Storage Resources

Summaries and Attributes of InsightCloudSec Storage Resources

Storage resources are available in InsightCloudSec as the third section (tab) under the Resource landing page. These resources are related to storage functionality and include resources like volumes, snapshots, and storage containers.

Storage resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific term with the associated logo to help users confirm the displayed information. For example, a Storage Container refers to Amazon "S3", Azure's "Blob Storage Container" and Google's "Cloud Storage", etc.

For a detailed reference of this normalized terminology check out our Resource Terminology.

1689

Resources - Storage Landing Page

🚧

A Note About Resource Attributes

A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.

If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to us through the Customer Support Portal with any questions!

Backup Vault

Backup vaults are containers for organizing your backups.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the backup vault resides in
create_timeThe creation time when the Backup Vault was created
nameThe name of the vault
recovery_pointsNumber of recovery points
policyThe IAM Policy of the Backup Vault in JSON format
trusted_accountsAny accounts this Backup Vault has a trust relationship with
publicBoolean denoting if this Backup Vault is publicly accessible
key_resource_idThe Resource ID of the Backup Vault's associated key
arnThe ARN of the Backup Vault

Big Data Snapshot

Big Data Snapshots are point in time backups of a Big Data Instance. An example of this type of instance would be AWS Redshift. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the snapshot resides in
snapshot_idThe provider ID of the snapshot
nameThe name of the snapshot
instance_resource_idThe resource ID of the instance this snapshot was created from
snapshot_typeThe type of snapshot (manual vs automatic)
stateThe current lifecycle state of the snapshot
encryptedDenotes if the data stored on the snapshot is encrypted
availability_zoneThe zone where the snapshot lives
create_timeThe time when the snapshot creation was launched
portThe port that the database instance listens on
cluster_versionThe version number for the cluster
nodesThe number of nodes in this cluster
instance_typeThe type of instance this snapshot was taken on
database_nameThe name of the master database
sizeThe size (in gigabytes) of the snapshot
master_usernameThe master account associated with the instance

class DivvyResource.Resources.bigdatasnapshot.BigDataSnapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

BigData Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the route state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

snapshot

top_level_resource = True

Cache Snapshot

Cache Snapshots are point in time backups of a memcache instance. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute-CacheDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the snapshot resides in
snapshot_idThe provider ID of the snapshot
nameThe name of the volume
snapshot_typeThe type of snapshot (manual vs automatic)
instance_resource_idThe resource ID of the parent instance
stateThe current lifecycle state of the snapshot
availability_zoneThe zone where the snapshot lives
create_timeThe time when the snapshot creation was launched
portThe port that the database instance listens on
engineThe database engine that the instance was configured to use
engine_versionThe engine version
sizeThe size in gigabytes of the volume
progressThe progress of the snapshot creation

class DivvyResource.Resources.memcachesnapshot.MemcacheSnapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Cache Instance Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the snapshot state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

snapshot

top_level_resource = True

Cassandra Table

Cassandra Tables are managed, efficient, and reliable Apache Cassandra-based database services; for example, AWS Keyspaces.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
namespace_idThe provider-specific namespace ID value
keyspace_nameThe name of the keyspace
table_nameThe name of the table
region_nameThe region in which the table resides
creation_timeThe timestamp for when the table was created
throughput_modeThe throughput mode for the table
read_unitsThe number of read units in the table
write_unitsThe number of write units in the table
key_resource_idThe resource ID for the encryption key associated with the table
point_in_time_recoveryDenotes whether point-in-time recovery is enabled
ttlTime to live (in seconds)
commentDescription of the table

Cloud Dataset

Datasets are top-level containers that are used to organize and control access to your tables and views (GCP BIgQuery Datasets). This class inherits from TopLevelResource and has direct access to the resource's database object. The following attributes are directly accessible:

AttributeDescription
region_nameThe region that the dataset resides in
dataset_idThe provider ID of the dataset
nameThe name of the dataset
descriptionThe optional description for the dataset
table_countThe number of tables within the dataset
total_size_bytesThe size in bytes of the dataset
table_expiration_msThe expiration time in ms for the dataset tables
creation_dateThe time this resource was created
last_modified_dateThe time this resource was last modified
publicly_accessibleDenotes whether the dataset is publicly accessible

Cloud Global Access Point

A global endpoint for routing storage container request traffic between regions.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the access point
aliasDenotes the alias of the access point
statusStatus of the access point
creation_dateThe date the access point was created
arnThe ARN associated with the access point
bucket_countDenotes the number of buckets associated with the access point
policyThe policy associated with the access point
publicDenotes if the access point allows public access
trusted_accountsThe list of accounts that can interact with the access point
public_access_blockThe public access block of the access point

Cold Storage

Cold Storage is used for long-term storage of infrequently accessed data, such as end-of-lifecycle, compliance, or regulatory backups. An example of this type of resource is AWS Glacier.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the vault exists
nameThe name of the cold storage container
arnThe Amazon Resource Name of the cold storage vault (AWS Only)
size_in_bytesThe size in bytes
number_of_archivesThe number of archives
last_inventory_dateThe date of last inventory
creation_dateThe date the vault was created
lock_creation_dateThe date of lock creation.
lock_expiration_dateThe date current lock policy expires
lock_stateDenotes current lock state
lock_policyThe lock policy document (json)
policyThe linked policy (json)
trusted_accountsThe trusted accounts that can interact with the resource

Data Analytics Workspace

Data Analytics Workspace is a storage and interactive query service that makes it easy to analyze data. An example of this type of resource is AWS Athena.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that this resource resides in
workspace_idThe provider-specific workspace ID
create_timeThe date the workspace was created
nameThe name of the data analytics workspace
descriptionThe optional description associated with the data analytics workspace
stateThe state the workspace is in
encryptedDenotes whether or not the workpace is encrypted
key_resource_idThe resource id of the encryption key associated with the workspace
requester_paysDenotes whether usage costs pass through to the requester
metrics_enabledDenotes whether CloudWatch metrics are enabled
output_locationThe output locaction of the results (optional

Data Factory

Data factory is a fully managed, serverless data integration service. It includes visual integration for data sources with built-in, maintenance-free connectors, allowing for easy construction of ETL and ETL processes code-free; it also allows you to write your own code. An example of this type of resource is Azure Data Factory.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the resource resides
factory_idThe provider ID of the data factory
nameThe name of the data factory
stateThe state of the data factory (e.g. 'succeeded')
create_timeThe time the data factory was created
encryption_typeDenotes the encryption type (e.g. 'default')
key_resource_idThe InsightCloudSec resource ID of the encryption key used to encrypt the data factory
public_network_accessDenotes whether the data factory is accessible to the public

Data Lake Storage

Data Lake Storage is a cloud analytics service where you can easily develop and run massively parallel data transformation and processing programs in U-SQL, R, Python, and .Net over petabytes of data. With no infrastructure to manage you can process data on demand and scale instantly. An example of this type of a resource is Azure Data Lake.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the resource resides in
storage_idThe provider ID of the data lake storage
nameThe name of the data lake storage
stateThe state of the data lake
public_accessDenotes if the data lake is accessible to the public
encryptedDenotes if the data lake is encrypted at rest

Data Stream

Data Stream is the transfer of data at a steady high-speed rate (AWS Kinesis). This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the data stream
region_nameThe region in which the resource resides
arnThe Amazon Resource Name of the data stream
statusThe status of the data stream
shardsThe number of shards in this data stream
metricsThe Json string for the metrics of the data stream
encryptionDenotes whether the data stream has server side encryption enabled
key_resource_idThe InsightCloudSec resource ID of the encryption key used to encrypt the data stream
retention_periodThe length of time in seconds that data stream will be retained
created_timestampThe date the data steam was created
tierDenotes the pricing tier
public_accessDenotes if the data steam is accessible to the public
event_hubsDenotes number of partitions (Azure specific)
stream_modeDenotes the current mode for the data stream

Data Sync Task

Tasks associated with online data transfer, both between on-premises and provider storage storage devices, as well as between provider storage devices.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the resource resides
task_idThe provider ID of the data sync task
nameThe name of the data sync task
statusThe status of the data sync task
create_timeThe date and time the data sync task was created
arnThe ARN of the data sync task
source_location_arnThe ARN of the source location of the data sync task
destination_location_arnThe ARN of the destination location of the data sync task
log_group_arnThe ARN of the log group of the data sync task
optionsOptions for the data sync task

Database Migration Instance

An instance that uses a web service to migrate data from a source data store to a target data store. An example of this type of resource is AWS DMS Replication.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
instance_typeThe provider-specific instance type identifier (optional)
region_nameThe region that this resource resides in
instance_idThe provider-specific instance id value
instance_flavor_resource_idThe flavor of instance used by the DB instance
stateThe state of the DB intance
endpoint_public_addressThe public IP address of the database endpoint
endpoint_private_addressThe private IP address of the database endpoint
engine_versionThe version of the database engine
storage_sizeThe total size (GB) of the database
multi_azDenotes whether the database is configured in multiple availability zones (optional)
create_timeThe date the database migration instance was created/launched.
encryptedDenotes whether the database is encrypted (optional)
arnThe Amazon Resource Name
publicly_accessibleDenotes whether the dataset is publicly accessible
key_resource_idThe resource ID of the key that encrypts the logs
network_resource_idNetwork resource ID that the database instance is associated with
auto_minor_upgradesDenotes if the Database is set to update with minor upgrades

Database Proxy

Simplifies connection management by handling network traffic between client applications and the database. An example of this type of resource is AWS RDS Database Proxy.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the proxy instance resides in
nameThe name of the proxy instance
engine_familyThe engine family the proxy instance was configured to use
stateThe current lifecycle state of the proxy
create_timeThe timestamp for when the proxy was created
arnThe Amazon Resource Name for the proxy
network_resource_idThe resource_id of the Network associated with the proxy
endpointDenotes the endpoint address of the proxy
require_tlsIndicates whether the proxy requires transport layer security (TLS)
idle_timeoutThe time in seconds a client can be idle before the proxy can close it
iam_authentication_requiredIndicates whether the proxy requires IAM authentication
debug_loggingIndicates whether debug logging is enabled for the proxy

Database Snapshot

Database Snapshots are point-in-time backups of a database instance. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the snapshot resides in
snapshot_idThe provider ID of the snapshot
nameThe name of the snapshot
instance_resource_idThe resource ID of the instance this snapshot was created from
database_cluster_resource_idThe the ID of the database cluster resource
snapshot_typeThe type of snapshot (manual vs automatic)
stateThe current lifecycle state of the snapshot
availability_zoneThe zone where the snapshot resides
create_timeThe time when the snapshot creation was launched
portThe port that the database instance listens on
engineThe database engine that the instance was configured to use
engine_versionThe engine version
sizeThe size (GB) of the volume
progressThe progress of the snapshot creation
master_usernameThe master account associated with the instance
licenseThe license used by the instance
publicDenotes if the snapshot is publicly available
encryptedDenotes if this file system is encrypted
key_resource_idThe resource id of encryption key associated with snapshot

class DivvyResource.Resources.databasesnapshot.DatabaseSnapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the route state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

snapshot

top_level_resource = True

Databricks Workspace

A Databricks Workspace is an analytics platform based on Apache Spark, that provides one-click setup, streamlined workflows, and an interactive workspace that enables collaboration between data engineers, data scientists, and machine learning engineers. An example of this type of resource is Azure Databricks Workspace.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the resource resides
workspace_idThe provider ID of the databricks workspace
nameThe name of the databricks workspace
stateThe state of the databricks workspace ('succeeded' or 'failed')
encryption_typeDenotes the encryption type (e.g., 'default', 'cmk')
tierThe tier of the databricks workspace (e.g., 'premium', 'standard', 'trial')

Delivery Stream

A Delivery stream loads streaming data into data stores and analytics tools (AWS Firehose). This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the delivery stream
region_nameThe region that the resource resides in
arnThe Amazon Resource Name of the delivery stream
delivery_stream_typeThe type of this delivery stream
source_stream_arnThe ARN of source data stream
statusThe status of this delivery stream
destinationsThe Json string of destinations of this delivery stream
version_idThe version of delivery stream
updated_timestampThe time the delivery stream was last updated
created_timestampThe time the delivery stream was created

Elastic Cluster

A database cluster that allows you to scale your workload's throughput.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe name of the region in which the cluster resides
nameThe name of the cluster
creation_timeThe time the cluster was created
stateThe status of the cluster
admin_usernameThe admin username for the cluster
auth_typeThe authentication type for the cluster
key_resource_idThe ID of the encryption key associated with the cluster
arnThe ARN associated with the cluster
shard_capacityThe shard capacity for the cluster
shard_countThe count of shards within the cluster
relationshipsA list of resources associated with the cluster

ETL Data Catalog

ETL Data Catalog is an index to the location, schema, and runtime metrics of your data; supports extract, transform, and load (ETL) service.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the resource resides in
nameThe provider name for this resource
metadata_encryptionBoolean denoting if metadata encryption is enabled for this resource
metadata_key_resource_idThe resource_id of the metadata key, if present
password_encryptionBoolean denoting if password encryption is enabled for this resource
password_key_resource_idThe resource_id of the password key, if present
policyThe IAM policy of the resource in JSON format
trusted_accountsThe numbers of any accounts with a trust relationship with this resource

ETL Database

Extract, transform, load (ETL) databases are used to organize metadata for holistic ETL services.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe name of the region in which the ETL database resides
nameThe name of the database
create_timeThe time the database was created
location_uriThe location URI of the database
descriptionThe description for the database
table_countThe number of tables defined within the database
permissionsA list of permissions for the database
tablesA list of the tables defined within the database
parametersThe parameters of the database
namespace_idThe unique composite ID of the provider ID for the resource

ETL Security Configuration

This resource is a set of security properties that can be used by your extract, transform, and load (ETL) service.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the resource resides in
nameThe provider name for this resource
encryptionBoolean denoting whether encryption is enabled for this resource
key_resource_idThe resource_id of the encryption key, if present
job_encryptionBoolean denoting whether job encryption is enabled for this resource
job_key_resource_idThe resource_id of the job encryption key, if present
log_encryptionBoolean denoting whether log encryption is enabled for this resource
log_key_resource_idThe resource_id of the log encryption key, if present

File Share

A cloud storage service that provides on-premises access to cloud storage.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the resource resides in
file_system_idThe ID of which filesystem this resource uses (SMB/NFS/etc.)
nameThe provider name for this resource
availability_zoneThe availability zone where the resource is located
creation_timestampThe time when the resource was created
number_of_mount_targetsThe number of mount targets for this file system
metered_sizeThe size of the metered connection to this resource
creation_tokenThe Client Token used in creation of the resource
encryptedBoolean denoting whether encryption is enabled on this resource
encryption_idThe ID of the encryption source, if present
key_resource_idThe resource_id of the encryption key, if present
lifecycle_stateThe current lifecycle state of this resource
performance_modeDenotes the performance mode of this resource
network_resource_idThe resource_id of the Network associated with this resource
arnThe ARN of this resource
storage_account_resource_idThe resource_id of the storage account associated with this resource
lifecycle_policyThe current lifecycle policy of this resource
backup_policyBoolean denoting whether this resource has a backup policy

GraphQL API

GraphQL manages services that improve performance, support real-time updates, and make connecting to secure datasources easy. An example of this type of resource is AWS AppSync API.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that this resource resides in
api_idThe unique ID for the GraphQL API
nameThe name of the GraphQL API
arnThe Amazon Resource Name for the GraphQL API
xray_enabledBoolean denoting if X-Ray tracing is enabled for the GraphQL API
web_acl_idThe unique ID for the web ACL associated with the GraphQL API
authentication_typeThe authentication type for the GraphQL API
log_configThe Amazon CloudWatch Logs configuration for the GraphQL API
user_pool_configThe Amazon Cognito user pool configuration for the GraphQL API
open_id_configThe OpenID Connect configuration for the GraphQL API
api_caching_behaviorThe API caching behavior enabled for the GraphQL API
api_caching_instance_typeThe type of API caching instance enabled
api_caching_rest_encryptionBoolean denoting if the API caching instance is encrypted at rest
api_caching_transit_encryptionBoolean denoting if the API caching instance is encrypted when connecting

Recycle Bin Rule

A Recycle Bin Rule assists in preventing accidental deletion of snapshots using custom retention rules and recovery.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that this resource resides in
rule_idThe ID for the recycle bin rule
nameThe name of the recycle bin rule
descriptionA description for the recycle bin rule
arnThe Amazon Resource Name of this resource
retention_periodThe length of time a resource is retained (in days)
rule_resource_typeThe resource the rule applies to
apply_to_all_resourcesDenotes if the rule applies to all resource types
resource_tagsResource tags associated with the rule

Secure File Transfer

Secure File Transfer is a fully managed service that enables secure transfer of files and storage.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that this resource resides in
arnThe Amazon Resource Name of this resource
nameThe name of the secure file transfer resource
stateThe state number of the server
endpoint_typeDenotes the endpoint type of the SFTP server
vpc_endpointDenotes the endpoint address of the servers
vpc_endpoint_resource_idThe resource ID of the associated VPC endpoint
identity_providerThe identity provider of the servers
hostnameDenotes the custom hostname of the server
dns_zone_resource_idThe resource ID of the DNS zone associated with the hostname
identity_urlThe url of the identity provider
logging_role_nameThe logging role for server
logging_role_resource_idThe resource ID of the role associated with the server
invocation_role_nameThe name of the associated invocation role
invocation_role_resource_idThe invocation role resource ID
user_countThe current number of users
usersA list containing information about the users associated with the server
protocolsThe protocols associated with the server
security_policyThe security policy associated with the server

Shared File System

Shared File Systems are scalable volumes that can be shared with multiple instances. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
organization_service_idThe ID of the parent organization service (cloud)
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
region_nameThe region that this file system resides in
file_system_idThe provider ID of the file system
availability_zoneThe availability_zone where this resource resides
nameThe name of this shared file system
creation_timestampThe time when this file system was created
number_of_mount_targetsThe number of mount targets for this file system
metered_sizeThe sum of the sizes of all this file systems current objects
creation_tokenThe token that was generated or chosen when this file system was created
encryptedDenotes if this file system is encrypted or not
encryption_idThe provider ID of the encryption for this file system
key_resource_idThe resource id of the encryption key associated with file system
lifecycle_stateThe state of this file system (eg. creating, available, deleting, deleted, unknown)
performance_modeThe performance mode of this file system (e.g., generalPurpose, maxIO)
network_resource_idThe network resource ID that the file system is associated with
arnThe Amazon Resource Name
storage_account_resource_idThe storage Container resource id.
lifecycle_policyDenotes the lifecycle policy used by the file system to determine file transitioning strategy
backup_policyDenotes the backup policy used by the file system to determine when to backup
policyDenotes the policy for the file system
trusted_accountsThe accounts trusted for the file system
log_configLog configuration for the file system
transit_encryptionDenotes if transit encryption is enabled for the file system

class DivvyResource.Resources.sharedfilesystem.SharedFileSystem(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Shared File System Operations

delete(user_resource_id=None)
Delete this resource. If wrapped with a JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

file_system_id

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

shared_file_system

top_level_resource = True

Snapshot

Snapshots are point in time backups of a volume. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
organization_service_idThe ID of the parent organization service (cloud)
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters.
region_nameThe region the snapshot resides in
snapshot_idThe provider ID of the snapshot
volume_resource_idThe resource ID of the volume this snapshot was created from
nameThe name of the volume’s snapshot
descriptionDescription of the snapshot
stateThe current lifecycle state of the snapshot
progressThe creation progress of the snapshot
sizeThe size in gigabytes of the volume
publicDenotes whether the snapshot is publicly available
start_timeThe time the snapshot was started
create_timeThe time when the snapshot finished creating
encryptedDenotes whether the snapshot is encrypted
key_resource_idThe provider ID of the key used for the snapshot

class DivvyResource.Resources.snapshot.Snapshot(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Snapshot Operations

delete(user_resource_id=None)
Delete this resource. If wrapped with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

get_private_images()
Retrieve a list of db objects for private images created from the snapshot (if any).

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. This is an override of the parent function because we don’t have ResourceLink relationships for volumes and private/public images where the snapshot ID is included in the block device mapping.

static get_resource_type()

get_size()
Retrieve the size of the snapshot.

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

is_backup()
Determine if this snapshot represents a volume backup.

snapshot

snapshot_id

top_level_resource = True

Spanner

A spanner is a globally-distributed relational database system. This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the spanner resides in
nameThe name of the spanner
node_countThe number of nodes the spanner has
stateThe current state of the spanner (available or in-use)
sizeThe size in bytes of the spanner
display_nameThe display name of the spanner
relationshipsA list of resources associated with the spanner
cluster_idUnique provider ID for the cluster
arnARN associated with the spanner
engineThe engine currently running on the spanner
engine_versionThe version of the engine currently running on the spanner
storage_encryptedDenotes if the storage is encrypted on the spanner
deletion_protectionDenotes if deletion protection is enabled on the spanner

Storage Account

Currently only Azure, Storage Account contains all storage data objects: blobs, files, queues, tables and disks. This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the resource resides in
nameThe name of the storage account
creation_timeThe date and timestamp when storage account was created
stateThe provisioning state of storage account
access_tierThe access tier of the storage account
primary_endpointsThe storage accounts primary endpoint
secondary_endpointsThe storage accounts secondary endpoint
custom_domainDenotes if resource has custom domain configured
blob_encryptedDenotes whether the account has blob encryption enabled
file_encryptedDenotes whether the account has file encryption enabled
queue_encryptedDenotes whether the account has queue encryption enabled
table_encryptedDenotes whether the account has table encryption enabled
transit_encryptionDenotes whether the account has transit encryption enabled
threat_protectionDenotes whether the account has threat protection enabled
encryption_typeDenotes the encryption type
minimal_tls_versionThe TLS version configured on the storage account
allow_public_accessIndicates if the storage account allows public blob access
namespace_idThe unique composite ID of the provider ID for the resource
publicIndicates if the storage account allows public network access
sftp_enabledIndicates if secure file transfer protocol (SFTP) is enabled
hns_enabledIndicates if hierarchical namespace (HNS) is enabled
allow_cross_tenant_replicationIndicates if cross-tenant replication is allowed
allow_shared_key_accessIndicates if shared key access is allowed
infrastructure_encryptionIndicates if infrastructure encryption is enabled

Storage Container

Storage Containers are scalable data storage. An example of this is an Amazon S3 buckets. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the storage container resides in
nameThe name of the storage container
creation_dateThe date that the the storage container was created
updated_dateThe date that the storage container was last updated
object_countThe total number of objects within storage container
total_sizeThe total size of the storage container (bytes)
total_size_human_readableDenotes size in bytes.
policyThe JSON of container or user policy associated with this storage container
trusted_accountsThe accounts with a trust relationship
policy_encryptionDenotes whether the storage container is using policy encryption (object level)
transit_encryptionDenotes whether the account has transit encryption enabled
loggingDenotes whether access logging is enabled
logging_bucketThe target bucket to store access server logs
versioningDenotes whether object versioning is enabled
mfa_deleteDenotes if MFA delete is enabled
publicDenotes whether the storage container is accessible by the public
global_encryptionDefault server side encryption for storage container
key_resource_idThe resource id of encryption key associated with Storage Container
storage_classThe storage class type of a container
websiteThe associated website
website_configSpecifies website configuration parameters for the bucket
lifecycle_policyThe lifecycle policy if applies
public_aclDenotes if Public ACL is applied
public_policyDenotes if public policy is applied
public_access_blockThe public access block of the storage container (AWS)
impaired_visibilityDenotes whether visibility into the full configuration is impaired
storage_account_resource_idThe Azure specific storage Account resource ID
impaired_visibility_propertiesDenotes visibility status
object_lock_configurationDefines the bucket's object lock configuration and rules
bucket_replicationDenotes if bucket replication is enabled
uniform_accessDenotes if the bucket has uniform access
bucket_key_enabledDenotes if the bucket key is enabled
namespace_idID for the bucket's namespace
soft_delete_retentionDefines soft delete retention protocol for the bucket
location_typeThe type of location for the bucket
object_ownershipDefines object ownership protocol for the bucket
blob_soft_delete_retentionDefines blob soft delete retention protocol for the bucket
notification_configurationDefines notification configuration for the bucket

class DivvyResource.Resources.storagecontainer.StorageContainer(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Storage Container Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

classmethod get_encrypted_status(policy)

get_merged_permissions(new_permissions, delete=False)
Build a list of current and existing permissions. This is required as the cloud providers want a full list of permissions. If you do not do this then existing permissions will be lost.

static get_provider_id_field()

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

properties
This is a temporary override similar to how we set up the resource object for resource groups and other select resources. For some reason even though the DivvyDbObject definition inherits LinkedResource_Mixin there are select corner cases where properties is not found. After spending three hours debugging it was decided that this is the less expensive route. It fixes the bug in the current version.

storage_container

top_level_resource = True

Storage Gateway

Storage gateways securely connect on-premises software applications with cloud-based storage.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
gateway_idThe ID of the storage gateway
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the storage gateway resides
nameThe name for the storage gateway
arnThe ARN for the storage gateway
gateway_typeThe type of storage gateway
last_software_updateThe last time the storage gateway's software was updated
deprecation_dateThe date the storage gateway's software will be deprecated
instance_resource_idThe resource ID of the instance used as the gateway
host_environmentThe type of hardware or software platform the gateway is running on
capacityThe capacity for the storage gateway

Stored Parameter

Secure storage for configuration data management and secrets management (e.g., passwords, database strings, AMIs (in AWS), IDs) as parameter values.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the stored parameter resides
nameThe name of the stored parameter
data_typeThe data type of the stored parameter (e.g. String or SecureString)
key_resource_idThe InsightCloudSec resource ID of the encryption key associated with the stored parameter
tierThe tier of the stored parameter (e.g. Standard)
expirationThe expiration date of the stored parameter
last_modifiedThe timestamp for the last modification of the stored parameter

Timeseries Database

Timeseries databases store and analyze trillions of events daily for internet of things (IoT) and operational applications, e.g., Amazon Timestream.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the resource resides in
database_nameThe name for the database
arnThe ARN associated with the resource
table_countThe number of tables within the database
key_resource_idThe resource ID for the key used to encrypt the database.
create_timeThe timestamp when the database was created.
last_update_timeThe timestamp when the database was last updated.

Video Stream

Video Stream is a service used to securely stream video from connected devices. For example, AWS for analytics, machine learning (ML), playback, and other processing. Kinesis Video Streams automatically provisions and elastically scales all the infrastructure needed to ingest streaming video data from millions of devices.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the video stream
region_nameThe region that the resource resides in
arnThe Amazon Resource Name of this resource
versionThe Application Gateway version
media_typeThe media type of the video stream
key_resource_idThe InsightCloudSec resource id of encryption key used to encrypt this data stream"
created_timestampThe date and timestamp when video stream was created
retention_periodThe length of time in seconds that the video stream will be retained

Volume

Volumes are network attached storage such as the EBS service within AWS. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the volume resides in
volume_idThe provider ID of the volume
nameThe name of the volume
instance_resource_idThe resource ID of the instance this volume is associated with
snapshot_resource_idThe resource ID of the snapshot this volume was built from
create_timeThe timestamp of when this volume was created
deviceThe device that a volume is mapped to on the instance (e.g., /dev/sdf)
stateThe current state of the volume (available or in-use)
volume_typeThe type of volume (e.g., pd-standard, gp2, premium_LRS, etc.)
sizeThe size of the volume in gigabytes
availability_zoneThe availability_zone where the volume resides
iopsThe total IOPS allocated to this volume (provisioned volumes only)
encryptedDenotes whether the volume is encrypted
delete_on_terminationDenotes if the volume is set to automatically delete when the parent instance is terminated

class DivvyResource.Resources.volume.Volume(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Volume Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_attached_instance_resource_id()
Retrieve the resource id of the instance this volume is attached to, if any.

get_availability_zone()
Retrieve the availability zone/location of the resource.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_device()
Retrieve the attached device name of the volume (e.g., /dev/sdf).

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_size()
Retrieve the size in GB of the resource.

get_snapshots()
Retrieve a list of db objects for snapshots created from the volume (if any)

get_supported_actions()
Retrieve all the actions which are supported by this resource.

get_volume_backup_scheduled_events()
Retrieve volume backup scheduled events.

get_volume_type()
Retrieve the volume type of the resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

modify(iops=None, size=None, volume_type=None, user_resource_id=None)
Modify the volume. This makes a call sot he upstream providier to change one or more properties.

schedule_modification(*args, **kwargs)
Create a scheduled event to modify an existing volume. If a schedule is not supplied then the event will be scheduled to run immediately.

top_level_resource = True

volume

volume_id