Resource Type Categories

The capabilities of InsightCloudSec rely on the information gathered about your cloud resources. Within the InsightCloudSec platform, Resources are organized under a single landing page and grouped under six resource type categories.

Those categories are:

Resource type matrix
Resource TypeCategoryAmazon Web Services (AWS)AWS GovCloudMicrosoft AzureGoogle Cloud Platform (GCP)Alibaba CloudKubernetesOracle (OCI)
Access AnalyzerIdentity & ManagementAWS IAM Access Analyzer
Access ListNetworkNACL / Security GroupNACL / Security GroupNetwork Security GroupNetwork FirewallSecurity GroupNetwork Security Group/Security List
Access List Flow LogNetworkNSG (Network Security Group) Flow Log
Access List RuleNetworkRulesRulesSecurity RulesFirewall RulesRulesNetwork Security Group Rule/Security List Rule
Activity Log AlertIdentity & ManagementActivity Log Alert
Airflow EnvironmentComputeManaged Airflow EnvironmentCloud Composer
API Access KeyIdentity & ManagementAccess key IDAccess key IDApplication CredentialsService Account KeyAccess Key ID
API Accounting ConfigIdentity & ManagementCloudTrailCloudTrailN/ALogs StorageActionTrail
API Key Usage PlanNetworkAPI Key Usage PlanAPI Key Usage Plan
App ConfigurationComputeApp Configuration
App Engine ServiceComputeApp Engine Service
App Engine Service VersionComputeApp Engine Service Version
App Run ServiceContainersAWS App RunnerCloud Run
App ServerComputeApp Service Plan
App Stream FleetComputeAppStream 2.0AppStream 2.0
Application GatewayNetworkAPI GatewayAPI Management Service
Application Gateway DomainNetworkAPI Gateway Domain
Application KeyNetworkAPI Gateway Key
Application StageNetworkAPI Gateway Stage
Artifact RegistryContainersArtifact Registry
Automation AccountMachine Learning & AIAutomation Account
Autoscaling GroupComputeAutoscaling GroupAutoscaling GroupVirtual Machine Scale SetsAutoscalersN/A
Autoscaling Launch ConfigurationComputeLaunch ConfigurationsN/AN/AN/AN/A
Azure PolicyIdentity & ManagementAzure Policy
Backend ServicesComputeLoad Balancer Backend Services
Backup GatewayStorageBackup GatewayBackup Gateway
Backup VaultStorageBackup VaultN/A
Bastion HostNetworkBastion Host
Batch EnvironmentComputeBatch Compute EnvironmentBatch Compute EnvironmentBatch Account
Batch PoolComputeBatch Pool
Bedrock Training JobMachine Learning & AIBedrock Job
Big Data InstanceComputeRedshiftRedshift
Big Data Serverless NamespaceComputeRedshift Serverless Namespace
Big Data Serverless WorkgroupComputeRedshift Serverless Workgroup
Big Data SnapshotStorageRedshift SnapshotRedshift SnapshotN/AN/AN/A
Big Data WorkspaceComputeAzure Synapse
Bot ServiceMachine Learning & AIBot Service
Build ProjectComputeCodeBuild ProjectCodeBuild
Business Intelligence SubscriptionIdentity & ManagementQuickSightQuickSightN/A
Cache Database ClusterComputeMemoryDBMemoryDB
Cache InstanceComputeElastiCacheElasticacheAzure RedisMemorystoreAsparaDB for Redis
Cache SnapshotStorageElastiCache SnapshotRedis Snapshot
Cassandra TableStorageKeyspaces TableKeyspaces Table
Cloud Access PointIdentity & ManagementS3 Access PointS3 Access Point
Cloud AccountIdentity & ManagementCloud AccountCloud AccountCloud SubscriptionProjectCloud AccountCloud Tenancy
Cloud Advisor CheckIdentity & ManagementTrusted AdvisorTrusted AdvisorSecurity Command Center BaselineN/A
Cloud AlarmIdentity & ManagementCloudWatch AlarmCloudWatch AlarmN/AN/AN/A
Cloud AppIdentity & ManagementAzure App Registration
Cloud CredentialsIdentity & ManagementAPI Keys
Cloud DatasetStorageBigQuery Dataset
Cloud Domain GroupIdentity & ManagementN/AN/AN/ADomain Groups
Cloud Domain UserIdentity & ManagementN/AN/ADomain Users
Cloud Event BusIdentity & ManagementCloudWatch/Event Bridge Event BusCloudWatch/Event Bridge Event Bus
Cloud Event RuleIdentity & ManagementCloudWatch RuleCloudWatch Rule
Cloud Global Access PointStorageS3 Multi-Region Access Point
Cloud GroupIdentity & ManagementIAM GroupIAM GroupGroupGroupRAM GroupGroup
Cloud LimitIdentity & ManagementLimitLimitLimitLimitN/A
Cloud Log DestinationIdentity & ManagementCloudWatch Logs DestinationsCloudWatch Logs Destinations
Cloud OutpostIdentity & ManagementOutpost
Cloud PolicyIdentity & ManagementIAM PolicyIAM PolicyPolicyRole Permission SetRAM Policy
Cloud RegionIdentity & ManagementRegionRegionRegionRegionRegionRegion
Cloud Resource GroupIdentity & ManagementAzure Resource Group
Cloud RoleIdentity & ManagementIAM RoleIAM RoleRoleService AccountRAM Role
Cloud Role AssignmentIdentity & ManagementAzure Role Assignment
Cloud Service CostIdentity & ManagementConsolidated BillConsolidated BillN/ABilling Export
Cloud UserIdentity & ManagementIAM UserIAM UserUserUserRAM UserUser
Cluster RoleContainersCluster Role
ClustersContainersEKS/ECS/Fargate ClusterEKS/ECS/Fargate ClusterKubernetes ServiceGKEKubernetes ClusterKubernetes Cluster
Code RepositoryIdentity & ManagementCode CommitCode Commit
Cognitive SearchMachine Learning & AICognitive Search
Cold StorageStorageGlacierN/AN/AN/AN/A
CollaborationIdentity & ManagementClean RoomsClean Rooms
Computer VisionMachine Learning & AIComputer Vision
ConfigIdentity & ManagementAWS ConfigAWS Config
Config MapContainersConfig MapConfig Map
Connect InstanceComputeAmazon ConnectAmazon Connect
Container ImageContainersContainer Image (ECR)Container Image (ECR)Container ImageContainer Image
Container InstancesContainersContainer Instance (ECS)Container Instance (ECS)Azure Container InstanceNode Instance
Container Node GroupContainersEKS Node GroupEKS Node Group
Container RegistryContainersContainer Registry (ECR)Container Registry (ECR)Container Registry
Container ServiceContainersECS ServiceECS Service
ContainersContainersContainerContainerContainer
Content Delivery NetworkNetworkCloudFrontCloudFrontCDN Profile, Front Door (Standard/Premium)Cloud CDNN/A
Content ModeratorMachine Learning & AIContent Moderator
Control PlaneContainersControl Plane
Control Tower ControlIdentity & ManagementControl Tower ControlControl Tower Control
Control Tower Landing ZoneIdentity & ManagementControl Tower Landing ZoneControl Tower Landing Zone
Cron JobsContainersCron Jobs
DaemonSetContainersDaemonSet
Data Analytics WorkspaceStorageAthena WorkgroupAthena Workgroup
Data FactoryStorageAzure Data FactoryData Fusion
Data StreamStorageKinesisKinesisEvent Hub NamespaceN/AN/A
Data Sync TaskStorageDataSync Task
DatabaseComputeN/AN/ASQL Database / Dedicated SQL PoolCloud SQL Database
Database ClusterComputeRDS Database, Neptune, DocumentDB
Database Event SubscriptionComputeRDS Event Subscription
Database InstanceComputeRDS Database, Neptune, DocumentDBRDS DatabaseAzure Database for Postgres/MySQL/MariaDBCloud SQLAsparaDB for RDSMySQL DB System/Autonomous Data Warehouse
Database Migration InstanceStorageDMS Replication InstanceDMS Replication Instance
Database Migration EndpointNetworkDMS EndpointDMS Endpoint
Database ProxyStorageRDS Database ProxyRDS Database Proxy
Database SnapshotStorageRDS SnapshotRDS SnapshotN/ACloud SQL BackupRDS Snapshot
Databricks WorkspaceStorageDatabricks Workspace
Dataflow JobComputeDataflow Jobs
DDoS ProtectionNetworkShieldDDoS Protection
Delivery StreamStorageFirehoseN/AN/AN/A
Deployments/TasksContainersContainer Pod (ECS/Fargate)Deployment
Diagnostic SettingsIdentity & ManagementDiagnostic Settings
Direct ConnectNetworkDirect ConnectExpress Route CircuitCloud Interconnect
Directory ServiceIdentity & ManagementAWS Directory Service
Distributed TableComputeDynamoDBDynamoDBAzure CosmosDBN/AN/ANoSQL Database
Distributed Table ClusterComputeDynamo DB Accelerator (DAX)N/ABigtableN/A
DLP JobComputeDLP Inspection Job
DNS DomainIdentity & ManagementRoute53 DomainCloud Domain
DNS ZoneNetworkRoute53 DNS ZoneDNS ZoneDNS ZoneN/A
Elastic ClusterStorageDocumentDB Elastic
Elasticsearch InstanceComputeOpenSearchOpenSearchN/AN/AN/A
Elasticsearch Serverless CollectionComputeOpenSearch Collection
Email Service ConfigComputeSimple Email Service Configuration Set (SES)Simple Email Service Configuration Set (SES)
Email Service DomainComputeSimple Email Service (SES)Simple Email Service (SES)N/AN/AN/A
Email Service RuleComputeSimple Email Service Rule (SES)Simple Email Service Rule (SES)
Encryption KeyIdentity & ManagementKMSKMSKey Vault KeyCloud KMS CryptokeyKMS KeyMaster Encryption Key
Encryption Key VaultIdentity & ManagementKey VaultCloud KMS KeyringVault
ETL ConnectionStorageGlue ConnectionGlue Connection
ETL CrawlerStorageGlue CrawlerGlue Crawler
ETL Data CatalogStorageGlue Data CatalogGlue Data Catalog
ETL DatabaseStorageGlue DatabaseGlue Database
ETL JobStorageGlue JobGlue Job
ETL Security ConfigurationStorageGlue Security ConfigurationGlue Security Configuration
Event Grid SubscriptionComputeEvent Grid Subscription
Event Grid System TopicComputeEvent Grid System Topic
Event Grid TopicComputeEvent Grid Topic
Event SubscriptionComputeRDS Event SubscriptionRDS Event Subscription
Federated GroupIdentity & ManagementFederated Azure AD Group
Federated UserIdentity & ManagementFederated Azure AD User
File ShareStorageNFS/SMB File Gateway Share
Forwarding RulesNetworkLoad Balancer Forwarding Rules
Gatekeeper ConstraintContainersConstraint
Gatekeeper ConstraintTemplateContainersConstraintTemplate
Global Load BalancerNetworkGlobal AcceleratorGlobal AcceleratorFront Door
GraphQL APIStorageAppSync APIN/A
HSM ClusterComputeCloudHSMCloudHSM
HypervisorComputeDedicated InstanceDedicated InstanceDedicated HostN/AN/A
Identity ProviderIdentity & ManagementSAML Identity ProviderIdentity Platform Provider
IngressContainersN/AN/AIngress
InstanceComputeEC2 InstanceEC2 InstanceVirtual MachineCompute EngineECS InstanceInstance
Internet GatewayNetworkInternet GatewayInternet GatewayN/AN/AN/A
JobsContainersJobs
K8S SecretContainersSecret
Language ServiceMachine Learning & AILanguage Service
Launch TemplateComputeLaunch TemplateLaunch Template
LightsailComputeAmazon LightsailN/A
Load BalancerNetworkLoad Balancer (ELB/ALB/NLB/Gateway)ELB/ALB/NLBLoad Balancer/Application GatewayLoad BalancerN/A
Logic AppComputeLogic App
Log Analytics WorkspaceIdentity & ManagementLog Analytics Workspace
Log GroupIdentity & ManagementCloudWatch Log Group
Lookout ProjectIdentity & ManagementLookout Equipment/Metrics/VisionN/A
LUIS APIMachine Learning & AILUIS API
Machine Learning InstanceMachine Learning & AISagemaker NotebookSagemaker NotebookAI Platform Notebook
Machine Learning Training JobMachine Learning & AISagemaker Training jobSagemaker Training Job
MapReduce ClusterComputeElastic Mapreduce (EMR)Elastic Mapreduce (EMR)HDInsight ClusterDataprocN/A
Message Broker InstanceComputeMQ
Message QueueComputeSimple Queue Service (SQS)Simple Queue Service (SQS)Service Bus QueueN/AN/A
Message Queue NamespaceComputeService Bus
Mutating Webhook ConfigurationContainersMutating Webhook Configuration
NamespaceContainersNamespace
NAT GatewayNetworkNAT Gateway (VPC)N/ANAT GatewayCloud NATN/A
NetworkNetworkVPCVPCVirtual NetworkVPCVCN
Network Address GroupNetworkManaged Prefix ListManaged Prefix ListIP Group
Network EndpointNetworkVPC Endpoint/PrivateLinkService Endpoint/Service Endpoint Policy/Private Endpoint
Network Endpoint ServiceNetworkVPC Endpoint ServicePrivate Link Service
Network FirewallNetworkNetwork FirewallNetwork FirewallAzure Firewall
Network Firewall RuleNetworkAzure Firewall Rule
Network Firewall Rule ListNetworkAzure Firewall Rule Collection
Network Flow LogNetworkVPC Flow Log (VPC)VPC Flow Log (VPC)Logging Bucket
Network InterfaceNetworkNetwork InterfaceNetwork InterfaceNetwork InterfaceNetwork InterfaceNetwork InterfaceVCS Interface
Network PeerNetworkVPC PeerVPC PeerPeeringsNetwork PeerN/A
Network PolicyContainersNetwork Policy
Notification SubscriptionComputeSNS SubscriptionSNS SubscriptionN/APub / Sub SubscriptionN/ASubscription
Notification TopicComputeSNS TopicSNS TopicN/APub / Sub TopicN/ATopic
Open AIMachine Learning & AIOpen AI
Persistent VolumeContainersPersistent Volume
PersonalizerMachine Learning & AIPersonalizer
Pod Security PoliciesContainersPod Security Policy
PodsContainersTask Definition (ECS)Pod
Private ImageComputeAMI (Private)AMI (Private)ImageImageImage
Private SubnetNetworkVPC SubnetVPC SubnetSubnetSubnetVSwitchVCN Subnet
Public IPNetworkElastic IPElastic IPReserved IPReserved IPElastic IPPublic IP
Query Log ConfigNetworkRoute53 ResolverRoute53 Resolver
RecommendationIdentity & ManagementUnattended Project Recommendations
Recommendation FindingIdentity & ManagementUnattended Project Insights
Recycle Bin RuleStorageRecycle Bin Rule
ReplicaSetContainersReplicaSet
Reserved InstanceComputeReserved InstanceReserved InstanceN/AN/AN/A
Resource ShareIdentity & ManagementRAM (Resource Shares)RAM (Resource Shares)
Resource Share ResourceIdentity & ManagementRAM (Resources)RAM (Resources)
RoleContainersRole
RouteNetworkRouteRoute
Route TableNetworkRoute TableN/ARoute TableRoute TableRoute Table
Search ClusterComputeCloudsearch ClusterCloudsearch Cluster
Search IndexComputeKendra IndexN/A
SecretIdentity & ManagementSecretN/ASecretSecretN/ASecret
Secure File TransferStorageSFTP Server
Security PostureIdentity & ManagementAzure Advisor Recommendations
Serverless ApplicationComputeServerless Application Repository
Serverless FunctionComputeLambdaLambdaFunctionCloud FunctionN/A
Serverless LayerComputeLambda LayerLambda Layer
Service AccountContainersService Account
Service Control PolicyIdentity & ManagementService Control Policy
Service DetectorIdentity & Management
Service Fabric ClusterContainersService Fabric Cluster
Service Health EventIdentity & ManagementHealth DashboardHealth Dashboard
ServicesContainersService
Shared GalleryComputeShared Image Gallery
Shared Gallery ImageComputeImage Definition
Shared Gallery Image VersionComputeImage Version
Shared File SystemStorageEFS, Lustre, FSx, and NetApp ONTAPN/AFile ShareCloud FilestoreN/AFile System
SinkIdentity & ManagementCloudWatch Observability Sink LinkStackdriver Sink
Site-to-Site VPNNetworkSite-to-Site VPN (VPC)VPN Tunnel
SnapshotStorageEBS SnapshotEBS SnapshotSnapshotSnapshotSnapshotBlock Volume Backup
SpannerStorageAurora Global DatabaseAurora Global DatabaseCloud Spanner
Speech ServicesMachine Learning & AISpeech Services
SSH Key PairIdentity & ManagementSSH Key PairSSH Key PairSSH Key PairSSH Key PairSSH Key Pair
SSL CertificateIdentity & ManagementIAM/ACM SSL CertificateIAM/ACM SSL CertificateSSL CertificateSSL CertificateN/ASSL Certificate
SSL Certificate AuthorityIdentity & ManagementACM Private Certificate AuthorityACM Private Certificate AuthorityCertificate Authority Service
SSM AssociationComputeSSM AssociationSSM Association
SSM DocumentComputeSSM DocumentSSM Document
Stack TemplateComputeCloudFormation TemplatesCloudFormation Templates
StatefulSetContainersStatefulSet
Step FunctionComputeStep Function State MachineStep Function State Machine
Storage AccountStorageStorage Account
Storage GatewayStorageStorage GatewayStorage Gateway
Storage ContainerStorageS3 BucketS3 BucketBlob Storage ContainerCloud StorageObject Storage BucketObject Storage Backup
Storage QueueStorageStorage Queue
Storage Sync ServiceStorageStorage Sync Service
Stored ParameterStorageSystems Manager Parameter Store (Parameter)
Stream InstanceComputeMSK Instance
Streaming ApplicationComputeKinesis Analytics ApplicationKinesis Analytics Application
Target ProxiesNetworkLoad Balancer Target Proxies
Task DefinitionsContainerTask Definition (ECS)
Template SpecComputeTemplate Specs
Threat FindingsIdentity & ManagementGuardDuty/MacieMicrosoft Defender for CloudEvent Threat Detection
Timeseries DatabaseStorageAmazon Timestream
Traffic ManagerNetworkTraffic Manager
Traffic Mirror TargetNetworkVPC Traffic Mirror TargetVPC Traffic Mirror Targets
Transcoding PipelineComputeElastic Transcoder Pipeline
Transcription JobComputeTranscription JobTranscription Job
Transit GatewayNetworkTransit Gateway
TranslatorMachine Learning & AITranslator
URL MapNetworkURL Map
User PoolIdentity & ManagementCognito User Pool
Validating Webhook ConfigurationContainersValidating Webhook Configuration
Vertex Custom JobMachine Learning & AIVertex Custom Job
Video StreamStorageKinesis Video Stream
Virtual Private GatewayNetworkVirtual Private GatewayVirtual Network GatewayVPN Gateway
VolumeStorageEBS VolumeEBS VolumeDiskPersistent DiskDiskBlock Volume
Web AppComputeElastic Beanstalk EnvironmentApp Service
Web App GroupComputeElastic Beanstalk Application
Web Application FirewallNetworkWeb Application FirewallWeb Application FirewallWeb Application Firewall PoliciesCloud Armor
Web Application Firewall RuleNetworkWeb Application Firewall RuleWeb Application Firewall Rule
Web Application Firewall GroupNetworkWeb Application Firewall Rule GroupWeb Application Firewall Rule Group
WorkspaceComputeWorkspaceN/AN/AN/AN/A

Resource Type Definitions

Compute

Resource TypeDescription
Airflow EnvironmentManaged orchestration for Apache Airflow to programmatically author, schedule, and monitor sequences of processes and tasks (AWS Managed Airflow Environment, GCP Cloud Composer)
App ConfigurationProvide a means to centrally manage application settings and feature flags (Azure App Configuration)
App Engine ServiceA small logical component of a large app, i.e., a microservice (GCP App Engine Service)
App Engine Service VersionA compiled version of one of your services, which can be used for rollbacks or testing (GCP App Engine Service Version)
App ServerDefines the region of the physical server where your app will be hosted and the amount of storage, RAM, and CPU the physical servers will have (Azure App Service Plan)
App Stream FleetManaged application streaming service that streams desktop applications to users (AWS AppStream 2.0)
Autoscaling GroupCollection of instances used for scaling and management
Autoscaling Launch ConfigurationConfiguration for autoscaling groups (min, max, etc.)
Batch EnvironmentAn environment containing many compute nodes that can run large-scale parallel and high-performance computing batch jobs efficiently (AWS Batch Compute Environment, Azure Batch Account)
Batch PoolA group of compute nodes that is used in a batch environment to run large-scale parallel and high-performance computing batch jobs efficiently (Azure Batch Pool)
Big Data InstanceBig data/data warehouse instances (AWS Redshift)
Big Data Serverless NamespaceA collection of Big Data database objects and users (AWS Redshift Serverless Namespace)
Big Data Serverless WorkgroupA collection of Big Data compute resources (AWS Redshift Serverless Workgroup)
Big Data WorkspaceAnalytics service that combines data integration, data warehousing, and big data analytics (Azure Synapse)
Build ProjectIntegration service for compiling source code, running tests, and producing deployable software packages (AWS CodeBuild)
Cache Database ClusterA Cache Database Cluster is an in-memory database service that provides fast performance and durability (AWS MemoryDB)
Cache InstanceMemory cache instance (AWS ElastiCache, Redis, etc.)
Connect InstanceProvides virtual call center capabilities to your customers (AWS Amazon Connect)
DatabaseRelational database service (GCP Cloud SQL, Azure SQL Database/Dedicated SQL Pool)
Database ClusterOne or more DB instances and a cluster volume that manages the data for those instances (AWS RDS Aurora Cluster, Neptune, Document DB)
Database Event SubscriptionAllow notifications when events within an event category occur (AWS RDS Event Subscription)
Database InstanceDatabase instance (RDS, CloudDatabase, etc.)
Dataflow JobUnified stream and batch data processing job (GCP Dataflow Job)
Distributed TableNoSQL database table (AWS DynamoDB)
Distributed Table ClusterIn-memory cache for Distributed Tables (DynamoDB DAX)
DLP JobAn individual data loss prevention (DLP) scan (GCP DLP Inspection Job)
Elasticsearch InstanceA restful search and analytics engine (AWS Elasticsearch)
Elasticsearch Serverless CollectionA serverless for OpenSearch Service for running large-scale search and analytics workloads without managing clusters (Amazon OpenSearch Serverless)
Email Service ConfigGroups of rules applied to the verified identities that are used to send email through a cloud email service (Amazon SES Configuration Set)
Email Service DomainA cloud-based email sending service (AWS SES)
Email Service RuleEmail Service Rules inform how to handle incoming email by executing an specified list of actions (AWS SES Rule)
Event Grid SubscriptionAn event topic that is sent to an endpoint for handling and consumption (Azure Event Grid Subscription)
Event Grid System TopicRepresent one or more events published by Azure services (Azure Event Grid System Topic)
Event Grid TopicActs as a receiving endpoint for a collection of related events (Azure Event Grid Topic)
HSM ClusterA hardware security module (HSM) cluster providers users with an easy way to generate and manage encryption keys within a cloud service provider (CSP) environment (e.g., AWS CloudHSM)
HypervisorA hypervisor/dedicated host responsible for housing compute instances
InstanceCompute instance (EC2, CloudServers, etc.)
Launch TemplateContains configuration information for an instance so that it can be launched in a consistently reproducible way (Launch Template)
LightsailProvides compute, storage, and networking capacity and capabilities for websites and web applications in the cloud (AWS Lightsail)
Logic AppIntegration platform as a service that promotes scale and portability while offering critical workflow automation from a workspace of any size (Azure Logic App)
MapReduce ClusterA programming model for processing and generating large data sets (Hadoop)
Message Broker InstanceManaged message broker service (AWS MQ)
Message QueueMessage queuing services (AWS SQS)
Message Queue NamespaceGroups message queues and publish-subscribe topics under one namespace (Azure Service Bus)
Notification SubscriptionSubscription-based notifications (AWS SNS, GCP Pub/Sub)
Notification TopicTopic to use when delivering notifications
Private ImagePrivate/shared image which can be used to create a compute instance
RecommendationMachine-generated product and resource usage optimizations (GCP Project Recommendations)
Recommendation FindingImportant patterns and details about your resource usage (GCP Project Insights)
Reserved InstanceGuaranteed, available virtual private servers (AWS RIs, Azure Pre-Paid Instances)
Search ClusterA cluster of Elasticsearch Instances
Search IndexA highly accurate intelligent search service for unstructured data using natural language.
Serverless ApplicationFramework for building serverless applications (AWS Serverless Application)
Serverless FunctionA compute service that runs code in respose to events
Serverless LayerA package of libraries and dependencies that can be used with Serverless Functions (AWS Lambda Layer)
Service Health EventPersonalized communications about how the overall health of the CSP itself may be affecting your environment, including visibility into resource issues, upcoming changes, and important notifications (AWS Health Dashboard)
Shared GalleryShared Image Gallery (Azure) to build structure around image
Shared Gallery ImageImage definitions for logical version grouping
Shared Gallery Image VersionImage versioning, as used in environments
SSM AssociationAn ideal state assigned to resources to reduce configuration drift (AWS SSM Association)
SSM DocumentInstructions for the Systems Manager describing how to interact with your managed instances (AWS SSM Document). This is a script or document written in JSON or YAML.
Stack TemplateInfrastructure as code (CloudFormation Templates)
Step FunctionA serverless orchestration service that lets you combine functions and other services to build applications. (AWS Step Function State Machine)
Streaming ApplicationAllows you to query, transform, and analyze streaming data in real time (AWS Kinesis Analytics Application)
Template Spec"A resource type that simplifies both storing and sharing a template (Azure Template Specs)
Transcoding PipelineA queue that manages media transcoding jobs (AWS Elastic Transcoder Pipeline)
Transcription JobA job that provides speech-to-text transcriptions for a wide variety of use cases, e.g., AWS Transcription Job
Web AppService providing app hosting (AWS Elastic Beanstalk Environment, Azure App Service)
Web App GroupService for deploying and scaling web applications and services (AWS Elastic Beanstalk Application)
WorkspaceVirtual desktops (AWS Workspaces)

Containers

Resource TypeDescription
Access ListUsed to protect and ingress/egress traffic to cloud resources (Security Groups/NACLs)
App Run ServiceManaged services that simplify deploying containerized web applications and APIs quickly at scale with little to no experience (AWS App Runner, GCP Cloud Run)
Artifact RegistryStores artifacts and build dependencies in one central location (GCP Artifact Registry)
Cluster RoleA representation of a non-namespaced set of permissions (Kubernetes Cluster Role)
ClustersRuns the Kubernetes management infrastructure (AWS EKS, GCP GKE, Azure Kubernetes Service, Alibaba Kubernetes Clusters)
Config MapAn API object used to store key-value pairs (Kubernetes Config Map)
Container ImageAssists in storing, managing, and deploying Docker container images (AWS Container Image (ECR), Azure Container Image, GCP Container Image)
Container InstancesAssists in running Kubernetes without standing up or maintaining own Kubernetes control plane (AWS Container Instance (EKS), MS Azure Container Instance)
Container Node GroupAuto scaling groups containing compute instances that are managed by the parent cluster (AWS EKS Node Group)
Container RegistryDocker container registry assisting developers in storing, managing, and deploying Docker container images (AWS Container Registry (ECR), Azure Container Registry)
Container ServiceA container service is a scalable and fast container management service that makes it simple to manage all the containers within a cluster (ECS Service)
ContainersManages container services (AWS Container (ECS))
Control PlaneThe container orchestration layer that exposes the API and interfaces to manage containers and their lifecycle (Kubernetes Control Plane)
Cron JobsA templated Kubernetes Job that runs on a repeating schedule (Kubernetes Cron Job)
DaemonSetAn overarching template that ensures the appropriate Kubernetes nodes are running a copy of a Pod (Kubernetes DaemonSet)
Deployments/TasksWorks with container tasks (AWS Container Task (ECS))
Gatekeeper ConstraintInform the system that a ConstraintTemplate needs to be enforced and how to enforce the template (Kubernetes Constraint)
Gatekeeper ConstraintTemplateDescribe the policies that enforce a constraint as well as the schema of the constraint (Kubernetes ConstraintTemplate)
IngressExposes HTTP and HTTPS routes from outside a Kubernetes cluster to services within the cluster (Kubernetes Ingress)
JobsA Kubernetes Job creates and executes a specified number of Pods until they successfully terminate (Kubernetes Job)
K8S SecretAn object that contains a small amount of sensitive data that must be kept confidential (Kubernetes Secret)
Mutating Webhook ConfigurationA configuration for a mutating webhook admission controller (Kubernetes Mutating Webhook Controller)
NamespaceA virtual cluster backed by a physical cluster; typically, there are several distinct namespaces on a single physical cluster (Kubernetes Namespace)
Network PolicyA policy that controls traffic flow at a given IP address or port for a Pod (Kubernetes Network Policy)
Persistent VolumeA provisioned piece of storage in a Kubernetes cluster with a lifecycle independent of any Pod that uses the persistent volume (Kubernetes Persistent Volume)
Pod Security Policies(Kubernetes Pod Security Policy)
PodsKubernetes Pod
ReplicaSetA template that maintains a stable set of specified number of identical (replica) Pods (Kubernetes ReplicaSet)
RoleA representation of a set of permissions to a specified namespace (Kubernetes Role)
Service AccountA special account that provides an identity for processes that run inside of a Pod (Kubernetes Service Account)
Service Fabric ClusterA cluster that orchestrates highly available and durable micro services at scale (Azure Service Fabric Cluster)
Services(Kubernetes Service)
StatefulSetAn API object used to managed stateful applications (Kubernetes StatefulSet)
Task DefinitionsTask Definitions are required to run Docker containers within container management services in the cloud (AWS ECS Task Definition)
Validating Webhook ConfigurationA configuration for a validating webhook admission controller (Kubernetes Validated Webhook Configuration)

Identity & Management

Resource TypeDescription
Access AnalyzerIdentifies security risks through unintended access to your resources and data by identifying resources or roles that are shared with an external entity (AWS IAM Access Analyzer)
Activity Log AlertMonitors a resource by checking its logs for a new event that matches defined conditions (Azure Activity Log Alert)
API Access KeyUsed to make programmatic calls to Cloud Provider’s API (Azure Application Credentials, AWS IAM User Access Key, GCP Service Account Key)
API Accounting ConfigLogs and tracks all calls made to the provider API (AWS CloudTrail, GCP Logs Storage)
Azure PolicyHelps businesses enforce and assess standards and compliance at scale (Azure Policy)
Business Intelligence SubscriptionService that connects and combines data sources for cloud to create a single data dashboard for easier user management (AWS QuickSight)
Cloud Access PointA feature to simplify managing data access at scale for applications using shared data sets (AWS S3 Access Point)
Cloud AccountSecure, world-wide storage and retrieval of any amount of data at any time
Cloud Advisor CheckA recommendation guide that analyzes your configuration and usage (AWS Trusted Advisor)
Cloud AlarmNotification on events from a Content Delivery Network (AWS Cloudwatch Events)
Cloud AppApplication to manage application objects (definition of the application) that allows services to understand how to issue tokens to the application based on settings. (Azure App Registration)
Cloud CredentialsA set of credentials (or API key) used to access applications or services within your environment.
Cloud Domain GroupA virtual group of all accounts created in an organization's master account (GCP Domain Groups)
Cloud Domain UserCloud Identity User able to manage across your entire domain (GCP Only)
Cloud Event BusA serverless event bus that facilitates connecting applications together using data from your own (SaaS or other) applications or services (AWS EventBridge)
Cloud Event RuleA Cloud Event Rule matches incoming Cloud Alarms ("events") and routes them to targets for processing (AWS CloudWatch Rule)
Cloud GroupA cloud provider group within an organization service
Cloud LimitLimits placed on amount of services available for cloud provider accounts
Cloud Log DestinationA physical resource that enables you to subscribe to a stream of log events (AWS CloudWatch Logs Destination)
Cloud OutpostManaged service for hybrid cloud
Cloud PolicyA policy that will gave specific permissions to Cloud Users, Groups or Roles (AWS IAM)
Cloud RegionWhere cloud resources are located
Cloud Resource GroupUsed for related resources (e.g., Azure Resource Group)
Cloud RoleA cloud provider role within an organization service
Cloud Role AssignmentA record of a cloud role assignment for a user or group within an organization service
Cloud Service CostCost associated with cloud provider services
Cloud UserA cloud user account used to access the provider console/API (AWS IAM)
Code RepositoryA secure, managed source code service that hosts private Git repositories (AWS CodeCommit)
CollaborationEnables you to share, combine, and analyze data with other organizations without sharing raw, identifiable data (AWS Clean Rooms)
ConfigConfig provides details into the resources in your account, including information on configuration, relationships between resources, and how those both configuration and relationships change over time (AWS Config)
Control Tower ControlA singular rule that provides governance for your Control Tower environment (AWS Control Tower Control)
Control Tower Landing ZoneA container around the desired Control Tower environment that determines the boundary of governance and compliance (AWS Control Tower Landing Zone)
Diagnostic SettingsConfiguration profile that enables sending platform metrics and logs to various destinations (Azure Diagnostic Settings)
Directory ServiceCollection of services for managing users and devices on a network (e.g., Azure AD)
DNS DomainFor managing domain names in a Domain Name System (DNS) (AWS Route53 Domain, GCP Cloud Domains)
Encryption KeyA master key used to encrypt cloud volumes, databases and more (AWS KMS)
Encryption Key VaultSecure key management (GCP Cloud KMS Keyring, Azure Key Vault)
Federated GroupAzure Groups that have federated access to AWS SSO via Azure AD (Federated Azure AD Group). See Resources for details
Federated UserAzure Users that have federated access to AWS SSO via Azure AD (Federated Azure AD User). See Resources for details
Identity ProviderCreates, maintains, and manages identity information, providing authentication (SAML, AD)
Log Analytics WorkspaceContainer used for storing and analyzing log data and configuration (Azure Log Analytics Workspace)
Log GroupGroup of Event logs within a Log Stream (e.g., AWS CloudWatch Log Groups)
Lookout ProjectLookout Projects (e.g., Amazon Lookout) comprise three facets: Metrics, Equipment, and Vision. Lookout Metrics finds root causes for anomalies in data. Lookout Equipment monitors physical equipment for abnormal behavior and potential failures. Lookout Vision finds visual defects in industrial products, like missing components, physical damage, irregularities, and defects.
Resource ShareCollection of resources that is designated to be shared amongst a group of principals (AWS RAM Resource Share)
Resource Share ResourceIndividual resource within a Resource Share collection (AWS RAM Resources)
SecretConfidential or secure data (AWS Secret)
Security PostureAssists in assessing and strengthening your security across multi-cloud and hybrid environments (Azure Advisor Recommendations)
Service Control PolicyA type of policy to manage your application (AWS Service Control Policy)
Service DetectorThreat detection service (AWS GuardDuty Detector, Microsoft Defender for Cloud)
SinkA Stackdriver Sink controls how logs are routed throughout your environment (GCP Stackdriver Sink, AWS CloudWatch Observability Sink Link)
SSH Key PairPublic and Private keys associated with a cloud provider within an organization service
SSL CertificateA certificate bound to a load balancer to facilitate secure client/server communication
SSL Certificate AuthorityIssues digital certificates to help identify websites, people, and devices (AWS Certificate Manager, GCP Certificate Authority Service)
Threat FindingsThreat detection service (AWS GuardDuty/Macie)
User PoolAllows your users to sign in to your web or mobile app (AWS Cognito User Pool)

Machine Learning & AI

Resource TypeDescription
Automation AccountOrchestrate cloud-based automation tasks for you, including operating system and configuration updates, to ensure consistent management across your cloud environments (Azure Automation Account)
Bedrock Training JobA singular, running instance of a model training (AWS Bedrock Job)
Bot ServiceProvide an interactive experience, for example a virtual assistant or support for your website, built off of your data (Azure Bot Service)
Cognitive SearchUses artificial intelligence to identify and explore large amounts of content (Azure Cognitive Search)
Computer VisionUses artificial intelligence to provide insights from image and video content (Azure Computer Vision)
Content ModeratorProvides automated image, text, and video moderation (Azure Content Moderator)
Language ServiceProvides natural language capabilities via an API (Azure Language Service)
LUIS APIAllows your applications to understand commands from your users using natural language processing (Azure LUIS API)
Machine Learning InstancePrepare and processes data, trains and deploys machine learning models.
Machine Learning Training JobA computation task that trains a machine learning model (AWS SageMaker Training Job)
Open AIAllows you to apply advanced coding and language models to your own use cases (Azure Open AI)
PersonalizerAssists in providing a unique, relevant experience for each of your users (Azure Personalizer)
Speech ServicesEncapsulates several different speech-related features including text-to-speech, speech-to-text, translation, and speaker recognition (Azure Speech Services)
TranslatorProvides machine translation via an API (Azure Translator)
Vertex Custom JobA singular, running instance of a custom model training (GCP Vertex Custom Job)

Network

Resource TypeDescription
Access ListUsed to protect and ingress/egress traffic to cloud resources (Security Groups/NACLs)
Access List Flow LogAllows users to log information about IP traffic flowing through a Network Security GroupNetwork
Access List RuleIngress/Egress traffic rules for Security Groups/NACLs
API Key Usage PlanA usage plan that specifies who can access various API endpoints and methods as well as target request rates (AWS API Key Usage Plan)
Application GatewayFacilitates the creation, use, and management of APIs at any scale (AWS API Gateway, Azure API Management Service)
Application Gateway DomainAllows the creation, use, and naming of custom domain name (AWS API Gateway Domain)
Application KeyGenerates API keys (AWS Gateway Key)
Application StageSets up a stage, a named reference to a deployment, which can be used to manage and optimize the deployment (AWS API Gateway Stage)
Backend Services Configuration for load balancing services (GCP Load Balancer Backend Services)
Bastion HostPart of a service that allows seamless and secure connection to your virtual machines (Azure Bastion Host)
Content Delivery NetworkA service that securely delivers data (AWS CloudFront, Azure CDN Profile, GCP Cloud CDN)
Database Migration ServicesDatabase Migration Services use this information to connect to a data store and migrate data from a source endpoint to a target endpoint (AWS DMS Endpoint)
DDoS ProtectionDistributed Denial of Service (DDoS) protection service that safeguards applications running in the cloud (AWS Shield, Azure DDoS Protection)
Direct ConnectEstablishes dedicated network from your premises to the cloud (AWS Direct Connect, GCP Cloud Interconnect, Azure Express Route Circuit)
DNS ZoneUsed to store DNS records for name public/private name resolution (AWS Route53)
Forwarding RulesManage frontend configuration of a load balancer (GCP Load Balancer Forwarding Rules, Azure Load Balancing Rules)
Global Load BalancerA global, scalable entry-point that uses a global edge network to create web applications (e.g., Azure Front Door, AWS Global Accelerator)
Internet GatewayA logical connection between a network and the internet
Load BalancerUsed in multi-tier apps to distribute load across a variety of compute instances
NAT GatewayEnables instances in a private network to forward traffic to the Internet
NetworkLogically isolated virtual environment within a Cloud Provider (AWS VPC)
Network Address GroupProvides visibility into defined network address prefixes (AWS Managed Prefix List, Azure IP Group)
Network EndpointEnables private connection of your VPC to cloud services
Network Endpoint ServiceEnables you to privately connect your VPC to supported provider services (AWS VPC Endpoint Services, Azure Private Link Service)
Network FirewallA managed, cloud-based network-security service that protects network resources (Azure Firewall)
Network Firewall RuleFirewall rules including:NAT rules, network rules, and applications rules. (Azure Firewall Rule)
Network Firewall Rule ListFirewall rule collections processed according to the rule type in priority order. (Azure Firewall Rule Collection)
Network Flow LogStores configuration and delivery info regarding traffic flows in a cloud network
Network InterfaceVirtual interfaces that can allow communication between networks/subnets
Network PeerInterconnects two private networks
Private SubnetPrivate logical subdivision of a network
Public IPElastic/Floating IP addresses which allow communication over the Internet
Query Log ConfigEnables DNS query resolution across entire hybrid cloud (AWS Route53Resolver Configuration)
RouteUsed to determine where network traffic from your subnet or gateway is directed (AWS Route, Azure Route)
Route TableUsed to store routes
Site-to-Site VPNEnable access to your remote network from your VPC (AWS Site-to-Site VPN (VPC), GCP VPN Tunnel)
Target ProxiesLoad balancing component that routes incoming requests to a URL map, terminates connection to the user (GCP Load Balancer Target Proxies)
Traffic ManagerA Traffic Manager is a DNS-based network traffic load balancer, distributing network traffic evenly across your environment (Azure Traffic Manager)
Traffic Mirror TargetAn elastic network interface or a network load balancer (AWS VPC Traffic Mirror Targets)
Transit GatewayService enabling connection of VPCs and on-premises networks to a single gateway (AWS Transit Gateway)
URL MapA set of rules for routing incoming HTTP(S) requests to specific services (GCP URL Map)
Virtual Private GatewayPrivate virtual interface for one or more connections.
Web Application FirewallWeb application security (AWS Application Firewall (WAF), WAFv2)
Web Application Firewall RuleGoverns how incoming HTTP(S) requests are inspected and handled (AWS WAF Rule)
Web Application Firewall Rule GroupA set of rules that can be added to an access control list (AWS WAF Rule Group)

Storage

Azure Data Lake Storage Gen1 Retired

As of February 29, 2024, Azure has retired the Data Lake Storage Gen1 service. The Data Lake Storage resource type has been disabled until InsightCloudSec is able to officially support Azure Data Lake Storage Gen2. Contact support for any questions or issues.

Resource TypeDescription
Backup GatewayA template that connects a backup service to a hypervisor, enabling interactive backup and restoration (AWS Backup Gateway)
Backup VaultContainer for organizing your backups
Big Data SnapshotPoint-in-time back up of a big data instance
Cache SnapshotPoint-in-time backup of Redis cluster (AWS ElastiCache Snapshot, Alibaba Cloud Redis Snapshot)
Cassandra TableManaged, efficient, and reliable Apache Cassandra-based database services (AWS Keyspaces)
Cloud DatasetTop-level containers for organizing and controlling access to tables and views (GCP BigQuery Dataset)
Cloud Global Access PointA global endpoint for routing storage container request traffic between regions (AWS S3 Multi-Region Access Point)
Cold StorageDeep archive storage (AWS Glacier)
Data Analytics WorkspaceInteractive query service for data analytics (AWS Athena)
Data FactoryManaged, serverless data integration (Azure Data Factory GCP Data Fusion)
Data StreamThe transfer of data at a steady high-speed rate (AWS Kinesis)
Data Sync TaskTasks associated with online data transfer (AWS DataSync Task)
Database Migration InstanceMigrates on-premises database to the cloud (AWS Database Migration Service (DMS))
Database ProxySimplifies connection management by handling network traffic between client applications and the database (AWS RDS Database Proxy)
Database SnapshotPoint-in-time backup of a database instance
Databricks WorkspaceCollaborative analytics platform based on Apache Spark (Azure Databricks Workspace)
Delivery StreamLoad streaming data into data stores and analytics tools (AWS Firehose)
Elastic ClusterA database cluster that allows you to scale your workload's throughput (AWS Elastic Cluster)
ETL ConnectionAn object that stores login and access information for a data store that can be reused to load ETL jobs.
ETL CrawlerProcesses data schemas found in a given data store and creates metadata tables within a dat catalog for the schemas (AWS Glue Crawler)
ETL Data CatalogAn index to the location, schema, and runtime metrics of your data; supports extract, transform, and load (ETL) service (AWS Glue Data Catalog)
ETL DatabaseExtract, transform, load (ETL) databases are used to organize metadata for holistic ETL services (AWS Glue Database)
ETL JobAn individual extract, transform, and load job from given source data to a data target (AWS Glue Job)
ETL Security ConfigurationA set of security properties that can be used by your extract, transform, and load (ETL) service (AWS Glue Security Configuration)
File ShareA cloud storage service that provides on-premises access to cloud storage (AWS NFS/SMB File Gateway Share)
GraphQL APIGraphQL manages services that improve performance, support real-time updates, and make connecting to secure datasources easy. An example of this type of resource is AWS AppSync API.
Recycle Bin RuleAssists in preventing accidental deletion of snapshots using custom retention rules and recovery (AWS Recycle Bin Rule)
Secure File TransferAllows secure transfer of files using SFTP protocol (AWS SFTP Server)
Shared File SystemScalable volumes that can be shared between multiple instances (eg: AWS EFS)
SnapshotPoint-in-time backups of volumes
SpannerA globally-distributed, and synchronously-replicated database (GCP Spanner, AWS Aurora Global Database)
Storage AccountContains all Azure storage data objects (Azure Storage Account)
Storage ContainerObject storage (S3, Cloud Storage, Blob Storage, etc.)
Storage GatewaySecurely connect on-premises software applications with cloud-based storage (AWS Storage Gateway)
Storage QueueStores large numbers of messages that can be accessed anywhere at anytime to process work asynchronously (Azure Storage Queue)
Storage Sync ServiceAssists with centralizing your file shares while also enabling high availability and recovery (Azure Storage Sync Service)
Stored ParametersSecure storage for configuration data as parameter values (AWS Systems Manager Parameter Store Parameter)
Stream InstanceStreaming data service (AWS MSK Instance)
Timeseries DatabaseTimeseries databases store and analyze trillions of events daily for internet of things (IoT) and operational applications (Amazon Timestream)
Video StreamService to stream live video from devices to the cloud (AWS Kinesis Video Stream)
VolumeNetwork attached storage (EBS, Virtual Disks, etc.)