InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

IaC Security Overview

An Overview of the InsightCloudSec Infrastructure as Code (IaC) Capability

What is Infrastructure as Code (IaC)?

Infrastructure as Code tools allow you to define infrastructure in the cloud by writing code. Rather than deploying or making changes to your infrastructure manually, users can take advantage of the features typically employed in a code development environment. This approach is a significant part of a successful “shift-left” strategy. “Shifting left” is simply the practice of attempting to find and prevent defects earlier in a delivery process, typically in the creation of software. Adopting best practices around things like templates, testing, monitoring, review, and version control allow you to apply these practices to the “code” that defines your infrastructure.

To learn more about the value of IaC in a security context, check our whitepaper Shifting Cloud Security Left with Infrastructure as Code.

How can InsightCloudSec Integrate with IaC?

Treating infrastructure like code enables organizations to plan, review, and examine infrastructure (resources) for misconfigurations prior to creating these resources. By taking advantage of IaC's ability to describe resources without creating them, the IaC Security feature of InsightCloudSec enables organizations to implement security controls earlier in their continuous integration/continuous delivery (CI/CD) pipeline (shifting left). It also provides an opportunity to address compliance and security concerns before deployment or modifications are made to your cloud infrastructure. IaC Security is able to leverage the extensive Insights library so users can get started quickly and see immediate value using InsightCloudSec built-in Insight packs or customer-created Insight packs.

How Does InsightCloudSec IaC Security Work?

IaC Security employs the IaC Analyzer to analyze, or scan, your preconfigured infrastructure templates against Insight packs to gain specific feedback about violations and determine compliance before infrastructure is deployed. Each scan can be performed ad-hoc or in an automated fashion via a CI/CD pipeline integration and will generate a detailed report of the results.

What is Supported?

IaC Security supports a variety of resource types for the following IaC templating software (also known as drivers):

  • AWS CloudFormation
  • Terraform

AWS CloudFormation

InsightCloudSec recognizes AWS CloudFormation templates. Review AWS CloudFormation Supported Resources for a full list of supported AWS resources.

Terraform

InsightCloudSec recognizes Terraform templates written using Terraform versions 0.11, 0.12, 0.13, and 0.14. Review Terraform Supported Resources for a full list of supported resources.

Prerequisites

There are a few things you will need to have available and configured before using IaC Security:

  • A running InsightCloudSec Platform
  • A working implementation and understanding of the desired supported IaC templating software
  • Optional: IaC scan authentication enabled

Note: While any type of user can access IaC Security, only Domain Admins, Organization Admins, and Editor/Admin-entitled users can create/edit IaC Configurations. See the User Entitlements Matrix for more information.

If you have questions related to these requirements, reach out to us through any of the options provided on our Getting Support page.

External Tooling

To leverage the full capability of the InsightCloudSec IaC functionality and compliance automation at scale, you'll need the following items in addition to the above prerequisites:

  • An API Key
  • An existing version-controlled repository of the templates
  • An existing integration between the version-controlled repository & a CI/CD tool, e.g., Jenkins, Travis, etc.
  • The capacity for your CI/CD pipeline to create an IaC template and send API requests to InsightCloudSec

Scan Authentication

To enable authentication for your IaC scans, in the InsightCloudSec platform UI navigate to "Administration --> System Administration" and on the "System" tab under the "General Settings", look for the checkbox at the end of the section to enable/disable authentication requirements.

More details about this section of product are available under System Settings.

Updated 2 months ago

IaC Security Overview


An Overview of the InsightCloudSec Infrastructure as Code (IaC) Capability

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.