Cloud Map Supported Resources
The Cloud Map displays the following resources. For information on the resources for which Illumio CloudSecure supports policies, see Resources that Support Policy
AWS
Category | Resource | Attached Resources on Details Panel | Map Display Notes | Flow Support |
---|---|---|---|---|
Compute | EC2 Instance | ENI, Subnet, VPC, Security Group (SG), Elastic IP, Elastic Block Storage (EBS) Volume, Target Group | Displays at Subnet level | Yes |
Compute | Spot Fleet Request | EC2 Instance, SpotInstanceRequest | Displays at VPC level | No |
Compute | Spot Fleet Instance Request | EC2 Instance | Displays at VPC level | No |
Containers | ECS Cluster | N/A | Displays at Region level | No |
Containers | ECS Container Instance | N/A | Displays at Region level | No |
Containers | EKS Cluster | ENI, Subnet, VPC, SG, Node Group | Displays at Region level | Yes |
Containers | EKS Nodegroup | Cluster | Displays at Region level | No |
Databases | DocumentDB DB Cluster | Document DB Instance, Security Groups, KMS key | Displays at Region level | No |
Database | DocumentDB Instance | Document DB Cluster, Security Groups, KMS key, VPC, Subnet | Does not display as a resource node, but does display as a relationship | No |
Database | DynamoDB Table | N/A | Displays at Region level | No |
Database | ElastiCache CacheCluster | N/A | Displays at Region level | Yes |
Database | MemoryDB Cluster | N/A | Displays at Region level | Yes |
Database | RDS DB Cluster | ENI, Subnet, VPC, SG | Displays at VPC level | Yes |
Database | RDS DB Instance | ENI, Subnet, VPC, SG | Displays at VPC level | Yes |
Data Warehouse | Redshift Cluster | ENI, Subnet, VPC, VPC Endpoint, SG, Network Interface Controller (NIC) | Displays at VPC level | No |
Network Management | Subnet | Subnet | Displays at VPC level | No |
Network Management | VPC | Elastic Network Interface (ENI), Subnet, Virtual Private Cloud (VPC) peering, peered VPC | Displays at Region level | No |
Network Management | VPC Peering | VPC | Does not display as a resource node, but does display as a relationship | No |
Network Routing | ElasticLoadBalancingV2 Load Balancer | ENI, Subnet, VPC, SG, Target Group | Displays at VPC level | No |
Network Routing | Transit Gateway | Transit Gateway Attachment, Transit Gateway Multicast Domain, Transit Gateway, VPC, Subnet, RAM Resource Share | Displays at VPC level | No |
Network Routing | VPC Endpoint | S3, S3 Bucket Policy, VPC, ENI, SG, Subnet | Displays at VPC level | Yes |
Serverless | Lambda Function | Subnet, VPC, SG, Key Management Services (KMS) key | Displays at VPC level | No |
Storage | Glacier Vault | N/A | Displays at Region level | Yes |
Storage | S3 Bucket | Bucket Policy, VPC Endpoint, VPC, ENI, SG, Subnet | Displays at Region level | No |
Azure
Category | Resource | Attached Resources on Details Panel | Map Display Notes | Flow Support |
---|---|---|---|---|
Compute | Load Balancer | N/A | Displays at Region level | No |
Compute | Virtual Machine | NIC, NSG , IP Config, Subnet, VNet, VM ScaleSet | Displays at Subnet level | Yes |
Compute | Virtual Machine ScaleSet | VM Scaleset | Displays at Region level | No |
Database | DBforPostgreSQL Flexible Server | Private Endpoint, NIC, Subnet, VNet, NSG, DBforPostgreSQL Flexible Server Database |
Displays at Region level | No |
Database | DBforPostgreSQL Server | Private Endpoint, NIC, Subnet, VNet, NSG, DBforPostgreSQL Server Database | Displays at Region level | No |
Database | DBforPostgreSQL ServerGroup V2 | Private Endpoint, NIC, Subnet, VNet, NSG | Displays at Region level | No |
Database | DocumentDB Database Account |
Private Endpoint, NIC, Subnet, VNet, NSG, SQL Database, DocumentDB Table, Document DB Gremlin Database, DocumentDB Cassandra Keyspace, DocumentDB Mongo Database |
Displays at Region level | No |
Database | DocumentDB Cassandra Cluster | N/A | Displays at Region level | No |
Database | DocumentDB Mongo Cluster | Private Endpoint, NIC, Subnet, VNet, NSG | Displays at Region level | No |
Database | Redis Cache | VNet, Subnet, Private Endpoint | Displays at Region level | No |
Database | SQL Server | Private Endpoint, NIC, Subnet, VNet, NSG, SQL Server Database | Displays at Region level | No |
Network Management | NAT Gateway | Subnet, Public IP, Public IP Prefix | Displays at Region level | No |
Network Management | Private Endpoint | NIC, Subnet, VNet, Azure PaaS resources | Displays at Subnet level | No |
Network Management | Subnet | VNet, IP Config, NIC, Network Security Group (NSG) | Displays at VNet level | No |
Network Management | Virtual Network | NIC, IP Config, Subnet | Displays at Region level | No |
Network Management | Virtual Network Peering | VNet | Does not display as a resource node, but does display as a relationship | No |
Serverless | Web Site | Subnet, Web Site Function | Displays at Region level | No |
Serverless | Web Site Function | Web Site | Displays at Region level | No |
Storage | Storage Account | Private Endpoint, NIC, Subnet, VNet, NSG | Displays at Region level | No |
Because CloudSecure may not always discover elastic network interfaces (ENIs), a flow search based on resource IDs will not work for the following supported resources if their Details page does not display the ENI. The workaround is to search using the IP address of the associated ENI, if known:
- AWS RDS DBInstances
- AWS RDS DBClusters
- ElasticLoadBalancingV2 load balancers
- AWS MemoryDB clusters
- AWS ElastiCache for Redis clusters
- AWS Redshift clusters