In InsightCloudSec, the Clouds section of the platform is where you manage your connected clouds. This section of the tool allows you to add clouds and badges, research potential gaps in coverage, monitor and adjust harvesting, and audit data.
The main Clouds page is accessible under the Cloud heading, Cloud --> Clouds.
This page provides details on the tabs offered for the main clouds overview, or where all of your cloud accounts are shown.
To view in-depth information about the summary report (Summary tab) available for your cloud accounts, check out the Summary - Cloud Reports page.
To review information about setting up your cloud account, managing your existing accounts, or managing cloud organizations. Check out the Cloud Account Setup & Management
To review in-depth information about managing your individual cloud accounts, including settings and configuration check out the Clouds Overview Page (Individual Cloud Details)
Before getting started with the Clouds main page, you will need to have the following:
- A functioning InsightCloudSec installation
- At least one connected cloud account
- The appropriate permissions to view cloud account details
If you have other questions or concerns, reach out to us through any of the options provided on our Getting Support page.
As your cloud footprint expands from dozens to hundreds of cloud accounts, this section of the tool becomes increasingly important for ensuring the quality of your data and understanding large-scale changes.
The Listing tab of the Clouds section includes all cloud accounts for your Organization. Selecting an individual Cloud Account by clicking on the name will give you detailed information about that cloud. Refer to the Clouds Overview Page for details on what is displayed
Warnings with False Positives - Known AWS Service Control Policy Issue
When viewing details on the Clouds Listing page, InsightCloudSec may provide false positive “Warnings” around missing permissions. In some scenarios the permissions are granted within the Service Control Policy (SCP) but falsely report as missing.
This scenario is the result of a known issue within AWS where, if an Organization has an SCP with conditions based on global keys (e.g.,
aws:PrincipalArn), the IAM Policy Simulator results are not accurate because it does not have context with the global keys.
If you have verified that the specific permissions identified as missing are included in your SCP, you can safely disregard these warnings; otherwise for remaining questions or concerns, contact us through the Customer Support Portal.
Read more about Service Control Policies.
The Organizations tab allows you to manage your connected cloud service provider-based Organization(s) a.k.a. Cloud Organizations. This section of the tool allows you to add and remove Organizations and update configuration information for existing Organizations.
This tab provides a summary for your overall cloud footprint with several reports to explore details around all of your cloud accounts. Check out the Summary - Cloud Reports page for details on what is displayed on this tab.
Initially, you will use the Clouds section to add clouds. As you do so, take advantage of the Badge functionality, which allows you to tag your cloud accounts as you would your cloud resources. InsightCloudSec automatically adds system-level badges for cloud type (e.g., AWS) and resource type (e.g., cloud account), as these are required for internal data tracking purposes.
The Badges column on the Clouds page can be used to sort your clouds and the column is included in any .CSV export you create.
Check out our Badges documentation for details on working with this capability.
This section provides details for customers taking advantage of our Event-Driven Harvesting capabilities.
In general, InsightCloudSec continually harvests information from the cloud, looking for any changes since the previous harvest. By default, InsightCloudSec harvests resource configuration information according to a set cadence by resource type. Check out the Harvesting Overview for details on this capability.
In addition to viewing the details of your Cloud accounts through the InsightCloudSec interface, you also have the ability to download this content by selecting the "Download" button at the top of the page above the Clouds listing.
You can sort the data however you'd like before you export and these filters will be reflected in your output; this includes Badges.
Selecting "Download" from the buttons on the "Listing" tab of the Clouds section will launch the following form and enable you to include tags, or select existing data collections.
- Badges are included as a column by default, so any Badges specified in this optional form will be in addition to the default.
- Select "Download" on the form to export this data in a .CSV file.
Updated 4 months ago