Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

Compute Resources

Compute Resources are available in InsightCloudSec as the first section (tab) under the Resource landing page. These resources are related to compute functionality and include resources like app servers, instances, and elastic search instances.

Compute resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific terminology with the associated logo to help users confirm the displayed information. For example, an Autoscaling Group refers to Amazon's "Autoscaling Group", Google's "Autoscalers", and Azure's "Virtual Machine Scale Sets".

For a detailed reference of this normalized terminology check out our Resource Terminology.

Some attributes may not be included in these lists

A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.

If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to us through the Customer Support Portal with any questions!

Airflow Environment

Airflow Environments offers managed orchestration service for Apache Airflow - an open-source tool used to programmatically author, schedule, and monitor sequences of processes and tasks referred to as workflows.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the Airflow Environment resides
name	The name of the Airflow Environment
arn	The ARN associated with the Airflow Environment
create_time	The time when this Airflow Environment was created
version	The version of the Airflow Environment
environment_class	The environment class, e.g., 'mw1.small'
max_workers	The maximum number of workers allowed with this Airflow Environment
status	The status of the Airflow Environment (e.g., available)
logging_configuration	A description of the logging configuration, including TaskLogs, WorkerLogs, and SchedulerLogs
encrypted	Denotes whether the Airflow Environment is encrypted
key_resource_id	The provider ID of Encryption Key (if encrypted)
execution_role_resource_id	The resource ID for the execution role
service_role_resource_id	The resource ID for the service role
webserver_access_mode	The webserver access mode, e.g., public only
webserver_url	The URL for the webserver
relationships	A list of resources associated with the Airflow Environment

Apps

App Configurations

App Configurations provide a means to centrally manage application settings and feature flags.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
config_id	The provider ID for the configuration
name	The name of the configuration
resource_group	The name of the resource group the configuration is associated with
provisioning_state	The provisioning state of the configuration
region_name	The name of the region in which the configuration resides
sku	The pricing tier of the configuration
purge_protection_enabled	Indicates if purge protection is enabled for the configuration
public_network_access	The network access configuration of the configuration
automatic_network_setting	Indicates if public network access on the resource is set to the automatic setting
creation_date	The date the configuration was created
soft_delete_retention_days	The number of days the configuration will be retained if deleted
encrypted_with_cmk	Indicates if the configuration is encrypted using a customer key
identity_type	The type of identity assigned to the configuration
disable_local_auth	Indicates if local authentication is disabled for a configuration
endpoint	The endpoint of the configuration
private_endpoint_connections	The number of endpoints attached to the configuration
namespace_id	The fully qualified ID of the resource, including the resource name and resource type

App Engine Service

An App Engine Service is a small logical component of a large app, i.e., a microservice.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the service
region_name	The name of the region in which the service resides
namespace_id	The fully qualified ID of the resource, including the resource name and resource type
service_id	The unique ID for the service
app_engine_status	The status of the service
ingress_traffic	The rules for ingress of the service
firewall_rules	The firewall rules for the service

App Engine Service Version

An App Engine Service Version is a compiled version of one of your services, which can be used for rollbacks or testing.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the service
service_id	The unique ID for the service
namespace_id	The fully qualified ID of the resource, including the resource name and resource type
version_id	The unique ID for the service version
environment	The type of environment on which the version is deployed
runtime	The runtime the service version is using
legacy_runtime	Denotes whether the runtime is legacy
version_status	The status of the service version

App Server

App Servers are the underlying virtual machines that host Azure App Services. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which this App Server resides
app_server_id	The provider ID of the App Server
name	The name of the App Server
server_type	The type of the App Server (F1 Free, B1 Basic, S1 Standard, etc)
instance_count	The number of instances running this app
max_instance_count	The maximum number of instances for running the app
app_count	The number of apps running on the App Server
state	The state of the App Server (ready, stopped, etc)

App Stream Fleet

An App Stream Fleet is a managed application streaming service that streams desktop applications to users.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the App Stream Fleet resides
arn	The ARN associated with the App Stream Fleet
name	The name of the App Stream Fleet
image_name	The image name associated with the App Stream Fleet
image_arn	The ARN associated with the image for the App Stream Fleet
instance_type	The type of instance used by the App Stream Fleet
instance_flavor_resource_id	The Resource ID for the instance flavor used by the App Stream Fleet
fleet_type	The type of Fleet for the App Stream
compute_status	Status of compute resources for the App Stream Fleet
max_user_duration	The maximum duration (in seconds) for users
disconnect_timeout	The timeout (in seconds) for a user to disconnect
state	The state of the App Stream Fleet
creation_date	The date and timestamp for the creation of the App Stream Fleet
default_internet_access	Indicates whether default internet access is enabled for the fleet
domain_joined	Indicates whether the Fleet is associated with a directory domain
role_resource_id	The Resource ID for the role associated with the Fleet
stream_view	The stream view displayed to users while using the Fleet
platform	The platform of the Fleet
session_script_s3	Describes the S3 session script
relationships	List of resources associated with the Fleet

Autoscaling

Autoscaling Group

Autoscaling Groups contain a collection of Instances that share similar characteristics and are treated as a logical grouping for the purposes of instance scaling and management. The Autoscaling Group class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
group_id	The provider ID of the autoscaling group
name	The name of the autoscaling group
arn	The ARN associated with the autoscaling group
create_time	The time when this autoscaling group was created
region_name	The region in which this autoscaling group resides
health_check_grace_period	The amount of time (in seconds) that the autoscaling group will wait to run the system health check, after instances have been started
min_size	The minimum number of instances running at all times on this autoscale group
max_size	The maximum number of instances that can be running at any time on this autoscale group
desired_capacity	The desired amount of instances running at all times in the autoscaling group
new_instance_protection	The instances that are protected from termination during scale in
default_cooldown	The amount of time the autoscaling group will wait before resuming scaling activities
multi_az	Denotes if the group is multi AZ
suspended_processes	The JSON value of suspended processes
vm_profile	The JSON value of the profile of the machine
spot_instances	Whether the autoscaling group will utilize spot instances
upgrade_policy	Describes the upgrade policy settings for the autoscaling group
launch_configuration	The launch configuration that is associated with the autoscaling group
launch_template	A launch template that is associated with the autoscaling group
warm_pool_size	The number of warm pool instances configured
warm_pool_instances	The type of instances in the warm pool
load_balancers	A list of classic load balancers that are associated with the autoscaling group
target_group	A list of application target groups that are associated with the autoscaling group
vulnerability_sources	The vulnerability source (requires IVM agent integration)

class DivvyResource.Resources.autoscalinggroup.AutoscalingGroup(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Autoscaling Group Operations

delete(user_resource_id=None)
Not now available for use.

static get_db_class()

get_instances()
Retrieve the instance members the group uses.

static get_provider_id_field()

static get_resource_type()

get_subnets()
Retrieve the subnets the group operates in.

get_supported_actions()
Retrieve all the actions which are supported by this resource.

group

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

has_attached_instance()
Return True is instance(s) are attached to asg.

modify(max_size=None, min_size=None, user_resource_id=None)
Modify the Autoscaling group. This makes a call sot he upstream providier to change one or more properties.

name

provider_id

top_level_resource = True

Autoscaling Launch Configuration

Autoscaling Launch Configurations are templates that autoscaling groups use to launch instances.
This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region the Autoscaling Launch Configuration resides in
image_id	The provider ID of image instances are launched from
name	The name of the autoscaling launch configuration
arn	The Amazon resource name of the autoscaling launch configuration
instance_type	The type of instance to launch
spot_price	The maximum hourly price to be paid for any spot instance launched from autoscaling launch configuration
identity_management_role	The role associated with the autoscaling launch configuration
creation_timestamp	The time autoscaling launch configuration was created
monitoring	Denotes if detailed monitoring is enabled on instances launched from autoscaling launch configuration (true/false)
kernel_id	The ID of the kernel associated with the Image
ram_id	The ID of the RAM disk to select
associate_ip	Denotes whether to assign a public IP address to each instance
block_storage_optimized	Denotes whether the launch configuration is optimized for I/O (true) or not (false)
role_resource_id	The resource ID of the role performing the autoscaling
user_data	The user data to make available to the launched instances using this configuration
sensitive_data	Indicates if the launch configuration contains sensitive data within the user data
contains_secret	Indicates if the launch configuration contains a Secret within the user data

Batches

Batch Environment

An environment containing many compute nodes that can run large-scale parallel and high-performance computing batch jobs efficiently, e.g., Azure Batch Account, AWS Batch Compute Environment.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the Batch Environment
region_name	The region in which the Batch Environment resides
namespace_id	The fully qualified ID of the resource, including the resource name and resource type
state	The state of the Batch Environment
endpoint	The endpoint where the Batch Environment is accessible
public_access	Whether public access is enabled for the Batch Environment
allocation_type	The allocation type for the Batch Environment
minimum_cpus	The minimum amount of CPUs allocated for the Batch Environment
maximum_cpus	The maximum amount of CPUs allocated for the Batch Environment
storage_account_resource_id	The resource ID for the storage account associated with the Batch Environment
encryption	The encryption enabled for the Batch Environment
pool_type	The type of instance pool within the Batch Environment
role_resource_id	The resource identifier for the role allocated to the Batch Environment.

Batch Pool

A group of compute nodes that is used in a batch environment to run large-scale parallel and high-performance computing batch jobs efficiently, e.g., Azure Batch Pool.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the Batch Pool
region_name	The region in which the Batch Pool resides
namespace_id	The fully qualified ID of the resource, including the resource name and resource type
environment_resource_id	The ID for the Batch Pool's parent Batch Environment
last_modified	The most recent time the Batch Pool was modified
state	The state of the Batch Pool
vm_size	The size of the virtual machine(s) within the Batch Pool
autoscaling	Whether the Batch Pool has autoscaling enabled
inter_node_communication	Whether the Batch Pool has internode communication enabled
subnet_resource_id	The resource ID of the subnet in which the Batch Pool is running, if known

Big Data

Big Data Instance

Big Data Instances are database instances which store and process big data. An example of this type of instance is AWS Redshift. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region that the instance resides in
instance_id	The provider ID of the instance
name	The name of the instance
instance_type	The type of instance
instance_flavor_resource_id	The resource ID of the type (flavor) this instance runs on
state	The state of the big data instance
create_time	The time the instance was created
availability_zone	The zone where the big data instance lives
endpoint_address	The FQDN of the big data instance
endpoint_port	The port that the big data instance listens on
nodes	The number of nodes in the cluster
version	The software version the big data instance leverages
allow_version_upgrade	Denotes whether the instance has automatic version upgrades enabled
db_name	The name of the master database
subnet_group_name	The database subnet group name that the instance uses
vpc_id	The database VPC ID that the instance uses
backup_retention	An integer representing the number of days that automatic snapshots are retained for
master_username	The username of the master user
encrypted	Denotes if the data stored on the instance is encrypted
key_resource_id	The provider ID of Encryption Key (if encrypted)
publicly_accessible	Denotes if the instance can be accessed over the Internet
access_lists	The list of associated security groups
instance_flavor	The returned flavor of a object which contains information on the size of the instance
ssl_required	Denotes if SSL is required (true/false)
fips_required	Denotes if FIPS compliant SSL mode is required
logging	Boolean value on whether a Big Data Instance is logging
logging_bucket	The location of the Storage Container the Big Data Instance is logging to, if known
parameter_groups	The parameter group(s) associated with the instance

class DivvyResource.Resources.bigdatainstance.BigDataInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Big Data Instance Operations

delete(wait_for_result=True, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the instance state.

get_supported_actions()

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

`instance

top_level_resource = True

Big Data Serverless Namespace

A Big Data Serverless Namespace is a collection of database objects and users.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
namespace_id	The provider-specific namespace ID value
name	The name of the namespace resource
db_name	The database name associated with the namespace
region_name	The region in which the namespace is located
state	The status of the namespace
arn	The ARN value associated with the namespace
role_resource_id	Denotes the IAM role associated with the namespace
admin_username	Denotes the admin username associated with the namespace
key_resource_id	Denotes the key associated with the namespace
log_exports	Denotes the log export configurations for the namespace
creation_date	The date the namespace was created

Big Data Serverless Workgroup

A Big Data Serverless Workgroup is a collection of compute resources.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
namespace_id	The provider-specific namespace ID value
organization_service_id	The ID of the parent organization service (cloud)
workgroup_id	The ID associated with the workgroup
name	The name of the workgroup resource
region_name	The region in which the workgroup is located
state	The status of the workgroup
arn	The ARN value associated with the workgroup
vpc_endpoints	The count of VPC endpoints attached to the workgroup
creation_date	The date the workgroup was created
base_capacity	The base capacity of the workgroup
enhanced_routing	Denotes whether the workgroup has enhanced routing enabled
publicly_accessible	Denotes whether the workgroup is publicly accessible
relationships	List of resources associated with the workgroup

Big Data Workspace

Big Data Workspace comprises data integration, data warehousing, and big data analytics functionality. An example of a Big Data Workspace is an Azure Synapse resource.

Attribute	Description
name	The name of the workspace
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
workspace_id	The provider ID of the workspace
region_name	The region in which the workspace resides
state	The state of the big data workspace (e.g., Succeeded)
double_encryption_enabled	Denotes if double encryption is enabled (true/false)
workspace_type	The type of workspace (e.g., Normal)
sql_administrator_login	Login name for the SQL administrator
scope_enabled	Denotes whether scope is enabled (true/false)
public_access	Denotes whether access is public (true/false)

Build Project

Build Project configures how source code is built, e.g., where to obtain the code and which build environment to use.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region that the Build Project resides in
project_id	The Project ID associated with the Build Project
name	The name of the Build Project
description	The description associated with the Build Project
creation_date	The creation date of the Build Project
build_type	The type of repository that contains the source code to be built
privilege_mode	Denotes if the Build Project is running in privileged mode
cache_type	The type of cache used by the Build Project
encrypted	Denotes whether the Build Project is encrypted or not
role_resource_id	The Resource ID of the associated service Role, if applicable
key_resource_id	The Resource ID of the encryption key, if applicable
network_resource_id	The Resource ID of the associated VPC, if applicable
logging_bucket	The details of the bucket where logs are being sent, if applicable
log_group_name	The logging group name, if applicable
arn	The Amazon Resource Name (ARN) of the Build Project
build_image	The image the Build Project is using
clear_text_credentials	Indicates if the Build Project contains credentials in clear text
contains_secret	Indicates if the Build Project contains a secret

Cache

Cache Database Cluster

A Cache Database Cluster is an in-memory database service that provides fast performance and durability, e.g., AWS MemoryDB.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the Cache Database Cluster resides
name	The name of the Cache Database Cluster
description	Text description for the Cache Database Cluster
state	The state of the Cache Database Cluster
number_of_shards	The number of shards in the cluster
multi_az	Denotes if the cluster can be in multiple availability zones
endpoint_address	The fully-qualified domain name for the Cache Database Cluster
endpoint_port	The port that the Cache Database Cluster listens on
instance_type	The type of instance being used to host Cache Database Cluster
engine_version	The version of the engine currently installed
nodes	The number of nodes in the cluster
parameter_group	The name of the parameter group associated with the Cache Database Cluster
subnet_group	The subnet associated with the Cache Database Cluster
transit_encryption	Boolean value indicating if transit encryption is enabled
key_resource_id	The resource ID of the associated encryption key
arn	The ARN associated with the Cache Database Cluster
backup_retention	An integer representing the number of days that automatic snapshots are retained for
auto_minor_upgrades	Denotes if this instance automatically takes minor upgrades or not

Cache Instance

Memcache Instances are managed systems with one or more caching technologies installed, e.g., Redis. Examples of this would be AWS Elasticache and Azure Redis. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
instance_type	The type of instance
region_name	The region that the instance resides in
instance_id	The provider ID of the instance
name	The name of the instance
instance_flavor_resource_id	The resource ID of the type (flavor) this is instance runs on
state	The state the instance is in (ready/available/normal/running)
availibilty_zone	The availability zone this instance runs in
endpoint_address	The FQDN of the instance
endpoint_port	The port that the instance listens on
engine	The engine that the database uses (redis/memcached)
engine_version	The install version of the engine
backup_retention	The integer representing the number of days that automatic snapshots are retained for
nodes	The number of nodes
create_time	The time the instance was created
at_rest_encryption_enabled	Denotes if at rest encryption is enabled (true/false)
transit_encryption_enabled	Denotes if transit encryption is enabled (true/false)
auth_token_enabled	Denotes if AuthToken is enabled (true/false)
auth_token_last_modified	The last time the AuthToken was modified
auto_minor_version_upgrade	Denotes whether automatic minor version upgrading is enabled for the cluster
reserved_ip_range	The range of IP addresses reserved
network_resource_id	The provider ID of network this instance is in
key_resource_id	The ID of the encryption key used to encrypt this Instance
replication_group_id	The ID of the associated replication group, if applicable
automatic_failover	Denotes if automatic failover is enabled
namespace_id	The fully qualified ID of the resource, including the resource name and resource type
public_network_access	Denotes if public network access to this Cache Instance is enabled
relationships	List of relationships between the Cache Instance and other services

Connect Instance

Connect instances provide virtual call center capabilities to your customers.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the Connect Instance resides.
alias	The user-provided alias
namespace_id	The namespace ID for the Connect Instance
instance_id	The provider-specific ID value
id_management_type	Identity management type of the instance
status	The status of the instance
role_resource_id	The role used by the instance
inbound_enabled	Denotes if inbound calls are enabled
outbount_enabled	Denotes if outbound calls are enabled
create_time	The time the instance was created
enabled_features	List of enabled features for the connect instance
feature_configuration	The feature configuration object for the connect instance

Database

Databases that reside within database instances. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region that the database resides in
database_id	The provider ID of the database
name	The name of the database
instance_resource_id	The provider ID of the associated instance
collation	The implemented collation set for the database
character_set	The character set of the database
create_time	The creation time of the database
encrypted	The encryption status of the database
key_resource_id	The provider ID of the encryption key, if applicable
database_type	The underlying database type

class DivvyResource.Resources.database.Database(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Operations

database

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the route state.

get_supported_actions()

top_level_resource = True

Database Cluster

A database cluster is one or more database instances connected together to simulate a single system. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region that the cluster resides in
create_time	The time the cluster was created
cluster_id	The provider ID of the cluster
db_name	The name of the master database
db_subnet_group	The subnet group associated with the DB cluster
state	The state that the cluster is in (available, stopped, etc)
earliest_restorable_time	The earliest time to which a database can be restored with point-in-time restore
latest_restorable_time	The latest time to which a database can be restored with point-in-time restore.
endpoint	The connection endpoint for the primary instance of the DB cluster
multi_az	Denotes whether or not the cluster is set up for high availability and is distributed across multiple zones
availability_zones	The zone(s) where the cluster lives
engine	The engine that the database uses (mysql, neptune, docdb, etc.)
engine_version	The version of the engine
port	The port that the database engine is listening on
backup_retention	The number of days for which automatic DB snapshots are retained
db_cluster_resource_id	The resource ID of the cluster
namespace_id	ARN (Amazon Resource Name) of the cluster
deletion_protection	Denotes if deletion protection is enabled on the cluster
read_replica	Denotes if the cluster is a read replica
parameter_group	The name of the DB cluster parameter group for the DB cluster
option_groups	The option group(s) associated with the database cluster
storage_encrypted	Boolean denoting if the cluster is encrypted
key_resource_id	The encryption Key for the cluster (if applicable)
capacity	The current capacity of the cluster
min_capacity	The minimum capacity of the cluster
max_capacity	The maximum capacity of the cluster
master_username	The master username for the cluster
iam_authentication	Boolean value indicating whether IAM authentication is used
enabled_logging_types	The list of the currently enabled logging levels, if applicable (e.g. audit, error, general)
stream_name	The name of the data stream used for the database activity stream
stream_key_id	The key ID used for encrypting messages in the database activity stream
stream_mode	The mode for the database activity stream
stream_status	The status of the database activity stream
copy_tags_to_snapshot	Denotes whether or not the database is configured to copy tags to snapshots
enhanced_monitoring	Denotes whether or not the database is configured for enhanced monitoring
maintenance_actions	The maintenance actions associated with the cluster
preferred_maintenance_window	The preferred window of time in which maintenance should be performed
preferred_backup_window	The preferred window of time in which a backup should be created
relationships	A list of resources associated with the cluster

Database Event Subscription

Database event subscriptions allow notifications when events within an event category occur.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the event subscription instance resides
event_subscription_id	The numerical ID InsightCloudSec assigns each Event Subscription
status	The status of the Subscription
enabled	Denotes whether the Subscription is enabled or not
topic_resource_id	The Resource ID of the Subscription Topic
namespace_id	The ARN of the Subscription
source_type	The Source type
source_ids	ID's of the Source(s)
categories	Categories of the Subscription
created_time	The time of creation

Database Instance

Database Instances are managed systems with one or more relational database management software components installed. Examples of this include: AWS RDS, Azure SQL, and Google Cloud SQL. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
instance_type	The type of instance
region_name	The region that the instance resides in
instance_id	The provider ID of the instance
name	The name of the instance
instance_flavor_resource_id	The resource ID of the type (flavor) this is instance runs on
state	The state that the instance is in
endpoint_address	The FQDN of the instance
endpoint_port	The port that the instance listens on
engine	The engine that the database uses, e.g., mysq
engine_version	The install version of the engine
storage_size	The size in gigabytes allocated to the instance
max_storage_size	The maximum size (in gigabytes) of the instance
storage_autoscaling	Denotes whether the instance is configured to autoscale its storage size
storage_type	The storage type that is used
db_name	The name of the master database
backup_retention	An integer representing the number of days that automatic snapshots are retained
latest_restorable_time	The latest restorable time of the instance
multi_az	Denotes whether or not this system is set up for high availability and is distributed across multiple zones
license	The type of license associated with this instance
master_username	The username of the master user
create_time	The time this instance was created
encrypted	Denotes if the data stored on the instance is encrypted
encryption_type	The type of encryption enabled on the instance
transit_encryption	Boolean value indicating if transit encryption is enabled
publicly_accessible	Denotes if the instance can be accessed over the Internet
reserved	Boolean value indicating if this is a reserved Database Instance type
key_resource_id	The resource ID of the associated encryption key, if applicable
read_replica	Denotes if the instance is a read replica
network_resource_id	The Resource ID of the associated network, if known
auto_minor_upgrades	Denotes if this instance automatically takes minor upgrades
users	The user information, if known
deletion_protection	Denotes if this database enforces deletion protection
database_cluster_resource_id	The Resource ID of the associated database cluster, if applicable
iam_authentication	Denotes if this database enforces IAM authentication
enabled_logging_types	The enabled logging types for the database
ca_cert	The CA certificate associated with this database
managed_instance	Denotes whether or not the database is managed by the CSP
minimal_tls_version	The TLS version configured on the database instance
parameter_groups	The parameter group(s) associated with the database instance
option_groups	The option group(s) associated with the database instance
flags	The enabled logging types for the database instance
public_network_access	Public network access information for the database instance (if publicly accessible)
private_endpoint_connections	Boolean indicating if private endpoint connections are enabled for the database instance
namespace_id	The unique composite ID of the provider ID for the database instance
maintenance_actions	The maintenance actions associated with the database instance
preferred_maintenance_window	The preferred maintenance window (in days of the week & time hours/minutes) for the database instance
preferred_backup_window	The preferred backup creation window (in time hours/minutes) for the database instance
copy_tags_to_snapshot	Denotes whether or not the database is configured to copy tags to snapshots
enhanced_monitoring	Denotes whether or not the database is configured for enhanced monitoring
flexible	Indicates if the database instance is flexible
relationships	List of relationships between the database instance and other services
backup_retention_enabled	Denotes whether backup retention is enabled
performance_insights_enabled	Denotes whether performance insights are enabled

class DivvyResource.Resources.databaseinstance.DatabaseInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Instance Operations

db_instance

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_snapshots()
Retrieve a list of db objects for snapshots created within from this database instance (if any).

get_state()
Retrieve the database instance state.

get_supported_actions()

top_level_resource = True

Dataflow Job

Unified stream and batch data processing job.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
job_id	The ID for the job
name	The name for the job
type	The type of job
state	The state of the job
current_state_time	The duration the job has been in its current state
default_service_account	The default service account associated with the job
public_worker_ips	The public worker IP addresses associated with the job
shuffle_mode	The type of shuffle mode currently enabled for the job
region_name	The region in which the job resides
job_metadata	Metadata associated with the job
create_time	The time the job was created
start_time	The time the job started

Distributed table

Distributed Table

Distributed Tables are NoSQL database tables. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
table_id	The provider ID of the distributed table
region_name	The region that this table resides in
name	The name of this distributed table
status	The status of this table (Creating, active, etc.)
size	The size in bytes of the table
arn	The Amazon Resource Name of this table
encryption_at_rest	Boolean value of whether or not this table is encrypted at rest
item_count	The count of how many items are in this table
create_time	The time when this distributed table was created
read_capacity	The maximum number of strongly consistent reads consumed per second
write_capacity	The maximum number of writes consumed per second
stream_specification	Boolean value denoting whether or not this table has stream specification enabled
replicated_regions	The regions where read-replicas exist
automated_backups	Denotes if automated backups are enabled
publicly_accessible	Denotes if the instance can be accessed over the Internet
default_consistency_level	The default consistency level for the table
key_resource_id	The Resource ID of the associated encryption key, if known
table_class	The configured class for the table
billing_mode	The billing mode enabled for the table
termination_protection	Denotes whether the distributed table has termination protection enabled

class DivvyResource.Resources.distributedtable.DistributedTable(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource
Distributed Table Operations

delete(user_resource_id=None)
Delete this resource. If wrapped with a JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

distributed_table

distributed_table_id

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

top_level_resource = True

Distributed Table Cluster

Distributed Table Clusters are fully managed, highly available, in-memory cache for Distributed Tables. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region is which the distributed table cluster resides
name	The name of the distributed table cluster
description	The optional description associated with the distributed table cluster
creation_timestamp	The creation time of the distributed table cluster
node_count	The number of nodes in this cluster
node_ids	The JSON value of node IDs
instance_type	The type of instance the distributed table cluster is attached to
instance_flavor_resource_id	The flavor of instance used by the distributed table cluster
network_resource_id	The network provider ID of the distributed table cluster
parameter_group	The parameter group for the distributed table cluster
maintenance_window	The maintenance window for the distributed table cluster
status	The status of the distributed table cluster
endpoint_address	The endpoint address for the distributed table cluster
endpoint_port	The endpoint port for the distributed table cluster
arn	The Amazon Resource Name of the distributed table cluster
availability_zones	The availability zone(s) of the distributed table cluster
role_resource_id	The Role provider ID for the distributed table cluster
encrypted	Denotes whether the cluster supports at rest encryption
transit_encryption	Denotes whether the cluster supports in transit encryption

class DivvyResource.Resources.distributedtablecluster.DistributedTableCluster(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Distributed Table Cluster Operations

distributed_table_cluster

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_status()

get_supported_actions()

top_level_resource = True

DLP Job

DLP Jobs are individual data loss prevention (DLP) scans.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
job_id	The unique ID for the job
name	The name of the job
type	The type of the job
state	The current state of the job
region_name	The name of the region in which the job resides
trigger_name	The name of the trigger for the job
info_types	The list of information types that the job detects
min_likelihood	The required level of confidence that scanned data is of a certain information type
deidentify_template	The name of the de-identify template used to anonymize results
actions	The list of actions taken upon job completion
findings	List of information types found during the job
create_time	The create time for the job
start_time	The start time for the job
end_time	The end time for the job
namespace_id	The unique composite ID of the provider ID for the resource

Elasticsearch

Elasticsearch Instance

An Elasticsearch Instance (AWS OpenSearch) is a restful search and analytics engine. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
instance_type	The type of the elasticsearch instance
region_name	The region where this elasticsearch instance resides
instance_id	The provider ID of the elasticsearch instance
name	The name of this elasticsearch instance
instance_flavor_resource_id	The resource ID of the type (flavor) this is instance runs on
network_resource_id	The resource ID of the parent (network)
state	The state of this elasticsearch instance
endpoint	The location where you can access your elasticsearch instance
version	The version of elasticsearch this instance is using
nodes	The number of nodes in this elasticsearch cluster
policy	The JSON of the access policy attached to this elasticsearch instance
at_rest_encryption_enabled	Denotes if encryption is enabled on the elasticsearch instance
trusted_accounts	The trusted accounts that can interact with the queue
public_access	Denotes if the instance is publicly accessible
node_to_node_encryption	The encrypted communication between nodes
transit_encryption	The Enforcement of SSL communication between the client/server
tls_security_policy	The TLS security policy used
key_resource_id	The resource ID of the encryption key, if applicable
zone_awareness_enabled	Denotes whether availability zone awareness is enabled
warm_enabled	Denotes whether warm storage is enabled
advanced_security_options	JSON of advanced security options configuration for the Elasticsearch Instance
availability_zones	The number of availability zones the resource will use
unknown_accounts	List of unknown accounts that can interact with the Elasticsearch instance
service_software_current_version	Denotes the current service software version
service_software_new_version	Denotes the latest service software version
service_software_upgrade_eligible	Denotes whether the Elasticsearch instance is eligible for a software upgrade and has not scheduled to upgrade yet
service_software_update_status	Denotes status of a service software version update

class DivvyResource.Resources.elasticsearchinstance.ElasticsearchInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Elasticsearch Instance Operations

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the instance state.

get_supported_actions()

instance

top_level_resource = True

Elasticsearch Serverless Collection

Serverless option for OpenSearch Service for running large-scale search and analytics workloads without managing clusters. (For example: AWS OpenSearch Serverless).

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
collection_id	The provider-specific collection id value
name	The collection name
state	The state of the collection
type	The collection type
description	The collection description
collection_endpoint	The collection endpoint
dashboard_endpoint	The collection dashboard endpoint
public_access	Denotes if the collection is accessible over the Internet
policy	The policy associated with the collection
network_policy	The network policy associated with the collection
encryption_policy	The encryption policy associated with the collection
key_resource_id	The KMS key that the collection is associated with (optional)
creation_date	The time when the collection was created

Email

Email Service Config

Email Service Configs are groups of rules applied to the verified identities that are used to send email through a cloud email service.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the configuration
region_name	The region in which the configuration resides
destinations	The list of destinations where emails will be sent
tls_enforced	Determines if the incoming email is required to be delivered over a connection encrypted with TLS
sending_enabled	Denotes if email sending is enabled
arn	The provider-specific ID for the email configuration set

Email Service Domain

Email Service Domains are identity domains within cloud email services. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the Email Service Domain resides
name	The name of the Email Service Domain
verification_status	Specifies whether or not the Domain is verified; you can only send email from verified domains
dkim_status	Denotes the current status of DKIM for the domain; statuses include PENDING, SUCCESS, FAILED, TEMPORARY_FAILURE, NOT_STARTED
dkim_enabled	Denotes if DKIM signing is enabled or not
policies	A map of policy names to policies
mail_from_domain	The name of a domain that an email identity uses as a custom MAIL FROM domain
mail_from_status	The status of the MAIL FROM domain. Values include PENDING, SUCCESS, FAILED, TEMPORARY_FAILURE
forwarding_enabled	Denotes if feedback forwarding configuration is enabled or not
bounce_topic	The SNS topic for Bounce events, if applicable
complaint_topic	The SNS topic for Complaint events, if applicable
delivery_topic	The SNS topic for Delivery events, if applicable
identity_type	The identity type

Email Service Rule

Email Service Rules are part of Rule sets and inform how to handle incoming email by executing an specified list of actions.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The name of the region in which the rule resides
name	The name of the email service rule
rule_set_name	The name of the rule set the rule is associated with
enabled	Denotes whether the rule is enabled
scan_enabled	Denotes whether the messages this rule is applied to are scanned for viruses and spam
tls_enforced	Denotes if the incoming email is required to be delivered over a connection encrypted with TLS
recipients	Domains and email addresses the rule applies to
actions	List of actions to perform on messages

Event Grid

Event Grid Subscription

Event Grid subscriptions listen for events created by associated topics and send them to the configured endpoint.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the topic
resource_group	The name of the resource group that the topic will be associated with
provisioning_state	The provisioning state of the topic
topic	The name of the topic associated with the subscription
destination_id	The unique ID for the destination object
destination_type	The type of destination
event_delivery_schema	The event delivery schema for the subscription
expiration_time	The expiration time for the subscription
subscription_id	The unique ID for the subscription
namespace_id	The provider-specific namespace ID value
destination_resource_id	The unique ID for the destination resource
source_resource_id	The unique ID for the source resource

Event Grid System Topic

Event Grid system topics represent one or more events published by Azure services.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the topic
resource_group	The name of the resource group that the topic will be associated with
provisioning_state	The provisioning state of the topic
topic_id	The ID of the topic
topic_type	The type of the topic
region_name	The region in which the topic resides
namespace_id	The provider-specific namespace ID value

Event Grid Topic

Event Grid topics act as a receiving endpoint for a collection of related events.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
name	The name of the topic
resource_group	The name of the resource group that the topic will be associated with
provisioning_state	The provisioning state of the topic
public_network_access	The network access configuration of the topic
topic_id	The ID of the topic
region_name	The region in which the topic resides
namespace_id	The provider-specific namespace ID value

HSM Cluster

A hardware security module (HSM) cluster providers users with an easy way to generate and manage encryption keys within a cloud service provider (CSP) environment.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the cluster is deployed
cluster_id	The provider ID for the cluster
creation_time	The timestamp for when the cluster was created
status	The status of the cluster
backup_retention	The backup retention in days of the cluster
network_resource_id	The private network that the cluster is associated with
hsm_count	Total number of instances in the cluster
hsms	Information about hardware security modules within the cluster
relationships	Information about the cluster's relationships

Hypervisor

Hypervisors are responsible for housing virtual machines/instances. This resource inherits from Resource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the hypervisor lives
hypervisor_id	The provider ID of the hypervisor
name	The name of the hypervisor
address	The IP address of the hypervisor
port	The port the hypervisor listens on
hypervisor_type	The type of hypervisor
hypervisor_version	The hypervisor version
state	The lifecycle state of the hypervisor
availability_zone	The availability zone where the hypervisor lives
instances	The list of instances running on this hypervisor
time_configuration	The JSON value of the time configuration for the hypervisor

class DivvyResource.Resources.hypervisor.Hypervisor(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Hypervisor Operations

static get_db_class()

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. For hypervisors we also need to include datastores which requires flipping the ResourceLink relationship.

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

hypervisor

hypervisor_id

top_level_resource = True

Instance

Compute Instances are virtual private servers. Examples of include AWS EC2 and Azure Virtual Machines. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
instance_id	The provider ID of the instance
organization_service_id	The ID of the parent organization service (cloud)
instance_type	The type of instance
instance_flavor_resource_id	The resource ID of the type (flavor) this is instance runs on
state	The state that the instance is in
state_transition_reason	The reason the instance is in its current state
name	The name of the instance
region_name	The region that the instance resides in
availability_zone	The availability zone where this instance runs
launch_time	The time the instance was launched (started)
create_time	The time the instance was created
platform	The platform the system runs on (linux/windows)
root_device_type	Denotes the root device storage type
root_device_name	The name of the root device
image_id	The ID of the image used to create this instance
key_name	The name of the key pair used for this instance
public_ip_address	The public IP address of this instance
private_ip_address	The private IP address of this instance
role_resource_id	The resource ID of the role associated with the instance
role_name	The name of the role associated with the instance
tenancy	Type of tenancy: dedicated or default
reserved	Denotes if the instance is reserved or not
network_resource_id	The list of attached network interfaces
termination_protection	Denotes whether or not the instance has termination protection enabled
project_wide_ssh	Denotes if the instance has project wide SSH enabled
connecting_serial_ports	Denotes if the instance has connecting serial ports
ip_forwarding	Denotes if the instance has IP forwarding enabled
spot_instance	Denotes if the instance is a spot instance or not
detailed_monitoring	Denotes if detailed monitoring is enabled
hibernation_supported	Denotes if this instance supports hibernation or not
subnet_resource_id	The resource ID of the subnet in which the instance is running, if known
aws_instance_metadata_service_config	The AWS instance metadata service config map
shielded_config	The shielded instance configuration map
enable_os_login	If the OS Login capability is enabled on the instance
jit_access_policy	The Just-in-time access policy map
architecture	The structural PC architecture for the instance
instance_group	The group that the instance is part of
outpost_resource_id	If enabled, ID for the Outpost resource associated with the instance
object_id	The object ID for the instance
ssm_last_accessed	The timestamp for when the instance was last accessed by the Systems Manager
ssm_last_accessed_by	The role ARN that used the Systems Manager to access the instance
secondary_private_ip_addresses	The secondary private IP address of this instance
secondary_public_ip_addresses	The secondary public IP address of this instance
namespace_id	The ID for the instance's namespace
contains_secret	Indicates if the instance contains a Secret within user data
parent_resource_id	Indicates the parent resource ID if the instance is part of an autoscaling group
confidential_computing	Denotes if confidential computing is enabled
relationships	A list of resources associated with the instance
nsg_attached	Denotes if a Network Security Group is attached to the instance
image_name	The name of the image associated with the instance

class DivvyResource.Resources.instance.Instance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Instance Operations

add_instance_to_app(name)
Add instance to App

delete(user_resource_id=None, force_delete=False, wait_for_result=True)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.
Parameters: force_delete – If set this will work around termination protection (if the cloud supports it). An example of this is AWS.
Returns: bool

get_aggregate_cost()
Retrieve monthly cost and sum the attached volumes in order to factor into total costs.

get_attached_ips()
Retrieve all ip addresses - public and private - associated with this instance.

get_attached_network_interfaces()
Retrieve a list of db object for interfaces which are attached to this instance (if any). DEPRECATED - Used instance.network_interfaces.

get_attached_networks()
Retrieve all networks this instance is attached to.

get_attached_private_ips()
Retrieve private ip addresses which are attached to this instance (if any).

get_attached_public_ips()
Retrieve public ip objects which are attached to this instance (if any).

get_attached_volumes()
Retrieve a list of db object for volumes which are attached to this instance (if any).

get_availability_zone()
Retrieve the name of the availability zone.

get_date_created()
Retrieve the time from the provider that this resource was created. By default this will return the beginning date of epoch if no such create time exists.

static get_db_class()

get_image()
Retrieve the image that the instance uses. If the instance was deleted upstream or if we have not harvested it yet then this could return None.

get_image_id()
Retrieve the image ID of the resource.

get_image_name()
Retrieve the image name that the instance uses. If the instance was deleted upstream or if we have not harvested it yet then this could return None.

get_instance_type()
Retrieve the instance type of the resource.

get_primary_network_interface_id()
Return the network interface attached to eth0 (device index 0).

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. This is an override of the parent function because we need to reverse the order on our resource lookups.

static get_resource_type()

get_security_groups()
Retrieve security groups which are associated with this instance.

get_supported_actions()
Retrieve all the actions which are supported by this resource.
Restricts actions by resource state.

instance

instance_id

is_attached_to_asg()
Return True if instance is attached to Auto Scale Group.

organization_service_id

pause()
Pause this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

region_name

remove_instance_from_app()
Remove instance from app.

restart()
Restart this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

resume()
Restart this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

shelve()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

start()
Start this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

stop()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

suspend()
Suspend this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

top_level_resource = True

unpause()
Unpause this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

unshelve()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

uses_simple_networking()
Determine whether this instance supports only instance-based simple networking. i.e. EC2-classic networking or nova-network.

Launch Template

A launch template contains configuration information for an instance so that it can be launched in a consistently reproducible way.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the launch template is located
image_id	The provider ID for the launch template
name	The name of the launch template
description	A description for the launch template
instance_type	The type of instance in the launch template
instance_flavor_resource_id	The provider resource ID for the instance flavor
identity_management_role	The identity management role associated with the instance
role_resource_id	The resource ID for the role associated with the launch template
creation_timestamp	The timestamp for when the launch template was created
monitoring	Denotes whether detailed monitoring is enabled
kernel_id	The ID for the kernel associated with the machine image
ram_id	The ID of the RAM disk associated with the machine image
associate_ip	Indicates whether to assign a public IP to each instance associated with the launch template
contains_secret	Indicates if the launch template contains a Secret within the user data
user_data	The user data to make available to the launched instances using this template
block_storage_optimized	Indicates whether the instance is optimized for block storage
version	The version of the launch template
relationships	Any relationships associated with the launch template

Logic App

Integration platform as a service that promotes scale and portability while offering critical workflow automation from a workspace of any size.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The name of the region
app_id	The cloud provider ID for the Logic App
name	The name for the Logic App
state	The current state of the Logic App
create_time	Timestamp for when the Logic App was created
changed_time	Timestamp for when the Logic App was last modified
access_endpoint	URL used to access the Logic App
connectors	List of connectors enabled for the Logic App
plan	The type of plan for the Logic App
web_app_resource_id	The web app resource ID associated with the Logic App

Lightsail

Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
region_name	The name of the region
organization_service_id	The ID of the parent organization service (cloud)
lightsail_id	The provider ID of the Lightsail instance
name	The name of the Lightsail instance
arn	The ARN of the Lightsail instance
provider_resource_type	The resource type associated with this Lightsail instance (e.g., Relational Database, Load Balancer, Container Service)
size	The size of the Lightsail instance
engine	The engine the Lightsail instance uses (e.g., mysql 8.0.21, HTTP)
create_time	The creation time of the Lightsail instance
state	The state of the instance
publicly_accessible	Boolean value denoting whether the instance is publicly accessible
resource_properties	Properties of the Lightsail instance

MapReduce Cluster

MapReduce Clusters are Hadoop frameworks. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The name of the region
cluster_id	The provider given ID of the cluster
name	The name of the cluster
status	The status of the cluster
create_time	The creation time of the cluster
availability_zone	The availability zone where cluster
network_resource_id	The resource ID of the associated network
subnet_resource_id	The resource ID of the associated subnet
total_node_count	The total node count
master_node_count	The master node count
application	The application of the cluster
role_resource_id	The resource ID of the role
release_label	The software release of the cluster
security_config	The security configuration that is associated with the cluster
security_config_resource_id	The resource ID of the security configuration
logging_uri	The S3 location for storing logs
image_creation_date	The date the image this cluster is based on was created
bootstrap_actions	The list of bootstrap actions associated with the cluster
internal_ip_only	Denotes whether the cluster permits connections from internal IP addresses only
termination_protection	Denotes if the MapReduce cluster has termination protection enabled
visible_to_all_users	Denotes if the MapReduce cluster is visible to all users
public_dns	The public DNS value for the MapReduce cluster
key_resource_id	The provider ID of Encryption Key (if encrypted)

Messages

Message Broker Instance

Message Broker Instance is a managed broker instance that makes it easier to set up and operate message brokers in the cloud, such as Amazon MQ.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The name of the region
instance_id	The provider ID
name	The user-defined name of the instance
instance_type	The type of instance deployed
state	The current instance state
arn	The ARN of the instance
endpoint_address	The FQDN of the instance
engine	The software engine running on the instance
engine_version	The software version of the engine
nodes	Number of instance nodes deployed
create_time	The creation time of the instance
publicly_accessible	Boolean value denoting if the instance is publicly accessible
audit_logs	Boolean value denoting if the instance has audit level logging enabled
general_logs	Boolean value denoting if the instance has general logging enabled
key_resource_id	The resource ID of the key used for encryption, if applicable

Message Queue

Message Queues are message queuing services, such as AWS SQS. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
url	The URL of the message queue
name	The name of the message queue
region_name	The region the queue is in
message_count	The number of messages in the queue
messages_delayed_count	The number of delayed messages in the queue
messages_not_visible_count	The number of messages that are not deleted or timed out
creation_timestamp	The time the queue was created
last_modified	The most recent time the queue was modified
delay	The number of seconds of the default delay of the queue
max_size	The maximum size in bytes a message can be
retention_period	The length of time in seconds that a message is kept
policy	The policy of the queue (JSON)
arn	The Amazon Resource Name of the queue
trusted_accounts	The list of trusted accounts for this Message Queue
redrive_policy	The parameters for dead-letter queue functionality
server_side_encryption	Denotes whether server side encryption is enabled on the queue
queue_type	Type of queue, example FIFO, standard, etc.
deduplication	Indicates whether deduplication is enabled for the queue
key_resource_id	The resource ID of encryption key for the queue
key_reuse_period	The length of time in seconds that the data key can be reused to encrypt or decrypt messages
visibility_timeout	The visibility timeout for the queue
receive_message_wait_time	The length of time in seconds the queue waits for a message to arrive

class DivvyResource.Resources.messagequeue.MessageQueue(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Message Queue Operations

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in teh DB session. This gives an opportunity for post-modification hooks.

message_queue

message_queue_id

top_level_resource = True

Message Queue Namespace

A Message Queue Namespace groups message queues and publish-subscribe topics under one namespace.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
service_bus_namespace_id	The ID for the message queue
url	The URL for the message queue
name	The name for the message queue
region_name	The region in which the message queue resides
sku	The pricing tier for the message queue
status	The status of the message queue
tls_version	The TLS version for the message queue
private_endpoint_connections	The number of private endpoint connections to the message queue
local_auth_disabled	Indicates if local authentication is disabled for the message queue
public_network_access	The public network status of the message queue
zone_redundant	Indicates if the message queue is zone redundant
key_resource_id	The ID for the key associated with the message queue
global_encryption	The encryption type of the message queue
namespace_id	The provider-specific ID for the message queue

Notifications

Notification Subscription

Subscription-based notifications (AWS SNS, GCP Pub/Sub. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the subscription resides
subscription_id	The provider ID for the subscription
arn	The Amazon resource name for the subscription
name	The name of the subscription
topic_resource_id	The parent topic of the subscription
protocol	The delivery protocol of the subscription
endpoint	The delivery destination of the subscription
filter_policy	The filter policy JSON assigned to the subscription
confirmation_authenticated	Denotes the subscription's confirmation was authenticated (true/false)
pending_confirmation	Denotes if the message is pending confirmation (true/false)
raw_message_delivery	Denotes if raw message delivery is enabled (true/false)
ack_deadline_seconds	The deadline (in seconds) for how long to acknowledge messages
retain_acked_messages	Denotes whether acknowledged messages are retained (true/false)
message_retention_seconds	Denotes (in seconds) how long to retain messages for
invalid_json	Denotes if the subscription contains invalid JSON

Notification Topic

Topic to use when delivering notifications. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the topic resides
arn	The Amazon resource name for the topic
name	The name of the topic
display_name	The display name to use for a Notification Topic
policy	The JSON of access policy associated with this topic
effective_delivery_policy	The JSON of the delivery policy associated with this topic, including retry information
trusted_accounts	The JSON value of accounts trusted by the instance
public	Denotes if the topic is public
pending_subscriptions	The number of subscriptions that are pending
confirmed_subscriptions	The number of subscriptions that are confirmed
deleted_subscriptions	The number of subscriptions that are deleted
key_resource_id	The resource ID of the key used for encryption, if applicable

Private Image

Private Images provide protected information that is required to launch an instance. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attributes	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
image_id	The ID of the image
name	The name of the image
root_device_type	The original device type (ebs, snapshot, etc)
architecture	The architecture type (e.g. x86_64, x86_32)
min_ram	The Integer representing the minimum memory required for use of this image
min_disk	The Integer representing the minimum disk space required for use of this image
state	The state of this private image
description	Text description of this image
region_name	The region in which this image was taken
platform	The platform the image was taken on (linux/windows)
block_device_mapping	The information regarding this image
virtualization_type	Denotes the virtualization type (paravirtual Attr or hardware virtual machine ion",)
product_code	The product code (25 digit alphanumeric code identifying the private image)
product_code_type	The product code type (marketplace, none)
creation_date	The date the Image was created
is_public	Denotes if the image is public (true/false)
instance_resource_id	The resource ID of the instance associated with this private image, if known
encrypted	Denotes if the image is encrypted

class DivvyResource.Resources.privateimage.PrivateImage(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Private Image Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

image

image_id

top_level_resource = True

Reserved Instance

Reserved Instances are guaranteed available virtual private servers with compute capacity reservations of a specific type and location. Examples include AWS Reserved Instances and Azure pre-paid Virtual Machines. There is no analog in GCE, where pricing changes retroactively based upon usage. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
reservation_id	The cloud-assigned ID of the reservation
reservation_type	The type of reservation, e.g., compute, database
type_id	The ID of the type of reservation
region_name	The region where the reservation exists
zone	The availability zone where the reservation exists
offering_class	The class of reservation, e.g., standard or convertible
offering_type	The type of instance included in the reservation
state	The state of the reservation, e.g., whether it is active, pending modification, or retired
start	The start time of the reservation
expiration	The expiration of the reservation
duration	The duration of the reservation, e.g., 1 year
usage_price	The monthly price of the reservation, if not fully paid in advance
fixed_price	The upfront price of the reservation
instance_count	The number of instances in the reservation
product_description	The tenancy of the reservation, e.g., whether instances are physically or virtually isolated
scope	The scope of the reservation, i.e., whether it is region-wide or specific to an availability zone

class DivvyResource.Resources.instancereservation.InstanceReservation(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Reserved Instance Operations

static get_db_class()

static get_provider_id_field()

get_resource_name()
Reserved instances are not named by the user. We return the reservation ID here.

static get_resource_name_field()

static get_resource_type()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This is called when a resource is created/discovered after initial data harvesting. It provides an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This is called when a resource is destroyed and before removal from the database. It provides an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This is called when a resource is modified after the new data has been updated in the DB session. It provides an opportunity for post-modification hooks.

instance_reservation

reservation_id

top_level_resource = True

Search

Search Cluster

Search Clusters are managed, scalable search solutions. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region that the cluster resides in
cluster_id	The provider ID of the search cluster
arn	The Amazon Resource Name of the cluster
name	The name of this search cluster
status	The status of this cluster (Creating, active, etc)
instance_type	The type of instances that are in the cluster
instance_flavor_resource_id	The resource ID of the instance flavor of the instances in the cluster
instance_count	The number of instances in the cluster
search_endpoint	The endpoint for requesting search results from a cluster
document_endpoint	The service endpoint for updating documents in a cluster
multi_az	Boolean value of whether or not the cluster has multi-availability enabled
service_policy	The JSON of access policy associated with this cluster
transit_encryption	Denotes if the cluster has transit encryption enabled

Search Index

A scalable, integrated search service that enables search for unstructured data using natural language. Returns specific answers for an experience similar to human interaction. (e.g. AWS Kendra Index).

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the index is deployed
index_id	The ID for the index
name	The name of the index
description	The description associated with this index
arn	The Amazon resource name for the index
edition	Indicates whether the index is the enterprise or developer edition
status	The status of the index
key_resource_id	The provider ID of the encryption key, if applicable
date_created	The date the index was created
date_modified	The date the index was last modified
storage_capacity_units	The document storage capacity for the index
query_capacity_units	The query capacity (queries per second) for the index
user_context_policy	The user context policy assigned to this index

Serverless

Serverless Application

A Serverless Application is a managed repository for serverless applications (e.g. AWS Serverless Application Repository). It enables the storage and sharing of reusable applications for ease in deployment of serverless architecture.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the application is deployed
name	The name of the serverless application
namespace_id	The ARN of the serverless application
description	The description associated with this serverless application
create_time	The creation time of the application
author	The creator of the application
home_page_url	The optional field, directing users to an applications homepage (e.g. an external GitHub page)
spdx_license_id	The Software Data Package Exchange (SPDX) license applied to this application
labels	A set of user defined tags applied to the application
policy	The IAM policy associated with this application
trusted_accounts	The list of any accounts with a trust relationship with this application, if applicable
public_access	Denotes if this application is publicly accessible

Serverless Function

A Serverless Function is a compute service that runs code in response to events and automatically manages the compute resources required by that code. An example is AWS Lambda. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region that the serverless function resides in
name	The name of the serverless function
provider_id	The cloud provider supplied ID
description	The description of the serverless function
network_resource_id	The resource ID of the parent (network)
code_size	The size of your serverless function code in bytes
memory_size_mb	The memory size of your serverless function in MB
timeout	The timeout or limit of the serverless function
runtime	The runtime language of the function
version	The version this serverless function is running on
last_modified	The time the serverless function was last modified
role_resource_id	The resource ID of the role associated with the serverless function, if applicable
key_resource_id	The resource ID of the encryption key associated with the serverless function, if applicable
web_app_resource_id	The resource ID of the web application associated with the serverless function, if applicable
config	The serverless function configuration, if known
enabled	Boolean value indicating if event source mapping is enabled
environment_variable_count	Total count of the number of environment variables
environment_variables	The function's environment variables
publicly_accessible	Denotes if the function can be accessed over the Internet
policy	The policy attached to this serverless function
trusted_accounts	The list of any accounts with a trust relationship with this function, if applicable
tracing_enabled	Denotes if AWS X-Ray tracing is enabled
http_trigger	HTTP-based resource used to trigger the lambda function
code_sha256	The SHA256 hash of the function's deployment package
revision_id	The identifier for the latest updated revision of the function or alias
namespace_id	The unique composite ID of the provider ID for the serverless function
contains_secret	Indicates if the serverless function contains a Secret within the environment variables
layers	The list of layer ARNs used by the function
package_type	The type of deployment package
image	The container image used by the function
url_config	The URL config for the function
snap_start	Whether SnapStart is enabled for the function

class DivvyResource.Resources.serverlessfunction.ServerlessFunction(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Serverless Function Operations

delete(user_resource_id=None)

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

instance

top_level_resource = True

Serverless Layer

A Serverless Layer is a package of libraries and dependencies that can be used with Serverless Functions. An example is AWS Lambda Layer.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the serverless layer resides
name	The name for the serverless layer
arn	The ARN associated with the serverless layer
version	The version for the serverless layer
description	A description of the serverless layer
runtimes	The runtimes included with the serverless layer
architectures	The architecture used to run the serverless layer
policy	The access policy attached to the serverless layer
public	Indicates if the serverless layer is public
trusted_accounts	The list of trusted accounts for the serverless layer
created_date	The date the serverless layer was created

Shared

Shared Gallery

Shared Galleries, or Shared Image Gallery in Azure, is a service that helps you build structure and organization around your images and includes capabilities like versioning, grouping, and replication across regions.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the shared gallery resides
name	The name of the shared gallery
gallery_id	The resource ID for the shared gallery
unique_name	The unique name of the shared gallery; this name is generated automatically by the cloud service provider
state	The state of the shared gallery
namespace_id	The fully qualified ID of the resource, including the resource name and resource type

Shared Gallery Image

Shared Gallery Image, or Image Definition in Azure, includes definitions for a logical grouping for versions of an image.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the shared gallery image resides
name	The name of the shared gallery image
image_id	The image ID
os_type	Operating system type (Windows, Linux)
os_state	Operating system state (generalized, specialized)
gallery_resource_id	The resource ID for the shared gallery image
vm_generation	The VM generated from the image versions created from the shared gallery image
publisher	The publisher of the image; used in conjunction with offer and sku to uniquely identify the image
offer	The offer for the image; used in conjunction with publisher and sku to uniquely identify the image
sku	The sku for the image; used in conjunction with publisher and offer to uniquely identify the image
state	The state of the shared gallery image
namespace_id	The fully qualified ID of the resource, including the resource name and resource type

Shared Gallery Image Version

Shared Gallery Image Version, or Azure Image Version, is what you use to create a VM (in Azure this is a Linux virtual machine). You can have multiple versions of an image as needed for your environment.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the shared gallery image version resides
name	The name of the shared gallery image version
version_id	The version ID
gallery_image_resource_id	The resource ID for the associated gallery image
publishing_profile	The publishing profile for the gallery image version, including end of life date, timestamp for when the version is published, the number of replicas of the image version per region, etc.
storage_profile	The storage profile of the gallery image version, including a list of data disk images, the operating disk image, etc.
source_type	Can specify a disk url, snapshot url, or user image
source_resource_id	Can specify a disk url, snapshot url, or user image
state	The state of the shared image gallery version
published_date	The date the shared gallery image version was published
namespace_id	The fully qualified ID of the resource, including the resource name and resource type

SSM

SSM Association

An SSM Association is an ideal state assigned to resources to reduce configuration drift.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the association resides
association_id	The unique ID for the association
association_name	The name for the association
document_name	The name for the document that correlates to the association
document_version	The version of the document that correlates to the association
create_time	The time the association was created
status_overview	An overview of the status of the association
targets	A list of targets for the association
target_maps	The key-value mapping of document parameters to target resources for the association
target_locations	The target location of the association
parameters	The parameters for the association
output_bucket_name	The output location bucket name for the association
schedule_expression	The schedule expression for the association
last_successful_execution	The time of last successful execution of the association
maximum_error_threshold	The maximum error threshold of the association
maximum_target_concurrency	The maximum target concurrency of the association
compliance_severity	The compliance severity of the association
configured_alarms	The configured alarms for the association
namespace_id	The fully qualified ID of the resource, including the resource name and resource type
relationships	A list of resources associated with the association

SSM Document

A script or document written in JSON or YAML that provides instructions to the Systems Manager for how to interact with your managed instances, e.g., AWS Systems Manager (SSM) Document.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the SSM Document resides
document_id	The unique ID for the SSM Document
document_version	The version of the SSM Document
name	The name of the SSM Document
document_version_name	The name for the version of the SSM Document
document_type	The type of SSM Document (Session, Command, Automation, etc.)
document_format	The format for the SSM Document (JSON, YAML, TEXT)
schema_version	The schema version for the SSM Document
target_type	The kinds of resources the SSM Document can run on
review_status	The current status of the review on the SSM Document
author	The author of the SSM Document
platform_types	The list of OSes that are compatible with the SSM Document
create_time	Timestamp for when the SSM Document was created
content	The content of the SSM Document

Stack Template

Stack Templates, such as AWS Cloud Formation Templates, allow you to code your infrastructure from scratch and deploy from there. This class inherits from Resource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the stack template resides
stack_id	The provider ID of the stack template
name	The name of the stack template
description	The description of the stack template
state	The state of the stack template (`CREATE_COMPLETE`, `ROLLBACK_IN_PROGRESS`, etc.)
termination_protection	Denotes if termination protection is enabled
create_date	The date and time the stack template was created
update_date	The date and time the stack template was updated
delete_date	The date and time the stack template was deleted
template	JSON field of the stack template
drift_status	Indicates whether the stack's configuration differs from its template configuration, a.k.a. it has drifted
contains_secret	Indicates if the stack template contains a Secret within environment variables

Step Function

A Step Function (e.g., AWS Step Function State Machine) is a serverless orchestration service that lets you combine functions and other services to build applications and view an application’s workflow as a series of event-driven steps.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the step function is deployed
name	The display name of the step function
status	The status (active/inactive) of the step function
type	The type of the step function, if applicable
definition	The definition of the step function
arn	The Amazon resource name associated with the step function
role_name	The name of the role associated with the step function
role_resource_id	The Resource ID of the associated service Role, if applicable
create_time	The creation time of the step function
logging_enabled	The status of logging for the step function (enabled/disabled)
logging_configuration	Defines what execution history events are logged and where they are logged.
tracing_enabled	The status of tracing for the step function (e.g., AWS X-Ray tracing)

Stream Instance

A Stream Instance is a streaming data service built to offer streaming data pipelines and applications. This compute function makes it easy to continuously collect, process, and deliver streaming data, e.g. Amazon MSK.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the instance is deployed
instance_id	The ID of the instance
name	The name of the instance
arn	The Amazon resource name of the stream instance
instance_type	The type of instance being deployed
instance_flavor_resource_id	The Resource ID of the instance flavor being used
state	The current state of the instance
volume_size_gb	The size of the attached volume, in GB
key_resource_id	The resource ID of the key used for encryption, if known
client_encryption	The type of encryption being used on this instance
cluster_encryption	Boolean value indicating if cluster encryption is enabled
enhanced_monitoring	The level of monitoring for the MSK cluster. The possible values are DEFAULT, PER_BROKER, and PER_TOPIC_PER_BROKER.
nodes	The number of nodes in the cluster
stream_version	The current version of the stream
connect_string	The connection string to use to connect to the Apache ZooKeeper cluster.
create_time	The creation time of the instance
logging	JSON string denoting the logging enabled for the stream instance (if any)

Streaming Application

Streaming applications allow you to query, transform, and analyze streaming data in real time.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the streaming application resides
name	The name of the streaming application
namespace_id	The namespace ID of the streaming application
description	The description of the streaming application
status	The status of the streaming application
runtime_environment	The runtime environment of the streaming application
version_id	The version ID of the streaming application
mode	The mode of the streaming application
create_time	The timestamp when the streaming application was created
last_modified	The time when the streaming application was last modified
snapshots_enabled	Denotes whether snapshots are enabled for the streaming application
monitoring_log_level	Describes the verbosity of the logs for the streaming application
monitoring_metrics_level	Describes the granularity of the logs for the streaming application
parallelism	The number of parallel tasks that a Flink-based streaming application can perform
parallelism_per_kpu	The number of parallel tasks that a Flink-based streaming application can perform per Kinesis Processing Unit (KPU) used by the application
autoscaling_enabled	Denotes whether autoscaling is enabled

Template Spec

A template spec is a resource type that simplifies both storing and sharing a template.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
template_id	The provider ID for the template spec, including name and version
template_name	The name of the template spec. Multiple template specs may share a name
version_name	The version name for the template spec
resource_group	The name of the resource group that the template will launch resources into
version_description	The description for this version of the template
region_name	The region in which the template spec resides
template_resource_types	A list of the resource types the template spec will deploy
template	The template used to deploy resources
contains_secret	Denotes whether the default value for any of the parameters contain a secret
namespace_id	The unique composite ID of the provider ID for the resource

Transcoding Pipeline

A queue that manages media transcoding jobs, e.g., an AWS Elastic Transcoder Pipeline.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which this pipeline resides
pipeline_id	The ID for the pipeline
name	The name of the pipeline
status	The status of the pipeline
arn	The ARN associated with the pipeline
key_resource_id	The provider ID of Encryption Key (if encrypted)
role_resource_id	The Resource ID of the associated service Role, if applicable
output_bucket	The output bucket used by this pipeline
input_bucket	The input bucket used by this pipeline
content_config	Content configuration for jobs submitted to this pipeline
thumbnail_config	Thumbnail configuration for jobs submitted to this pipeline
notifications	Notifications this pipeline sends upon job status changes

Transcription Job

A job that provides speech-to-text transcriptions for a wide variety of use cases, e.g., AWS Transcription Job.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region in which the Transcription Job resides
name	The name of the Transcription Job
job_type	The type of Transcription Job
arn	The ARN associated with the Transcription Job
status	The status of the Transcription Job
language_code	The language code for the Transcription Job
media_format	The media format used for the Transcription Job
failure_reason	If the Transcription Job failed, the reason for doing so
creation_time	Timestamp for when the Transcription Job was created
start_time	Timestamp for when the Transcription Job was started
completion_time	Timestamp for when the Transcription Job was completed (if successful)
content_redaction	Describes the content redaction settings for the Transcription Job
output_data_location	Location for the Transcription Job's output
input_data_location	Location for the Transcription Job's input
input_bucket_resource_id	The resource ID for the Transcription Job's input bucket
output_bucket_resource_id	The resource ID for the Transcription Job's output bucket
public_bucket	Indicates whether the bucket is public

Web App

A Web App is a compute function in the form of an application. Web Apps are conceptually similar to a folder, containing environments, versions, and configs that allow users to quickly build, deploy, and scale web apps using popular frameworks in containers or running on any OS. For example Azure App Service, or an AWS Elastic Beanstalk Environment.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region where the web app is deployed
web_app_id	The cloud provider ID for the web app
web_app_group_resource_id	The resource ID of the web app group, if applicable
name	The name of the web app
app_server_resource_id	The resource ID of the application server, if applicable
app_type	The application type
deployment_slot	Boolean value indicating if the web app is currently deployed
web_app_parent_resource_id	The resource ID of the parent web app, if applicable
platform	The platform architecture the web app is deployed on
network_resource_id	The resource ID of the associated network, if applicable
subnet_resource_id	The resource ID of the associated subnet, if known
default_hostname	The default hostname used by the web app, if applicable
ip_address	The IP address of the web app
https_required	Boolean value indicating if this web app requires HTTPS protocol.
remote_debugging_enabled	Boolean value indicating if remote debugging is enabled
web_sockets_enabled	Boolean value indicating if web sockets are enabled
always_on	Boolean value indicating if the web app is in an always on state
scm_type	Describes the source control management type, if known
ftp_state	Lists the current File Transfer state of the app
http2_enabled	Boolean value indicating if HTTP2 is enabled
net_framework_version	The NET Framework version of the app, if applicable
php_version	The PHP version of the app, if applicable
python_version	The Python version of the app, if applicable
java_version	The Java version of the app, if applicable
java_container	The Java container used by the app, if applicable
java_container_version	The Java container version used by the app, if applicable
runtimes	The software running on the web app (AWS only)
state	The current state of the application
authentication_required	Denotes if the web app requires authentication or not
automatic_patching	Indicates if the web app has automatic patching enabled
client_certificates	The number of client certificates, if known
managed_identity	Boolean value indicating if the web app is utilizing managed identity
cors	Describes the CORS settings for the web app
role_resource_id	The resource ID of the role associated with the web app, if applicable
last_modified	The time the web app was last modified, if known
minimal_tls_version	The lowest TLS version allowed for the Web App
domain_config	The configuration for the Web App's domain
possible_outbound_ip_addresses	The list of possible outbound IP addresses allowed for the Web App
outbound_ip_addresses	The list of current outbound IP addresses used for the Web App
private_endpoint_connections	Boolean indicating if private endpoint connections are enabled for the Web App
key_vault_reference_identity	The ID of the identity that the Web App uses to access Key Vaults

Web App Group

A Webb App Group is an application that serves as a container for the environments to run a web app, e.g. an AWS Elastic Beanstalk Application.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
web_app_group_id	The provider ID of the web app group
name	The name of the web app group
region_name	The region where the web app group is deployed
arn	The Amazon resource name of the web app group
description	The description field of the web app group
creation_timestamp	The creation time of the group, if known

Workspace

Workspaces are virtual desktops, such as AWS Workspaces. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute	Description
resource_id	The primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_id	The ID of the parent organization service (cloud)
region_name	The region that the workspace resides in
workspace_id	The ID of the workspace
name	The name of the workspace
directory_resource_id	The provider ID of the workspace
user_name	The username for the workspace user
ip_address	The IP address of workspace
state	The state of workspace (available, stopped, etc.)
bundle_resource_id	The provider ID of the workspace bundle
subnets	The subnets associated to the workspace
error_message	The error message for the workspace
error_code	The error code for the workspace
computer_name	The computer name given to the workspace
volume_encryption_key	The encryption key for the volume of the workspace
user_volume_encryption_enabled	Denotes if user volume encryption is enabled
root_volume_encryption_enabled	Denotes if root volume encryption is enabled
running_mode	The running mode for workspace (always_on, auto_stop, etc.)
auto_stop_timeout	The auto stop timeout for workspace in minutes
root_volume_size	Root volume size of workspace in GiB
user_volume_size	The user volume size of workspace in Gib
compute_type	The compute type of the workspace (standard, graphics, etc.)
connection_state_check_time	The last time when the connection state was checked
connection_state	The current state of the connection to the workspace
last_connected_user_time	The time a user was last connected

class DivvyResource.Resources.workspace.Workspace(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Workspace Operations

delete(user_resource_id=None)

get_compute_type()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource. Restricts actions by resource state.

handle_resource_modified(*args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

organization_service_id

reboot()

rebuild()

region_name

start()

stop()

top_level_resource = True

workspace

workspace_id

Did this page help you?

Inventory

Resource Type Definitions

Inventory

Container Resources