InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Compute Resources

Summaries and Attributes of InsightCloudSec Compute Resources

Compute Resources are available in InsightCloudSec as the first section (tab) under the Resource landing page. These resources are related to compute functionality and include resources like app servers, instances, and elastic search instances.

Compute resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific terminology with the associated logo to help users confirm the displayed information. For example, an Autoscaling Group refers to Amazon's "Autoscaling Group", Google's "Autoscalers", and Azure's "Virtual Machine Scale Sets".

For a detailed reference of this normalized terminology check out our Resource Terminology.

Compute ResourcesCompute Resources

Compute Resources

šŸš§

A Note About Resource Attributes

A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.

If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to [email protected] with any questions!

Airflow Environment

Airflow Environments offers managed orchestration service for Apache Airflow - an open-source tool used to programmatically author, schedule, and monitor sequences of processes and tasks referred to as workflows.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the Airflow Environment resides

name

The name of the Airflow Environment

arn

The ARN associated with the Airflow Environment

create_time

The time when this Airflow Environment was created

version

The version of the Airflow Environment

environment_class

The environment class, e.g., 'mw1.small'

max_workers

The maximum number of workers allowed with this Airflow Environment

status

The status of the Airflow Environment (e.g., available)

logging_configuration

A description of the logging configuration, including TaskLogs, WorkerLogs, and SchedulerLogs

encrypted

Denotes whether the Airflow Environment is encrypted

key_resource_id

The provider ID of Encryption Key (if encrypted)

execution_role_resource_id

The resource ID for the execution role

service_role_resource_id

The resource ID for the service role

webserver_access_mode

The webserver access mode, e.g., public only

webserver_url

The URL for the webserver

App Server

App Servers are the underlying virtual machines that host Azure App Services. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which this App Server resides

app_server_id

The provider ID of the App Server

name

The name of the App Server

server_type

The type of the App Server (F1 Free, B1 Basic, S1 Standard, etc)

instance_count

The number of instances running this app

max_instance_count

The maximum number of instances for running the app

app_count

The number of apps running on the App Server

state

The state of the App Server (ready, stopped, etc)

Autoscaling Group

Autoscaling Groups contain a collection of Instances that share similar characteristics and are treated as a logical grouping for the purposes of instance scaling and management. The Autoscaling Group class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the autoscaling group

group_id

The provider ID of the autoscaling group

arn

The ARN associated with the autoscaling group

create_time

The time when this autoscaling group was created

region_name

The region in which this autoscaling group resides

health_check_grace_period

The amount of time (in seconds) that the autoscaling group will wait to run the system health check, after instances have been started

min_size

The minimum number of instances running at all times on this autoscale group

max_size

The maximum number of instances that can be running at any time on this autoscale group

desired_capacity

The desired amount of instances running at all times in the autoscaling group

new_instance_protection

The instances that are protected from termination during scale in

default_cooldown

The amount of time the autoscaling group will wait before resuming scaling activities

multi_az

Denotes if the group is multi AZ

suspended_processes

The JSON value of suspended processes

vm_profile

The JSON value of the profile of the machine

class DivvyResource.Resources.autoscalinggroup.AutoscalingGroup(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Autoscaling Group Operations

delete(user_resource_id=None)
Not now available for use.

static get_db_class()

get_instances()
Retrieve the instance members the group uses.

static get_provider_id_field()

static get_resource_type()

get_subnets()
Retrieve the subnets the group operates in.

get_supported_actions()
Retrieve all the actions which are supported by this resource.

group

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

has_attached_instance()
Return True is instance(s) are attached to asg.

modify(max_size=None, min_size=None, user_resource_id=None)
Modify the Autoscaling group. This makes a call sot he upstream providier to change one or more properties.

name

provider_id

top_level_resource = True

Autoscaling Launch Configuration

Autoscaling Launch Configurations are templates that autoscaling groups use to launch instances.
This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region the Autoscaling Launch Configuration resides in

image_id

The provider ID of image instances are launched from

name

The name of the autoscaling launch configuration

ARN

The Amazon resource name of the autoscaling launch configuration

instance_type

The type of instance to launch

spot_price

The maximum hourly price to be paid for any spot instance launched from autoscaling launch configuration

identity_management_role

The role associated with the autoscaling launch configuration

creation_timestamp

The time autoscaling launch configuration was created

monitoring

Denotes if detailed monitoring is enabled on instances launched from autoscaling launch configuration (true/false)

kernel_id

The ID of the kernel associated with the Image

ram_id

The ID of the RAM disk to select

associate_ip

Denotes whether to assign a public IP address to each instance

block_storage_optimized

Denotes whether the launch configuration is optimized for I/O (true) or not (false)

role_resource_id

The resource ID of the role performing the autoscaling

Batch Environment

An environment containing many compute nodes that can run large-scale parallel and high-performance computing batch jobs efficiently, e.g., Azure Batch Account, AWS Batch Compute Environment.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the Batch Environment

region_name

The region in which the Batch Environment resides

namespace_id

The fully qualified ID of the resource, including the resource name and resource type

state

The state of the Batch Environment

endpoint

The endpoint where the Batch Environment is accessible

public_access

Whether public access is enabled for the Batch Environment

allocation_type

minimum_cpus

The minimum amount of CPUs allocated for the Batch Environment

maximum_cpus

The maximum amount of CPUs allocated for the Batch Environment

storage_account_resource_id

The resource ID for the storage account associated with the Batch Environment

encryption

The encryption enabled for the Batch Environment

pool_type

The type of instance pool within the Batch Environment

role_resource_id

The resource identifier for the role allocated to the Batch Environment.

Batch Pool

A group of compute nodes that is used in a batch environment to run large-scale parallel and high-performance computing batch jobs efficiently, e.g., Azure Batch Pool.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the Batch Pool

region_name

The region in which the Batch Pool resides

namespace_id

The fully qualified ID of the resource, including the resource name and resource type

environment_resource_id

The ID for the Batch Pool's parent Batch Environment

last_modified

The most recent time the Batch Pool was modified

state

The state of the Batch Pool

vm_size

The size of the virtual machine(s) within the Batch Pool

autoscaling

Whether the Batch Pool has autoscaling enabled

inter_node_communication

Whether the Batch Pool has internode communication enabled

subnet_resource_id

The resource ID of the subnet in which the Batch Pool is running, if known

Big Data Instance

Big Data Instances are database instances which store and process big data. An example of this type of instance is AWS Redshift. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the instance resides in

instance_id

The provider ID of the instance

name

The name of the instance

instance_type

The type of instance

instance_flavor_resource_id

The resource ID of the type (flavor) this instance runs on

state

The state of the big data instance

create_time

The time the instance was created

availability_zone

The zone where the big data instance lives

endpoint_address

The FQDN of the big data instance

endpoint_port

The port that the big data instance listens on

version

The software version the big data instance leverages

db_name

The name of the master database

backup_retention

An integer representing the number of days that automatic snapshots are retained for

master_username

The username of the master user

encrypted

Denotes if the data stored on the instance is encrypted

key_resource_id

The provider ID of Encryption Key (if encrypted)

publicly_accessible

Denotes if the instance can be accessed over the Internet

access_lists

The list of associated security groups

instance_flavor

The returned flavor of a object which contains information on the size of the instance

ssl_required

Denotes if SSL is required (true/false)

logging

Boolean value on whether a Big Data Instance is logging

logging_bucket

The location of the Storage Container the Big Data Instance is logging to, if known

class DivvyResource.Resources.bigdatainstance.BigDataInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Big Data Instance Operations

delete(wait_for_result=True, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the instance state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

`instance

top_level_resource = True

Big Data Workspace

Big Data Workspace comprises data integration, data warehousing, and big data analytics functionality. An example of a Big Data Workspace is an Azure Synapse resource.

Attribute

Description

name

The name of the workspace

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

workspace_id

The provider ID of the workspace

region_name

The region in which the workspace resides

state

The state of the big data workspace (e.g., Succeeded)

double_encryption_enabled

Denotes if double encryption is enabled (true/false)

workspace_type

The type of workspace (e.g., Normal)

sql_administrator_login

Login name for the SQL administrator

scope_enabled

Denotes whether scope is enabled (true/false)

public_access

Denotes whether access is public (true/false)

Build Project

Build Project configures how source code is built, e.g., where to obtain the code and which build environment to use.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the Build Project resides in

project_id

The Project ID associated with the Build Project

name

The name of the Build Project

description

The description associated with the Build Project

creation_date

The creation date of the Build Project

build_type

The type of repository that contains the source code to be built

privilege_mode

Denotes if the Build Project is running in privileged mode

cache_type

The type of cache used by the Build Project

encrypted

Denotes whether the Build Project is encrypted or not

role_resource_id

The Resource ID of the associated service Role, if applicable

key_resource_id

The Resource ID of the encryption key, if applicable

network_resource_id

The Resource ID of the associated VPC, if applicable

logging_bucket

The details of the bucket where logs are being sent, if applicable

log_group_name

The logging group name, if applicable

arn

The Amazon Resource Name (ARN) of the Build Project

build_image

The image the Build Project is using

Cache Database Cluster

A Cache Database Cluster is an in-memory database service that provides fast performance and durability, e.g., AWS MemoryDB.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the Cache Database Cluster resides

name

The name of the Cache Database Cluster

description

Text description for the Cache Database Cluster

state

The state of the Cache Database Cluster

number_of_shards

The number of shards in the cluster

multi_az

Denotes if the cluster can be in multiple availability zones

endpoint_address

The fully-qualified domain name for the Cache Database Cluster

endpoint_port

The port that the Cache Database Cluster listens on

instance_type

The type of instance being used to host Cache Database Cluster

engine_version

The version of the engine currently installed

nodes

The number of nodes in the cluster

parameter_group

The name of the parameter group associated with the Cache Database Cluster

subnet_group

The subnet associated with the Cache Database Cluster

transit_encryption

Boolean value indicating if transit encryption is enabled

key_resource_id

The resource ID of the associated encryption key

arn

The ARN associated with the Cache Database Cluster

backup_retention

An integer representing the number of days that automatic snapshots are retained for

auto_minor_upgrades

Denotes if this instance automatically takes minor upgrades or not

Cache Instance

Memcache Instances are managed systems with one or more caching technologies installed, e.g., Redis. Examples of this would be AWS Elasticache and Azure Redis. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the instance resides in

instance_id

The provider ID of the instance

instance_type

The type of instance

name

The name of the instance

instance_flavor_resource_id

The resource ID of the type (flavor) this is instance runs on

state

The state the instance is in (ready/available/normal/running)

availibilty_zone

The availability zone this instance runs in

endpoint_address

The FQDN of the instance

endpoint_port

The port that the instance listens on

engine

The engine that the database uses (redis/memcached)

engine_version

The install version of the engine

backup_retention

The integer representing the number of days that automatic snapshots are retained for

nodes

The number of nodes

create_time

The time the instance was created

at_rest_encryption_enabled

Denotes if at rest encryption is enabled (true/false)

transit_encryption_enabled

Denotes if transit encryption is enabled (true/false)

auth_token_enabled

Denotes if AuthToken is enabled (true/false)

reserved_ip_range

The range of IP addresses reserved

network_resource_id

The provider ID of network this instance is in

access_lists

The list of associated security groups

key_resource_id

The ID of the encryption key used to encrypt this Instance

replication_group_id

The ID of the associated replication group, if applicable

Database

Databases that reside within database instances. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The provider id of this database

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the database resides in

database_id

The provider ID of the database

name

The name of the database

instance_resource_id

The provider ID of the associated instance

collation

The implemented collation set for the database

character_set

The character set of the database

create_time

The creation time of the database

encrypted

The encryption status of the database

key_resource_id

The provider ID of the encryption key, if applicable

database_type

The underlying database type

class DivvyResource.Resources.database.Database(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Operations

database

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the route state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

top_level_resource = True

Database Cluster

A database cluster is one or more database instances connected together to simulate a single system. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the cluster resides in

create_time

The time the cluster was created

cluster_id

The provider ID of the cluster

db_name

The name of the master database

db_subnet_group

The subnet group associated with the DB cluster

state

The state that the cluster is in (available, stopped, etc)

earliest_restorable_time

The earliest time to which a database can be restored with point-in-time restore

latest_restorable_time

The latest time to which a database can be restored with point-in-time restore.

endpoint

The connection endpoint for the primary instance of the DB cluster

multi_az

Denotes whether or not the cluster is set up for high availability and is distributed across multiple zones

availability_zones

The zone(s) where the cluster lives

engine

The engine that the database uses (mysql, neptune, docdb, etc.)

engine_version

The version of the engine

port

The port that the database engine is listening on

backup_retention

The number of days for which automatic DB snapshots are retained

db_cluster_resource_id

The resource ID of the cluster

namespace_id

ARN (Amazon Resource Name) of the cluster

deletion_protection

Denotes if deletion protection is enabled on the cluster

read_replica

Denotes if the cluster is a read replica

parameter_group

The name of the DB cluster parameter group for the DB cluster

storage_encrypted

Boolean denoting if the cluster is encrypted

encryption_key_id

The encryption Key for the cluster (if applicable)

capacity

The current capacity of the cluster

min_capacity

The minimum capacity of the cluster

max_capacity

The maximum capacity of the cluster

master_username

The master username for the cluster

iam_authentication

Boolean value indicating whether IAM authentication is used

enabled_logging_types

The list of the currently enabled logging levels, if applicable (e.g. audit, error, general)

Database Instance

Database Instances are managed systems with one or more relational database management software components installed. Examples of this include: AWS RDS, Azure SQL, and Google Cloud SQL. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the instance resides in

instance_id

The provider ID of the instance

name

The name of the instance

instance_type

The type of instance

instance_flavor_resource_id

The resource ID of the type (flavor) this is instance runs on

state

The state that the instance is in

endpoint_address

The FQDN of the instance

endpoint_port

The port that the instance listens on

engine

The engine that the database uses, e.g., mysq

engine_version

The install version of the engine

storage_size

The size in gigabytes allocated to the instance

storage_type

The storage type that is used

db_name

The name of the master database

backup_retention

An integer representing the number of days that automatic snapshots are retained for

license

The type of license associated with this instance

multi_az

Denotes whether or not this system is set up for high availability and is distributed across multiple zones

create_time

The time this instance was created

master_username

The username of the master user

encrypted

Denotes if the data stored on the instance is encrypted

publicly_accessible

Denotes if the instance can be accessed over the Internet

access_lists

The list of associated security groups

snapshots

The list of snapshots that are associated with this instance

databases

The list of databases that are active on the instance

instance_flavor

Returns a flavor object which contains information on the size of the instance

latest_restorable_time

The latest restorable time of the instance

transit_encryption

Boolean value indicating if transit encryption is enabled or not

reserved

Boolean value indicating if this is a reserved Database Instance type

key_resource_id

The resource ID of the associated encryption key, if applicable

read_replica

Denotes if the Instance is a read replica

network_resource_id

The Resource ID of the associated network, if known

auto_minor_upgrades

Denotes if this instance automatically takes minor upgrades or not

users

The user information, if known

database_cluster_resource_id

The Resource ID of the associated database cluster, if applicable

deletion_protection

Denotes if this database enforces deletion protection

iam_authentication

Denotes if this database enforces IAM authentication

enabled_logging_types

The enabled logging types for the database

ca_cert

The CA certificate associated with this database

class DivvyResource.Resources.databaseinstance.DatabaseInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Instance Operations

db_instance

delete(wait_for_result=True, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_snapshots()
Retrieve a list of db objects for snapshots created within from this database instance (if any).

get_state()
Retrieve the database instance state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

top_level_resource = True

Distributed Table

Distributed Tables are NoSQL database tables. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that this table resides in

table_id

The provider ID of the distributed table

name

The name of this distributed table

create_time

The time when this distributed table was created

status

The status of this table (Creating, active, etc.)

size

The size in bytes of the table

backed_up

Denotes whether or not this table has a backup

arn

The Amazon Resource Name of this table

encryption_at_rest

Boolean value of whether or not this table is encrypted at rest

item_count

The count of how many items are in this table

read_capacity

The maximum number of strongly consistent reads consumed per second

write_capactiy

The maximum number of writes consumed per second

stream_specification

Boolean value denoting whether or not this table has stream specification enabled

global_secondary_indexes

Boolean value denoting whether or not this table has one or more global secondary indexes

local_secondary_indexes

Boolean value denoting whether or not this table has one or more local secondary indexes

tags

JSON field of tags for the distributed table

publicly_accessible

Denotes if the instance can be accessed over the Internet

automated_backups

Denotes if automated backups are enabled

replicated_region

The regions where read-replicas exist

default_consistency_level

The default consistency level for the table

key_resource_id

The Resource ID of the associated encryption key, if known

class DivvyResource.Resources.distributedtable.DistributedTable(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource
Distributed Table Operations

delete(user_resource_id=None)
Delete this resource. If wrapped with a JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

distributed_table

distributed_table_id

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

top_level_resource = True

Distributed Table Cluster

Distributed Table Clusters are fully managed, highly available, in-memory cache for Distributed Tables. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region is which the distributed table cluster resides

name

The name of the distributed table cluster

description

The optional description associated with the distributed table cluster

creation_timestamp

The creation time of the distributed table cluster

instance_type

The type of instance the distributed table cluster is attached to

network_resource_id

The network provider ID of the distributed table cluster

parameter_group

The parameter group for the distributed table cluster

maintenance_window

The maintenance window for the distributed table cluster

status

The status of the distributed table cluster

endpoint_address

The endpoint address for the distributed table cluster

endpoint_port

The endpoint port for the distributed table cluster

node_count

The number of nodes in this cluster

node_ids

The JSON value of node IDs

arn

The Amazon Resource Name of the distributed table cluster

availability_zones

The availability zone(s) of the distributed table cluster

role_resource_id

The Role provider ID for the distributed table cluster

instance_flavor_resource_id

The flavor of instance used by the distributed table cluster

class DivvyResource.Resources.distributedtablecluster.DistributedTableCluster(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Distributed Table Cluster Operations

distributed_table_cluster

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_status()

get_supported_actions()

top_level_resource = True

Elasticsearch Instance

An Elasticsearch Instance is a restful search and analytics engine. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

instance_type

The type of the elasticsearch instance

region_name

The region where this elasticsearch instance resides

instance_id

The provider ID of the elasticsearch instance

name

The name of this elasticsearch instance

instance_flavor_resource_id

The resource ID of the type (flavor) this is instance runs on

network_resource_id

The resource ID of the parent (network)

state

The state of this elasticsearch instance

endpoint

The location where you can access your elasticsearch instance

version

The version of elasticsearch this instance is using

nodes

The number of nodes in this elasticsearch cluster

policy

The JSON of the access policy attached to this elasticsearch instance

at_rest_encryption_enabled

Denotes if encryption is enabled on the elasticsearch instance

trusted_accounts

The trusted accounts that can interact with the queue

public_access

Denotes if the instance is publicly accessible

node_to_node_encryption

The encrypted communication between nodes

transit_encryption

The Enforcement of SSL communication between the client/server

tls_security_policy

The TLS security policy used

class DivvyResource.Resources.elasticsearchinstance.ElasticsearchInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Elasticsearch Instance Operations

delete(wait_for_result=True, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the instance state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

instance

top_level_resource = True

Email Service Domain

Email Service Domains are identity domains within cloud email services. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the Email Service Domain resides

name

The name of the Email Service Domain

verification_status

Specifies whether or not the Domain is verified; you can only send email from verified domains

dkim_status

Denotes the current status of DKIM for the domain; statuses include PENDING, SUCCESS, FAILED, TEMPORARY_FAILURE, NOT_STARTED

dkim_enabled

Denotes if DKIM signing is enabled or not

policies

A map of policy names to policies

mail_from_domain

The name of a domain that an email identity uses as a custom MAIL FROM domain

mail_from_status

The status of the MAIL FROM domain. Values include PENDING, SUCCESS, FAILED, TEMPORARY_FAILURE

forwarding_enabled

Denotes if feedback forwarding configuration is enabled or not

bounce_topic

The SNS topic for Bounce events, if applicable

complaint_topic

The SNS topic for Complaint events, if applicable

delivery_topic

The SNS topic for Delivery events, if applicable

Event Subscription

Event subscriptions allow notifications when events within an event category occur.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where this elasticsearch instance resides

event_subscription_id

The numerical ID InsightCloudSec assigns each Event Subscription

status

The status of the Subscription

enabled

Denotes whether the Subscription is enabled or not

topic_resource_id

The Resource ID of the Subscription Topic

namespace_id

The ARN of the Subscription

source_type

The Source type

source_ids

ID's of the Source(s)

categories

Categories of the Subscription

created_time

The time of creation

Hypervisor

Hypervisors are responsible for housing virtual machines/instances. This resource inherits from Resource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the hypervisor lives

hypervisor_id

The provider ID of the hypervisor

name

The name of the hypervisor

address

The IP address of the hypervisor

port

The port the hypervisor listens on

hypervisor_type

The type of hypervisor

hypervisor_version

The hypervisor version

state

The lifecycle state of the hypervisor

availability_zone

The availability zone where the hypervisor lives

instances

The list of instances running on this hypervisor

time_configuration

The JSON value of the time configuration for the hypervisor

class DivvyResource.Resources.hypervisor.Hypervisor(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Hypervisor Operations

static get_db_class()

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. For hypervisors we also need to include datastores which requires flipping the ResourceLink relationship.

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

hypervisor

hypervisor_id

top_level_resource = True

Instance

Compute Instances are virtual private servers. Examples of include AWS EC2 and Azure Virtual Machines. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

instance_id

The provider ID of the instance

organization_service_id

The ID of the parent organization service (cloud)

instance_type

The type of instance

instance_flavor_resource_id

The resource ID of the type (flavor) this is instance runs on

state

The state that the instance is in

name

The name of the instance

region_name

The region that the instance resides in

availability_zone

The availability zone where this instance runs

launch_time

The time the instance was launched (started)

create_time

The time the instance was created

platform

The platform the system runs on (linux/windows)

root_device_type

Denotes the root device storage type

root_device_name

The name of the root device

image_id

The ID of the image used to create this instance

key_name

The name of the key pair used for this instance

public_ip_address

The public IP address of this instance

private_ip_address

The private IP address of this instance

role_resource_id

The resource ID of the role associated with the instance

role_name

The name of the role associated with the instance

tenancy

Type of tenancy: dedicated or default

reserved

Denotes if the instance is reserved or not

network_resource_id

The list of attached network interfaces

termination_protection

Denotes whether or not the instance has termination protection enabled

instance_status

The system and instance reachability status values

instance_flavor

The flavor object which contains information on the size of the instance

access_lists

The list of associated security groups

project_wide_ssh

Denotes if the instance has project wide SSH enabled

connecting_serial_ports

Denotes if the instance has connecting serial ports

ip_forwarding

Denotes if the instance has IP forwarding enabled

spot_instance

Denotes if the instance is a spot instance or not

detailed_monitoring

Denotes if detailed monitoring is enabled

hibernation_supported

Denotes if this instance supports hibernation or not

subnet_resource_id

The resource ID of the subnet in which the instance is running, if known

aws_instance_metadata_service_config

The AWS instance metadata service config map

shielded_config

The shielded instance configuration map

enable_os_login

If the OS Login capability is enabled on the instance

jit_access_policy

The Just-in-time access policy map

architecture

The structural PC architecture for the instance

instance_group

The group that the instance is part of

outpost_resource_id

If enabled, ID for the Outpost resource associated with the instance

object_id

The object ID for the instance

ssm_last_accessed

The timestamp for when the instance was last accessed by the Systems Manager

ssm_last_accessed_by

The role ARN that used the Systems Manager to access the instance

secondary_private_ip_addresses

The secondary private IP address of this instance

secondary_public_ip_addresses

The secondary public IP address of this instance

class DivvyResource.Resources.instance.Instance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Instance Operations

add_instance_to_app(name)
Add instance to App

delete(user_resource_id=None, force_delete=False, wait_for_result=True)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.
Parameters: force_delete ā€“ If set this will work around termination protection (if the cloud supports it). An example of this is AWS.
Returns: bool

get_aggregate_cost()
Retrieve monthly cost and sum the attached volumes in order to factor into total costs.

get_attached_ips()
Retrieve all ip addresses - public and private - associated with this instance.

get_attached_network_interfaces()
Retrieve a list of db object for interfaces which are attached to this instance (if any). DEPRECATED - Used instance.network_interfaces.

get_attached_networks()
Retrieve all networks this instance is attached to.

get_attached_private_ips()
Retrieve private ip addresses which are attached to this instance (if any).

get_attached_public_ips()
Retrieve public ip objects which are attached to this instance (if any).

get_attached_volumes()
Retrieve a list of db object for volumes which are attached to this instance (if any).

get_availability_zone()
Retrieve the name of the availability zone.

get_date_created()
Retrieve the time from the provider that this resource was created. By default this will return the beginning date of epoch if no such create time exists.

static get_db_class()

get_image()
Retrieve the image that the instance uses. If the instance was deleted upstream or if we have not harvested it yet then this could return None.

get_image_id()
Retrieve the image ID of the resource.

get_image_name()
Retrieve the image name that the instance uses. If the instance was deleted upstream or if we have not harvested it yet then this could return None.

get_instance_type()
Retrieve the instance type of the resource.

get_primary_network_interface_id()
Return the network interface attached to eth0 (device index 0).

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. This is an override of the parent function because we need to reverse the order on our resource lookups.

static get_resource_type()

get_security_groups()
Retrieve security groups which are associated with this instance.

get_supported_actions()
Retrieve all the actions which are supported by this resource.
Restricts actions by resource state.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

instance

instance_id

is_attached_to_asg()
Return True if instance is attached to Auto Scale Group.

organization_service_id

pause()
Pause this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

region_name

remove_instance_from_app()
Remove instance from app.

restart()
Restart this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

resume()
Restart this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

shelve()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

start()
Start this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

stop()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

suspend()
Suspend this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

top_level_resource = True

unpause()
Unpause this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

unshelve()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

uses_simple_networking()
Determine whether this instance supports only instance-based simple networking. i.e. EC2-classic networking or nova-network.

Logic App

Integration platform as a service that promotes scale and portability while offering critical workflow automation from a workspace of any size.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

app_id

The cloud provider ID for the Logic App

name

The name for the Logic App

state

The current state of the Logic App

create_time

Timestamp for when the Logic App was created

changed_time

Timestamp for when the Logic App was last modified

access_endpoint

URL used to access the Logic App

connectors

List of connectors enabled for the Logic App

Lightsail

Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

region_name

The name of the region

organization_service_id

The ID of the parent organization service (cloud)

lightsail_id

The provider ID of the Lightsail instance

name

The name of the Lightsail instance

arn

The ARN of the Lightsail instance

provider_resource_type

The resource type associated with this Lightsail instance (e.g., Relational Database, Load Balancer, Container Service)

size

The size of the Lightsail instance

engine

The engine the Lightsail instance uses (e.g., mysql 8.0.21, HTTP)

create_time

The creation time of the Lightsail instance

state

The state of the instance

publicly_accessible

Boolean value denoting whether the instance is publicly accessible

resource_properties

Properties of the Lightsail instance

Machine Learning Instance

Machine learning instances, e.g. Amazon Sagemaker, are fully managed machine learning services, used to build and train machine learning models through a secure and scalable environment.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

instance_id

The provider ID of the instance

arn

The ARN of the machine learning instance

name

The name of the machine learning instance

instance_type

The instance type of machine learning instance

ml_instance_type

The machine learning type

instance_flavor_resource_id

The resource ID of the type (flavor) this is instance runs on

state

The state of the instance

subnet_id

The ID of the subnet

direct_internet_access

Indicates if this machine learning instance has direct internet access

volume_size_gb

The size of the attached volume in GB

key_resource_id

The resource ID of the encryption key, if applicable

role_resource_id

The resource ID of the associated role, if applicable

url

The direct URL to the machine learning instance

lifecycle_config

The optional lifecycle configuration name that is associated with the machine learning instance

root_access

Denotes whether or not the machine learning instance prohibits root access

MapReduce Cluster

MapReduce Clusters are Hadoop frameworks. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

cluster_id

The provider given ID of the cluster

name

The name of the cluster

status

The status of the cluster

create_time

The creation time of the cluster

availability_zone

The availability zone where cluster

network_resource_id

The resource ID of the associated network

subnet_resource_id

The resource ID of the associated subnet

total_node_count

The total node count

master_node_count

The master node count

application

The application of the cluster

role_resource_id

The resource ID of the role

release_label

The software release of the cluster

security_config

The security configuration that is associated with the cluster

security_config_resource_id

The resource ID of the security configuration

Message Broker Instance

Message Broker Instance is a managed broker instance that makes it easier to set up and operate message brokers in the cloud, such as Amazon MQ.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

instance_id

The provider ID

name

The user-defined name of the instance

instance_type

The type of instance deployed

state

The current instance state

arn

The ARN of the instance

endpoint_address

The FQDN of the instance

engine

The software engine running on the instance

engine_version

The software version of the engine

nodes

Number of instance nodes deployed

create_time

The creation time of the instance

publicly_accessible

Boolean value denoting if the instance is publicly accessible

audit_logs

Boolean value denoting if the instance has audit level logging enabled

general_logs

Boolean value denoting if the instance has general logging enabled

key_resource_id

The resource ID of the key used for encryption, if applicable

Message Queue

Message Queues are message queuing services, such as AWS SQS. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

url

The URL of the message queue

name

The name of the message queue

region_name

The region the queue is in

message_count

The number of messages in the queue

messages_delayed_count

The number of delayed messages in the queue

messages_not_visible_count

The number of messages that are not deleted or timed out

creation_timestamp

The time the queue was created

last_modified

The most recent time the queue was modified

delay

The number of seconds of the default delay of the queue

max_size

The maximum size in bytes a message can be

retention_period

The length of time in seconds that a message is kept

policy

The policy of the queue (JSON)

arn

The Amazon Resource Name of the queue

trusted_accounts

The list of trusted accounts for this Message Queue

redrive_policy

The parameters for dead-letter queue functionality

server_side_encryption

Denotes whether server side encryption is enabled on the queue

queue_type

Type of queue, example FIFO, standard, etc.

deduplication

Indicates whether deduplication is enabled for the queue

key_resource_id

The resource ID of encryption key for the queue

key_reuse_period

The length of time in seconds that the data key can be reused to encrypt or decrypt messages

visibility_timeout

The visibility timeout for the queue

receive_message_wait_time

The length of time in seconds the queue waits for a message to arrive

class DivvyResource.Resources.messagequeue.MessageQueue(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Message Queue Operations

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in teh DB session. This gives an opportunity for post-modification hooks.

message_queue

message_queue_id

top_level_resource = True

Notification Subscription

Subscription-based notifications (AWS SNS, GCP Pub/Sub. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the subscription resides

subscription_id

The provider ID for the subscription

arn

The Amazon resource name for the subscription

name

The name of the subscription

topic_resource_id

The parent topic of the subscription

protocol

The delivery protocol of the subscription

endpoint

The delivery destination of the subscription

filter_policy

The filter policy JSON assigned to the subscription

confirmation_authenticated

Denotes the subscription's confirmation was authenticated (true/false)

pending_confirmation

Denotes if the message is pending confirmation (true/false)

raw_message_delivery

Denotes if raw message delivery is enabled (true/false)

ack_deadline_seconds

The deadline (in seconds) for how long to acknowledge messages

retain_acked_messages

Denotes whether acknowledged messages are retained (true/false)

message_retention_seconds

Denotes (in seconds) how long to retain messages for

invalid_json

Denotes if the subscription contains invalid JSON

Notification Topic

Topic to use when delivering notifications. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the topic resides

arn

The Amazon resource name for the topic

name

The name of the topic

display_name

The display name to use for a Notification Topic

policy

The JSON of access policy associated with this topic

effective_delivery_policy

The JSON of the delivery policy associated with this topic, including retry information

trusted_accounts

The JSON value of accounts trusted by the instance

public

Denotes if the topic is public

pending_subscriptions

The number of subscriptions that are pending

confirmed_subscriptions

The number of subscriptions that are confirmed

deleted_subscriptions

The number of subscriptions that are deleted

key_resource_id

The resource ID of the key used for encryption, if applicable

Private Image

Private Images provide protected information that is required to launch an instance. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

image_id

The ID of the image

name

The name of the image

root_device_type

The original device type (ebs, snapshot, etc)

architecture

The architecture type (e.g. x86_64, x86_32)

min_ram

The Integer representing the minimum memory required for use of this image

min_disk

The Integer representing the minimum disk space required for use of this image

state

The state of this private image

description

Text description of this image

region_name

The region in which this image was taken

platform

The platform the image was taken on (linux/windows)

block_device_mapping

The information regarding this image

virtualization_type

Denotes the virtualization type (paravirtual [PV] or hardware virtual machine [HVM])

product_code

The product code (25 digit alphanumeric code identifying the private image)

product_code_type

The product code type (marketplace, none)

creation_date

The date the Image was created

is_public

Denotes if the image is public (true/false)

instance_resource_id

The resource ID of the instance associated with this private image, if known

encrypted

Denotes if the image is encrypted

class DivvyResource.Resources.privateimage.PrivateImage(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Private Image Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

image

image_id

top_level_resource = True

Reserved Instance

Reserved Instances are guaranteed available virtual private servers with compute capacity reservations of a specific type and location. Examples include AWS Reserved Instances and Azure pre-paid Virtual Machines. There is no analog in GCE, where pricing changes retroactively based upon usage. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

reservation_id

The cloud-assigned ID of the reservation

reservation_type

The type of reservation, e.g., compute, database

type_id

The ID of the type of reservation

region_name

The region where the reservation exists

zone

The availability zone where the reservation exists

offering_class

The class of reservation, e.g., standard or convertible

offering_type

The type of instance included in the reservation

state

The state of the reservation, e.g., whether it is active, pending modification, or retired

start

The start time of the reservation

expiration

The expiration of the reservation

duration

The duration of the reservation, e.g., 1 year

usage_price

The monthly price of the reservation, if not fully paid in advance

fixed_price

The upfront price of the reservation

instance_count

The number of instances in the reservation

product_description

The tenancy of the reservation, e.g., whether instances are physically or virtually isolated

scope

The scope of the reservation, i.e., whether it is region-wide or specific to an availability zone

class DivvyResource.Resources.instancereservation.InstanceReservation(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Reserved Instance Operations

static get_db_class()

static get_provider_id_field()

get_resource_name()
Reserved instances are not named by the user. We return the reservation ID here.

static get_resource_name_field()

static get_resource_type()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This is called when a resource is created/discovered after initial data harvesting. It provides an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This is called when a resource is destroyed and before removal from the database. It provides an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This is called when a resource is modified after the new data has been updated in the DB session. It provides an opportunity for post-modification hooks.

instance_reservation

reservation_id

top_level_resource = True

Search Cluster

Search Clusters are managed, scalable search solutions. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the cluster resides in

cluster_id

The provider ID of the search cluster

arn

The Amazon Resource Name of the cluster

name

The name of this search cluster

status

The status of this cluster (Creating, active, etc)

instance_type

The type of instances that are in the cluster

instance_flavor_resource_id

The resource ID of the instance flavor of the instances in the cluster

instance_count

The number of instances in the cluster

search_endpoint

The endpoint for requesting search results from a cluster

document_endpoint

The service endpoint for updating documents in a cluster

multi_az

Boolean value of whether or not the cluster has multi-availability enabled

service_policy

The JSON of access policy associated with this cluster

transit_encryption

Denotes if the cluster has transit encryption enabled

Search Index

A scalable, integrated search service that enables search for unstructured data using natural language. Returns specific answers for an experience similar to human interaction. (e.g. AWS Kendra Index).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the index is deployed

index_id

The ID for the index

name

The name of the index

description

The description associated with this index

arn

The Amazon resource name for the index

edition

Indicates whether the index is the enterprise or developer edition

status

The status of the index

key_resource_id

The provider ID of the encryption key, if applicable

date_created

The date the index was created

date_modified

The date the index was last modified

storage_capacity_units

The document storage capacity for the index

query_capacity_units

The query capacity (queries per second) for the index

user_context_policy

The user context policy assigned to this index

Serverless Application

A Serverless Application is a managed repository for serverless applications (e.g. AWS Serverless Application Repository). It enables the storage and sharing of reusable applications for ease in deployment of serverless architecture.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the application is deployed

name

The name of the serverless application

namespace_id

The ARN of the serverless application

description

The description associated with this serverless application

create_time

The creation time of the application

author

The creator of the application

home_page_url

The optional field, directing users to an applications homepage (e.g. an external GitHub page)

spdx_license_id

The Software Data Package Exchange (SPDX) license applied to this application

labels

A set of user defined tags applied to the application

policy

The IAM policy associated with this application

trusted_accounts

The list of any accounts with a trust relationship with this application, if applicable

public_access

Denotes if this application is publicly accessible

Serverless Function

A Serverless Function is a compute service that runs code in response to events and automatically manages the compute resources required by that code. An example is AWS Lambda. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the serverless function resides in

name

The name of the serverless function

provider_id

The cloud provider supplied ID

description

The description of the serverless function

network_resource_id

The resource ID of the parent (network)

code_size

The size of your serverless function code in bytes

memory_size_mb

The memory size of your serverless function in MB

timeout

The timeout or limit of the serverless function

runtime

The time this serverless function is set to run

version

The version this serverless function is running on

last_modified

The time the serverless function was last modified

role_resource_id

The resource ID of the role associated with the serverless function, if applicable

key_resource_id

The resource ID of the encryption key associated with the serverless function, if applicable

web_app_resource_id

The resource ID of the web application associated with the serverless function, if applicable

config

The serverless function configuration, if known

enabled

Boolean value indicating if event source mapping is enabled

environment_variable_count

Total count of the number of environment variables

environment_variables

The function's environment variables

publicly_accessible

Denotes if the function can be accessed over the Internet

policy

The policy attached to this serverless function

trusted_accounts

The list of any accounts with a trust relationship with this function, if applicable

class DivvyResource.Resources.serverlessfunction.ServerlessFunction(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Serverless Function Operations

delete(user_resource_id=None)

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

instance

top_level_resource = True

Shared Gallery

Shared Galleries, or Shared Image Gallery in Azure, is a service that helps you build structure and organization around your images and includes capabilities like versioning, grouping, and replication across regions.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the shared gallery resides

name

The name of the shared gallery

gallery_id

The resource ID for the shared gallery

unique_name

The unique name of the shared gallery; this name is generated automatically by the cloud service provider

state

The state of the shared gallery

namespace_id

The fully qualified ID of the resource, including the resource name and resource type

Shared Gallery Image

Shared Gallery Image, or Image Definition in Azure, includes definitions for a logical grouping for versions of an image.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the shared gallery image resides

name

The name of the shared gallery image

image_id

The image ID

os_type

Operating system type (Windows, Linux)

os_state

Operating system state (generalized, specialized)

gallery_resource_id

The resource ID for the shared gallery image

vm_generation

The VM generated from the image versions created from the shared gallery image

publisher

The publisher of the image; used in conjunction with offer and sku to uniquely identify the image

offer

The offer for the image; used in conjunction with publisher and sku to uniquely identify the image

sku

The sku for the image; used in conjunction with publisher and offer to uniquely identify the image

state

The state of the shared gallery image

namespace_id

The fully qualified ID of the resource, including the resource name and resource type

Shared Gallery Image Version

Shared Gallery Image Version, or Azure Image Version, is what you use to create a VM (in Azure this is a Linux virtual machine). You can have multiple versions of an image as needed for your environment.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the shared gallery image version resides

name

The name of the shared gallery image version

version_id

The version ID

gallery_image_resource_id

The resource ID for the associated gallery image

publishing_profile

The publishing profile for the gallery image version, including end of life date, timestamp for when the version is published, the number of replicas of the image version per region, etc.

storage_profile

The storage profile of the gallery image version, including a list of data disk images, the operating disk image, etc.

source_type

Can specify a disk url, snapshot url, or user image

source_resource_id

Can specify a disk url, snapshot url, or user image

state

The state of the shared image gallery version

published_date

The date the shared gallery image version was published

namespace_id

The fully qualified ID of the resource, including the resource name and resource type

SSM Document

A script or document written in JSON or YAML that provides instructions to the Systems Manager for how to interact with your managed instances, e.g., AWS Systems Manager (SSM) Document.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the SSM Document resides

document_id

The unique ID for the SSM Document

document_version

The version of the SSM Document

name

The name of the SSM Document

document_version_name

The name for the version of the SSM Document

document_type

The type of SSM Document (Session, Command, Automation, etc.)

document_format

The format for the SSM Document (JSON, YAML, TEXT)

schema_version

The schema version for the SSM Document

target_type

The kinds of resources the SSM Document can run on

review_status

The current status of the review on the SSM Document

author

The author of the SSM Document

platform_types

The list of OSes that are compatible with the SSM Document

create_time

Timestamp for when the SSM Document was created

Stack Template

Stack Templates, such as AWS Cloud Formation Templates, allow you to code your infrastructure from scratch and deploy from there. This class inherits from Resource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the stack template resides

stack_id

The provider ID of the stack template

name

The name of the stack template

description

The description of the stack template

state

The state of the stack template (CREATE_COMPLETE, ROLLBACK_IN_PROGRESS, etc)

termination_protection

Denotes if termination protection is enabled

create_date

The date and time the stack template was created

update_date

The date and time the stack template was updated

delete_date

The date and time the stack template was deleted

template

JSON field of the stack template

Stream Instance

A Stream Instance is a streaming data service built to offer streaming data pipelines and applications. This compute function makes it easy to continuously collect, process, and deliver streaming data, e.g. Amazon MSK.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the instance is deployed

instance_id

The ID of the instance

name

The name of the instance

arn

The Amazon resource name of the stream instance

instance_type

The type of instance being deployed

instance_flavor_resource_id

The Resource ID of the instance flavor being used

state

The current state of the instance

volume_size_gb

The size of the attached volume, in GB

key_resource_id

The resource ID of the key used for encryption, if known

client_encryption

The type of encryption being used on this instance

cluster_encryption

Boolean value indicating if cluster encryption is enabled

enhanced_monitoring

The level of monitoring for the MSK cluster. The possible values are DEFAULT, PER_BROKER, and PER_TOPIC_PER_BROKER.

nodes

The number of nodes in the cluster

stream_version

The current version of the stream

connect_string

The connection string to use to connect to the Apache ZooKeeper cluster.

create_time

The creation time of the instance

Transcoding Pipeline

A queue that manages media transcoding jobs, e.g., an AWS Elastic Transcoder Pipeline.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which this pipeline resides

pipeline_id

The ID for the pipeline

name

The name of the pipeline

status

The status of the pipeline

arn

The ARN associated with the pipeline

key_resource_id

The provider ID of Encryption Key (if encrypted)

role_resource_id

The Resource ID of the associated service Role, if applicable

output_bucket

The output bucket used by this pipeline

input_bucket

The input bucket used by this pipeline

content_config

Content configuration for jobs submitted to this pipeline

thumbnail_config

Thumbnail configuration for jobs submitted to this pipeline

notifications

Notifications this pipeline sends upon job status changes

Web App

A Web App is a compute function in the form of an application. Web Apps are conceptually similar to a folder, containing environments, versions, and configs that allow users to quickly build, deploy, and scale web apps using popular frameworks in containers or running on any OS. For example Azure App Service, or an AWS Elastic Beanstalk Environment.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the web app is deployed

web_app_id

The cloud provider ID for the web app

web_app_group_resource_id

The resource ID of the web app group, if applicable

name

The name of the web app

app_server_resource_id

The resource ID of the application server, if applicable

app_type

The application type

deployment_slot

Boolean value indicating if the web app is currently deployed

web_app_parent_resource_id

The resource ID of the parent web app, if applicable

platform

The platform architecture the web app is deployed on

network_resource_id

The resource ID of the associated network, if applicable

subnet_resource_id

The resource ID of the associated subnet, if known

default_hostname

The default hostname used by the web app, if applicable

ip_address

The IP address of the web app

https_required

Boolean value indicating if this web app requires HTTPS protocol.

remote_debugging_enabled

Boolean value indicating if remote debugging is enabled

web_sockets_enabled

Boolean value indicating if web sockets are enabled

always_on

Boolean value indicating if the web app is in an always on state

scm_type

Describes the source control management type, if known

ftp_state

Lists the current File Transfer state of the app

http2_enabled

Boolean value indicating if HTTP2 is enabled

net_framework_version

The NET Framework version of the app, if applicable

php_version

The PHP version of the app, if applicable

python_version

The Python version of the app, if applicable

java_version

The Java version of the app, if applicable

java_container

The Java container used by the app, if applicable

java_container_version

The Java container version used by the app, if applicable

runtimes

The software running on the web app (AWS only)

state

The current state of the application

authentication_required

Denotes if the web app requires authentication or not

automatic_patching

Indicates if the web app has automatic patching enabled

client_certificates

The number of client certificates, if known

managed_identity

Boolean value indicating if the web app is utilizing managed identity

role_resource_id

The resource ID of the role associated with the web app, if applicable

last_modified

The time the web app was last modified, if known

Web App Group

A Webb App Group is an application that serves as a container for the environments to run a web app, e.g. an AWS Elastic Beanstalk Application.

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

web_app_group_id

The provider ID of the web app group

name

The name of the web app group

region_name

The region where the web app group is deployed

arn

The Amazon resource name of the web app group

description

The description field of the web app group

creation_timestamp

The creation time of the group, if known

Workspace

Workspaces are virtual desktops, such as AWS Workspaces. This class inherits from TopLevelResource and has direct access to the resourceā€™s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the workspace resides in

workspace_id

The ID of the workspace

name

The name of the workspace

directory_resource_id

The provider ID of the workspace

user_name

The username for the workspace user

ip_address

The IP address of workspace

state

The state of workspace (available, stopped, etc.)

bundle_resource_id

The provider ID of the workspace bundle

subnets

The subnets associated to the workspace

error_message

The error message for the workspace

error_code

The error code for the workspace

computer_name

The computer name given to the workspace

volume_encryption_key

The encryption key for the volume of the workspace

user_volume_encryption_enabled

Denotes if user volume encryption is enabled

root_volume_encryption_enabled

Denotes if root volume encryption is enabled

running_mode

The running mode for workspace (always_on, auto_stop, etc.)

auto_stop_timeout

The auto stop timeout for workspace in minutes

root_volume_size

Root volume size of workspace in GiB

user_volume_size

The user volume size of workspace in Gib

compute_type

The compute type of the workspace (standard, graphics, etc.)

connection_state_check_time

The last time when the connection state was checked

connection_state

The current state of the connection to the workspace

last_connected_user_time

The time a user was last connected

class DivvyResource.Resources.workspace.Workspace(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Workspace Operations

delete(user_resource_id=None)

get_compute_type()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource. Restricts actions by resource state.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(*args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

organization_service_id

reboot()

rebuild()

region_name

start()

stop()

top_level_resource = True

workspace

workspace_id

Updated 16 days ago

Compute Resources


Summaries and Attributes of InsightCloudSec Compute Resources

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.