Identity & Management Resources
Identity and Management resources are available in InsightCloudSec as the fifth section (tab) under the Resource landing page. These resources are related to identity and management functionality and include resources like cloud alarms, cloud roles, and cloud users.
Identity and Management resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific term with the associated logo to help users confirm the displayed information. For example, a Cloud Policy refers to Amazon's "IAM Policy", Google's "Role Permission Set", and Azure's "Role Definition".
For a detailed reference of this normalized terminology check out our section on Resource Terminology.
Some attributes may not be included in these lists
A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.
If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to us through the Customer Support Portal with any questions!
Access Analyzer
Access Analyzer
Resources like the AWS IAM Access Analyzer can help identify resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that may be shared with an external source. This can help identify risks associated with unintended access to your resources and data.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which this analyzer resides |
| analyzer_id | The provider ID of the analyzer |
| create_time | The time when this analyzer was created |
| last_scan_time | The time when the analyzer last ran a scan |
| active_finding_count | The list of active findings by the analyzer |
| public_finding_count | The list of public findings by the analyzer |
| cross_account_count | The list of cross account findings by the analyzer |
| unknown_account_count | The list of unknown account findings |
| arn | The ARN associated with the access analyzer |
| account_mapping | The accounts connected to the access analyzer |
Activity Log Alerts
Activity Log Alerts
An activity log alert monitors a resource by checking its logs for a new event that matches defined conditions.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| activity_log_alert_id | The provider ID for the alert |
| name | The name of the activity log alert |
| region_name | The region in which the alert resides |
| enabled | Denotes whether the alert is enabled or not |
| description | A description of the alert |
| category | The category for the alert |
| azure_resource_type | The resource type the alert is applied to |
| operation_name | The name of operation the alert is listening for |
| levels | The levels of severity set for the alert |
| statuses | The statuses set for the alert |
| namespace_id | The unique composite ID of the provider ID for the resource |
API
API
API Access Key
API Access Keys are used within organization services. They are used to provide programmatic access to the cloud environment. They can be associated with a user that can be an individual, e.g., Jane Doe, or an application, e.g., InsightCloudSec. This class inherits from Resource and has direct access to the resource’s database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| access_key_id | The provider id for the API access key |
| organization_service_id | The ID of the parent organization service (cloud) |
| status | Whether the key is active or inactive |
| user_resource_id | The ID of the user associated with the key |
| user_name | The username of the user associated with the API Access Key |
| role_resource_id | The provider identifier of the role |
| role_name | The short name of the role |
| app_resource_id | The resource ID of the application associated with the access key |
| app_name | The application associated with the access key |
| create_date | The date the API access key was created |
| last_used_date | The date the API access key was last used or None |
| expiration_date | The date the API access key expires |
| user_managed | Denotes if the key is managed by a user |
| namespace_id | The unique composite ID of the provider ID for the resource |
| key_usage_obtained | Indicates if key usage data is available |
class DivvyResource.Resources.serviceaccesskey.ServiceAccessKey(resource_id)
Bases: DivvyResource.Resources.resource.Resource
API Access Key Operations
delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.
get_date_created()
Retrieve the time from the provider that this resource was created (if available).
static get_db_class()
get_db_pk()
static get_provider_id_field()
get_resource_name()
Returns the ID of the access key as there is no name
static get_resource_name_field()
Overrides parent function and returns the description field of this resource. This is required because not all resource types have a field explicitly called name.
static get_resource_type()
get_supported_actions()
Retrieve all the actions which are supported by this resource.
handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).
handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).
handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.
update_status(status, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.
API Accounting Config
API Accounting Configs represent cloud API audit trail configurations. An example of such a service would be AWS CloudTrail. This class inherits from TopLevelResource and has direct access to the resource’s database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| accounting_config_id | The provider ID of the accounting configuration |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region where the API configuration resides |
| name | The name of the config |
| parent_resource_id | The resource ID of the parent that this trail is associated with |
| multi_region | Denotes whether or not the configuration spans all regions |
| is_logging | Whether the Api Accounting Config is currently logging API calls. |
| is_organization_trail | Denotes if a trail is logging events in that organization |
| key_resource_id | The provider ID of the key used for the API Accounting Config |
| config | JSON output of configurations (If logging enabled, log file validation enabled, S3 bucket name) |
| logged_resources | The destination of the logs |
class DivvyResource.Resources.apiaccountingconfig.ApiAccountingConfig(resource_id)
Bases: DivvyResource.Resources.resource.Resource
ApiAccountingConfig Operations
accounting_config_id
api_accounting_config
delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.
get_arn()
static get_db_class()
static get_provider_id_field()
static get_resource_type()
get_supported_actions()
Retrieve all the actions which are supported by this resource.
handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc).
handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).
handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.
Azure
Azure Policy
Azure Policy helps businesses enforce and assess standards and compliance at scale.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| policy_id | The provider ID for the Azure policy |
| namespace_id | The provider ID for the Azure policy, including name and version |
| type | The type of resource used by the policy |
| description | A description of the policy |
| display_name | The display name of the policy definition |
Business Intelligence Subscription
Business Intelligence Subscription
Business Intelligence Subscriptions are a feature that connect and combine data sources for cloud to create a single data dashboard for easier user management. (AWS QuickSight)
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the Cloud Access Point resides |
| name | The Account name of the subscription |
| edition | The edition of the subscription |
| authentication_type | The authentication type of the subscription |
| public_sharing | Denotes whether public sharing is enabled on the subscription |
| default_namespace | Denotes default namespace which is default |
| notification_email | Denotes email for sending notification emails for the subscription |
| status | Denotes the status of the subscription |
| ip_restrictions | Denotes IP restrictions enabled for the subscription |
| user_count | Denotes the count of users configured within the subscription |
| users | Users associated with the subscription (JSON) |
Cloud
Cloud
Cloud Access Point
Cloud Access Point is a feature to simplify managing data access at scale for applications using shared data sets (AWS S3 Access Point).
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the Cloud Access Point resides |
| name | The name of the Cloud Access Point |
| origin | The origin of the Cloud Access Point (internet, private) |
| policy | The policy associated with the Cloud Access Point |
| parent_resource | The name of the parent resource of the Cloud Access Point |
| parent_resource_id | The ID of the parent resource of the Cloud Access Point |
| network_resource | The name of the network resource associated with the Cloud Access Point |
| network_resource_id | The network resource ID associated with the Cloud Access Point |
| public | The status of the Cloud Access Point (e.g. public or private) |
Cloud Account
Secure, world-wide storage and retrieval of any amount of data at any time.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| account_id | The provider account identifier associated with the account |
| name | The name of the cloud account |
| joined_timestamp | The time the account was added to InsightCloudSec |
| status | Denotes the status of the account |
| cloud_type_id | The primary cloud provider |
Cloud Advisor Check
A recommendation guide that analyzes your configuration and usage (for example: AWS Trusted Advisor).
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| check_id | The provider ID of the cloud advisor check |
| name | The provider name for the check |
| category | The category of the cloud advisor check |
| status | Denotes the status of the cloud advisor check |
| description | The description of the cloud advisor check |
| estimated_monthly_savings | The estimated monthly savings associated with the check |
| resource_count | The count of resources associated with the check |
Cloud Alarm
A cloud provider alarm within an organization service. An example of this would be AWS CloudWatch alarms. This class inherits from TopLevelResource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the cloud alarm resides |
| alarm_id | The provider ID for the cloud alarm |
| name | The name of the cloud alarm |
| description | The description of the cloud alarm |
| namespace | The namespace of the cloud alarm |
| metric_name | The name of the metric alarm |
| threshold | The value of the metric relative to a threshold over a number of time periods |
| evaluation_periods | The evaluation period of the event |
| updated_timestamp | The time the alarm was last updated |
| state_value | Denotes the state of the cloud alarm |
| state_reason | Denotes the state status |
| state_reason_data | The reason for the state of the cloud alarm |
| state_updated_timestamp | The time the alarm state was updated |
| period | The length of the time to evaluate the metric or expression |
| statistic | The statistic for the metric associated with the alarm, other than percentile |
| comparison_operator | The comparison to the threshold |
| actions_enabled | Denotes the actions enabled state |
Cloud App
A Cloup App manages application objects (definition of the application) that allows services to understand how to issue tokens to the application based on settings. (e.g., Azure App Registration)
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| app_id | The ID of the application |
| name | The display name for the app |
| allow_guests | Denotes if guests are allowed |
| allow_passthrough | Denotes if passthrough is allowed |
| homepage | URL of the cloud app homepage if applicable |
| publisher_domain | Identifies the publisher domain |
| sign_in_audience | Specifies what accounts are supported for the current application. |
| device_only_auth | Specifies whether the app can support device_only_auth |
| oauth2_allow_implicit_flow | Specifies whether this web app can request OAuth2.0 implicit flow access tokens. The default is false. |
| public_client | Specifies the fallback application type. (Azure AD infers the application type from the replyUrlsWithType by default.) |
| cert_credentials | Holds references to app-assigned cert credentials including key_id, end_date, and start_date. |
| password_credentials | Holds references to app-assigned password credentials including key_id, end_date, and start_date. |
Cloud Credentials
A set of credentials (or API key) used to access applications or services within your environment.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| credential_id | The ID for the credential |
| name | The name of the key |
| create_time | The time the key was created |
| update_time | The time the key was last updated |
| restrictions | The number of service restrictions for the key |
Cloud Domain Group
A cloud domain group within an organization service. This class inherits from TopLevelResource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| group_id | The provider identifier of the group |
| name | The name of the cloud domain group |
| The email associated with the domain group | |
| create_date | The date the domain group was created |
Cloud Domain User
A cloud provider user that spans an entire domain. Examples of this would be Google Cloud Platform users. This class inherits from TopLevelResource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| user_id | The provider ID for the user account |
| user_name | he provider user name for the user account |
| create_date | The time this user was created |
| password_last_used | The last time the user logged in |
| two_factor_enabled | Denotes if two-factor is enabled |
| An optional email associated with the account | |
| description | An optional description of the account |
| admin | Denotes if this is an admin account |
| disabled | Denotes if this account is in a disabled state |
Cloud Event Bus
This is a serverless event bus that facilitates connecting applications together using data from your own (SaaS or other) applications or services (AWS EventBridge).
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the Cloud Event Bus resides |
| event_bus_id | The ID associated with the Cloud Event Bus |
| arn | The ARN associated with the Cloud Event Bus |
| policy | The policy associated with the Cloud Event Bus |
| trusted_accounts | The identifier of the trusted accounts associated with the Cloud Event Bus |
| publicly_accessible | The status of the public accessibility for the Cloud Event Bus |
Cloud Event Rule
A Cloud Event Rule matches incoming Cloud Alarms ("events") and routes them to targets for processing (AWS CloudWatch Rule).
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the event rule resides |
| rule_id | The ID for the rule |
| description | A description for the rule |
| arn | The ARN associated with the rule |
| role_arn | The ARN for the role associated with the rule |
| event_pattern | Pattern used to match events that will trigger the rule |
| target_arns | The ARNs associated with the targets for the rule |
| schedule_expression | Expression indicating the schedule at which the rule is evaluated |
| disabled | Indicates whether the rule is disabled |
| invalid_json | Indicates whether the event pattern is invalid JSON |
Cloud Group
A cloud provider group within an organization service. This class inherits from TopLevelResource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| group_id | The provider ID for the group |
| name | The name of the group |
| create_date | The day the group was created |
| inline_policies | The number of inline policies |
| arn | The ARN associated with the group |
| path | The path of the resource (optional) |
| policy_count | The number of policies |
| managed_policy_count | The number of managed policies |
Cloud Limit
Describes a cloud provider limit within a organization service.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| limit_id | The provider id for the limit |
| region_name | The region that the service resides in |
| name | The provider name for the limit |
| limit | The limit value |
| usage | The current usage value |
| status | The status of the limit |
Cloud Log Destination
A physical resource that enables you to subscribe to a stream of log events. An example of a Cloud Log Destination is an AWS CloudWatch Logs Destination.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region that the resource resides in |
| destination_name | The destination name associated with the cloud log destination |
| target_arn | The target ARN associated with the cloud log destination |
| role_arn | The ARN associated with the role |
| access_policy | The access policy associated with the cloud log destination |
| trusted_accounts | The list of trusted accounts (optional) |
| arn | The ARN associated with the resource |
| creation_time | The time the cloud log destination was created |
Cloud Outpost
Delivers fully managed services on premise for hybrid clouds.
| Attributes | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region that the service resides in |
| outpost_id | The ID associated with the outpost |
| site_id | The site ID associated with the outpost |
| name | The name of the outpost |
| description | The description of the outpost |
| status | The status of the outpost |
| availability_zone | The availability zone associated with the outpost |
| availability_zone_id | The availability zone ID associated with the outpost |
| arn | The ARN associated with the outpost |
Cloud Policy
A policy that will give specific permissions to Cloud Users, Groups, or Roles (AWS IAM).
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| policy_id | Policy of ID of service policy |
| policy_name | Name of service policy |
| attachment_count | The number of resources this policy is attached to |
| create_date | The date the policy was created |
| update_date | The date the policy was last updated |
| description | The description of the policy |
| disabled | Denotes if you’ve disabled the policy |
| arn | The ARN associated with the policy |
| attachable | The can be attached to a resource |
Cloud Region
Service Regions consists of low-latency linked Availability Zones, which consist of multiple,
linked data centers. For example, AWS's us-east-1 Service Region consists of (at the moment),
Availability Zones us-east-1a through us-east-1e and each Availability Zone consists of 1 to 6 data centers, each of which typically houses several thousand servers. This class inherits from Resource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| name | The name of the region |
| region_state | The state of the region ('ACTIVE','DISABLED','DELETED') |
| harvest_rate_multiplier | The rate at which the harvest rate multiplies |
Cloud Resource Group
Used for related resources (e.g., Azure Resource Group).
| Attribute | Description |
|---|---|
| resource_group_id | The ID of the resource group |
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_id | The organization ID associated with the resource group |
| owner_id | The owner ID associated with the resource group |
| name | The name of the resource group |
| description | The description of the resource group |
| date_created | The date the resource group was created |
| category | The category of the resource group |
| resource_counts | Resource counts associated with the resource group (e.g. total, by_type, by_region, etc.) |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region that the service resides in |
Cloud Role
A cloud provider role within an organization service. This class inherits from TopLevelResource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| role_id | The provider ID for the role |
| name | The provider name of the role |
| description | An optional description for the role |
| role_type | The type of the role |
| max_duration | The max session duration for the role |
| create_date | The date the policy was created |
| assume_role_policy | Denotes the status of the assume role policy |
| trusted_accounts | The list of trusted accounts (optional) |
| inline_policies | Number of inline policies |
| boundary_namespace_id | The provider identifier of the permission boundary |
| role_arn | The ARN associated with the role |
| path | The path of the resource (optional) |
| policy_count | The number of polices attached to the role |
| managed_policy_count | The number of managed policies |
| last_used_date | The date the policy was last used |
| instance_profile_ids | The provider identifier of the instance profile |
Cloud Role Assignment
A record of a cloud role assignment for a user or group within an organization service.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| role_assignment_id | The ID of the role assignment |
| role_assignment_name | The name of the role assignment |
| role_assignment_type | The type of role assignment |
| role_assignment_scope | The scope for the role assignment |
| role_resource_id | The internal InsightCloudSec resource ID for the role associated with the assignment |
| role_resource_table | The internal InsightCloudSec database table name containing the role associated with the assignment |
| role_definition_id | The ID of the role definition |
| principal_resource_id | The internal InsightCloudSec resource ID for the principal associated with the assignment |
| principal_resource_table | The internal InsightCloudSec database table name containing the principal associated with the assignment |
| principal_id | The ID of the principal |
| principal_type | The type of principal |
| principal_can_delegate | Denotes whether the principal can delegate |
| namespace_id | The namespace ID for the assignment |
Cloud Service Cost
Describes monthly service costs within an organization service.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| cost_id | Provider ID of the service cost |
| account_id | The primary account identifier |
| line_item | The name of the charge |
| current_month_spend | The current spend for this month |
| projected_month_spend | The projected spend for this month |
| previous_month_spend | The total spend for the previous month |
| total_spend | The total amount spent |
| months_tracked | The number of months the resource was tracked |
Cloud User
A cloud provider user within an organization service. Examples of this would be administrators and
basic users. This class inherits from TopLevelResource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| user_id | The ID of the users account |
| user_name | The name of the users account |
| create_date | The date the user account was created |
| password_last_used | The last time the user logged in |
| two_factor_enabled | Checks if multi-factor authentication (MFA) is enabled |
| login_profile | Denotes whether or not the account has a login profile |
| The root account users email | |
| description | An optional description of the account |
| admin | Checks to see if the account has admin capabilitiy |
| disabled | Denotes if you’ve disabled the user |
| inline_policies | The list of policies that are attached with an IAM identity |
| boundary_namespace_id | The provider identifier of the permission boundary |
| active_api_keys | The number of active API credentials for this user |
| inactive_api_keys | The number of inactive API credentials for this user |
| guest | The guest status of the account |
| arn | The ARN associated with this user |
| path | The path of the resource (optional) |
| policy_count | The number of policies |
| managed_policy_count | The number of provider managed policies |
| last_activity | Date and time of user's last activity |
Code Repository
Code Repository
A secure, managed source code service that hosts private Git repositories.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the code repository resides |
| arn | The ARN associated with the code repository |
| name | The name of the code repository |
| repo_id | The unique ID for the code repository |
| repo_description | A description for the code repository |
| creation_date | The date the code repository was created |
| modified_date | The date the code repository was last modified |
| clone_url_http | The repository clone URL via HTTP |
| clone_url_ssh | The repository clone URL via SSH |
| branch_count | The number of branches in the repository |
Collaboration
Collaboration
Collaboration enables you to share, combine, and analyze data with other organizations without sharing raw, identifiable data.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| arn | The ARN associated with the Collaboration instance |
| collaboration_id | The ID for the Collaboration instance |
| create_time | The time the Collaboration instance was created |
| description | The description for the Collaboration instance |
| member_status | The status of the members for the Collaboration instance |
| name | The name of the Collaboration instance |
| organization_service_id | The ID of the parent organization service (cloud) |
| query_log_status | The query log status for the Collaboration instance |
| region_name | The name of the region in which the Collaboration instance resides |
| update_time | The time the Collaboration instance was last updated |
| data_encryption_metadata | The configuration for data encryption |
| relationships | The list of resources associated with the Collaboration instance |
Conditional Access
Conditional Access Policy
Conditional Access Policies use simple if-then statements to govern a given user's access to resources and services within a Cloud Service Provider.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| name | The name of the policy |
| policy_id | The ID for the policy |
| state | The current status for the policy |
| creation_time | Timestamp for when the policy was created |
| conditions | Specifies the rules that must be met for the policy to apply |
| session_controls | Specifies the session controls that are enforced after a user logs in |
| namespace_id | The unique composite ID of the provider ID for the resource |
Named Location
Named Locations are groups of designated network ranges that are frequently referenced in Conditional Access Policies.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| name | The name of the location |
| location_id | The ID for the named location |
| nl_type | The type of named location |
| is_trusted | Specifies if the named location is trusted |
| creation_time | Timestamp for when the named location was created |
| ip_ranges | Specifies the IP ranges for the named location |
| countries | List of countries and/or regions in a two-letter format |
| include_unknown_countries | Denotes if IP addresses that don't map to a country or region should be included in the named location |
| country_lookup_method | Determines what method is used to decide which country the user is located in |
| namespace_id | The unique composite ID of the provider ID for the resource |
Configs and Settings
Configs
Config provides details into the resources in your account, including information on configuration, relationships between resources, and how those both configuration and relationships change over time.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region where the resource resides |
| region_resource_id | The resource identifier associated with the region |
| delivery_channel_created | Denotes if a delivery channel has been created for the Config |
| configuration_recorder_created | Denotes if a configuration recorder has been created for the Config |
| auditing_has_begun | Denotes if auditing has begun for the Config |
| auditing_is_enabled | Denotes if auditing is enabled for the Config |
| policy | The policy associated with the Config |
| channels | A list of delivery channels for the Config |
| cross_account | Denotes if the Config is cross account |
| unknown_account | Denotes if the Config is an unknown account |
| all_resources | Denotes if the Config is tracking all resources (regionally) |
| global_resource_types | Denotes if the Config is tracking global resource types |
Diagnostic Settings
Configuration profile that enables sending platform metrics and logs to various destinations. An example of this type of resource is Azure Diagnostic Settings.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| setting_id | The ID for the diagnostic settings instance |
| name | The name for the diagnostic settings instance |
| target_resource_id | The resource ID for the target of the diagnostic settings |
| target_resource_name | The name for the target of the diagnostic settings |
| storage_account_resource_id | The resource ID for the storage account to which logs will be sent |
| storage_account_name | The name for the storage account to which logs will be sent |
| workspace_resource_id | The resource ID of the Log Analytics workspace to which logs will be sent |
| workspace_name | The name of the Log Analytics workspace to which logs will be sent |
| logs | Object containing various log settings |
| enabled_log_types | Number of log types enabled |
| disabled_log_types | Number of log types disabled |
| metrics | Object containing various metric settings |
| enabled_metrics | Number of metrics enabled |
| disabled_metrics | Number of metrics disabled |
Control Policy
Control Policy
A Control Policy is an Organization-wide policy that governs resource access, usage, and deployment.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| policy_id | The ID for the control policy |
| display_name | The display name of the control policy definition |
| description | The description of the control policy |
| type | The type of the control policy |
| namespace_id | The provider ID for the control policy |
| status | Enforcement status of the control policy |
| constraint_type | Control policy restraint type |
| constraint_default | Control policy constraint default |
| content | The content body of the control policy |
Control Tower
Control Tower Control
A Control Tower Control is a singular rule that provides governance for your Control Tower environment.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| arn | The ARN of the enabled control |
| control_id | The identifier associated with the enabled control |
| drift_status | The drift status of the enabled control |
| status | The deployment status of the enabled control |
| target_id | The identifier for the organizational unit that is the target of the enabled control |
| target_regions | Target regions for the enabled control |
Control Tower Landing Zone
A Control Tower Landing Zone is a container around the desired Control Tower environment that determines the boundary of governance and compliance.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the landing zone exists |
| arn | The ARN of the landing zone |
| landing_zone_id | The identifier for the landing zone |
| drift_status | The drift status of the landing zone |
| status | The landing zone deployment status |
| latest_available_version | The latest available version of the landing zone |
| version | The landing zone's currently deployed version |
| manifest | The landing zone manifest file that specifies the landing zone configurations |
Directory Service
Directory Service
Managed domain services (for example: AWS A) that allows you to manage Users, Computers, and Groups.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the instance resides |
| namespace_id | The service namespace |
| name | The name of the directory service |
| short_name | The short name of the service |
| access_url | The URL to access the service |
| description | The description of the service |
| create_time | The time the service was created |
| sso_enabled | Denotes if you’ve enabled SSO |
| share_method | The method used when sharing a directory |
DNS Domain
DNS Domain
Service such as AWS Route 53 and GCP Cloud Domain that is used to route end users to Internet applications by translating names like website URL into the numeric IP addresses.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the instance resides |
| name | The name of the Directory Service |
| admin_contact_email | The contact email of the administrator |
| abuse_contact_email | The contact for abuse email |
| auto_renew | The auto renew status of the service |
| transfer_lock | The lock/unlock status of the lock |
| creation_timestamp | The time the service was created |
| expiration_date | The date the service expired |
| last_changed_date | The last updated date of the domain as found in the response to a WHOIS query. The date and time is in Coordinated Universal time (UTC) |
| extra_parameters | The additional parameters for that specific domain (JSON) |
| dnssec_enabled | Indicates whether a domain has DNSSEC enabled |
| registrant_privacy_protection | Indicates whether the information for a registrant available for querying in the WHOIS database is restricted |
Encryption Key
Encryption Key
Service Encryption Keys are used within organization services. They are used to encrypt data stored within file systems, e.g., Volumes and Shared File Systems, object-level storage, e.g., Storage Containers, back-ups, e.g., Snapshots, and other services, e.g., API Accounting Config. This class inherits from Resource and has direct access to the resource's database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| region_name | The region in which the instance resides |
| key_id | The provider identifier of the encryption key |
| name | The name of the encryption key |
| arn | The ARN associated with the encryption key |
| description | The description of the encryption key |
| organization_service_id | The ID of the parent organization service (cloud) |
| state | The enabled/disabled state of the encryption key |
| create_date | The date the encryption key was created |
| scheduled_deletion_date | The date the key is scheduled to be deleted |
| key_rotation | The status of the key rotation |
| enabled | Denotes if you’ve enabled the encryption key |
| resource_count | The list of resources using the encryption key |
| policy | The policies in use by the encryption key |
| trusted_accounts | The list of trusted accounts using the encryption key |
| customer_managed | The key is managed by the customer |
| parent_resource_id | The parent resource identifier that takes the form of a prefix followed by numbers and letters |
| rotation_period | The number of days that the key will be rotated |
| activation_date | The date the encryption key was activated |
| modified_date | The date the encryption key was modified |
| origin | The origin of the key, customer managed vs provider managed |
| alias_arns | List of alias ARNs associated with the encryption key |
| key_spec | The specification for the encryption key, e.g., asymmetric, symmetric |
| multi_region | Denotes if the encryption key is multi-region |
| multi_region_key_type | The type of multi-region encryption key |
| public | Denotes if the encryption key is public |
Encryption Key Vault
A tool for securely storing and accessing secrets such as API keys, passwords, or certificates. For example Azure Key Vault.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the encryption key vault resides in |
| create_time | The time the encryption key vault was created |
| name | The name of the encryption key vault |
| vault_type | The type of the encryption key vault |
| key_count | The number of encryption keys used to encrypt your data. |
| key_harvest_impaired | Denotes if the key harvester is in an impaired state |
| secret_count | The number of secrets within the encryption key vault |
| certificate_count | The number of certificates within the encryption key vault |
| certificate_harvest_impaired | Denotes if the certificate harvester is in an impaired state |
| secret_harvest_impaired | Denotes if the secret harvester is in an impaired state |
| modified_time | The time the encryption key vault was last modified |
| access_policy | The access policy associated with the encryption key vault |
| purge_protection_enabled | Denotes if you’ve enabled purge protection |
| soft_delete_enabled | Denotes if you’ve enabled soft delete |
Federated
Federated Group
Azure Groups that have federated access to AWS SSO via Azure AD. See Resources for details.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| group_id | The provider ID for the group |
| organization_service_id | The ID of the parent organization service (cloud) |
| common_name | The common name for the group |
| account_name | The display name for the group |
| distinguished_name | The distinguished name for the group |
| managed_by | The manager of the group |
| manual_retrieval | Indicates if manual retrieval is enabled |
| service | The federated service destination of the group |
Federated User
Azure Users that have federated access to AWS SSO via Azure AD. See Resources for details.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| user_id | The provider ID for the user |
| organization_service_id | The ID of the parent organization service (cloud) |
| common_name | The common name for the user |
| display_name | The display name for the user |
| distinguished_name | The distinguished name for the user |
| The email address for the user account | |
| employee_type | The employee type for the user |
| managed_by | The manager of the user |
| lower_display_name | The display name for the user in lowercase letters |
| manual_retrieval | Indicates if manual retrieval is enabled |
| service | The federated service destination for the user |
Identity Provider
Identity Provider
Creates, maintains, and manages identity information, providing authentication (SAML, AD)
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| provider_id | The provider given ID of the identity provider |
| arn | The ARN of the identity provider |
| create_date | The time the identity provider was created |
| expiration_date | The time the identity provider expires |
| configuration | The configuration of the identity provider |
Logs
Logs
Log Analytics Workspace
Container used for storing and analyzing log data and configuration (Azure Log Analytics Workspace)
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| workspace_id | The ID of the workspace |
| name | The name of the workspace |
| region_name | The name of the region in which the workspace is located |
| state | The current provisioning state of the workspace |
| sku | The pricing SKU for the workspace |
| namespace_id | The namespace ID for the workspace |
Log Group
Log groups define groups of log streams that share the same retention, monitoring, and access control settings.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the log group resides |
| group_id | The provider identifier of the log group |
| name | The name of the log group |
| namespace_id | The log group namespace |
| creation_time | The time this log group was created |
| retention_policy | The retention policy in days for the logs |
| stored_bytes | The size in GB of the logs |
| key_resource_id | The resource ID of the key that encrypts the logs |
| parent_resource_id | The resource ID of the parent that created the log group |
| properties | The properties associated with the log group |
| data_protection_status | The current data protection status for the log group |
Lookout Project
Lookout Project
Lookout Projects comprise three facets: Metrics, Equipment, and Vision. Lookout Metrics finds root causes for anomalies in data. Lookout Equipment monitors physical equipment for abnormal behavior and potential failures. Lookout Vision finds visual defects in industrial products, like missing components, physical damage, irregularities, and defects (e.g., Amazon Lookout).
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the lookoout project resides |
| name | The name of the lookout project |
| project_type | The type of the lookout project |
| status | The status of the lookout project |
| created | The timestamp for when the lookout project was created |
| key_resource_id | The resource ID of the key that encrypts the project |
| arn | The ARN associated with the lookout project |
Recommendation
Recommendation
Recommendations are machine-generated product and resource usage optimizations. Examples include GCP Project Recommendations.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| recommendation_id | The provider ID for the recommendation |
| description | A description of the recommendation |
| subtype | The recommender subtype for the recommendation |
| category | The category for the recommendation |
| state | The state of the recommendation |
| priority | The priority of the recommendation |
| last_refresh_time | The last refresh time for the recommendation |
Recommendation Finding
Findings are important patterns and details about your resource usage. Examples include GCP Project Insights.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| recommendation_finding_id | The provider ID for the finding |
| description | A description of the finding |
| subtype | The recommender subtype of the recommendation finding |
| category | The category for the finding |
| state | The state of the finding |
| severity | The severity of the finding |
| last_refresh_time | The last refresh time for the finding |
Secret
Secret
Secrets are string of cryptographically strong random numbers and letters suitable for managing data such as passwords, account authentication, security tokens, and related secrets.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the secret resides |
| name | the name of the secret |
| description | the description of the secret |
| key_resource_id | the provider identifier of the key |
| arn | The ARN associated with the key |
| rotation_days | The number of days the key should be rotated |
| rotation_enabled | Denotes the enabled status of the secret rotation |
| rotation_lambda_arn | The lambda ARN used for secret rotation |
| last_accessed_date | The date the secret was last accessed |
| last_changed_date | The last date and time the secret was modified in any way |
| deleted_date | The value exists if the secret is scheduled for deletion |
| policy | The policy associated with the secret |
| public | Denotes if the secret is exposed to the public |
| trusted_accounts | The trusted accounts that can access the secret |
| parent_resource_id | The resource identifier of the parent service encryption key vault |
| create_date | The date the secret was created |
| expiration_date | The date the secret is scheduled to expire |
| activation_date | The date the secret is scheduled for activation |
| content_type | The content type of the secret |
| enabled | Denotes whether or not the secret is enabled |
| customer_managed | Denotes whether or not the secret is managed by the customer |
| namespace | The unique composite ID of the provider ID for the secret |
| annotations | Additional information or tags for the secret |
Security Posture
Security Posture
Security Posture assists in assessing and strengthening your security across multi-cloud and hybrid environments.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| posture_id | The unique ID for the policy |
| name | The provider name for the check |
| namespace_id | The unique composite ID of the provider ID for the resource |
| category | The check category |
| severity | The check severity |
| description | A description of the recommendation finding |
| resource_count | The count of resources associated with the check |
Service
Service
Service Control Policy
Control policies that ensure accounts stay within your organization’s access control guidelines.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| name | The name of the resource |
| policy_id | The provider ID for the policy |
| arn | The ARN associated with this access analyzer |
| description | Common properties for all (most) resource types. |
| service_managed | Denotes whether or not the policy is service managed |
| content | The policy content to add to the new policy |
| targets | What the service control policy is pointing at |
Service Detector
A detector is a property of a threat detection service. For example, a detector is required for Amazon GuardDuty to become operational.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region that this resource resides in |
| detector_id | The ID of the service detector |
| role_resource_id | The resource id of the role associated with the detector |
| status | The status of the detector |
| create_date | The date the detector was created |
| master_account_id | The ID of the master account associated with the detector |
| members | The members of the service detector |
Service Health Event
Service Health Events are personalized communications about how the overall health of the CSP itself may be affecting your environment, including visibility into resource issues, upcoming changes, and important notifications.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the service health event resides |
| arn | The ARN associated with the service health event |
| name | The name of the health event |
| service | The service to which this health event pertains |
| event_type_code | The code type of the health event |
| event_type_category | The category of the health event |
| start_time | The start time of the health event |
| last_updated_time | The last updated time of the health event |
| status_code | The status code of the health event |
| event_scope_code | The scope code of the health event |
Simple Log Service
Simple Log Service
Simple Log Service is a service that aggregates and analyses logs, metrics, and traces into a single observation platform.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters. |
| organization_service_id | The ID of the parent organization service (cloud). |
| name | The name of the connection. |
| retention_period | The log retention period. |
| shards_count | The number of shards. |
| web_tracking_enabled | Specifies whether the web tracing feature is turned on. |
| shards_auto_split | Specifies whether automatic sharding is turned on. |
| shards_max_split_count | The maximum number of shards into which existing shards can be automatically split. |
| telemetry_type | The type of the data to query. |
| create_time | The time the resource was created. |
| modified_time | The time the resource was last modified. |
| encrypted | Specifies whether the log encryption is turned on. |
| hot_retention_period | The retention period of data in the hot storage tier. |
| mode | The type of the log store. |
SSH Key Pair
SSH Key Pair
SSH key pairs are the public and private keys associated with a cloud provider within an organization service. This class inherits from TopLevelResource and has direct access to the resource’s database object.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region this SSH key pair resides in |
| keypair_id | The ID of the key pair |
| fingerprint | The fingerprint of this key pair |
| name | The name of this SSH key pair |
| key_type | The type of key |
| create_date | The date the key was created |
| namespace_id | The unique composite ID of the provider ID for the resource |
class DivvyResource.Resources.sshkeypair.SshKeyPair(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource
SSH Key Pair Operations
delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.
static get_db_class()
get_fingerprint()
Retrieve the fingerprint of the SSH Keypair.
static get_provider_id_field()
static get_resource_type()
get_supported_actions()
handle_resource_created(user_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).
handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).
handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.
key_name
key_pair
top_level_resource = True
SSL
SSL
SSL Certificate
A certificate bound to a load balancer to facilitate secure client/server communication.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the certificate resides |
| certificate_id | The provider ID for the certificate |
| name | The name of the certificate |
| domain_name | The domain that the certificate is associated with |
| path | The path of the SSL Certificate |
| arn | The ARN associated with the certificate |
| upload_date | Time this certificate was uploaded |
| expiration_date | Time this certificate expires |
| cert_type | Type of certificate |
| parent_resource_id | Resource id of parent service encryption key vault |
| thumbprint | The thumbprint of the certificate |
| activation_date | The date of the scheduled activation of the certificate |
| modified_date | The last modified date of the certificate |
| enabled | Denotes whether or not the certificate is enabled |
| issuer | The issuer of the certificate |
| key_algorithm | The key algorithm of the certificate |
| signature_algorithm | The signature algorithm of the certificate |
| type | The type of certificate |
| used_by | Who the certificate is used by |
| issued_at | The time the certificate was issued |
| key_usages | The usages of the certificate |
| renewal_status | The renewal status of the certificate |
| renewal_status_reason | The reason for renewing the certificate |
| validation_emails | The Email addresses who validate the certificate |
| validation_method | The validation method of the certificate |
| validation_status | The validation status of the certificate |
| validation_record | The validation DNS record of the certificate |
| validation_record_type | The validation record type |
| status | The status of the certificate |
| serial | The serial number of the certificate |
| renewal_eligibility | Denotes whether the certificate is eligible for renewal |
SSL Certificate Authority
SSL Certificate Authorities issue digital certificates to help identify websites, people, and devices.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The name of the region in which the certificate authority resides |
| authority_id | The provider ID for the certificate authority |
| name | The common name set on the certificate authority |
| arn | The ARN associated with the certificate authority |
| type | The type of certificate authority |
| serial | The serial number of the certificate authority |
| state | The status of the certificate authority |
| certificate_authority_configuration | The configuration of the certificate authority |
| revocation_configuration | The revocation configuration of the certificate authority |
| trusted_accounts | The list of trusted accounts in the resource policy attached to the certificate authority |
| policy | The policy associated with the certificate authority |
| usage_mode | The usage mode for the certificate authority |
| key_storage_security_standard | The security standard of the key associated with the certificate authority |
| created_at | The time the certificate authority was created |
| last_state_change_at | The time of the last state change on the certificate authority |
| not_before | The time the certificate authority is valid from |
| not_after | The time the certificate authority is not valid after |
Sink
Sink
A sink controls how logs are routed throughout your environment.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The name of the region in which the sink resides |
| name | The name of the sink |
| destination | The sink's destination |
| policy | The policy associated with the sink |
| trusted_accounts | The list of accounts that can interact with the sink |
| filter_config | The filter configuration for the sink (if any) |
| writer_identity | The identity under which exported log entries are written to the sink's destination. |
| create_time | The timestamp for when the sink was created |
| update_time | The timestamp for when the sink was last updated |
Threat Findings
Threat Findings
A threat detection service which constantly monitors the activity in your cloud network for anomalous behavior which could indicate cyber attacks or other unauthorized uses. Examples of this service include AWS GuardDuty and Microsoft Defender for Cloud.
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the threat is occurring |
| threat_finding_id | The ID of the threat finding |
| name | The name of the threat finding |
| count | The number of impacted resources |
| severity | The severity level of the finding |
| last_seen | The time the threat finding last saw threats |
| description | A description of the threat finding |
| direct_link | A link to more information about the threat finding |
| finding_source | The source of the threat finding |
User Pool
User Pool
A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers. Whether your users sign in directly or through a third party, all members of the user pool have a directory profile that you can access through a Software Development Kit (SDK).
| Attribute | Description |
|---|---|
| resource_id | The primary resource identifier that takes the form of a prefix followed by numbers and letters |
| organization_service_id | The ID of the parent organization service (cloud) |
| region_name | The region in which the user pool resides |
| pool_id | The provider ID for the user pool |
| name | The name given to the user pool |
| status | Denotes whether the user pool is enabled or disabled |
| auto_verify_attributes | The auto-verification attributes for this pool. Can be set to email, phone number, either, or both |
| username_attributes | Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. |
| alias_attributes | Specifies the attributes that are aliased in a user pool. |
| password_policy | JSON describing the password policy of the user pool |
| create_date | The creation date of the user pool |
| mfa_configuration | Denotes whether multifactor authentication is on, off, or optional |
| estimated_number_of_users | The estimated number of users in the user pool |
| domain | Holds the domain prefix if the user pool has a domain associated with it. |
| custom_domain | A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. |
| advanced_security | Denotes whether advanced security settings are enforced, off, or in audit mode |
| arn | The ARN associated with the user pool |
| identity_providers | JSON describing the Identity Provider Attributes |