DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

IAC Overview

What is Infrastructure as Code (IAC)?

Infrastructure as Code tools allow you to define infrastructure in the cloud by writing code. Rather than deploying or making changes to your infrastructure manually, users can take advantage of the features typically employed in a code development environment. This approach is a significant part of a successful “shift-left” strategy. “Shifting left” is simply the practice of attempting to find and prevent defects earlier in a delivery process, typically in the creation of software. Adopting best practices around things like templates, testing, monitoring, review, and version control allow you to apply these practices to the “code” that defines your infrastructure.

To learn more about the value of IaC in a security context, check our whitepaper Shifting Cloud Security Left with Infrastructure as Code.

What Problems Does DivvyCloud IAC Security Solve?

Treating infrastructure like code enables organizations to plan, review, and examine infrastructure (resources) for misconfigurations prior to creating these resources. By taking advantage of Infrastructure as Code's ability to describe resources without creating them, DivvyCloud’s IaC Security enables organizations to implement security controls earlier in their continuous integration/continuous delivery (CI/CD) pipeline (shifting left) and provides an opportunity to address compliance and security concerns before deployment or modifications are made to your cloud infrastructure.

How Does DivvyCloud’s IaC Feature Work?

DivvyCloud’s IaC allows users to pull in preconfigured infrastructure templates. Templates are analyzed against Insights, with specific feedback about violations, to determine compliance before infrastructure is deployed.

By taking advantage of the extensive library of existing DivvyCloud Insights, users can get started quickly and see immediate value by analyzing resources before deployment using our built-in Insight Packs or customer-created Insight packs.

What is Supported?

DivvyCloud’s IaC Security supports a variety of resource types for Terraform 0.12. You can analyze supported resources for each of the three major public cloud service providers (CSPs): Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

When creating an IaC Security configuration, the configuration page informs you of any limitations in resource support.

  • Fully Supported - resources are fully supported for IaC analysis on all three CSPs
  • Partial Support - resources are not supported for certain CSPs; these will be specifically identified
  • Unsupported - resources specific to this Insight are not supported on any of the CSPs

📘

Supported Resources

A complete list of supported resources is available for existing customers. Reach out to our team via [email protected] for details.

In addition, IaC Security supports scanning existing DivvyCloud resources, through our Dynamic Analysis capability. You can read more about that on our Viewing Scan Results page here.

Prerequisites

There are a few things you will need to have available and configured before using IaC. These items include:

  • A running DivvyCloud Platform
  • DivvyCloud Domain Admin permissions (only domain admins can create/edit IaC configs)
  • A working understanding of Terraform and Terraform templates
  • An existing version-controlled repository of Terraform templates
    • Currently we support TF 0.12, but we are actively testing additional versions. If you have questions on versioning contact us at [email protected]
  • An existing integration between version control & CI/CD

📘

Configuring External Tooling

In addition, we provide a summary of some assumptions we make about your external tooling configuration. You can read about those details on the Getting Started with IAC Security page here.

Updated 13 days ago


IAC Overview


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.