DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

IAC Overview

What is Infrastructure as Code (IAC)?

Infrastructure as Code tools allow you to define infrastructure in the cloud by writing code. Rather than deploying or making changes to your infrastructure manually, users can take advantage of the features typically employed in a code development environment. This approach is a significant part of a successful “shift-left” strategy. “Shifting left” is simply the practice of attempting to find and prevent defects earlier in a delivery process, typically in the creation of software. Adopting best practices around things like templates, testing, monitoring, review, and version control allow you to apply these practices to the “code” that defines your infrastructure.

To learn more about the value of IaC in a security context, check our whitepaper Shifting Cloud Security Left with Infrastructure as Code.

What Problems Does DivvyCloud IAC Security Solve?

Treating infrastructure like code enables organizations to plan, review, and examine infrastructure (resources) for misconfigurations prior to creating these resources. By taking advantage of Infrastructure as Code's ability to describe resources without creating them, DivvyCloud’s IaC Security enables organizations to implement security controls earlier in their continuous integration/continuous delivery (CI/CD) pipeline (shifting left) and provides an opportunity to address compliance and security concerns before deployment or modifications are made to your cloud infrastructure.

How Does DivvyCloud’s IaC Feature Work?

DivvyCloud’s IaC allows users to pull in preconfigured infrastructure templates. Templates are analyzed against Insights, with specific feedback about violations, to determine compliance before infrastructure is deployed.

By taking advantage of the extensive library of existing DivvyCloud Insights, users can get started quickly and see immediate value by analyzing resources before deployment using our built-in Insight Packs or customer-created Insight packs.

What is Supported?

DivvyCloud’s IaC Security supports a variety of resource types for Terraform 0.12. You can analyze supported resources for each of the three major public cloud service providers (CSPs): Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Supported Templates
Terraform - 0.11, 0.12, 0.13, 0.14

When creating an IaC Security configuration, the configuration page informs you of any limitations in resource support.

  • Fully Supported - resources are fully supported for IaC analysis on all three CSPs
  • Partial Support - resources are not supported for certain CSPs; these will be specifically identified
  • Unsupported - resources specific to this Insight are not supported on any of the CSPs

Supported Resources

Currently all resources are supported using Terraform. Additional supported formats are in development and will be updated when they are available.

AMI (Private)
API Gateway
API Gateway Domain
API Gateway Key
API Gateway Stage
CloudFront
CloudTrail
CodeBuild Project
Container Registry (ECR)
DataSync Task
DMS Replication Instance
DynamoDB
EBS Volume
EC2 Instance
EFS/FSx
EKS/ECS/Fargate Cluster
Elastic Network Interface (ENI)
ElastiCache
Elasticsearch
Flow Log (VPC)
IAM Group
IAM Policy (Customer Managed)
IAM Role
IAM User
IAM/ACM SSL Certificate
Kinesis
KMS
Lambda
Load Balancer (ELB/ALB/NLB/Gateway)
MQ
MSK Instance
NACL/Security Group
NACL/Security Group Rules
NAT Gateway (VPC)
RDS Aurora, Neptune, DocumentDB
RDS Database, Neptune, DocumentDB
Redshift
Route53 DNS Zone
S3 Bucket
Sagemaker Notebook
Simple Queue Service (SQS)
SNS Topic
VPC
VPC Peer
VPC Subnet
Azure Cosmos DB
Azure Firewall Rule
Blob Storage Container
Container Registry
Data Factory
Data Lake Storage Gen1
Dedicated Host
Disk
Key Vault
Kubernetes Service
Network Interface
Network Security Group
Public IP Address
Redis Cache
Resource Group
Search Service
Security Rules
SQL Server, Azure Database for PostgreSQL/MySQL/MariaDB
Storage Account
Subnet
Virtual Machine
Virtual Network
Cloud KMS CryptoKey
Cloud NAT
Cloud SQL
Cloud Storage
GKE
Instance
Network Firewall
Persistent Disk
Pub/Sub Subscription
Pub/Sub Topic
Role Permission Set
Subnet
VPC

In addition, IaC Security supports scanning existing DivvyCloud resources, through our Dynamic Analysis capability. You can read more about that on our Viewing Scan Results page here.

Prerequisites

There are a few things you will need to have available and configured before using IaC. These items include:

  • A running DivvyCloud Platform
  • DivvyCloud Domain Admin permissions (only domain admins can create/edit IaC configs)
  • A working understanding of Terraform and Terraform templates
  • An existing version-controlled repository of Terraform templates
    • Currently we support TF 0.12, but we are actively testing additional versions. If you have questions on versioning contact us at [email protected]
  • An existing integration between version control & CI/CD

📘

Configuring External Tooling

In addition, we provide a summary of some assumptions we make about your external tooling configuration. You can read about those details on the Getting Started with IAC Security page here.

Updated 25 days ago


IAC Overview


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.