InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Storage Resources

Summaries and Attributes of InsightCloudSec Storage Resources

Storage resources are available in InsightCloudSec as the third section (tab) under the Resource landing page. These resources are related to storage functionality and include resources like volumes, snapshots, and storage containers.

Storage resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific term with the associated logo to help users confirm the displayed information. For example, a Storage Container refers to Amazon "S3", Azure's "Blob Storage Container" and Google's "Cloud Storage", etc.

For a detailed reference of this normalized terminology check out our Resource Terminology.

Resources - Storage Landing PageResources - Storage Landing Page

Resources - Storage Landing Page

🚧

A Note About Resource Attributes

A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.

If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to [email protected] with any questions!

Backup Vault

Backup vaults are containers for organizing your backups.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the backup vault resides in

create_time

The creation time when the Backup Vault was created

name

The name of the vault

recovery_points

Number of recovery points

policy

The IAM Policy of the Backup Vault in JSON format

trusted_accounts

Any accounts this Backup Vault has a trust relationship with

public

Boolean denoting if this Backup Vault is publicly accessible

key_resource_id

The Resource ID of the Backup Vault's associated key

arn

The ARN of the Backup Vault

Big Data Snapshot

Big Data Snapshots are point in time backups of a Big Data Instance. An example of this type of instance would be AWS Redshift. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the snapshot resides in

snapshot_id

The provider ID of the snapshot

name

The name of the snapshot

instance_resource_id

The resource ID of the instance this snapshot was created from

snapshot_type

The type of snapshot (manual vs automatic)

state

The current lifecycle state of the snapshot

encrypted

Denotes if the data stored on the snapshot is encrypted

availability_zone

The zone where the snapshot lives

create_time

The time when the snapshot creation was launched

port

The port that the database instance listens on

cluster_version

The version number for the cluster

nodes:

The number of nodes in this cluster

instance_type

The type of instance this snapshot was taken on

database_name

The name of the master database

size

The size in gigabytes of the volume

master_username

The master account associated with the instance

class DivvyResource.Resources.bigdatasnapshot.BigDataSnapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

BigData Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the route state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

snapshot

top_level_resource = True

Cache Snapshot

Cache Snapshots are point in time backups of a memcache instance. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute-Cache

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the snapshot resides in

snapshot_id

The provider ID of the snapshot

name

The name of the volume

snapshot_type

The type of snapshot (manual vs automatic)

instance_resource_id

The resource ID of the parent instance

state

The current lifecycle state of the snapshot

availability_zone

The zone where the snapshot lives

create_time

The time when the snapshot creation was launched

port

The port that the database instance listens on

engine

The database engine that the instance was configured to use

engine_version

The engine version

size

The size in gigabytes of the volume

progress

The progress of the snapshot creation

class DivvyResource.Resources.memcachesnapshot.MemcacheSnapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Cache Instance Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the snapshot state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

snapshot

top_level_resource = True

Cloud Dataset

Datasets are top-level containers that are used to organize and control access to your tables and views (GCP BIgQuery Datasets). This class inherits from TopLevelResource and has direct access to the resource's database object. The following attributes are directly accessible:

Attribute

Description

region_name

The region that the dataset resides in

dataset_id

The provider ID of the dataset

name

The name of the dataset

description

The optional description for the dataset

table_count

The number of tables within the dataset

total_size_bytes

The size in bytes of the dataset

table_expiration_ms

The expiration time in ms for the dataset tables

creation_date

The time this resource was created

last_modified_date

The time this resource was last modified

publicly_accessible

Denotes whether the dataset is publicly accessible

Cold Storage

Cold Storage is used for long-term storage of infrequently accessed data, such as end-of-lifecycle, compliance, or regulatory backups. An example of this type of resource is AWS Glacier.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the vault exists

name

The name of the cold storage container

arn

The Amazon Resource Name of the cold storage vault (AWS Only)

size_in_bytes

The size in bytes

number_of_archives

The number of archives

last_inventory_date

The date of last inventory

creation_date

The date the vault was created

lock_creation_date

The date of lock creation.

lock_expiration_date

The date current lock policy expires

lock_state

Denotes current lock state

lock_policy

The lock policy document (json)

policy

The linked policy (json)

trusted_accounts

The trusted accounts that can interact with the resource

Data Analytics Workspace

Data Analytics Workspace is a storage and interactive query service that makes it easy to analyze data. An example of this type of resource is AWS Athena.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that this resource resides in

workspace_id

The provider-specific workspace ID

create_time

The date the workspace was created

name

The name of the data analytics workspace

description

The optional description associated with the data analytics workspace

state

The state the workspace is in

encrypted

Denotes whether or not the workpace is encrypted

key_resource_id

The resource id of the encryption key associated with the workspace

requester_pays

Denotes whether usage costs pass through to the requester

metrics_enabled

Denotes whether CloudWatch metrics are enabled

output_location

The output locaction of the results (optional

Data Factory

Data factory is a fully managed, serverless data integration service. It includes visual integration for data sources with built-in, maintenance-free connectors, allowing for easy construction of ETL and ETL processes code-free; it also allows you to write your own code. An example of this type of resource is Azure Data Factory.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the resource resides

factory_id

The provider ID of the data factory

name

The name of the data factory

state

The state of the data factory (e.g. 'succeeded')

create_time

The time the data factory was created

encryption_type

Denotes the encryption type (e.g. 'default')

key_resource_id

The InsightCloudSec resource ID of the encryption key used to encrypt the data factory

public_network_access

Denotes whether the data factory is accessible to the public

Data Lake Storage

Data Lake Storage is a cloud analytics service where you can easily develop and run massively parallel data transformation and processing programs in U-SQL, R, Python, and .Net over petabytes of data. With no infrastructure to manage you can process data on demand and scale instantly. An example of this type of a resource is Azure Data Lake.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the resource resides in

storage_id

The provider ID of the data lake storage

name

The name of the data lake storage

state

The state of the data lake

public_access

Denotes if the data lake is accessible to the public

encrypted

Denotes if the data lake is encrypted at rest

Data Stream

Data Stream is the transfer of data at a steady high-speed rate (AWS Kinesis). This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

name

The name of the data stream

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the resource resides

arn

The Amazon Resource Name of the data stream

status

The status of the data stream

shards

The number of shards in this data stream

metrics

The Json string for the metrics of the data stream

encryption

Denotes whether the data stream has server side encryption enabled

key_resource_id

The InsightCloudSec resource ID of the encryption key used to encrypt the data stream

retention_period

The length of time in seconds that data stream will be retained

created_timestamp

The date the data steam was created

tier

Denotes the pricing tier

public_access

Denotes if the data steam is accessible to the public

event_hubs

Denotes number of partitions (Azure specific)

diagnostic_settings

Denotes diagnostic setting status

Data Sync Task

Tasks associated with online data transfer, both between on-premises and provider storage storage devices, as well as between provider storage devices.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the resource resides

task_id

The provider ID of the data sync task

name

The name of the data sync task

status

The status of the data sync task

create_time

The date and time the data sync task was created

arn

The ARN of the data sync task

source_location_arn

The ARN of the source location of the data sync task

destination_location_arn

The ARN of the destination location of the data sync task

log_group_arn

The ARN of the log group of the data sync task

options

Options for the data sync task

Database Migration Instance

An instance that uses a web service to migrate data from a source data store to a target data store. An example of this type of resource is AWS DMS Replication.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

instance_type

The provider-specific instance type identifier (optional)

region_name

The region that this resource resides in

instance_id

The provider-specific instance id value

instance_flavor_resource_id

The flavor of instance used by the DB instance

state

The state of the DB intance

endpoint_public_address

The public IP address of the database endpoint

endpoint_private_address

The private IP address of the database endpoint

engine_version

The version of the database engine

storage_size

The total size (GB) of the database

multi_az

Denotes whether the database is configured in multiple availability zones (optional)

create_time

The date the database migration instance was created/launched.

encrypted

Denotes whether the database is encrypted (optional)

arn

The Amazon Resource Name

publicly_accessible

Denotes whether the dataset is publicly accessible

key_resource_id

The resource ID of the key that encrypts the logs

network_resource_id

Network resource ID that the database instance is associated with

auto_minor_upgrades

Denotes if the Database is set to update with minor upgrades

Database Proxy

Simplifies connection management by handling network traffic between client applications and the database. An example of this type of resource is AWS RDS Database Proxy.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the proxy instance resides in

name

The name of the proxy instance

engine_family

The engine family the proxy instance was configured to use

state

The current lifecycle state of the proxy

create_time

The timestamp for when the proxy was created

arn

The Amazon Resource Name for the proxy

network_resource_id

The resource_id of the Network associated with the proxy

endpoint

Denotes the endpoint address of the proxy

require_tls

Indicates whether the proxy requires transport layer security (TLS)

idle_timeout

The time in seconds a client can be idle before the proxy can close it

iam_authentication_required

Indicates whether the proxy requires IAM authentication

debug_logging

Indicates whether debug logging is enabled for the proxy

Database Snapshot

Database Snapshots are point-in-time backups of a database instance. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the snapshot resides in

snapshot_id

The provider ID of the snapshot

name

The name of the snapshot

instance_resource_id

The resource ID of the instance this snapshot was created from

database_cluster_resource_id

The the ID of the database cluster resource

snapshot_type

The type of snapshot (manual vs automatic)

state

The current lifecycle state of the snapshot

availability_zone

The zone where the snapshot resides

create_time

The time when the snapshot creation was launched

port

The port that the database instance listens on

engine

The database engine that the instance was configured to use

engine_version

The engine version

size

The size (GB) of the volume

progress

The progress of the snapshot creation

master_username

The master account associated with the instance

license

The license used by the instance

public

Denotes if the snapshot is publicly available

encrypted

Denotes if this file system is encrypted

key_resource_id

The resource id of encryption key associated with snapshot

class DivvyResource.Resources.databasesnapshot.DatabaseSnapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the route state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

snapshot

top_level_resource = True

Databricks Workspace

A Databricks Workspace is an analytics platform based on Apache Spark, that provides one-click setup, streamlined workflows, and an interactive workspace that enables collaboration between data engineers, data scientists, and machine learning engineers. An example of this type of resource is Azure Databricks Workspace.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the resource resides

workspace_id

The provider ID of the databricks workspace

name

The name of the databricks workspace

state

The state of the databricks workspace ('succeeded' or 'failed')

encryption_type

Denotes the encryption type (e.g., 'default', 'cmk')

tier

The tier of the databricks workspace (e.g., 'premium', 'standard', 'trial')

Delivery Stream

A Delivery stream loads streaming data into data stores and analytics tools (AWS Firehose). This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the delivery stream

region_name

The region that the resource resides in

arn

The Amazon Resource Name of the delivery stream

delivery_stream_type

The type of this delivery stream

source_stream_arn

The ARN of source data stream

status

The status of this delivery stream

destinations

The Json string of destinations of this delivery stream

version_id

The version of delivery stream

updated_timestamp

The time the delivery stream was last updated

created_timestamp

The time the delivery stream was created

ETL Data Catalog

ETL Data Catalog is an index to the location, schema, and runtime metrics of your data; supports extract, transform, and load (ETL) service.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the resource resides in

name

The provider name for this resource

metadata_encryption

Boolean denoting if metadata encryption is enabled for this resource

metadata_key_resource_id

The resource_id of the metadata key, if present

password_encryption

Boolean denoting if password encryption is enabled for this resource

password_key_resource_id

The resource_id of the password key, if present

policy

The IAM policy of the resource in JSON format

trusted_accounts

The numbers of any accounts with a trust relationship with this resource

ETL Security Configuration

This resource is a set of security properties that can be used by your extract, transform, and load (ETL) service.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the resource resides in

name

The provider name for this resource

encryption

Boolean denoting whether encryption is enabled for this resource

key_resource_id

The resource_id of the encryption key, if present

job_encryption

Boolean denoting whether job encryption is enabled for this resource

job_key_resource_id

The resource_id of the job encryption key, if present

log_encryption

Boolean denoting whether log encryption is enabled for this resource

log_key_resource_id

The resource_id of the log encryption key, if present

File Share

A cloud storage service that provides on-premises access to cloud storage.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the resource resides in

file_system_id

The ID of which filesystem this resource uses (SMB/NFS/etc.)

name

The provider name for this resource

availability_zone

The availability zone where the resource is located

creation_timestamp

The time when the resource was created

number_of_mount_targets

The number of mount targets for this file system

metered_size

The size of the metered connection to this resource

creation_token

The Client Token used in creation of the resource

encrypted

Boolean denoting whether encryption is enabled on this resource

encryption_id

The ID of the encryption source, if present

key_resource_id

The resource_id of the encryption key, if present

lifecycle_state

The current lifecycle state of this resource

performance_mode

Denotes the performance mode of this resource

network_resource_id

The resource_id of the Network associated with this resource

arn

The ARN of this resource

storage_account_resource_id

The resource_id of the storage account associated with this resource

lifecycle_policy

The current lifecycle policy of this resource

backup_policy

Boolean denoting whether this resource has a backup policy

GraphQL API

GraphQL manages services that improve performance, support real-time updates, and make connecting to secure datasources easy. An example of this type of resource is AWS AppSync API.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that this resource resides in

api_id

The unique ID for the GraphQL API

name

The name of the GraphQL API

arn

The Amazon Resource Name for the GraphQL API

xray_enabled

Boolean denoting if X-Ray tracing is enabled for the GraphQL API

web_acl_id

The unique ID for the web ACL associated with the GraphQL API

authentication_type

The authentication type for the GraphQL API

log_config

The Amazon CloudWatch Logs configuration for the GraphQL API

user_pool_config

The Amazon Cognito user pool configuration for the GraphQL API

open_id_config

The OpenID Connect configuration for the GraphQL API

api_caching_behavior

The API caching behavior enabled for the GraphQL API

api_caching_instance_type

The type of API caching instance enabled

api_caching_rest_encryption

Boolean denoting if the API caching instance is encrypted at rest

api_caching_transit_encryption

Boolean denoting if the API caching instance is encrypted when connecting

Secure File Transfer

Secure File Transfer is a fully managed service that enables secure transfer of files and storage.

Arrtibute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that this resource resides in

arn

The Amazon Resource Name of this resource

name

The name of the secure file transfer resource

state

The state number of the server

endpoint_type

Denotes the endpoint type of the SFTP server

vpc_endpoint

Denotes the endpoint address of the servers

vpc_endpoint_resource_id

The resource ID of the associated VPC endpoint

identity_provider

The identity provider of the servers

hostname

Denotes the custom hostname of the server

dns_zone_resource_id

The resource ID of the DNS zone associated with the hostname

identity_url

The url of the identity provider

logging_role_name

The logging role for server

logging_role_resource_id

The resource ID of the role associated with the server

invocation_role_name

The name of the associated invocation role

invocation_role_resource_id

The invocation role resource ID

user_count

The current number of users

Shared File System

Shared File Systems are scalable volumes that can be shared with multiple instances. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

organization_service_id

The ID of the parent organization service (cloud)

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

region_name

The region that this file system resides in

file_system_id

The provider ID of the file system

availability_zone

The availability_zone where this resource resides

name

The name of this shared file system

creation_timestamp

The time when this file system was created

number_of_mount_targets

The number of mount targets for this file system

metered_size

The sum of the sizes of all this file systems current objects

creation_token

The token that was generated or chosen when this file system was created

encrypted

Denotes if this file system is encrypted or not

encryption_id

The provider ID of the encryption for this file system

encryption_resource_id

The resource id of the encryption key associated with file system

lifecycle_state

The state of this file system (eg. creating, available, deleting, deleted, unknown)

performance_mode

The performance mode of this file system (e.g., generalPurpose, maxIO)

network_resource_id

The network resource ID that the file system is associated with

arn

The Amazon Resource Name

storage_account_resource_id

The storage Container resource id.

class DivvyResource.Resources.sharedfilesystem.SharedFileSystem(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Shared File System Operations

delete(user_resource_id=None)
Delete this resource. If wrapped with a JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

file_system_id

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

shared_file_system

top_level_resource = True

Snapshot

Snapshots are point in time backups of a volume. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

organization_service_id

The ID of the parent organization service (cloud)

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters.

region_name

The region the snapshot resides in

snapshot_id

The provider ID of the snapshot

volume_resource_id

The resource ID of the volume this snapshot was created from

name

The name of the volume’s snapshot

description

Description of the snapshot

state

The current lifecycle state of the snapshot

progress

The creation progress of the snapshot

size

The size in gigabytes of the volume

public

Denotes whether the snapshot is publicly available

start_time

The time the snapshot was started

create_time

The time when the snapshot finished creating

encrypted

Denotes whether the snapshot is encrypted

key_resource_id

The provider ID of the key used for the snapshot

class DivvyResource.Resources.snapshot.Snapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

get_private_images()
Retrieve a list of db objects for private images created from the snapshot (if any).

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. This is an override of the parent function because we don’t have ResourceLink relationships for volumes and private/public images where the snapshot ID is included in the block device mapping.

static get_resource_type()

get_size()
Retrieve the size of the snapshot.

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

is_backup()
Determine if this snapshot represents a volume backup.

snapshot

snapshot_id

top_level_resource = True

Spanner

Spanner is Google's globally distributed NewSQL database. Google describes Spanner as a "note entirely pure" relational database system because each table must have a primary key column. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the spanner resides in

name

The name of the spanner

node_count

The number of nodes the spanner has

state

The current state of the spanner (available or in-use)

size

The size in bytes of the spanner

display_name

The display name of the spanner

Storage Account

Currently only Azure, Storage Account contains all storage data objects: blobs, files, queues, tables and disks. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the resource resides in

name

The name of the storage account.

creation_time

The date and timestamp when storage account was created

state

The provisioning state of storage account.

access_tier

The access tier of the storage account

primary_endpoints

The storage accounts primary endpoint

secondary_endpoints

The storage accounts secondary endpoint

custom_domain

Denotes if resource has custom domain configured

blob_encrypted

Denotes whether the account has blob encryption enabled

file_encrypted

Denotes whether the account has file encryption enabled

queue_encrypted

Denotes whether the account has queue encryption enabled

table_encrypted

Denotes whether the account has table encryption enabled

transit_encryption

Denotes whether the account has transit encryption enabled

threat_protection

Denotes whether the account has threat protection enabled

encryption_type

Denotes the encryption type

Storage Container

Storage Containers are scalable data storage. An example of this is an Amazon S3 buckets. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the storage container resides in

name

The name of the storage container

creation_date

The date that the the storage container was created

last_modified

The date that the storage container was last modified

object_count

The total number of objects within storage container

total_size

The total size of the storage container (bytes)

total_size_human_readable

Denotes size in bytes.

policy

The JSON of container or user policy associated with this storage container

trusted_accounts

The accounts with a trust relationship

policy_encryption

Denotes whether the storage container is using policy encryption (object level)

transit_encryption

Denotes whether the account has transit encryption enabled

logging

Denotes whether access logging is enabled

logging_bucket

The target bucket to store access server logs

versioning

Denotes whether object versioning is enabled

mfa_delete

Denotes if MFA delete is enabled

public

Denotes whether the storage container is accessible by the public

global_encryption

Default server side encryption for storage container

key_resource_id

The resource id of encryption key associated with Storage Container

storage_class

The storage class type of a container

website

The associated website

lifecycle_policy

The lifecycle policy if applies

public_acl

Denotes if Public ACL is applied

public_policy

Denotes if public policy is applied

public_access_block

The public access block of the storage container (AWS)

impaired_visibility

Denotes whether visibility into the full configuration is impaired

storage_account_resource_id

The Azure specific storage Account resource ID

impaired_visibility_properties

Denotes visibility status.

class DivvyResource.Resources.storagecontainer.StorageContainer(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Storage Container Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

classmethod get_encrypted_status(policy)

get_merged_permissions(new_permissions, delete=False)
Build a list of current and existing permissions. This is required as the cloud providers want a full list of permissions. If you do not do this then existing permissions will be lost.

static get_provider_id_field()

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

properties
This is a temporary override similar to how we set up the resource object for resource groups and other select resources. For some reason even though the DivvyDbObject definition inherits LinkedResource_Mixin there are select corner cases where properties is not found. After spending three hours debugging it was decided that this is the less expensive route. It fixes the bug in the current version.

storage_container

top_level_resource = True

Stored Parameter

Secure storage for configuration data management and secrets management (e.g., passwords, database strings, AMIs (in AWS), IDs) as parameter values.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the stored parameter resides

name

The name of the stored parameter

data_type

The data type of the stored parameter (e.g. String or SecureString)

key_resource_id

The InsightCloudSec resource ID of the encryption key associated with the stored parameter

tier

The tier of the stored parameter (e.g. Standard)

expiration

The expiration date of the stored parameter

last_modified

The timestamp for the last modification of the stored parameter

Timeseries Database

Timeseries databases store and analyze trillions of events daily for internet of things (IoT) and operational applications, e.g., Amazon Timestream.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the resource resides in

database_name

The name for the database

arn

The ARN associated with the resource

table_count

The number of tables within the database

key_resource_id

The resource ID for the key used to encrypt the database.

create_time

The timestamp when the database was created.

last_update_time

The timestamp when the database was last updated.

Video Stream

Video Stream is a service used to securely stream video from connected devices. For example, AWS for analytics, machine learning (ML), playback, and other processing. Kinesis Video Streams automatically provisions and elastically scales all the infrastructure needed to ingest streaming video data from millions of devices.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the video stream

region_name

The region that the resource resides in

arn

The Amazon Resource Name of this resource

version

The Application Gateway version

media_type

The media type of the video stream

key_resource_id

The InsightCloudSec resource id of encryption key used to encrypt this data stream"

created_timestamp

The date and timestamp when video stream was created

retention_period

The length of time in seconds that the video stream will be retained

Volume

Volumes are network attached storage such as the EBS service within AWS. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the volume resides in

volume_id

The provider ID of the volume

name

The name of the volume

instance_resource_id

The resource ID of the instance this volume is associated with

snapshot_resource_id

The resource ID of the snapshot this volume was built from

create_time

The timestamp of when this volume was created

device

The device that a volume is mapped to on the instance (e.g., /dev/sdf)

state

The current state of the volume (available or in-use)

volume_type

The type of volume (e.g., pd-standard, gp2, premium_LRS, etc.)

size

The size of the volume in gigabytes

availability_zone

The availability_zone where the volume resides

iops

The total IOPS allocated to this volume (provisioned volumes only)

encrypted

Denotes whether the volume is encrypted

delete_on_termination

Denotes if the volume is set to automatically delete when the parent instance is terminated

class DivvyResource.Resources.volume.Volume(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Volume Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_attached_instance_resource_id()
Retrieve the resource id of the instance this volume is attached to, if any.

get_availability_zone()
Retrieve the availability zone/location of the resource.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_device()
Retrieve the attached device name of the volume (e.g., /dev/sdf).

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_size()
Retrieve the size in GB of the resource.

get_snapshots()
Retrieve a list of db objects for snapshots created from the volume (if any)

get_supported_actions()
Retrieve all the actions which are supported by this resource.

get_volume_backup_scheduled_events()
Retrieve volume backup scheduled events.

get_volume_type()
Retrieve the volume type of the resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

modify(iops=None, size=None, volume_type=None, user_resource_id=None)
Modify the volume. This makes a call sot he upstream providier to change one or more properties.

schedule_modification(*args, **kwargs)
Create a scheduled event to modify an existing volume. If a schedule is not supplied then the event will be scheduled to run immediately.

top_level_resource = True

volume

volume_id

Updated 16 days ago

Storage Resources


Summaries and Attributes of InsightCloudSec Storage Resources

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.