Upgrading Cloud Security (InsightCloudSec) - AWS Terraform
Copy link

This document explains how to upgrade your Cloud Security (InsightCloudSec) deployment on AWS if you are currently using Terraform modules. The process is straightforward and can be done in a few minutes.

Prerequisites
Copy link

These instructions assume that you have the following:

  • A functioning Cloud Security (InsightCloudSec) platform installation
  • Appropriate admin permissions to upgrade your environment
  • Are upgrading a self-hosted deployment (as opposed to a hosted customer)

Refer to our release notes for new or revised permissions required by the new version of the application and for any configuration changes necessary. If you have any plugins or overrides, reach out to us through any option listed on the Getting Support Page

The content/steps provided on this page apply to self-hosted customers. For hosted customers, we recommend that you contact your CSA or through the Customer Support Portal with any questions or concerns.

Redis 7.1 required

Beginning with release 24.9.3, Cloud Security (InsightCloudSec) requires Redis 7.1. Before proceeding with the upgrade, ensure your AWS Terraform version is 4.67 or higher. If your primary variables.tf file contains redis_custom_version and redis_custom_pg, set the following values in your .tfvars file:

redis_custom_version = \"7.1\" redis_custom_pg = \"default.redis7\"

The Redis engine upgrade process takes approximately 20 minutes. Scaling down Cloud Security (InsightCloudSec) tasks during the upgrade is not required, but you may see sporadic connectivity issues during the process.

If you do not see redis_custom_version and redis_custom_pg defined in your primary variables.tf file, contact support for assistance before upgrading to Cloud Security (InsightCloudSec) version 24.9.3 or later.

Steps to Upgrade
Copy link

Cloud Security (InsightCloudSec) recommends running the upgrade procedure in a non-production environment for testing before upgrading your production environment.

ℹ️

Product name to be replaced

You may observe that some components, screen captures, or examples use our former product name, DivvyCloud. This doesn’t affect the configuration or the product’s functionality, and we will notify you as we replace these component names.

Create RDS Snapshot
Copy link

  1. From the RDS Console, take a snapshot of your RDS instance.
  2. Confirm the snapshot has a green Available status.

(Optional) Fetch latest Terraform modules
Copy link

  1. In your Terraform folder, run the following command:
terraform init -upgrade

Check for Environment Consistency
Copy link

  1. Run a plan to check if there are any environment inconsistencies and if there are any changes proposed from the latest Cloud Security (InsightCloudSec) Terraform modules, ensuring you replace VAR-FILE in the example below with the name of your tfvars file.
terraform plan -var-file=VAR-FILE.tfvars
  1. Review the output from this plan for any changes.
    • Watch for changes made outside of Terraform that Terraform is trying to revert.
    • If you do not understand what the changes are being made at this step reach out to us through the Customer Support Portal.
  2. If there are pending changes to bring the environment consistent, apply them, ensuring again that you replace VAR-FILE in the example below with the name of your tfvars file.
terraform apply -var-file=VAR-FILE.tfvars

Set new Cloud Security (InsightCloudSec) version
Copy link

  1. Modify your tfvars file to update the Cloud Security (InsightCloudSec) version
// Cloud Security (InsightCloudSec) container/version to deploy divvycloud_version = "divvycloud/divvycloud:v21.5.2"
  1. Run a Terraform plan and confirm that Terraform is only asking to change 4 (or optionally 5 if using Access Explorer resources.
terraform apply -var-file=VAR-FILE.tfvars
  1. Answer with yes to apply the version change.

Validation
Copy link

Open up CloudWatch and browse to the log group for your environment. It will most likely be the name DivvyCloud-Logs without /aws/ in the name. Verify the scheduler shows as Completed DB upgrade.