FinalDivvyCloud

Resource Groups

Resource groups are collections of resources. They simplify cloud automation, management, and permissions at scale. They can be used to apply granular permissions to a subset of your cloud footprint, to improve visibility, and to help apply custom policy.

From the Resource Groups page, accessed from the main menu, you can:

*See a full list of the resource groups you have created

*Access details of resources within each group

*View a summary of each resource group

*Create and delete resource groups.

Creating a Resource Group

  1. To create a resource group, go to the Resource Groups page from the main menu.
  2. Click on Create Resource Group in the top right corner of the page.
  3. Give the resource group a name and description. Select Submit.
Creating a Resource Group

Creating a Resource Group

  1. To add resources to your resource group, go to the Resources page via the main menu.
  2. Click on the type of resource you want to use, then scroll down to the results section which lists the resources of this type.
  3. In the results section check the box for those resources you wish to add to your resource group, then click the "Add to resource group" icon.
  4. Select a resource group; include dependencies if you wish. Select Submit.
Adding Resources to a Resource Group

Adding Resources to a Resource Group

Dependencies

A dependency is any resource that is linked to another. As an example, a resource group is created that includes instances. Selecting 'include dependencies' will also include volumes and and access lists in this resource group.

  1. Continue selecting resources in this manner until you have selected all the resources you want to include in your resource group.

Multiple Resource Types in Resource Groups

Resource Groups may contain multiple resource types.

  1. Return to the Resource Groups page from the main menu.
  2. Click on the name of your resource group; you will see an overview of the resources in the group. The overview includes:
  3. A percentage breakdown of your resource group by resource type
  4. A breakdown of resources in your group by region.
Viewing Summary Information for a Resource Group

Viewing Summary Information for a Resource Group

You can view details of the resources within a specific resource group by selecting the hamburger menu under the "Go to Resources" column on the Resources Group page. This takes you to the Resources page, already scoped for your resource group.

Viewing Details of Resources in a Resource Group

Viewing Details of Resources in a Resource Group

More Details for Resources in Resource Groups

You can also access details of resources within resource groups by accessing the Resources page, and then selecting Scopes, Resource Groups, and selecting the name of the resource group of interest. See also Resources.

Using Resource Groups

Resource groups can be used for scoping resources, insights, and bots. They are particularly useful in defining what resources bots should act upon.

Running Bot Actions on Resource Groups

Using Resource Groups With Bot Actions

You must first have a resource group created before running bot actions on that group.

Once you have created a resource group, you can use this group to scope bot actions. See Bot Creation, Step 2, for more information on scoping your bot with your resource group.

Using a Resource Group to Scope a Bot

Using a Resource Group to Scope a Bot

Resource Group Curation

You can assign bot actions to resource groups in one of two ways: to curate a resource group and to add resources to a resource group.

Curate Resource Group
DivvyCloud ships with a bot action named Curate Resource Group, which, when added to a bot’s instruction set, assumes responsibility for maintaining the state of the resource group. This action can be used only as a one-to-one relationship between a single bot and single group. The bot will autonomously move resources in and out of the group as needed, based on the configured policy. (See example below.)

Add to Resource Group
On occasion, you may want to use multiple bots to add resources to a group. You can do this using the bot action Add To Resource Group. As the name implies, this action will only add resources to a group and will not automatically remove resources that no longer apply.

Curate Resource Group Example
In the following Curate Resource Group example, a resource group named Production Resources is created. This group includes resources with the tag key “environment” and a tag value of “production”. The scope of the bot will be set to look for appropriately-tagged resources across Microsoft Azure, Amazon Web Services, and Google Compute Engine.

  1. Create a new resource group. Navigate to the Resource Groups section of the tool and create a new resources group called “Production Resources”.
Creating a "Production Resources" Resources Group

Creating a "Production Resources" Resources Group

  1. Create a new bot. Click on the Create Bot button and enter the name, description, and category (in this example "Best Practices").
Creating a Bot---Initial Bot Setup

Creating a Bot---Initial Bot Setup

  1. Configure the bot's scope. The scope defines the resource type(s) and cloud account(s) to be inspected. For this example, scope includes billable resource types---such as instances, database instances (e.g., AWS RDS), volumes, and snapshots---across three cloud accounts. Note: If "Scan All Groups" had been selected, the bot would scan every configured cloud account.
Scoping the Bot

Scoping the Bot

  1. Configure the bot's conditions. For this example, the bot uses a single condition that inspects resource tags and looks for a single key Environment with a single value Production.
Configuring the Bot's Conditions

Configuring the Bot's Conditions

  1. Configure the bot's actions. The action used for this example is Curate Resource. Select that action from the listing and then use the drop-down to select the desired group Production Resources.
Configuring the Bot's Actions

Configuring the Bot's Actions

  1. Choose when the bot will run. For this type of bot, we recommend using resource created and resource modified. The bot will now act any time a new resource is spun up in the cloud, or when its tags are modified. If you select an on-demand scan (enable batch execution), this bot will execute immediately and will look at all selected resources, including those previously discovered.
Choosing When the Bot Will Run

Choosing When the Bot Will Run

  1. Save the bot. Once done, you can perform a retroactive scan and, if you have resources that meet the configured conditions, they should show up in the Production Resources group.