Resource groups are collections of resources. They simplify cloud automation, management, and permissions at scale. They can be used to apply granular permissions to a subset of your cloud footprint, to improve visibility, and to help apply custom policy.
From the Resource Groups page, accessed from the main menu, you can:
*See a full list of the resource groups you have created
*Access details of resources within each group
*View a summary of each resource group
*Create and delete resource groups.
- To create a resource group, go to the Resource Groups page from the main menu.
- Click on Create Resource Group in the top right corner of the page.
- Give the resource group a name and description. Select Submit.
Creating a Resource Group
- To add resources to your resource group, go to the Resources page via the main menu.
- Click on the type of resource you want to use, then scroll down to the results section which lists the resources of this type.
- In the results section check the box for those resources you wish to add to your resource group, then click the "Add to resource group" icon.
- Select a resource group; include dependencies if you wish. Select Submit.
Adding Resources to a Resource Group
A dependency is any resource that is linked to another. As an example, a resource group is created that includes instances. Selecting 'include dependencies' will also include volumes and and access lists in this resource group.
- Continue selecting resources in this manner until you have selected all the resources you want to include in your resource group.
Multiple Resource Types in Resource Groups
Resource Groups may contain multiple resource types.
- Return to the Resource Groups page from the main menu.
- Click on the name of your resource group; you will see an overview of the resources in the group. The overview includes:
- A percentage breakdown of your resource group by resource type
- A breakdown of resources in your group by region.
Viewing Summary Information for a Resource Group
You can view details of the resources within a specific resource group by selecting the hamburger menu under the "Go to Resources" column on the Resources Group page. This takes you to the Resources page, already scoped for your resource group.
Viewing Details of Resources in a Resource Group
More Details for Resources in Resource Groups
You can also access details of resources within resource groups by accessing the Resources page, and then selecting Scopes, Resource Groups, and selecting the name of the resource group of interest. See also Resources.
Resource groups can be used for scoping resources, insights, and bots. They are particularly useful in defining what resources bots should act upon.
Using Resource Groups With Bot Actions
You must first have a resource group created before running bot actions on that group.
Once you have created a resource group, you can use this group to scope bot actions. See Bot Creation, Step 2, for more information on scoping your bot with your resource group.
Using a Resource Group to Scope a Bot
You can assign bot actions to resource groups in one of two ways: to curate a resource group and to add resources to a resource group.
Curate Resource Group
DivvyCloud ships with a bot action named
Curate Resource Group, which, when added to a bot’s instruction set, assumes responsibility for maintaining the state of the resource group. This action can be used only as a one-to-one relationship between a single bot and single group. The bot will autonomously move resources in and out of the group as needed, based on the configured policy. (See example below.)
Add to Resource Group
On occasion, you may want to use multiple bots to add resources to a group. You can do this using the bot action
Add To Resource Group. As the name implies, this action will only add resources to a group and will not automatically remove resources that no longer apply.
Curate Resource Group Example
In the following Curate Resource Group example, a resource group named
Production Resources is created. This group includes resources with the tag key “environment” and a tag value of “production”. The scope of the bot will be set to look for appropriately-tagged resources across Microsoft Azure, Amazon Web Services, and Google Compute Engine.
- Create a new resource group. Navigate to the Resource Groups section of the tool and create a new resources group called “Production Resources”.
Creating a "Production Resources" Resources Group
- Create a new bot. Click on the Create Bot button and enter the name, description, and category (in this example "Best Practices").
Creating a Bot---Initial Bot Setup
- Configure the bot's scope. The scope defines the resource type(s) and cloud account(s) to be inspected. For this example, scope includes billable resource types---such as instances, database instances (e.g., AWS RDS), volumes, and snapshots---across three cloud accounts. Note: If "Scan All Groups" had been selected, the bot would scan every configured cloud account.
Scoping the Bot
- Configure the bot's conditions. For this example, the bot uses a single condition that inspects resource tags and looks for a single key Environment with a single value Production.
Configuring the Bot's Conditions
- Configure the bot's actions. The action used for this example is Curate Resource. Select that action from the listing and then use the drop-down to select the desired group
Configuring the Bot's Actions
- Choose when the bot will run. For this type of bot, we recommend using resource created and resource modified. The bot will now act any time a new resource is spun up in the cloud, or when its tags are modified. If you select an on-demand scan (enable batch execution), this bot will execute immediately and will look at all selected resources, including those previously discovered.
Choosing When the Bot Will Run
- Save the bot. Once done, you can perform a retroactive scan and, if you have resources that meet the configured conditions, they should show up in the Production Resources group.