In DivvyCloud, the Clouds section of the platform is where you manage your connected clouds. This section of the tool allows you to add clouds, and badges, research potential gaps in coverage, monitor and adjust harvesting, and audit data.
The main Clouds page is accessible under the Cloud heading, Cloud --> Clouds.
Before getting started with the Clouds main page you will need to have the following:
- A functioning DivvyCloud installation
- At least one connected cloud account
- the appropriate permissions to view cloud account details
For information on connecting a cloud account, refer to our page on Cloud Account Setup.
If you have other questions or concerns reach out to us through any of the options provided on our Getting Support page.
As your cloud footprint expands from dozens to hundreds of cloud accounts, this section of the tool becomes increasingly important for ensuring the quality of your data and understanding large-scale changes.
The Clouds page includes a number of tabbed sections that we explore in greater detail on our Cloud Reports page.
Initially, you will use the Clouds section to add clouds. As you do so, take advantage of the Badge functionality, which allows you to tag your cloud accounts as you would your cloud resources. DivvyCloud automatically adds system-level badges for cloud type (e.g., AWS, and resource type, e.g., cloud account - as these are required for internal data tracking purposes.)
You can add badges to reflect your business priorities. We have seen cloud-savvy customers using, as a baseline, badges for
risk level, and more. When you add badges to your clouds, you are able to aggregate your data for analysis and to take action based on badge keys and values.
If you have added your master AWS account, DivvyCloud automatically downloads basic metadata about linked cloud accounts from the master account and displays that information. This information will allow you to determine if any AWS child accounts are unmanaged and unmonitored by DivvyCloud.
If you have added your master GCP domain/organization, DivvyCloud will automatically add all associated sub-projects. This ensures that no sub-projects remain unmanaged and unmonitored by DivvyCloud.
DivvyCloud continually harvests information from the cloud, looking for any changes since the previous harvest. By default, DivvyCloud harvests resource configuration information according to a set cadence by resource type.
- The frequency of harvesting is based on institutional knowledge and general best practices.
- Harvesting cadence can be modified--decreased to reduce harvesting workload, or increased to track changes closer to real-time--on a cloud type, badge, region, or resource basis to better match harvesting resources with your needs.
Learn more about configuring your harvesting cadence by region.
An additional harvesting strategy is available for AWS clouds: Event-driven Harvesting (EDH). When choosing EDH, DivvyCloud harvests CloudWatch events to receive notifications of resource configuration changes.
- Upon receiving notification of such changes, DivvyCloud targets a harvest for that specific resource. This is a difference in approach between "tell me everything" and "tell me what's changed". That difference allows more efficient, real-time harvesting.
An additional benefit of the EDH approach is that the harvested data includes data about change events. That change event data allows you to conduct a more detailed audit of changes, e.g., who, what, when, and where, and allows you to do so in a global fashion, i.e., across all AWS accounts and across all AWS regions, from a single location.
- It is an extremely useful way to analyze and track individual changes across your entire AWS infrastructure.
- The following documents provide more information: Event Driven Harvesting (AWS) and Event Driven Harvesting Reports .
Customers using AWS, GCP, or Microsoft Azure get visibility on missing permissions for their installation. You can identify what permissions are missing and what the impact of those missing permissions has on visibility into that cloud account. Permission issues prevent harvesting and data retrieval of your cloud resources.
- This data refreshes every two hours. If you've recently made changes to your cloud permissions for this account, please check back in two hours.
- Note: For AWS accounts there may be Service Control Policies which disable some resources.
As shown in the image below, when viewing cloud permissions, you will see a display clearly identifying the missing permission(s) for each service supported by DivvyCloud.
In addition to viewing the details of your Cloud accounts through the DivvyCloud interface, you also have the ability to download this content by selecting the "Download" button at the top of the page above the Clouds listing.
Selecting "Download" from the buttons on the "Listing" tab of the Clouds section will launch the following form and enable you to include tags, Badges, or select existing data collections. Select "Download" on the form to export this data in a .CSV file.
Updated about a month ago