Clouds

Locating and Using the Clouds Page within the InsightCloudSec Platform

In InsightCloudSec, the Clouds section of the platform is where you manage your connected clouds. This section of the tool allows you to add clouds and badges, research potential gaps in coverage, monitor and adjust harvesting, and audit data.

The main Clouds page is accessible under the Cloud heading, Cloud --> Clouds.

1429

Clouds Main Landing Page

This page provides details on the tabs offered for the main clouds overview, or where all of your cloud accounts are shown.

Prerequisites

Before getting started with the Clouds main page, you will need to have the following:

  • A functioning InsightCloudSec installation
  • At least one connected cloud account
  • The appropriate permissions to view cloud account details

If you have other questions or concerns, reach out to us through any of the options provided on our Getting Support page.

Clouds Page Summary

As your cloud footprint expands from dozens to hundreds of cloud accounts, this section of the tool becomes increasingly important for ensuring the quality of your data and understanding large-scale changes.

Listing

The Listing tab of the Clouds section includes all cloud accounts for your Organization. Selecting an individual Cloud Account by clicking on the name will give you detailed information about that cloud. Refer to the Clouds Overview Page for details on what is displayed

🚧

Warnings with False Positives - Known AWS Service Control Policy Issue

When viewing details on the Clouds Listing page, InsightCloudSec may provide false positive “Warnings” around missing permissions. In some scenarios the permissions are granted within the Service Control Policy (SCP) but falsely report as missing.

This scenario is the result of a known issue within AWS where, if an Organization has an SCP with conditions based on global keys (e.g., aws:PrincipalArn), the IAM Policy Simulator results are not accurate because it does not have context with the global keys.

If you have verified that the specific permissions identified as missing are included in your SCP, you can safely disregard these warnings; otherwise for remaining questions or concerns, contact us through the Customer Support Portal.

Read more about Service Control Policies.

Organizations

The Organizations tab allows you to manage your connected cloud service provider-based Organization(s) a.k.a. Cloud Organizations. This section of the tool allows you to add and remove Organizations and update configuration information for existing Organizations.

Summary (Cloud Reports)

This tab provides a summary for your overall cloud footprint with several reports to explore details around all of your cloud accounts. Check out the Summary - Cloud Reports page for details on what is displayed on this tab.

Badges

Initially, you will use the Clouds section to add clouds. As you do so, take advantage of the Badge functionality, which allows you to tag your cloud accounts as you would your cloud resources. InsightCloudSec automatically adds system-level badges for cloud type (e.g., AWS) and resource type (e.g., cloud account), as these are required for internal data tracking purposes.

  • The Badges column on the Clouds page can be used to sort your clouds and the column is included in any .CSV export you create.

  • Check out our Badges documentation for details on working with this capability.

EDH Sections

The Clouds landing page includes four tabs for EDH:

  • EDH Consumers - provides a list of Consumers associated with the selected cloud account and access to add consumers via the "EDH Configuration" button
  • EDH Producers - provides a list of Producers associated AWS Accounts and AWS Event Bridge Rules
  • EDH Events Summary - details for the entire organization or a selected individual cloud account
  • EDH Events - displays details of the CloudWatch (AWS), EventGrid (Azure), Cloud Asset Inventory (GCP) events that occur

Check out the Harvesting & Event-Driven Harvesting Overview section for detailed documentation on these tabs and the EDH feature. In general

Download Your Cloud Details

In addition to viewing the details of your Cloud accounts through the InsightCloudSec interface, you also have the ability to download this content by selecting the "Download" button at the top of the page above the Clouds listing.

You can sort the data however you'd like before you export and these filters will be reflected in your output; this includes Badges.

1297

Download Clouds Details

Selecting "Download" from the buttons on the "Listing" tab of the Clouds section will launch the following form and enable you to include tags, or select existing data collections.

  • Badges are included as a column by default, so any Badges specified in this optional form will be in addition to the default.
  • Select "Download" on the form to export this data in a .CSV file.
562

Download Clouds Form