Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

Government Cloud Support Reference

This page has moved

For up-to-date information about AWS Government Cloud Support, go to Government Cloud Overview and Support.

For InsightCloudSec customers interested in details about the configuration of cloud services within the Government Cloud (GovCloud) space, we have created this section of our documentation to organize all GovCloud-specific details.

AWS GovCloud Support

AWS GovCloud Policies

InsightCloudSec offers several different AWS policies for harvesting resource information found in your AWS accounts and enabling InsightCloudSec features. Our universal onboarding experience will implement the appropriate policies automatically, so there's no need for AWS GovCloud-specific policies. Review AWS Policies for details.

AWS GovCloud Supported Deployment Regions

InsightCloudSec can only be deployed in AWS. For self-hosted customers, InsightCloudSec can be exclusively deployed/hosted in AWS GovCloud, if you so choose. For SaaS customers reach out to support for additional details on deployment.

AWS GovCloud Supported Services

Listed below are all of the AWS GovCloud services (and their components) supported by InsightCloudSec. In general if a service is supported by InsightCloudSec for GovCloud, we support it in any region in which the CSP provides the service. If you have questions related to AWS or specific services and their support, contact us through the Customer Support Portal.


text
1
Amazon API Gateway (Domain, Key, Stage, Usage Plans)
2
Amazon DocumentDB
3
Amazon QuickSight
4
Amazon SageMaker (Notebook, Training job)
5
Amazon Simple Email Service (Configuration sets, Rules)
6
Amazon Redshift (Snapshot)
7
Amazon Transcription
8
AppStream 2.0
9
Athena (Workgroup)
10
AWS Auto Scaling (Group)
11
AWS Backup (gateway, Vault)
12
AWS Glue (Data Catalog, Database, Security Configuration)
13
AWS Health Dashboard
14
AWS Organizations
15
Batch (Compute Environment)
16
Certificate Manager (Private Certificate Authority)
17
CloudFormation (Templates)
18
CloudFront
19
CloudHSM
20
CloudTrail
21
CloudWatch (Alarm, Log Group)
22
Database Migration Service (Endpoint, Replication Instance)
23
DynamoDB
24
EC2 (Amazon EBS Snapshot, Amazon EBS Volume,Instance, Launch Template, Reserved Instance, Resource/Service Limit/Quota, Savings Plans, SSH Key Pairs)
25
EFS
26
Elastic Beanstalk (Application, Environment)
27
Elastic Container Registry (Container Registry)
28
Elastic Container Service/Fargate
29
Elastic Kubernetes Service (Node Group)
30
Elastic Load Balancer (Application Load Balancer, Gateway Load Balancer, Network Load Balancer)
31
ElastiCache (Snapshot)
32
EMR
33
FSx
34
Global Accelerator
35
IAM (Cloud Account, Group, Policy (Customer Managed), Role, User, User Access Key)
36
Key Management Service
37
Kinesis
38
Lambda (Layer)
39
Neptune
40
OpenSearch Service
41
RDS (Aurora, Cluster, Event Subscription, Instance, fSnapshot)
42
Region
43
Route 53
44
S3 (Access Point)
45
SAML Identity Provider
46
Secrets Manager (Secret)
47
Simple Queue Service
48
Simple Notification Service (Subscription, Topic)
49
Step Function State Machine
50
Storage Gateway
51
Systems Manager (Document)
52
Trusted Advisor
53
VPC (Elastic IP, Elastic Network Interface (ENI), Flow Log, Internet Gateway, NACL/Security Group, NACL/Security Group Rules, NAT Gateway, Peer, Route Table, Subnet)
54
WAF
55
WorkSpaces (Instances)

Azure GovCloud Support

Azure GovCloud Roles

🚧 Organization Support
Currently, InsightCloudSec does not offer Organization onboarding support for Azure GovCloud.

For Azure GovCloud accounts, there are two role options (excluding Azure's built-in roles):

Azure GovCloud Custom Reader User Role
Azure GovCloud Power User Role

Azure GovCloud Custom Reader User Role

If you are interested in operating in read-only mode, which prevents InsightCloudSec from taking actions against your Microsoft Azure GovCloud resources, then we recommend using the Azure GovCloud Custom Reader User role. This role grants InsightCloudSec read-only permissions to supported resources so data is harvested and available for reporting. **Using this role means you must manually update the role with each new Azure GovCloud service that InsightCloudSec supports. **

The role JSON can be obtained from our public S3 bucket. Note: The JSON file includes a placeholder value for the subscription ID. This placeholder value will need to be replaced before implementing the role.

Azure GovCloud Power User Role

If you would like to use InsightCloudSec to manage your Microsoft Azure GovCloud resources directly or through the use of Bots, then use the InsightCloudSec Azure GovCloud Power User role. The InsightCloudSec Azure GovCloud Power User role will grant InsightCloudSec all permissions to supported resources so it can act upon cloud resources in addition to monitoring and reporting on them. **Using this role means you must manually update the role with each new Azure GovCloud service that InsightCloudSec supports. **

Azure GovCloud Supported Regions


text
1
usgovarizona
2
usgoviowa
3
usgovtexas
4
usgovvirginia

Azure GovCloud Supported Services

Listed below are all of the Azure GovCloud services (and their components) supported by InsightCloudSec. For resource support, in general if a resource is supported by InsightCloudSec for GovCloud, we support it in any region in which the CSP provides the resource. If you have questions related to Azure or specific services and their support, contact us through the Customer Support Portal.


text
1
Activity log (Alerts)
2
API Management services
3
App Registration
4
App Services
5
App Service plans
6
Application credentials
7
Application gateways
8
Automation Account
9
Azure Blob Storage
10
Azure Cache for Redis
11
Azure Cosmos DB
12
Azure Database for PostgreSQL/MySQL/MariaDB
13
Azure Databricks
14
Azure Files
15
Azure Synapse Analytics
16
Batch (Accounts, Pools)
17
Bot services
18
CDN profile
19
Cognitive Services (Azure OpenAI, Computer vision, Content moderator, Language service, Language understanding (classic), Personalizer, Speech service, Translator)
20
Container instances
21
Container registries (Container Image)
22
Compute/Network Usage Limit
23
Data factories
24
Dedicated SQL pools
25
DDoS protection plans
26
Diagnostic settings
27
Disks
28
DNS zones
29
Event Grid (Topics)
30
Event Hubs
31
ExpressRoute circuits
32
Firewall (Rule, Rule Collection)
33
Front Doors
34
Function App
35
HDInsight clusters
36
IP Groups
37
Kubernetes services
38
Load balancers
39
Log Analytics workspaces
40
Logic apps
41
Management groups
42
Microsoft Defender for Cloud (Security posture recommendations)
43
Microsoft Entra ID (Group, Service Principal, User)
44
NAT gateways
45
Network interfaces
46
Network security groups (Flow Logs, Security Rules)
47
Peerings
48
Policy (Definitions)
49
Private Link services
50
Public IP addresses
51
Region
52
Resource groups
53
Role Definition
54
Route tables (Route)
55
Service Bus (Queue)
56
Service Fabric clusters
57
Shared Image Gallery (Image Definition, Image Version)
58
SQL Servers
59
SSL Certificate
60
Storage accounts
61
Storage Sync Services
62
Subscriptions
63
Traffic Manager
64
Virtual machine (Dedicated Host, Image)
65
Virtual machine scale sets
66
Virtual network (Private Endpoint, Service Endpoint, Service Endpoint Policy Subnet)
67
Virtual network gateway

Did this page help you?

Getting Started

Welcome to InsightCloudSec