Inventory Supported Resources
The Inventory page displays the following resources. For information on the resources for which Illumio CloudSecure supports policies, see Resources that Support Policy
AWS
Category | Resource | Attached Resources on Details Page | Flow Support |
---|---|---|---|
Account Management | IAM Account | N/A | No |
Account Management | IAM User | N/A | No |
Compute | EC2 Instance | ENI, Subnet, VPC, Security Group (SG), Elastic IP, Elastic Block Storage (EBS) Volume, Target Group | Yes |
Compute | Spot Fleet Instance Request | EC2 Instance | No |
Compute | Spot Fleet Request | EC2 Instance, Spot Instance Request | No |
Containers | ECS Cluster | N/A | No |
Containers | ECS Container Instance | N/A | No |
Containers | EKS Cluster | Subnet, VPC, SG, EKS Node Group | No |
Containers | EKS Nodegroup | EKS Cluster | No |
Databases | RDS DB Cluster | ENI, Subnet, VPC, SG, KMS Key | Yes |
Databases | Document DB Elastic Cluster | Subnet, Security Group | No |
Databases | DynamoDB Table | N/A | No |
Databases | ElastiCache CacheCluster | N/A | Yes |
Databases | MemoryDB Cluster | N/A | Yes |
Databases | RDS DB Instance | ENI, Subnet, VPC, SG, KMS Key | Yes |
Data Warehouse | Redshift Cluster | ENI, Subnet, VPC, VPC Endpoint, SG, Network Interface Controller (NIC) | No |
Network Management | Elastic IP | ENI, EC2 Instance | Yes, on Traffic page |
Network Management | Subnet | Subnet, RAM ResourceShare | No |
Network Management | Network Interface | All AWS workload types, Subnet, VPC, SG | Yes, on Traffic page |
Network Management | VPC | Elastic Network Interface (ENI), Subnet, Virtual Private Cloud (VPC) peering, peered VPC, RAM ResourceShare | No |
Network Management | VPC Peering | VPC | No |
Network Monitoring | Flow Log | N/A | No |
Network Routing | Carrier Gateway | Gateway | No |
Network Routing | Customer Gateway | Gateway | No |
Network Routing | EC2 Instance Connect Endpoint | N/A | No |
Network Routing | Egress Only Internet Gateway | Gateway | No |
Network Routing | ElasticLoadBalancingV2 Load Balancer | ENI, Subnet, VPC, SG, Target Group | No |
Network Routing | ElasticLoadBalancingV2 Target Group | Load Balancer, VPC, EC2 Instance | No |
Network Routing | Internet Gateway | N/A | No |
Network Routing | NAT Gateway | N/A | No |
Network Routing | Route Table | NAT Gateway, VPN Gateway, VPC, Subnet, Internet Gateway, VPC peering, EC2 Instance, ENI | No |
Network Routing | VPC Endpoint | S3, S3 Bucket Policy, VPC, ENI, SG, Subnet | Yes |
Network Routing | VPN Gateway | Gateway | No |
Network Routing | Transit Gateway | Transit Gateway Attachment, Transit Gateway Route Table, Transit Gateway Multicast Domain, RAM Resource Share | No |
Network Routing | Transit Gateway Attachment | Transit Gateway Attachment, Transit Gateway Multicast Domain, Transit Gateway, Subnet, VPC | No |
Network Routing | Transit Gateway Route Table | Transit Gateway Attachment, Transit Gateway, Subnet, VPC | |
Network Routing | Transit Gateway Multicast Domain | RAM Resource Share, Transit Gateway Attachment, Transit Gateway, ENI, Subnet, VPC | No |
Network Routing | VPN Connection | VPN Gateway, Customer Gateway, Transit Gateway, VPC | No |
Network Security | Network ACL | N/A | No |
Network Routing | VPC Endpoint Service | ElasticLoadBalancingV2 Load Balancer | No |
Network Security | RDS DB Security Group | N/A | No |
Network Security | Security Group | All AWS workload types, ENI | No |
Network Security | Security Group Rules | N/A | No |
Resource Management | RAM Resource Share | Subnet | No |
Security Infrastructure | KMS Key | DB Cluster, DB Instance, EBS Volume, Redshift Cluster, Lamda Functions | No |
Serverless | Lambda Function | Subnet, VPC, SG, Key Management Services (KMS) key | No |
Storage | EBS Volume | N/A | No |
Storage | Glacier Vault | N/A | Yes |
Storage | S3 Bucket | Bucket Policy, VPC Endpoint, VPC, ENI, SG, Subnet | No |
Azure
Category | Resource | Attached Resources on Details Page | Flow Support |
---|---|---|---|
Account Management | Subscription | N/A | No |
Batch Management | Batch Account | Batch Application, Batch Private Link Resource, Batch Private Endpoint Connection, Storage Account, Batch Pool, Batch Certificate, Resource Group | No |
Compute | Virtual Machine | NIC, NSG , IP Config, Subnet, VNet, VM ScaleSet | Yes |
Compute | Virtual Machine ScaleSet | VM ScaleSet | No |
Compute | VirtualMachineScaleSet Virtual Machine | VM, VM ScaleSetVM | No |
Containers | Container Group | N/A | No |
Containers | Managed Cluster | N/A | No |
Databases | DocumentDB Gremlin Database | DocumentDB Database Account | No |
Databases | DBforPostgreSQL Flexible Server | Private Endpoint, NIC, Subnet, VNet, NSG, DBforPostgreSQL Flexible Server Database |
No |
Databases | DBforPostgreSQL Flexible Server Database | DBforPostgreSQL Server | No |
Databases | DBforPostgreSQL Server | Private Endpoint, NIC, Subnet, VNet, NSG, DBforPostgreSQL Server Database | No |
Databases | DBforPostgreSQL ServerGroup V2 | Private Endpoint, NIC, Subnet, VNet, NSG | No |
Databases | DBforPostgreSQL ServerGroup V2 Server | DBforPostgreSQL ServerGroup V2 | No |
Databases | DBforPostgreSQL Server Database | DBforPostgreSQL Server | No |
Databases | DocumentDB Cassandra Cluster | N/A | No |
Databases | DocumentDB Cassandra Keyspace | DocumentDB Database Account | No |
Databases | DocumentDB Database Account | Private Endpoint, NIC, Subnet, VNet, NSG, SQL Database, DocumentDB Table, Document DB Gremlin Database, DocumentDB Cassandra Keyspace, DocumentDB Mongo Database | No |
Databases | DocumentDB Database Account SQL Databases | DocumentDB Database Account | No |
Databases | DocumentDB Mongo Cluster | Private Endpoint, NIC, Subnet, VNet, NSG | No |
Databases | DocumentDB Mongo Database | DocumentDB Database Account | No |
Databases | DocumentDB Table | DocumentDB Database Account | No |
Databases | Redis Cache | VNet, Subnet, Private Endpoint | No |
Databases | SQL Server | Private Endpoint, NIC, Subnet, VNet, NSG, SQL Server Database | No |
Databases | SQL Server Database | SQL Server | No |
Infrastructure Management | Resource Group | N/A | No |
Network Management | Diagnostic Setting | Firewall, Storage Account | No |
Network Management | Firewall Policy | Firewall Policy, Rule Collection Group | No |
Network Management | IP Configuration | N/A | Yes, on Traffic page |
Network Management | Network Interface | Virtual Machine (VM), Network Security Group (NSG), IP Config, Subnet, VNet, Public IPs, VM ScaleSet | No |
Network Management | Private Endpoint | NIC, Subnet, VNet, Azure PaaS resources | No |
Network Management | Private Link Service | Private Endpoints, NIC, NSG, IP Config, Subnet, VNet, Azure PaaS Resource | No |
Network Management | Public IP Address | N/A | No |
Network Management | Public IP Prefix | Public IP Address | No |
Network Management | Rule Collection Group | Firewall Policy | No |
Network Management | Subnet | VNet, IP Config, NIC, NSG | No |
Network Management | Virtual Hub | Virtual Hub (kind: Route Server) | No |
Network Management | Virtual Hub Connection | Virtual Hub, Subnet, Public IP | No |
Network Management | Virtual Hub IP Configuration | Virtual Hub, Network Subnet, Public IP | No |
Network Management | Virtual Network | NIC, IP Config, Subnet, Virtual Network Gateway | No |
Network Management | Virtual Network Peering | VNet | No |
Network Monitoring | Flow Logs | N/A | No |
Network Monitoring | Network Watcher | N/A | No |
Network Security | Application Security Group | N/A | No |
Network Security | Azure Firewall | Subnet, Firewall Policy | No |
Network Security | Network Security Group | Network Interface Connection (NIC) Subnet, VM, VM ScaleSetVM, NSG Rules | No |
Network Security | Network Security Groups Rule | N/A | No |
Network Security | Network Security Groups Default Security Rule | N/A | No |
Network Routing | Application Gateway | N/A | No |
Network Routing | Connections | Virtual Network Gateway | No |
Network Routing | NAT Gateway | N/A | No |
Network Routing | Load Balancer | N/A | No |
Network Routing | Route Table | N/A | No |
Network Routing | Virtual Network Gateway | Connection, IP Address, Subnet, Virtual Network | No |
Network Routing | VPN Gateway | N/A | No |
Serverless | Web Site | Subnet, Web Site Function | No |
Serverless | Web Site Function | Web Site | No |
Storage | Storage Account | Private Endpoint, NIC, Subnet, VNet, NSG | No |
Because CloudSecure may not always discover elastic network interfaces (ENIs), a flow search based on resource IDs will not work for the following supported resources if their Details page does not display the ENI. The workaround is to search using the IP address of the associated ENI, if known:
- AWS RDS DBInstances
- AWS RDS DBClusters
- ElasticLoadBalancingV2 load balancers
- AWS MemoryDB clusters
- AWS ElastiCache for Redis clusters
- AWS Redshift clusters
Although they will appear, EKS Clusters/Nodegroups and S3 buckets will not have flows. Only AWS EC2 instances, AWS RDS DBClusters, AWS RDS DBInstances, and Azure VMs will have flows.