Cloud Account Detail Page

The "Cloud Account Detail Page", is the dedicated page for an individual cloud account. To view a "Cloud Account Detail Page" navigate from the “Clouds Accounts → Listing” page and select an individual Cloud Account by clicking on the name.

Clicking a target Cloud Account navigates to an overview page that displays curated details for the selected cloud account.

Browsing Options

From the Overview page to browse other cloud accounts:

• Use the drop-down at the top of the page, or
• Use the arrows to navigate through all Cloud accounts alphabetically (the overview page will update to display details for the next Cloud account in the list)

Status Details

Each Cloud Overview page includes high-level status information including:

• Cloud Type (icon)
• Cloud Name
• Harvesting status (active/inactive)
• Harvesting permissions (has all permissions/permissions missing). Note: If harvesting is missing specific permissions an active link provides access to missing permissions details
• For Cloud accounts that contain missing permissions, clicking on the active text opens a module with details about each individual missing permission/ associated resource.
• Account Details
  • Account Number associated with the selected Cloud Account
  • Payer ID & email associated with the Cloud Account (AWS-Only)

Missing Permissions

Customers using AWS, GCP, or Microsoft Azure get visibility on missing permissions for their installation. You can identify what permissions are missing and what the impact of those missing permissions has on visibility into that cloud account. Permission issues prevent harvesting and data retrieval of your cloud resources.

• This data refreshes every two hours. If you've recently made changes to your cloud permissions for this account, please check back in two hours.
• Note: For AWS accounts there may be Service Control Policies that disable some resources.

Overview Display Details

• Total Resources Displays the total resource count for the selected Cloud account. Clicking on the number in blue above the field navigates to a Resources view filtered to display all resources for the selected Cloud account
• Automation Bots Displays the total count of Bots associated with the selected Cloud Account
• Total Instance Cores Displays the total number of Instance Cores.
• Total Instance Memory Displays the total amount of instance memory in GB/TB
• Total Object Storage Displays the total amount of object storage in GB/TB
• Total Block Storage Displays the total amount of block storage in GB/TB

Summary Details for Compute/Container, Storage, Identity

While InsightCloudSec contains 5 Resource Type categories, the Cloud Overview page only features three categories: Compute/Container, Storage, and Identity.

• To navigate to the full view of all available resources click on the "View All of This Cloud's Resources" link.

For each of the featured subsection users can view at-a-glance information about a handful of individual resources including:

• data about the last 30 days
• the total resource count
• access a link to a filtered resource view for the individual resource

Best Practices & Recommendations

This section of the page includes a list of curated Insights that reflect *common security issues and high-impact concerns.

• The list of Best Practices and Recommendations varies by Cloud Server Provider.
• For each Insight listed users can click to view a filtered set of resources based on the selected cloud and specific Insight.

Harvest Results

Displays results of harvesting for the last 14 days for the Cloud selected.

Discovered/Modified Resources

Displays results around discovered or modified resources for the last 30 days for the Cloud selected.

Harvest Info

The "Harvest Info" tab from the overview page of the individual cloud provides details (e.g., resource type, region, etc.) from the last known harvest. This is useful in understanding when a particular resource was last harvested, failures and context, the next scheduled harvest, or when a Bot action was last run.

• Check out our Harvesting Overview documentation for additional details on harvesting and how it works!.
• Or refer to our Resources documentation for more details on individual resources and resource types.

In addition this is where users can manually trigger harvesting of a job, either through "Enqueue Now" for an individual job/resource type, or via "Enqueue Selected" to trigger manual harvesting for multiple jobs under a single Cloud Account.

Settings

The Cloud Settings tab allows you to explore the settings for your clouds accounts. Settings you can manage include:

• Updating the Account information
• Configuring Billing information (which also including configuration of a billing bucket for AWS or GCP)
• Updating the EKS Scanner Role associated with the account for Kubernetes Security Guardrails
• Removing a Cloud Account
• Assign Harvesting Strategy
• Setting Custom Properties
  • With appropriate permissions, you can view and add custom properties to your cloud account. These can be used as metadata or to otherwise extend the functionality of your work within InsightCloudSec.

🚧

Cloud Settings - Items to Note

Permissions
For all of the actions outlined below, appropriate permissions are required. If you are not able to view certain details or make changes, reach out to your administrator or contact us via the Customer Support Portal.

Removing Cloud Accounts
Removing a cloud account from InsightCloudSec does not remove or delete the cloud itself from the cloud service provider.

Removing a cloud account from InsightCloudSec does remove the ability to provide you with complete and accurate visibility into your cloud operations.

Configuring a Billing Bucket (Currently AWS Only)

The Billing Bucket Configuration pane is at the bottom of the Settings page for the individually selected Cloud.

For AWS accounts, your system administrator can configure the billing bucket for the selected cloud account. Billing information will be pulled from this location periodically.

This feature is currently only available for AWS.

• For more information, see AWS Billing Bucket

APIs (GCP-Only)

For GCP-based Cloud accounts, an additional tab is available that displays all the GCP APIs that InsightCloudSec uses with details on their status (enabled or disabled). Check out the content we have on Projects for (GCP) for additional details on configuration.

📘

Auto-Enabling APIs

You can activate API Auto-Enablement if you want InsightCloudSec to automatically enable and harvest from every API, but this requires you to manually enable the Service Usage API.

In general, we do not recommended auto-enabling; InsightCloudSec recommends only enabling APIs that you use for performance, cost, and security benefits.