Compute Resources

Compute Resources are available in InsightCloudSec as the first section (tab) under the Resource landing page. These resources are related to compute functionality and include resources like app servers, instances, and elastic search instances.

Compute resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific terminology with the associated logo to help users confirm the displayed information. For example, an Autoscaling Group refers to Amazon's "Autoscaling Group", Google's "Autoscalers", and Azure's "Virtual Machine Scale Sets".

For a detailed reference of this normalized terminology check out our Resource Terminology.

Some attributes may not be included in these lists

A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.

If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to us through the Customer Support Portal with any questions!

Airflow Environment

Airflow Environment

Airflow Environments offers managed orchestration service for Apache Airflow - an open-source tool used to programmatically author, schedule, and monitor sequences of processes and tasks referred to as workflows.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the Airflow Environment resides
nameThe name of the Airflow Environment
arnThe ARN associated with the Airflow Environment
create_timeThe time when this Airflow Environment was created
versionThe version of the Airflow Environment
environment_classThe environment class, e.g., 'mw1.small'
max_workersThe maximum number of workers allowed with this Airflow Environment
statusThe status of the Airflow Environment (e.g., available)
logging_configurationA description of the logging configuration, including TaskLogs, WorkerLogs, and SchedulerLogs
encryptedDenotes whether the Airflow Environment is encrypted
key_resource_idThe provider ID of Encryption Key (if encrypted)
execution_role_resource_idThe resource ID for the execution role
service_role_resource_idThe resource ID for the service role
webserver_access_modeThe webserver access mode, e.g., public only
webserver_urlThe URL for the webserver
relationshipsA list of resources associated with the Airflow Environment
Apps

App Configurations

App Configurations provide a means to centrally manage application settings and feature flags.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
config_idThe provider ID for the configuration
nameThe name of the configuration
resource_groupThe name of the resource group the configuration is associated with
provisioning_stateThe provisioning state of the configuration
region_nameThe name of the region in which the configuration resides
skuThe pricing tier of the configuration
purge_protection_enabledIndicates if purge protection is enabled for the configuration
public_network_accessThe network access configuration of the configuration
automatic_network_settingIndicates if public network access on the resource is set to the automatic setting
creation_dateThe date the configuration was created
soft_delete_retention_daysThe number of days the configuration will be retained if deleted
encrypted_with_cmkIndicates if the configuration is encrypted using a customer key
identity_typeThe type of identity assigned to the configuration
disable_local_authIndicates if local authentication is disabled for a configuration
endpointThe endpoint of the configuration
private_endpoint_connectionsThe number of endpoints attached to the configuration
namespace_idThe fully qualified ID of the resource, including the resource name and resource type

App Engine Service

An App Engine Service is a small logical component of a large app, i.e., a microservice.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the service
region_nameThe name of the region in which the service resides
namespace_idThe fully qualified ID of the resource, including the resource name and resource type
service_idThe unique ID for the service
app_engine_statusThe status of the service
ingress_trafficThe rules for ingress of the service
firewall_rulesThe firewall rules for the service

App Engine Service Version

An App Engine Service Version is a compiled version of one of your services, which can be used for rollbacks or testing.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the service
service_idThe unique ID for the service
namespace_idThe fully qualified ID of the resource, including the resource name and resource type
version_idThe unique ID for the service version
environmentThe type of environment on which the version is deployed
runtime  The runtime the service version is using
legacy_runtimeDenotes whether the runtime is legacy
version_statusThe status of the service version

App Server

App Servers are the underlying virtual machines that host Azure App Services. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which this App Server resides
app_server_idThe provider ID of the App Server
nameThe name of the App Server
server_typeThe type of the App Server (F1 Free, B1 Basic, S1 Standard, etc)
instance_countThe number of instances running this app
max_instance_countThe maximum number of instances for running the app
app_countThe number of apps running on the App Server
stateThe state of the App Server (ready, stopped, etc)

App Stream Fleet

An App Stream Fleet is a managed application streaming service that streams desktop applications to users.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the App Stream Fleet resides
arnThe ARN associated with the App Stream Fleet
nameThe name of the App Stream Fleet
image_nameThe image name associated with the App Stream Fleet
image_arnThe ARN associated with the image for the App Stream Fleet
instance_typeThe type of instance used by the App Stream Fleet
instance_flavor_resource_idThe Resource ID for the instance flavor used by the App Stream Fleet
fleet_typeThe type of Fleet for the App Stream
compute_statusStatus of compute resources for the App Stream Fleet
max_user_durationThe maximum duration (in seconds) for users
disconnect_timeoutThe timeout (in seconds) for a user to disconnect
stateThe state of the App Stream Fleet
creation_dateThe date and timestamp for the creation of the App Stream Fleet
default_internet_accessIndicates whether default internet access is enabled for the fleet
domain_joinedIndicates whether the Fleet is associated with a directory domain
role_resource_idThe Resource ID for the role associated with the Fleet
stream_viewThe stream view displayed to users while using the Fleet
platformThe platform of the Fleet
session_script_s3Describes the S3 session script
relationshipsList of resources associated with the Fleet
Autoscaling

Autoscaling Group

Autoscaling Groups contain a collection of Instances that share similar characteristics and are treated as a logical grouping for the purposes of instance scaling and management. The Autoscaling Group class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
group_idThe provider ID of the autoscaling group
nameThe name of the autoscaling group
arnThe ARN associated with the autoscaling group
create_timeThe time when this autoscaling group was created
region_nameThe region in which this autoscaling group resides
health_check_grace_periodThe amount of time (in seconds) that the autoscaling group will wait to run the system health check, after instances have been started
min_sizeThe minimum number of instances running at all times on this autoscale group
max_sizeThe maximum number of instances that can be running at any time on this autoscale group
desired_capacityThe desired amount of instances running at all times in the autoscaling group
new_instance_protectionThe instances that are protected from termination during scale in
default_cooldownThe amount of time the autoscaling group will wait before resuming scaling activities
multi_azDenotes if the group is multi AZ
suspended_processesThe JSON value of suspended processes
vm_profileThe JSON value of the profile of the machine
spot_instancesWhether the autoscaling group will utilize spot instances
upgrade_policyDescribes the upgrade policy settings for the autoscaling group
launch_configurationThe launch configuration that is associated with the autoscaling group
launch_templateA launch template that is associated with the autoscaling group
warm_pool_sizeThe number of warm pool instances configured
warm_pool_instancesThe type of instances in the warm pool
load_balancersA list of classic load balancers that are associated with the autoscaling group
target_groupA list of application target groups that are associated with the autoscaling group
vulnerability_sourcesThe vulnerability source (requires IVM agent integration)

class DivvyResource.Resources.autoscalinggroup.AutoscalingGroup(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Autoscaling Group Operations

delete(user_resource_id=None)
Not now available for use.

static get_db_class()

get_instances()
Retrieve the instance members the group uses.

static get_provider_id_field()

static get_resource_type()

get_subnets()
Retrieve the subnets the group operates in.

get_supported_actions()
Retrieve all the actions which are supported by this resource.

group

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

has_attached_instance()
Return True is instance(s) are attached to asg.

modify(max_size=None, min_size=None, user_resource_id=None)
Modify the Autoscaling group. This makes a call sot he upstream providier to change one or more properties.

name

provider_id

top_level_resource = True

Autoscaling Launch Configuration

Autoscaling Launch Configurations are templates that autoscaling groups use to launch instances.
This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region the Autoscaling Launch Configuration resides in
image_idThe provider ID of image instances are launched from
nameThe name of the autoscaling launch configuration
arnThe Amazon resource name of the autoscaling launch configuration
instance_typeThe type of instance to launch
spot_priceThe maximum hourly price to be paid for any spot instance launched from autoscaling launch configuration
identity_management_roleThe role associated with the autoscaling launch configuration
creation_timestampThe time autoscaling launch configuration was created
monitoringDenotes if detailed monitoring is enabled on instances launched from autoscaling launch configuration (true/false)
kernel_idThe ID of the kernel associated with the Image
ram_idThe ID of the RAM disk to select
associate_ipDenotes whether to assign a public IP address to each instance
block_storage_optimizedDenotes whether the launch configuration is optimized for I/O (true) or not (false)
role_resource_idThe resource ID of the role performing the autoscaling
user_dataThe user data to make available to the launched instances using this configuration
sensitive_dataIndicates if the launch configuration contains sensitive data within the user data
contains_secretIndicates if the launch configuration contains a Secret within the user data
Batches

Batch Environment

An environment containing many compute nodes that can run large-scale parallel and high-performance computing batch jobs efficiently, e.g., Azure Batch Account, AWS Batch Compute Environment.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the Batch Environment
region_nameThe region in which the Batch Environment resides
namespace_idThe fully qualified ID of the resource, including the resource name and resource type
stateThe state of the Batch Environment
endpointThe endpoint where the Batch Environment is accessible
public_accessWhether public access is enabled for the Batch Environment
allocation_typeThe allocation type for the Batch Environment
minimum_cpusThe minimum amount of CPUs allocated for the Batch Environment
maximum_cpusThe maximum amount of CPUs allocated for the Batch Environment
storage_account_resource_idThe resource ID for the storage account associated with the Batch Environment
encryptionThe encryption enabled for the Batch Environment
pool_typeThe type of instance pool within the Batch Environment
role_resource_idThe resource identifier for the role allocated to the Batch Environment.

Batch Pool

A group of compute nodes that is used in a batch environment to run large-scale parallel and high-performance computing batch jobs efficiently, e.g., Azure Batch Pool.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the Batch Pool
region_nameThe region in which the Batch Pool resides
namespace_idThe fully qualified ID of the resource, including the resource name and resource type
environment_resource_idThe ID for the Batch Pool's parent Batch Environment
last_modifiedThe most recent time the Batch Pool was modified
stateThe state of the Batch Pool
vm_sizeThe size of the virtual machine(s) within the Batch Pool
autoscalingWhether the Batch Pool has autoscaling enabled
inter_node_communicationWhether the Batch Pool has internode communication enabled
subnet_resource_idThe resource ID of the subnet in which the Batch Pool is running, if known
Big Data

Big Data Instance

Big Data Instances are database instances which store and process big data. An example of this type of instance is AWS Redshift. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the instance resides in
instance_idThe provider ID of the instance
nameThe name of the instance
instance_typeThe type of instance
instance_flavor_resource_idThe resource ID of the type (flavor) this instance runs on
stateThe state of the big data instance
create_timeThe time the instance was created
availability_zoneThe zone where the big data instance lives
endpoint_addressThe FQDN of the big data instance
endpoint_portThe port that the big data instance listens on
nodesThe number of nodes in the cluster
versionThe software version the big data instance leverages
allow_version_upgradeDenotes whether the instance has automatic version upgrades enabled
db_nameThe name of the master database
subnet_group_nameThe database subnet group name that the instance uses
vpc_idThe database VPC ID that the instance uses
backup_retentionAn integer representing the number of days that automatic snapshots are retained for
master_usernameThe username of the master user
encryptedDenotes if the data stored on the instance is encrypted
key_resource_idThe provider ID of Encryption Key (if encrypted)
publicly_accessibleDenotes if the instance can be accessed over the Internet
access_listsThe list of associated security groups
instance_flavorThe returned flavor of a object which contains information on the size of the instance
ssl_requiredDenotes if SSL is required (true/false)
fips_requiredDenotes if FIPS compliant SSL mode is required
loggingBoolean value on whether a Big Data Instance is logging
logging_bucketThe location of the Storage Container the Big Data Instance is logging to, if known
parameter_groupsThe parameter group(s) associated with the instance

class DivvyResource.Resources.bigdatainstance.BigDataInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Big Data Instance Operations

delete(wait_for_result=True, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the instance state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

`instance

top_level_resource = True

Big Data Serverless Namespace

A Big Data Serverless Namespace is a collection of database objects and users.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
namespace_idThe provider-specific namespace ID value
nameThe name of the namespace resource
db_nameThe database name associated with the namespace
region_nameThe region in which the namespace is located
stateThe status of the namespace
arnThe ARN value associated with the namespace
role_resource_idDenotes the IAM role associated with the namespace
admin_usernameDenotes the admin username associated with the namespace
key_resource_idDenotes the key associated with the namespace
log_exportsDenotes the log export configurations for the namespace
creation_dateThe date the namespace was created

Big Data Serverless Workgroup

A Big Data Serverless Workgroup is a collection of compute resources.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
namespace_idThe provider-specific namespace ID value
organization_service_idThe ID of the parent organization service (cloud)
workgroup_idThe ID associated with the workgroup
nameThe name of the workgroup resource
region_nameThe region in which the workgroup is located
stateThe status of the workgroup
arnThe ARN value associated with the workgroup
vpc_endpointsThe count of VPC endpoints attached to the workgroup
creation_dateThe date the workgroup was created
base_capacityThe base capacity of the workgroup
enhanced_routingDenotes whether the workgroup has enhanced routing enabled
publicly_accessibleDenotes whether the workgroup is publicly accessible
relationshipsList of resources associated with the workgroup

Big Data Workspace

Big Data Workspace comprises data integration, data warehousing, and big data analytics functionality. An example of a Big Data Workspace is an Azure Synapse resource.

AttributeDescription
nameThe name of the workspace
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
workspace_idThe provider ID of the workspace
region_nameThe region in which the workspace resides
stateThe state of the big data workspace (e.g., Succeeded)
double_encryption_enabledDenotes if double encryption is enabled (true/false)
workspace_typeThe type of workspace (e.g., Normal)
sql_administrator_loginLogin name for the SQL administrator
scope_enabledDenotes whether scope is enabled (true/false)
public_accessDenotes whether access is public (true/false)
Build Project

Build Project

Build Project configures how source code is built, e.g., where to obtain the code and which build environment to use.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the Build Project resides in
project_idThe Project ID associated with the Build Project
nameThe name of the Build Project
descriptionThe description associated with the Build Project
creation_dateThe creation date of the Build Project
build_typeThe type of repository that contains the source code to be built
privilege_modeDenotes if the Build Project is running in privileged mode
cache_typeThe type of cache used by the Build Project
encryptedDenotes whether the Build Project is encrypted or not
role_resource_idThe Resource ID of the associated service Role, if applicable
key_resource_idThe Resource ID of the encryption key, if applicable
network_resource_idThe Resource ID of the associated VPC, if applicable
logging_bucketThe details of the bucket where logs are being sent, if applicable
log_group_nameThe logging group name, if applicable
arnThe Amazon Resource Name (ARN) of the Build Project
build_imageThe image the Build Project is using
clear_text_credentialsIndicates if the Build Project contains credentials in clear text
contains_secretIndicates if the Build Project contains a secret
Cache

Cache Database Cluster

A Cache Database Cluster is an in-memory database service that provides fast performance and durability, e.g., AWS MemoryDB.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the Cache Database Cluster resides
nameThe name of the Cache Database Cluster
descriptionText description for the Cache Database Cluster
stateThe state of the Cache Database Cluster
number_of_shardsThe number of shards in the cluster
multi_azDenotes if the cluster can be in multiple availability zones
endpoint_addressThe fully-qualified domain name for the Cache Database Cluster
endpoint_portThe port that the Cache Database Cluster listens on
instance_typeThe type of instance being used to host Cache Database Cluster
engine_versionThe version of the engine currently installed
nodesThe number of nodes in the cluster
parameter_groupThe name of the parameter group associated with the Cache Database Cluster
subnet_groupThe subnet associated with the Cache Database Cluster
transit_encryptionBoolean value indicating if transit encryption is enabled
key_resource_idThe resource ID of the associated encryption key
arnThe ARN associated with the Cache Database Cluster
backup_retentionAn integer representing the number of days that automatic snapshots are retained for
auto_minor_upgradesDenotes if this instance automatically takes minor upgrades or not

Cache Instance

Memcache Instances are managed systems with one or more caching technologies installed, e.g., Redis. Examples of this would be AWS Elasticache and Azure Redis. This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
instance_typeThe type of instance
region_nameThe region that the instance resides in
instance_idThe provider ID of the instance
nameThe name of the instance
instance_flavor_resource_idThe resource ID of the type (flavor) this is instance runs on
stateThe state the instance is in (ready/available/normal/running)
availibilty_zoneThe availability zone this instance runs in
endpoint_addressThe FQDN of the instance
endpoint_portThe port that the instance listens on
engineThe engine that the database uses (redis/memcached)
engine_versionThe install version of the engine
backup_retentionThe integer representing the number of days that automatic snapshots are retained for
nodesThe number of nodes
create_timeThe time the instance was created
at_rest_encryption_enabledDenotes if at rest encryption is enabled (true/false)
transit_encryption_enabledDenotes if transit encryption is enabled (true/false)
auth_token_enabledDenotes if AuthToken is enabled (true/false)
auth_token_last_modifiedThe last time the AuthToken was modified
auto_minor_version_upgradeDenotes whether automatic minor version upgrading is enabled for the cluster
reserved_ip_rangeThe range of IP addresses reserved
network_resource_idThe provider ID of network this instance is in
key_resource_idThe ID of the encryption key used to encrypt this Instance
replication_group_idThe ID of the associated replication group, if applicable
automatic_failoverDenotes if automatic failover is enabled
namespace_idThe fully qualified ID of the resource, including the resource name and resource type
public_network_accessDenotes if public network access to this Cache Instance is enabled
relationshipsList of relationships between the Cache Instance and other services
Connect Instance

Connect Instance

Connect instances provide virtual call center capabilities to your customers.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the Connect Instance resides.
aliasThe user-provided alias
namespace_idThe namespace ID for the Connect Instance
instance_idThe provider-specific ID value
id_management_typeIdentity management type of the instance
statusThe status of the instance
role_resource_idThe role used by the instance
inbound_enabledDenotes if inbound calls are enabled
outbount_enabledDenotes if outbound calls are enabled
create_timeThe time the instance was created
enabled_featuresList of enabled features for the connect instance
feature_configurationThe feature configuration object for the connect instance
Database

Database

Databases that reside within database instances. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the database resides in
database_idThe provider ID of the database
nameThe name of the database
instance_resource_idThe provider ID of the associated instance
collationThe implemented collation set for the database
character_setThe character set of the database
create_timeThe creation time of the database
encryptedThe encryption status of the database
key_resource_idThe provider ID of the encryption key, if applicable
database_typeThe underlying database type

class DivvyResource.Resources.database.Database(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Operations

database

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the route state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

top_level_resource = True

Database Cluster

A database cluster is one or more database instances connected together to simulate a single system. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the cluster resides in
create_timeThe time the cluster was created
cluster_idThe provider ID of the cluster
db_nameThe name of the master database
db_subnet_groupThe subnet group associated with the DB cluster
stateThe state that the cluster is in (available, stopped, etc)
earliest_restorable_timeThe earliest time to which a database can be restored with point-in-time restore
latest_restorable_timeThe latest time to which a database can be restored with point-in-time restore.
endpointThe connection endpoint for the primary instance of the DB cluster
multi_azDenotes whether or not the cluster is set up for high availability and is distributed across multiple zones
availability_zonesThe zone(s) where the cluster lives
engineThe engine that the database uses (mysql, neptune, docdb, etc.)
engine_versionThe version of the engine
portThe port that the database engine is listening on
backup_retentionThe number of days for which automatic DB snapshots are retained
db_cluster_resource_idThe resource ID of the cluster
namespace_idARN (Amazon Resource Name) of the cluster
deletion_protectionDenotes if deletion protection is enabled on the cluster
read_replicaDenotes if the cluster is a read replica
parameter_groupThe name of the DB cluster parameter group for the DB cluster
option_groupsThe option group(s) associated with the database cluster
storage_encryptedBoolean denoting if the cluster is encrypted
key_resource_idThe encryption Key for the cluster (if applicable)
capacityThe current capacity of the cluster
min_capacityThe minimum capacity of the cluster
max_capacityThe maximum capacity of the cluster
master_usernameThe master username for the cluster
iam_authenticationBoolean value indicating whether IAM authentication is used
enabled_logging_typesThe list of the currently enabled logging levels, if applicable (e.g. audit, error, general)
stream_nameThe name of the data stream used for the database activity stream
stream_key_idThe key ID used for encrypting messages in the database activity stream
stream_modeThe mode for the database activity stream
stream_statusThe status of the database activity stream
copy_tags_to_snapshotDenotes whether or not the database is configured to copy tags to snapshots
enhanced_monitoringDenotes whether or not the database is configured for enhanced monitoring
maintenance_actionsThe maintenance actions associated with the cluster
preferred_maintenance_windowThe preferred window of time in which maintenance should be performed
preferred_backup_windowThe preferred window of time in which a backup should be created
relationshipsA list of resources associated with the cluster

Database Event Subscription

Database event subscriptions allow notifications when events within an event category occur.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the event subscription instance resides
event_subscription_idThe numerical ID InsightCloudSec assigns each Event Subscription
statusThe status of the Subscription
enabledDenotes whether the Subscription is enabled or not
topic_resource_idThe Resource ID of the Subscription Topic
namespace_idThe ARN of the Subscription
source_typeThe Source type
source_idsID's of the Source(s)
categoriesCategories of the Subscription
created_timeThe time of creation

Database Instance

Database Instances are managed systems with one or more relational database management software components installed. Examples of this include: AWS RDS, Azure SQL, and Google Cloud SQL. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
instance_typeThe type of instance
region_nameThe region that the instance resides in
instance_idThe provider ID of the instance
nameThe name of the instance
instance_flavor_resource_idThe resource ID of the type (flavor) this is instance runs on
stateThe state that the instance is in
endpoint_addressThe FQDN of the instance
endpoint_portThe port that the instance listens on
engineThe engine that the database uses, e.g., mysq
engine_versionThe install version of the engine
storage_sizeThe size in gigabytes allocated to the instance
max_storage_sizeThe maximum size (in gigabytes) of the instance
storage_autoscalingDenotes whether the instance is configured to autoscale its storage size
storage_typeThe storage type that is used
db_nameThe name of the master database
backup_retentionAn integer representing the number of days that automatic snapshots are retained
latest_restorable_timeThe latest restorable time of the instance
multi_azDenotes whether or not this system is set up for high availability and is distributed across multiple zones
licenseThe type of license associated with this instance
master_usernameThe username of the master user
create_timeThe time this instance was created
encryptedDenotes if the data stored on the instance is encrypted
encryption_typeThe type of encryption enabled on the instance
transit_encryptionBoolean value indicating if transit encryption is enabled
publicly_accessibleDenotes if the instance can be accessed over the Internet
reservedBoolean value indicating if this is a reserved Database Instance type
key_resource_idThe resource ID of the associated encryption key, if applicable
read_replicaDenotes if the instance is a read replica
network_resource_idThe Resource ID of the associated network, if known
auto_minor_upgradesDenotes if this instance automatically takes minor upgrades
usersThe user information, if known
deletion_protectionDenotes if this database enforces deletion protection
database_cluster_resource_idThe Resource ID of the associated database cluster, if applicable
iam_authenticationDenotes if this database enforces IAM authentication
enabled_logging_typesThe enabled logging types for the database
ca_certThe CA certificate associated with this database
managed_instanceDenotes whether or not the database is managed by the CSP
minimal_tls_versionThe TLS version configured on the database instance
parameter_groupsThe parameter group(s) associated with the database instance
option_groupsThe option group(s) associated with the database instance
flagsThe enabled logging types for the database instance
public_network_accessPublic network access information for the database instance (if publicly accessible)
private_endpoint_connectionsBoolean indicating if private endpoint connections are enabled for the database instance
namespace_idThe unique composite ID of the provider ID for the database instance
maintenance_actionsThe maintenance actions associated with the database instance
preferred_maintenance_windowThe preferred maintenance window (in days of the week & time hours/minutes) for the database instance
preferred_backup_windowThe preferred backup creation window (in time hours/minutes) for the database instance
copy_tags_to_snapshotDenotes whether or not the database is configured to copy tags to snapshots
enhanced_monitoringDenotes whether or not the database is configured for enhanced monitoring
flexibleIndicates if the database instance is flexible
relationshipsList of relationships between the database instance and other services
backup_retention_enabledDenotes whether backup retention is enabled
performance_insights_enabledDenotes whether performance insights are enabled

class DivvyResource.Resources.databaseinstance.DatabaseInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Database Instance Operations

db_instance

delete(wait_for_result=True, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_snapshots()
Retrieve a list of db objects for snapshots created within from this database instance (if any).

get_state()
Retrieve the database instance state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

top_level_resource = True

Dataflow Job

Dataflow Job

Unified stream and batch data processing job.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
job_idThe ID for the job
nameThe name for the job
typeThe type of job
stateThe state of the job
current_state_timeThe duration the job has been in its current state
default_service_accountThe default service account associated with the job
public_worker_ipsThe public worker IP addresses associated with the job
shuffle_modeThe type of shuffle mode currently enabled for the job
region_nameThe region in which the job resides
job_metadataMetadata associated with the job
create_timeThe time the job was created
start_timeThe time the job started
Distributed table

Distributed Table

Distributed Tables are NoSQL database tables. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
table_idThe provider ID of the distributed table
region_nameThe region that this table resides in
nameThe name of this distributed table
statusThe status of this table (Creating, active, etc.)
sizeThe size in bytes of the table
arnThe Amazon Resource Name of this table
encryption_at_restBoolean value of whether or not this table is encrypted at rest
item_countThe count of how many items are in this table
create_timeThe time when this distributed table was created
read_capacityThe maximum number of strongly consistent reads consumed per second
write_capacityThe maximum number of writes consumed per second
stream_specificationBoolean value denoting whether or not this table has stream specification enabled
replicated_regionsThe regions where read-replicas exist
automated_backupsDenotes if automated backups are enabled
publicly_accessibleDenotes if the instance can be accessed over the Internet
default_consistency_levelThe default consistency level for the table
key_resource_idThe Resource ID of the associated encryption key, if known
table_classThe configured class for the table
billing_modeThe billing mode enabled for the table
termination_protectionDenotes whether the distributed table has termination protection enabled
minimal_tls_versionThe minimum Transport Layer Security (TLS) version for the distributed table

class DivvyResource.Resources.distributedtable.DistributedTable(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource
Distributed Table Operations

delete(user_resource_id=None)
Delete this resource. If wrapped with a JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

distributed_table

distributed_table_id

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

top_level_resource = True

Distributed Table Cluster

Distributed Table Clusters are fully managed, highly available, in-memory cache for Distributed Tables. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region is which the distributed table cluster resides
nameThe name of the distributed table cluster
descriptionThe optional description associated with the distributed table cluster
creation_timestampThe creation time of the distributed table cluster
node_countThe number of nodes in this cluster
node_idsThe JSON value of node IDs
instance_typeThe type of instance the distributed table cluster is attached to
instance_flavor_resource_idThe flavor of instance used by the distributed table cluster
network_resource_idThe network provider ID of the distributed table cluster
parameter_groupThe parameter group for the distributed table cluster
maintenance_windowThe maintenance window for the distributed table cluster
statusThe status of the distributed table cluster
endpoint_addressThe endpoint address for the distributed table cluster
endpoint_portThe endpoint port for the distributed table cluster
arnThe Amazon Resource Name of the distributed table cluster
availability_zonesThe availability zone(s) of the distributed table cluster
role_resource_idThe Role provider ID for the distributed table cluster
encryptedDenotes whether the cluster supports at rest encryption
transit_encryptionDenotes whether the cluster supports in transit encryption

class DivvyResource.Resources.distributedtablecluster.DistributedTableCluster(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Distributed Table Cluster Operations

distributed_table_cluster

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_status()

get_supported_actions()

top_level_resource = True

DLP Job

DLP Job

DLP Jobs are individual data loss prevention (DLP) scans.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
job_idThe unique ID for the job
nameThe name of the job
typeThe type of the job
stateThe current state of the job
region_nameThe name of the region in which the job resides
trigger_nameThe name of the trigger for the job
info_typesThe list of information types that the job detects
min_likelihoodThe required level of confidence that scanned data is of a certain information type
deidentify_templateThe name of the de-identify template used to anonymize results
actionsThe list of actions taken upon job completion
findingsList of information types found during the job
create_timeThe create time for the job
start_timeThe start time for the job
end_timeThe end time for the job
namespace_idThe unique composite ID of the provider ID for the resource
Elasticsearch

Elasticsearch

Elasticsearch Instance

An Elasticsearch Instance (AWS OpenSearch) is a restful search and analytics engine. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
instance_typeThe type of the elasticsearch instance
region_nameThe region where this elasticsearch instance resides
instance_idThe provider ID of the elasticsearch instance
nameThe name of this elasticsearch instance
instance_flavor_resource_idThe resource ID of the type (flavor) this is instance runs on
network_resource_idThe resource ID of the parent (network)
stateThe state of this elasticsearch instance
endpointThe location where you can access your elasticsearch instance
versionThe version of elasticsearch this instance is using
nodesThe number of nodes in this elasticsearch cluster
policyThe JSON of the access policy attached to this elasticsearch instance
at_rest_encryption_enabledDenotes if encryption is enabled on the elasticsearch instance
trusted_accountsThe trusted accounts that can interact with the queue
public_accessDenotes if the instance is publicly accessible
node_to_node_encryptionThe encrypted communication between nodes
transit_encryptionThe Enforcement of SSL communication between the client/server
tls_security_policyThe TLS security policy used
key_resource_idThe resource ID of the encryption key, if applicable
zone_awareness_enabledDenotes whether availability zone awareness is enabled
warm_enabledDenotes whether warm storage is enabled
advanced_security_optionsJSON of advanced security options configuration for the Elasticsearch Instance
availability_zonesThe number of availability zones the resource will use
unknown_accountsList of unknown accounts that can interact with the Elasticsearch instance
service_software_current_versionDenotes the current service software version
service_software_new_versionDenotes the latest service software version
service_software_upgrade_eligibleDenotes whether the Elasticsearch instance is eligible for a software upgrade and has not scheduled to upgrade yet
service_software_update_statusDenotes status of a service software version update

class DivvyResource.Resources.elasticsearchinstance.ElasticsearchInstance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Elasticsearch Instance Operations

delete(wait_for_result=True, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

get_instance_type()
Retrieve the instance type of the resource.

static get_provider_id_field()

static get_resource_type()

get_state()
Retrieve the instance state.

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

instance

top_level_resource = True

Elasticsearch Serverless Collection

Serverless option for OpenSearch Service for running large-scale search and analytics workloads without managing clusters. (For example: AWS OpenSearch Serverless).

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
collection_idThe provider-specific collection id value
nameThe collection name
stateThe state of the collection
typeThe collection type
descriptionThe collection description
collection_endpointThe collection endpoint
dashboard_endpointThe collection dashboard endpoint
public_accessDenotes if the collection is accessible over the Internet
policyThe policy associated with the collection
network_policyThe network policy associated with the collection
encryption_policyThe encryption policy associated with the collection
key_resource_idThe KMS key that the collection is associated with (optional)
creation_dateThe time when the collection was created
Email

Email

Email Service Config

Email Service Configs are groups of rules applied to the verified identities that are used to send email through a cloud email service.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the configuration
region_nameThe region in which the configuration resides
destinationsThe list of destinations where emails will be sent
tls_enforcedDetermines if the incoming email is required to be delivered over a connection encrypted with TLS
sending_enabledDenotes if email sending is enabled
arnThe provider-specific ID for the email configuration set

Email Service Domain

Email Service Domains are identity domains within cloud email services. This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the Email Service Domain resides
nameThe name of the Email Service Domain
verification_statusSpecifies whether or not the Domain is verified; you can only send email from verified domains
dkim_statusDenotes the current status of DKIM for the domain; statuses include PENDING, SUCCESS, FAILED, TEMPORARY_FAILURE, NOT_STARTED
dkim_enabledDenotes if DKIM signing is enabled or not
policiesA map of policy names to policies
mail_from_domainThe name of a domain that an email identity uses as a custom MAIL FROM domain
mail_from_statusThe status of the MAIL FROM domain. Values include PENDING, SUCCESS, FAILED, TEMPORARY_FAILURE
forwarding_enabledDenotes if feedback forwarding configuration is enabled or not
bounce_topicThe SNS topic for Bounce events, if applicable
complaint_topicThe SNS topic for Complaint events, if applicable
delivery_topicThe SNS topic for Delivery events, if applicable
identity_typeThe identity type

Email Service Rule

Email Service Rules are part of Rule sets and inform how to handle incoming email by executing an specified list of actions.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe name of the region in which the rule resides
nameThe name of the email service rule
rule_set_nameThe name of the rule set the rule is associated with
enabledDenotes whether the rule is enabled
scan_enabledDenotes whether the messages this rule is applied to are scanned for viruses and spam
tls_enforcedDenotes if the incoming email is required to be delivered over a connection encrypted with TLS
recipientsDomains and email addresses the rule applies to
actionsList of actions to perform on messages
Event Grid

Event Grid

Event Grid Subscription

Event Grid subscriptions listen for events created by associated topics and send them to the configured endpoint.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the topic
resource_groupThe name of the resource group that the topic will be associated with
provisioning_stateThe provisioning state of the topic
topicThe name of the topic associated with the subscription
destination_idThe unique ID for the destination object
destination_typeThe type of destination
event_delivery_schemaThe event delivery schema for the subscription
expiration_timeThe expiration time for the subscription
subscription_idThe unique ID for the subscription
namespace_idThe provider-specific namespace ID value
destination_resource_idThe unique ID for the destination resource
source_resource_idThe unique ID for the source resource

Event Grid System Topic

Event Grid system topics represent one or more events published by Azure services.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the topic
resource_groupThe name of the resource group that the topic will be associated with
provisioning_stateThe provisioning state of the topic
topic_idThe ID of the topic
topic_typeThe type of the topic
region_nameThe region in which the topic resides
namespace_idThe provider-specific namespace ID value

Event Grid Topic

Event Grid topics act as a receiving endpoint for a collection of related events.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
nameThe name of the topic
resource_groupThe name of the resource group that the topic will be associated with
provisioning_stateThe provisioning state of the topic
public_network_accessThe network access configuration of the topic
topic_idThe ID of the topic
region_nameThe region in which the topic resides
namespace_idThe provider-specific namespace ID value
HSM Cluster

HSM Cluster

A hardware security module (HSM) cluster providers users with an easy way to generate and manage encryption keys within a cloud service provider (CSP) environment.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the cluster is deployed
cluster_idThe provider ID for the cluster
creation_timeThe timestamp for when the cluster was created
statusThe status of the cluster
backup_retentionThe backup retention in days of the cluster
network_resource_idThe private network that the cluster is associated with
hsm_countTotal number of instances in the cluster
hsmsInformation about hardware security modules within the cluster
relationshipsInformation about the cluster's relationships
Hypervisor

Hypervisor

Hypervisors are responsible for housing virtual machines/instances. This resource inherits from Resource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the hypervisor lives
hypervisor_idThe provider ID of the hypervisor
nameThe name of the hypervisor
addressThe IP address of the hypervisor
portThe port the hypervisor listens on
hypervisor_typeThe type of hypervisor
hypervisor_versionThe hypervisor version
stateThe lifecycle state of the hypervisor
availability_zoneThe availability zone where the hypervisor lives
instancesThe list of instances running on this hypervisor
time_configurationThe JSON value of the time configuration for the hypervisor

class DivvyResource.Resources.hypervisor.Hypervisor(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Hypervisor Operations

static get_db_class()

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. For hypervisors we also need to include datastores which requires flipping the ResourceLink relationship.

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

hypervisor

hypervisor_id

top_level_resource = True

Instance

Instance

Compute Instances are virtual private servers. Examples of include AWS EC2 and Azure Virtual Machines. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
instance_idThe provider ID of the instance
organization_service_idThe ID of the parent organization service (cloud)
instance_typeThe type of instance
instance_flavor_resource_idThe resource ID of the type (flavor) this is instance runs on
stateThe state that the instance is in
state_transition_reasonThe reason the instance is in its current state
nameThe name of the instance
region_nameThe region that the instance resides in
availability_zoneThe availability zone where this instance runs
launch_timeThe time the instance was launched (started)
create_timeThe time the instance was created
platformThe platform the system runs on (linux/windows)
root_device_typeDenotes the root device storage type
root_device_nameThe name of the root device
image_idThe ID of the image used to create this instance
key_nameThe name of the key pair used for this instance
public_ip_addressThe public IP address of this instance
private_ip_addressThe private IP address of this instance
role_resource_idThe resource ID of the role associated with the instance
role_nameThe name of the role associated with the instance
tenancyType of tenancy: dedicated or default
reservedDenotes if the instance is reserved or not
network_resource_idThe list of attached network interfaces
termination_protectionDenotes whether or not the instance has termination protection enabled
project_wide_sshDenotes if the instance has project wide SSH enabled
connecting_serial_portsDenotes if the instance has connecting serial ports
ip_forwardingDenotes if the instance has IP forwarding enabled
spot_instanceDenotes if the instance is a spot instance or not
detailed_monitoringDenotes if detailed monitoring is enabled
hibernation_supportedDenotes if this instance supports hibernation or not
subnet_resource_idThe resource ID of the subnet in which the instance is running, if known
aws_instance_metadata_service_configThe AWS instance metadata service config map
shielded_configThe shielded instance configuration map
enable_os_loginIf the OS Login capability is enabled on the instance
jit_access_policyThe Just-in-time access policy map
architectureThe structural PC architecture for the instance
instance_groupThe group that the instance is part of
outpost_resource_idIf enabled, ID for the Outpost resource associated with the instance
object_idThe object ID for the instance
ssm_last_accessedThe timestamp for when the instance was last accessed by the Systems Manager
ssm_last_accessed_byThe role ARN that used the Systems Manager to access the instance
secondary_private_ip_addressesThe secondary private IP address of this instance
secondary_public_ip_addressesThe secondary public IP address of this instance
namespace_idThe ID for the instance's namespace
contains_secretIndicates if the instance contains a Secret within user data
parent_resource_idIndicates the parent resource ID if the instance is part of an autoscaling group
confidential_computingDenotes if confidential computing is enabled
relationshipsA list of resources associated with the instance
nsg_attachedDenotes if a Network Security Group is attached to the instance
image_nameThe name of the image associated with the instance

class DivvyResource.Resources.instance.Instance(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Instance Operations

add_instance_to_app(name)
Add instance to App

delete(user_resource_id=None, force_delete=False, wait_for_result=True)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.
Parameters: force_delete – If set this will work around termination protection (if the cloud supports it). An example of this is AWS.
Returns: bool

get_aggregate_cost()
Retrieve monthly cost and sum the attached volumes in order to factor into total costs.

get_attached_ips()
Retrieve all ip addresses - public and private - associated with this instance.

get_attached_network_interfaces()
Retrieve a list of db object for interfaces which are attached to this instance (if any). DEPRECATED - Used instance.network_interfaces.

get_attached_networks()
Retrieve all networks this instance is attached to.

get_attached_private_ips()
Retrieve private ip addresses which are attached to this instance (if any).

get_attached_public_ips()
Retrieve public ip objects which are attached to this instance (if any).

get_attached_volumes()
Retrieve a list of db object for volumes which are attached to this instance (if any).

get_availability_zone()
Retrieve the name of the availability zone.

get_date_created()
Retrieve the time from the provider that this resource was created. By default this will return the beginning date of epoch if no such create time exists.

static get_db_class()

get_image()
Retrieve the image that the instance uses. If the instance was deleted upstream or if we have not harvested it yet then this could return None.

get_image_id()
Retrieve the image ID of the resource.

get_image_name()
Retrieve the image name that the instance uses. If the instance was deleted upstream or if we have not harvested it yet then this could return None.

get_instance_type()
Retrieve the instance type of the resource.

get_primary_network_interface_id()
Return the network interface attached to eth0 (device index 0).

static get_provider_id_field()

get_resource_dependencies()
Retrieve the dependencies for a particular resources. This is an override of the parent function because we need to reverse the order on our resource lookups.

static get_resource_type()

get_security_groups()
Retrieve security groups which are associated with this instance.

get_supported_actions()
Retrieve all the actions which are supported by this resource.
Restricts actions by resource state.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

instance

instance_id

is_attached_to_asg()
Return True if instance is attached to Auto Scale Group.

organization_service_id

pause()
Pause this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

region_name

remove_instance_from_app()
Remove instance from app.

restart()
Restart this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

resume()
Restart this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

shelve()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

start()
Start this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

stop()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

suspend()
Suspend this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

top_level_resource = True

unpause()
Unpause this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

unshelve()
Stop this instance. It is wrapped in a with JobQueue() block, this will queue the stop job to the wrapped queue.

uses_simple_networking()
Determine whether this instance supports only instance-based simple networking. i.e. EC2-classic networking or nova-network.

Launch Template

Launch Template

A launch template contains configuration information for an instance so that it can be launched in a consistently reproducible way.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the launch template is located
image_idThe provider ID for the launch template
nameThe name of the launch template
descriptionA description for the launch template
instance_typeThe type of instance in the launch template
instance_flavor_resource_idThe provider resource ID for the instance flavor
identity_management_roleThe identity management role associated with the instance
role_resource_idThe resource ID for the role associated with the launch template
creation_timestampThe timestamp for when the launch template was created
monitoringDenotes whether detailed monitoring is enabled
kernel_idThe ID for the kernel associated with the machine image
ram_idThe ID of the RAM disk associated with the machine image
associate_ipIndicates whether to assign a public IP to each instance associated with the launch template
contains_secretIndicates if the launch template contains a Secret within the user data
user_dataThe user data to make available to the launched instances using this template
block_storage_optimizedIndicates whether the instance is optimized for block storage
versionThe version of the launch template
relationshipsAny relationships associated with the launch template
Logic App

Logic App

Integration platform as a service that promotes scale and portability while offering critical workflow automation from a workspace of any size.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe name of the region
app_idThe cloud provider ID for the Logic App
nameThe name for the Logic App
stateThe current state of the Logic App
create_timeTimestamp for when the Logic App was created
changed_timeTimestamp for when the Logic App was last modified
access_endpointURL used to access the Logic App
connectorsList of connectors enabled for the Logic App
planThe type of plan for the Logic App
web_app_resource_idThe web app resource ID associated with the Logic App
Lightsail

Lightsail

Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
region_nameThe name of the region
organization_service_idThe ID of the parent organization service (cloud)
lightsail_idThe provider ID of the Lightsail instance
nameThe name of the Lightsail instance
arnThe ARN of the Lightsail instance
provider_resource_typeThe resource type associated with this Lightsail instance (e.g., Relational Database, Load Balancer, Container Service)
sizeThe size of the Lightsail instance
engineThe engine the Lightsail instance uses (e.g., mysql 8.0.21, HTTP)
create_timeThe creation time of the Lightsail instance
stateThe state of the instance
publicly_accessibleBoolean value denoting whether the instance is publicly accessible
resource_propertiesProperties of the Lightsail instance
MapReduce Cluster

MapReduce Cluster

MapReduce Clusters are Hadoop frameworks. This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe name of the region
cluster_idThe provider given ID of the cluster
nameThe name of the cluster
statusThe status of the cluster
create_timeThe creation time of the cluster
availability_zoneThe availability zone where cluster
network_resource_idThe resource ID of the associated network
subnet_resource_idThe resource ID of the associated subnet
total_node_countThe total node count
master_node_countThe master node count
applicationThe application of the cluster
role_resource_idThe resource ID of the role
release_labelThe software release of the cluster
security_configThe security configuration that is associated with the cluster
security_config_resource_idThe resource ID of the security configuration
logging_uriThe S3 location for storing logs
image_creation_dateThe date the image this cluster is based on was created
bootstrap_actionsThe list of bootstrap actions associated with the cluster
internal_ip_onlyDenotes whether the cluster permits connections from internal IP addresses only
termination_protectionDenotes if the MapReduce cluster has termination protection enabled
visible_to_all_usersDenotes if the MapReduce cluster is visible to all users
public_dnsThe public DNS value for the MapReduce cluster
key_resource_idThe provider ID of Encryption Key (if encrypted)
Messages

Messages

Message Broker Instance

Message Broker Instance is a managed broker instance that makes it easier to set up and operate message brokers in the cloud, such as Amazon MQ.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe name of the region
instance_idThe provider ID
nameThe user-defined name of the instance
instance_typeThe type of instance deployed
stateThe current instance state
arnThe ARN of the instance
endpoint_addressThe FQDN of the instance
engineThe software engine running on the instance
engine_versionThe software version of the engine
nodesNumber of instance nodes deployed
create_timeThe creation time of the instance
publicly_accessibleBoolean value denoting if the instance is publicly accessible
audit_logsBoolean value denoting if the instance has audit level logging enabled
general_logsBoolean value denoting if the instance has general logging enabled
key_resource_idThe resource ID of the key used for encryption, if applicable

Message Queue

Message Queues are message queuing services, such as AWS SQS. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
urlThe URL of the message queue
nameThe name of the message queue
region_nameThe region the queue is in
message_countThe number of messages in the queue
messages_delayed_countThe number of delayed messages in the queue
messages_not_visible_countThe number of messages that are not deleted or timed out
creation_timestampThe time the queue was created
last_modifiedThe most recent time the queue was modified
delayThe number of seconds of the default delay of the queue
max_sizeThe maximum size in bytes a message can be
retention_periodThe length of time in seconds that a message is kept
policyThe policy of the queue (JSON)
arnThe Amazon Resource Name of the queue
trusted_accountsThe list of trusted accounts for this Message Queue
redrive_policyThe parameters for dead-letter queue functionality
server_side_encryptionDenotes whether server side encryption is enabled on the queue
queue_typeType of queue, example FIFO, standard, etc.
deduplicationIndicates whether deduplication is enabled for the queue
key_resource_idThe resource ID of encryption key for the queue
key_reuse_periodThe length of time in seconds that the data key can be reused to encrypt or decrypt messages
visibility_timeoutThe visibility timeout for the queue
receive_message_wait_timeThe length of time in seconds the queue waits for a message to arrive

class DivvyResource.Resources.messagequeue.MessageQueue(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Message Queue Operations

get_date_created()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in teh DB session. This gives an opportunity for post-modification hooks.

message_queue

message_queue_id

top_level_resource = True

Message Queue Namespace

A Message Queue Namespace groups message queues and publish-subscribe topics under one namespace.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
service_bus_namespace_idThe ID for the message queue
urlThe URL for the message queue
nameThe name for the message queue
region_nameThe region in which the message queue resides
skuThe pricing tier for the message queue
statusThe status of the message queue
tls_versionThe TLS version for the message queue
private_endpoint_connectionsThe number of private endpoint connections to the message queue
local_auth_disabledIndicates if local authentication is disabled for the message queue
public_network_accessThe public network status of the message queue
zone_redundantIndicates if the message queue is zone redundant
key_resource_idThe ID for the key associated with the message queue
global_encryptionThe encryption type of the message queue
namespace_idThe provider-specific ID for the message queue
Notifications

Notifications

Notification Subscription

Subscription-based notifications (AWS SNS, GCP Pub/Sub. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the subscription resides
subscription_idThe provider ID for the subscription
arnThe Amazon resource name for the subscription
nameThe name of the subscription
topic_resource_idThe parent topic of the subscription
protocolThe delivery protocol of the subscription
endpointThe delivery destination of the subscription
filter_policyThe filter policy JSON assigned to the subscription
confirmation_authenticatedDenotes the subscription's confirmation was authenticated (true/false)
pending_confirmationDenotes if the message is pending confirmation (true/false)
raw_message_deliveryDenotes if raw message delivery is enabled (true/false)
ack_deadline_secondsThe deadline (in seconds) for how long to acknowledge messages
retain_acked_messagesDenotes whether acknowledged messages are retained (true/false)
message_retention_secondsDenotes (in seconds) how long to retain messages for
invalid_jsonDenotes if the subscription contains invalid JSON

Notification Topic

Topic to use when delivering notifications. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the topic resides
arnThe Amazon resource name for the topic
nameThe name of the topic
display_nameThe display name to use for a Notification Topic
policyThe JSON of access policy associated with this topic
effective_delivery_policyThe JSON of the delivery policy associated with this topic, including retry information
trusted_accountsThe JSON value of accounts trusted by the instance
publicDenotes if the topic is public
pending_subscriptionsThe number of subscriptions that are pending
confirmed_subscriptionsThe number of subscriptions that are confirmed
deleted_subscriptionsThe number of subscriptions that are deleted
key_resource_idThe resource ID of the key used for encryption, if applicable
Private Image

Private Image

Private Images provide protected information that is required to launch an instance. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributesDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
image_idThe ID of the image
nameThe name of the image
root_device_typeThe original device type (ebs, snapshot, etc)
architectureThe architecture type (e.g. x86_64, x86_32)
min_ramThe Integer representing the minimum memory required for use of this image
min_diskThe Integer representing the minimum disk space required for use of this image
stateThe state of this private image
descriptionText description of this image
region_nameThe region in which this image was taken
platformThe platform the image was taken on (linux/windows)
block_device_mappingThe information regarding this image
virtualization_typeDenotes the virtualization type (paravirtual Attr or hardware virtual machine ion",)
product_codeThe product code (25 digit alphanumeric code identifying the private image)
product_code_typeThe product code type (marketplace, none)
creation_dateThe date the Image was created
is_publicDenotes if the image is public (true/false)
instance_resource_idThe resource ID of the instance associated with this private image, if known
encryptedDenotes if the image is encrypted

class DivvyResource.Resources.privateimage.PrivateImage(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Private Image Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

image

image_id

top_level_resource = True

Reserved Instance

Reserved Instance

Reserved Instances are guaranteed available virtual private servers with compute capacity reservations of a specific type and location. Examples include AWS Reserved Instances and Azure pre-paid Virtual Machines. There is no analog in GCE, where pricing changes retroactively based upon usage. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
reservation_idThe cloud-assigned ID of the reservation
reservation_typeThe type of reservation, e.g., compute, database
type_idThe ID of the type of reservation
region_nameThe region where the reservation exists
zoneThe availability zone where the reservation exists
offering_classThe class of reservation, e.g., standard or convertible
offering_typeThe type of instance included in the reservation
stateThe state of the reservation, e.g., whether it is active, pending modification, or retired
startThe start time of the reservation
expirationThe expiration of the reservation
durationThe duration of the reservation, e.g., 1 year
usage_priceThe monthly price of the reservation, if not fully paid in advance
fixed_priceThe upfront price of the reservation
instance_countThe number of instances in the reservation
product_descriptionThe tenancy of the reservation, e.g., whether instances are physically or virtually isolated
scopeThe scope of the reservation, i.e., whether it is region-wide or specific to an availability zone

class DivvyResource.Resources.instancereservation.InstanceReservation(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Reserved Instance Operations

static get_db_class()

static get_provider_id_field()

get_resource_name()
Reserved instances are not named by the user. We return the reservation ID here.

static get_resource_name_field()

static get_resource_type()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This is called when a resource is created/discovered after initial data harvesting. It provides an opportunity for post-addition hooks (assignment to groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This is called when a resource is destroyed and before removal from the database. It provides an opportunity for pre-destruction hooks (removal from groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This is called when a resource is modified after the new data has been updated in the DB session. It provides an opportunity for post-modification hooks.

instance_reservation

reservation_id

top_level_resource = True

Search

Search Cluster

Search Clusters are managed, scalable search solutions. This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the cluster resides in
cluster_idThe provider ID of the search cluster
arnThe Amazon Resource Name of the cluster
nameThe name of this search cluster
statusThe status of this cluster (Creating, active, etc)
instance_typeThe type of instances that are in the cluster
instance_flavor_resource_idThe resource ID of the instance flavor of the instances in the cluster
instance_countThe number of instances in the cluster
search_endpointThe endpoint for requesting search results from a cluster
document_endpointThe service endpoint for updating documents in a cluster
multi_azBoolean value of whether or not the cluster has multi-availability enabled
service_policyThe JSON of access policy associated with this cluster
transit_encryptionDenotes if the cluster has transit encryption enabled

Search Index

A scalable, integrated search service that enables search for unstructured data using natural language. Returns specific answers for an experience similar to human interaction. (e.g. AWS Kendra Index).

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the index is deployed
index_idThe ID for the index
nameThe name of the index
descriptionThe description associated with this index
arnThe Amazon resource name for the index
editionIndicates whether the index is the enterprise or developer edition
statusThe status of the index
key_resource_idThe provider ID of the encryption key, if applicable
date_createdThe date the index was created
date_modifiedThe date the index was last modified
storage_capacity_unitsThe document storage capacity for the index
query_capacity_unitsThe query capacity (queries per second) for the index
user_context_policyThe user context policy assigned to this index
Serverless

Serverless

Serverless Application

A Serverless Application is a managed repository for serverless applications (e.g. AWS Serverless Application Repository). It enables the storage and sharing of reusable applications for ease in deployment of serverless architecture.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the application is deployed
nameThe name of the serverless application
namespace_idThe ARN of the serverless application
descriptionThe description associated with this serverless application
create_timeThe creation time of the application
authorThe creator of the application
home_page_urlThe optional field, directing users to an applications homepage (e.g. an external GitHub page)
spdx_license_idThe Software Data Package Exchange (SPDX) license applied to this application
labelsA set of user defined tags applied to the application
policyThe IAM policy associated with this application
trusted_accountsThe list of any accounts with a trust relationship with this application, if applicable
public_accessDenotes if this application is publicly accessible

Serverless Function

A Serverless Function is a compute service that runs code in response to events and automatically manages the compute resources required by that code. An example is AWS Lambda. This class inherits from TopLevelResource and has direct access to the resource's database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the serverless function resides in
nameThe name of the serverless function
provider_idThe cloud provider supplied ID
descriptionThe description of the serverless function
network_resource_idThe resource ID of the parent (network)
code_sizeThe size of your serverless function code in bytes
memory_size_mbThe memory size of your serverless function in MB
timeoutThe timeout or limit of the serverless function
runtimeThe runtime language of the function
versionThe version this serverless function is running on
last_modifiedThe time the serverless function was last modified
role_resource_idThe resource ID of the role associated with the serverless function, if applicable
key_resource_idThe resource ID of the encryption key associated with the serverless function, if applicable
web_app_resource_idThe resource ID of the web application associated with the serverless function, if applicable
configThe serverless function configuration, if known
enabledBoolean value indicating if event source mapping is enabled
environment_variable_countTotal count of the number of environment variables
environment_variablesThe function's environment variables
publicly_accessibleDenotes if the function can be accessed over the Internet
policyThe policy attached to this serverless function
trusted_accountsThe list of any accounts with a trust relationship with this function, if applicable
tracing_enabledDenotes if AWS X-Ray tracing is enabled
http_triggerHTTP-based resource used to trigger the lambda function
code_sha256The SHA256 hash of the function's deployment package
revision_idThe identifier for the latest updated revision of the function or alias
namespace_idThe unique composite ID of the provider ID for the serverless function
contains_secretIndicates if the serverless function contains a Secret within the environment variables
layersThe list of layer ARNs used by the function
package_typeThe type of deployment package
imageThe container image used by the function
url_configThe URL config for the function
snap_startWhether SnapStart is enabled for the function

class DivvyResource.Resources.serverlessfunction.ServerlessFunction(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Serverless Function Operations

delete(user_resource_id=None)

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

instance

top_level_resource = True

Serverless Layer

A Serverless Layer is a package of libraries and dependencies that can be used with Serverless Functions. An example is AWS Lambda Layer.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the serverless layer resides
nameThe name for the serverless layer
arnThe ARN associated with the serverless layer
versionThe version for the serverless layer
descriptionA description of the serverless layer
runtimesThe runtimes included with the serverless layer
architecturesThe architecture used to run the serverless layer
policyThe access policy attached to the serverless layer
publicIndicates if the serverless layer is public
trusted_accountsThe list of trusted accounts for the serverless layer
created_dateThe date the serverless layer was created
Shared

Shared

Shared Galleries, or Shared Image Gallery in Azure, is a service that helps you build structure and organization around your images and includes capabilities like versioning, grouping, and replication across regions.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the shared gallery resides
nameThe name of the shared gallery
gallery_idThe resource ID for the shared gallery
unique_nameThe unique name of the shared gallery; this name is generated automatically by the cloud service provider
stateThe state of the shared gallery
namespace_idThe fully qualified ID of the resource, including the resource name and resource type

Shared Gallery Image, or Image Definition in Azure, includes definitions for a logical grouping for versions of an image.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the shared gallery image resides
nameThe name of the shared gallery image
image_idThe image ID
os_typeOperating system type (Windows, Linux)
os_stateOperating system state (generalized, specialized)
gallery_resource_idThe resource ID for the shared gallery image
vm_generationThe VM generated from the image versions created from the shared gallery image
publisherThe publisher of the image; used in conjunction with offer and sku to uniquely identify the image
offerThe offer for the image; used in conjunction with publisher and sku to uniquely identify the image
skuThe sku for the image; used in conjunction with publisher and offer to uniquely identify the image
stateThe state of the shared gallery image
namespace_idThe fully qualified ID of the resource, including the resource name and resource type

Shared Gallery Image Version, or Azure Image Version, is what you use to create a VM (in Azure this is a Linux virtual machine). You can have multiple versions of an image as needed for your environment.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the shared gallery image version resides
nameThe name of the shared gallery image version
version_idThe version ID
gallery_image_resource_idThe resource ID for the associated gallery image
publishing_profileThe publishing profile for the gallery image version, including end of life date, timestamp for when the version is published, the number of replicas of the image version per region, etc.
storage_profileThe storage profile of the gallery image version, including a list of data disk images, the operating disk image, etc.
source_typeCan specify a disk url, snapshot url, or user image
source_resource_idCan specify a disk url, snapshot url, or user image
stateThe state of the shared image gallery version
published_dateThe date the shared gallery image version was published
namespace_idThe fully qualified ID of the resource, including the resource name and resource type
SSM

SSM Association

An SSM Association is an ideal state assigned to resources to reduce configuration drift.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the association resides
association_idThe unique ID for the association
association_nameThe name for the association
document_nameThe name for the document that correlates to the association
document_versionThe version of the document that correlates to the association
create_timeThe time the association was created
status_overviewAn overview of the status of the association
targetsA list of targets for the association
target_mapsThe key-value mapping of document parameters to target resources for the association
target_locationsThe target location of the association
parametersThe parameters for the association
output_bucket_nameThe output location bucket name for the association
schedule_expressionThe schedule expression for the association
last_successful_executionThe time of last successful execution of the association
maximum_error_thresholdThe maximum error threshold of the association
maximum_target_concurrencyThe maximum target concurrency of the association
compliance_severityThe compliance severity of the association
configured_alarmsThe configured alarms for the association
namespace_idThe fully qualified ID of the resource, including the resource name and resource type
relationshipsA list of resources associated with the association

SSM Document

A script or document written in JSON or YAML that provides instructions to the Systems Manager for how to interact with your managed instances, e.g., AWS Systems Manager (SSM) Document.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the SSM Document resides
document_idThe unique ID for the SSM Document
document_versionThe version of the SSM Document
nameThe name of the SSM Document
document_version_nameThe name for the version of the SSM Document
document_typeThe type of SSM Document (Session, Command, Automation, etc.)
document_formatThe format for the SSM Document (JSON, YAML, TEXT)
schema_versionThe schema version for the SSM Document
target_typeThe kinds of resources the SSM Document can run on
review_statusThe current status of the review on the SSM Document
authorThe author of the SSM Document
platform_typesThe list of OSes that are compatible with the SSM Document
create_timeTimestamp for when the SSM Document was created
contentThe content of the SSM Document
Stack Template

Stack Template

Stack Templates, such as AWS Cloud Formation Templates, allow you to code your infrastructure from scratch and deploy from there. This class inherits from Resource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the stack template resides
stack_idThe provider ID of the stack template
nameThe name of the stack template
descriptionThe description of the stack template
stateThe state of the stack template (CREATE_COMPLETE, ROLLBACK_IN_PROGRESS, etc.)
termination_protectionDenotes if termination protection is enabled
create_dateThe date and time the stack template was created
update_dateThe date and time the stack template was updated
delete_dateThe date and time the stack template was deleted
templateJSON field of the stack template
drift_statusIndicates whether the stack's configuration differs from its template configuration, a.k.a. it has drifted
contains_secretIndicates if the stack template contains a Secret within environment variables
Step Function

Step Function

A Step Function (e.g., AWS Step Function State Machine) is a serverless orchestration service that lets you combine functions and other services to build applications and view an application’s workflow as a series of event-driven steps.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the step function is deployed
nameThe display name of the step function
statusThe status (active/inactive) of the step function
typeThe type of the step function, if applicable
definitionThe definition of the step function
arnThe Amazon resource name associated with the step function
role_nameThe name of the role associated with the step function
role_resource_idThe Resource ID of the associated service Role, if applicable
create_timeThe creation time of the step function
logging_enabledThe status of logging for the step function (enabled/disabled)
logging_configurationDefines what execution history events are logged and where they are logged.
tracing_enabledThe status of tracing for the step function (e.g., AWS X-Ray tracing)
Stream Instance

Stream Instance

A Stream Instance is a streaming data service built to offer streaming data pipelines and applications. This compute function makes it easy to continuously collect, process, and deliver streaming data, e.g. Amazon MSK.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the instance is deployed
instance_idThe ID of the instance
nameThe name of the instance
arnThe Amazon resource name of the stream instance
instance_typeThe type of instance being deployed
instance_flavor_resource_idThe Resource ID of the instance flavor being used
stateThe current state of the instance
volume_size_gbThe size of the attached volume, in GB
key_resource_idThe resource ID of the key used for encryption, if known
client_encryptionThe type of encryption being used on this instance
cluster_encryptionBoolean value indicating if cluster encryption is enabled
enhanced_monitoringThe level of monitoring for the MSK cluster. The possible values are DEFAULT, PER_BROKER, and PER_TOPIC_PER_BROKER.
nodesThe number of nodes in the cluster
stream_versionThe current version of the stream
connect_stringThe connection string to use to connect to the Apache ZooKeeper cluster.
create_timeThe creation time of the instance
loggingJSON string denoting the logging enabled for the stream instance (if any)
Streaming Application

Streaming Application

Streaming applications allow you to query, transform, and analyze streaming data in real time.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the streaming application resides
nameThe name of the streaming application
namespace_idThe namespace ID of the streaming application
descriptionThe description of the streaming application
statusThe status of the streaming application
runtime_environmentThe runtime environment of the streaming application
version_idThe version ID of the streaming application
modeThe mode of the streaming application
create_timeThe timestamp when the streaming application was created
last_modifiedThe time when the streaming application was last modified
snapshots_enabledDenotes whether snapshots are enabled for the streaming application
monitoring_log_levelDescribes the verbosity of the logs for the streaming application
monitoring_metrics_levelDescribes the granularity of the logs for the streaming application
parallelismThe number of parallel tasks that a Flink-based streaming application can perform
parallelism_per_kpuThe number of parallel tasks that a Flink-based streaming application can perform per Kinesis Processing Unit (KPU) used by the application
autoscaling_enabledDenotes whether autoscaling is enabled
Template Spec

Template Spec

A template spec is a resource type that simplifies both storing and sharing a template.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
template_idThe provider ID for the template spec, including name and version
template_nameThe name of the template spec. Multiple template specs may share a name
version_nameThe version name for the template spec
resource_groupThe name of the resource group that the template will launch resources into
version_descriptionThe description for this version of the template
region_nameThe region in which the template spec resides
template_resource_typesA list of the resource types the template spec will deploy
templateThe template used to deploy resources
contains_secretDenotes whether the default value for any of the parameters contain a secret
namespace_idThe unique composite ID of the provider ID for the resource
Transcoding Pipeline

Transcoding Pipeline

A queue that manages media transcoding jobs, e.g., an AWS Elastic Transcoder Pipeline.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which this pipeline resides
pipeline_idThe ID for the pipeline
nameThe name of the pipeline
statusThe status of the pipeline
arnThe ARN associated with the pipeline
key_resource_idThe provider ID of Encryption Key (if encrypted)
role_resource_idThe Resource ID of the associated service Role, if applicable
output_bucketThe output bucket used by this pipeline
input_bucketThe input bucket used by this pipeline
content_configContent configuration for jobs submitted to this pipeline
thumbnail_configThumbnail configuration for jobs submitted to this pipeline
notificationsNotifications this pipeline sends upon job status changes
Transcription Job

Transcription Job

A job that provides speech-to-text transcriptions for a wide variety of use cases, e.g., AWS Transcription Job.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region in which the Transcription Job resides
nameThe name of the Transcription Job
job_typeThe type of Transcription Job
arnThe ARN associated with the Transcription Job
statusThe status of the Transcription Job
language_codeThe language code for the Transcription Job
media_formatThe media format used for the Transcription Job
failure_reasonIf the Transcription Job failed, the reason for doing so
creation_timeTimestamp for when the Transcription Job was created
start_timeTimestamp for when the Transcription Job was started
completion_timeTimestamp for when the Transcription Job was completed (if successful)
content_redactionDescribes the content redaction settings for the Transcription Job
output_data_locationLocation for the Transcription Job's output
input_data_locationLocation for the Transcription Job's input
input_bucket_resource_idThe resource ID for the Transcription Job's input bucket
output_bucket_resource_idThe resource ID for the Transcription Job's output bucket
public_bucketIndicates whether the bucket is public
Web App

Web App

A Web App is a compute function in the form of an application. Web Apps are conceptually similar to a folder, containing environments, versions, and configs that allow users to quickly build, deploy, and scale web apps using popular frameworks in containers or running on any OS. For example Azure App Service, or an AWS Elastic Beanstalk Environment.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region where the web app is deployed
web_app_idThe cloud provider ID for the web app
web_app_group_resource_idThe resource ID of the web app group, if applicable
nameThe name of the web app
app_server_resource_idThe resource ID of the application server, if applicable
app_typeThe application type
deployment_slotBoolean value indicating if the web app is currently deployed
web_app_parent_resource_idThe resource ID of the parent web app, if applicable
platformThe platform architecture the web app is deployed on
network_resource_idThe resource ID of the associated network, if applicable
subnet_resource_idThe resource ID of the associated subnet, if known
default_hostnameThe default hostname used by the web app, if applicable
ip_addressThe IP address of the web app
https_requiredBoolean value indicating if this web app requires HTTPS protocol.
remote_debugging_enabledBoolean value indicating if remote debugging is enabled
web_sockets_enabledBoolean value indicating if web sockets are enabled
always_onBoolean value indicating if the web app is in an always on state
scm_typeDescribes the source control management type, if known
ftp_stateLists the current File Transfer state of the app
http2_enabledBoolean value indicating if HTTP2 is enabled
net_framework_versionThe NET Framework version of the app, if applicable
php_versionThe PHP version of the app, if applicable
python_versionThe Python version of the app, if applicable
java_versionThe Java version of the app, if applicable
java_containerThe Java container used by the app, if applicable
java_container_versionThe Java container version used by the app, if applicable
runtimesThe software running on the web app (AWS only)
stateThe current state of the application
authentication_requiredDenotes if the web app requires authentication or not
automatic_patchingIndicates if the web app has automatic patching enabled
client_certificatesThe number of client certificates, if known
managed_identityBoolean value indicating if the web app is utilizing managed identity
corsDescribes the CORS settings for the web app
role_resource_idThe resource ID of the role associated with the web app, if applicable
last_modifiedThe time the web app was last modified, if known
minimal_tls_versionThe lowest TLS version allowed for the Web App
domain_configThe configuration for the Web App's domain
possible_outbound_ip_addressesThe list of possible outbound IP addresses allowed for the Web App
outbound_ip_addressesThe list of current outbound IP addresses used for the Web App
private_endpoint_connectionsBoolean indicating if private endpoint connections are enabled for the Web App
key_vault_reference_identityThe ID of the identity that the Web App uses to access Key Vaults

Web App Group

A Webb App Group is an application that serves as a container for the environments to run a web app, e.g. an AWS Elastic Beanstalk Application.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
web_app_group_idThe provider ID of the web app group
nameThe name of the web app group
region_nameThe region where the web app group is deployed
arnThe Amazon resource name of the web app group
descriptionThe description field of the web app group
creation_timestampThe creation time of the group, if known
Workspace

Workspace

Workspaces are virtual desktops, such as AWS Workspaces. This class inherits from TopLevelResource and has direct access to the resource’s database object.

AttributeDescription
resource_idThe primary resource identifier that takes the form of a prefix followed by numbers and letters
organization_service_idThe ID of the parent organization service (cloud)
region_nameThe region that the workspace resides in
workspace_idThe ID of the workspace
nameThe name of the workspace
directory_resource_idThe provider ID of the workspace
user_nameThe username for the workspace user
ip_addressThe IP address of workspace
stateThe state of workspace (available, stopped, etc.)
bundle_resource_idThe provider ID of the workspace bundle
subnetsThe subnets associated to the workspace
error_messageThe error message for the workspace
error_codeThe error code for the workspace
computer_nameThe computer name given to the workspace
volume_encryption_keyThe encryption key for the volume of the workspace
user_volume_encryption_enabledDenotes if user volume encryption is enabled
root_volume_encryption_enabledDenotes if root volume encryption is enabled
running_modeThe running mode for workspace (always_on, auto_stop, etc.)
auto_stop_timeoutThe auto stop timeout for workspace in minutes
root_volume_sizeRoot volume size of workspace in GiB
user_volume_sizeThe user volume size of workspace in Gib
compute_typeThe compute type of the workspace (standard, graphics, etc.)
connection_state_check_timeThe last time when the connection state was checked
connection_stateThe current state of the connection to the workspace
last_connected_user_timeThe time a user was last connected

class DivvyResource.Resources.workspace.Workspace(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

Workspace Operations

delete(user_resource_id=None)

get_compute_type()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource. Restricts actions by resource state.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc.).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc.).

handle_resource_modified(*args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks.

organization_service_id

reboot()

rebuild()

region_name

start()

stop()

top_level_resource = True

workspace

workspace_id