a process called "harvesting" to pull data from various CSPs. Currently, InsightCloudSec only offers onboarding for an individual cloud account in AWS China via our universal onboarding experience.

Can customers running InsightCloudSec in China Cloud (self-hosted) harvest commercial account data/resources?

Can customers running InsightCloudSec in China Cloud (self-hosted) harvest commercial account data/resources?

AWS China:

Yes, however, customers must use an STS assume role operation instead of a traditional assume role. API calls cannot be made between AWS partitions (commercial/GovCloud/China) until a cross-partition STS assume role operation has been performed.

Can customers running InsightCloudSec in commercial cloud environments (SaaS and self-hosted) harvest China Cloud account data/resources?

Can customers running InsightCloudSec in commercial cloud environments (SaaS and self-hosted) harvest China Cloud account data/resources?

AWS China:

Yes, however, customers must use a STS assume role operation instead of a traditional assume role. API calls cannot be made between AWS partitions (commercial/GovCloud/China) until a cross-partition STS assume role operation has been performed.

AWS China Support

AWS China Policies

AWS China Policies

InsightCloudSec offers several different AWS policies for harvesting resource information found in your AWS accounts and enabling InsightCloudSec features. Our universal onboarding experience will implement the appropriate policies automatically, so there's no need for AWS China-specific policies. Review AWS Policies for details.

AWS China Supported Deployment Regions

AWS China Supported Deployment Regions

InsightCloudSec can only be deployed in AWS. For self-hosted customers, InsightCloudSec can be exclusively deployed/hosted in AWS China, if you so choose.

AWS China Supported Services

AWS China Supported Services

Listed below are all of the AWS China services (and their components) supported by InsightCloudSec. In general if a service is supported by InsightCloudSec, we support it in any region in which the CSP provides the service. If you have questions related to AWS or specific services and their support, contact us through the Customer Support Portal.

text
1
Amazon API Gateway (Domain, Key, Stage, Usage Plans)
2
Amazon DocumentDB
3
Amazon Keyspaces
4
Amazon SageMaker (Notebook, Training job)
5
Amazon Redshift (Serverless Namespace, Serverless Workgroup, Snapshot)
6
Amazon Transcription
7
Athena (Workgroup)
8
AWS Auto Scaling (Group, Launch Configurations)
9
AWS Backup (gateway, Vault)
10
AWS Glue (Connection, Crawler, Data Catalog, Database, Job, Security Configuration)
11
AWS Health Dashboard
12
AWS Organizations (Consolidated Bill, Service Control Policy)
13
AWS Systems Manager (Association, Parameter Store (Parameter), Document)
14
AWS Transfer Family (SFTP Server)
15
Batch (Compute Environment)
16
Certificate Manager (Private Certificate Authority)
17
CloudFormation (Templates)
18
CloudFront
19
CloudSearch (Cluster)
20
CloudTrail
21
CloudWatch (Alarm, Log Group, Rule, EventBridge event bus)
22
CodeBuild (Project)
23
Database Migration Service (Endpoint, Replication Instance)
24
Direct Connect
25
Directory Service
26
DynamoDB (Accelerator (DAX))
27
EC2 (Amazon EBS Snapshot, Amazon EBS Volume, Dedicated Instance, Instance, Launch Template, Reserved Instance, Resource/Service Limit/Quota, Savings Plans, SSH Key Pairs)
28
EFS
29
Elastic Beanstalk (Application, Environment)
30
Elastic Container Registry (Container Image, Container Registry)
31
Elastic Container Service/Fargate (Cluster, Container, Container Task)
32
Elastic Kubernetes Service (Cluster, Container Instance, Node Group)
33
Elastic Load Balancer (Application Load Balancer, Gateway Load Balancer, Network Load Balancer)
34
ElastiCache (Snapshot)
35
EMR
36
FSx
37
GuardDuty
38
IAM (Access Analyzer, Cloud Account, Group, Policy (Customer Managed), Role, IAM/ACM SSL Certificate, User, User Access Key)
39
Key Management Service
40
Kinesis (Data Firehose)
41
Kinesis Video Stream
42
Lambda (Layer)
43
MSK (Instance)
44
Neptune
45
OpenSearch Service
46
RDS (Aurora, Cluster, Event Subscription, Instance, Snapshot)
47
Region
48
Resource Access Manager (Resource shares, Shared resources)
49
Route 53 (DNS Zone, Domain)
50
S3 (Access Point, Multi-Region Access Point)
51
S3 Glacier
52
SAML Identity Provider
53
Secrets Manager (Secret)
54
Serverless Application Repository
55
Simple Queue Service
56
Simple Notification Service (Subscription, Topic)
57
Step Function State Machine
58
Storage Gateway
59
Systems Manager (Document)
60
Trusted Advisor
61
VPC (Elastic IP, Elastic Network Interface (ENI), Endpoint Service, Endpoint/PrivateLink, Flow Log, Internet Gateway, Managed Prefix List, NACL/Security Group, NACL/Security Group Rules, NAT Gateway, Network Firewall (Rules, Rule Groups), Peer, Route, Route Table, Site-to-Site VPN, Subnet, Traffic Mirror Target, Transit Gateway, Virtual Private Gateway)
62
WAF (Rules, Rule Groups)
63
WorkSpaces (Instances)