Your cloud security strategy is only as strong as your cloud resource inventory strategy. And for that to be successful, it has to go beyond just collecting resource IDs.
A strong resource inventory strategy requires meticulous tracking of configuration changes in running clouds and the ability to segment by resource types, tags, and beyond. Only once you have complete visibility into the state of all your resources can you start to address areas of risk.
Bridgecrew now provides that visibility with the addition of our newest feature, Resource Inventory. In addition to identifying misconfigured resources, you can now track, analyze, and investigate all resources in the Bridgecrew platform.
Powered by our underlying graph technology, Resource Inventory has support for filtering by provider, account, type, and tag and comes with five (with many more to come!) pre-defined queries:
- All Resources
- Resources without tags
- Databases with no Backup Policy
- Unencrypted Databases and Storage Buckets
- Disabled CloudTrails
In addition to helping you understand what resources exist, this new view also shows you how those resources communicate. The Network Access module shows which of your networking resources are public or available to ingress communication from specific CIDR blocks or security groups.
This is a great way to see how networking properties can affect downstream resources.
Resource Inventory in action
Use Resource Inventory to see and address unencrypted S3 buckets in one of your environments in three easy steps:
Step 1: Filter
By selecting Unencrypted Databases and Storage Buckets from the dropdown menu, you’ll immediately see resources that match that query.
Using filters, you can further narrow down that list to resources with a specific tag for the environment you’re investigating.
Step 2: Investigate
The resulting grid shows which account resources are running on, their types and tags, and network access analysis. Selecting any of the grid rows will bring up the Resource Explorer, which displays the resource’s metadata, dependencies, and historical point-in-time configuration changes (possible drift).
Step 3: Address
If resources in the Resource Inventory grid have associated errors, they will show in the Errors column. Selecting the error count opens a dropdown of policy violations related to the resource.
Selecting any of those errors will take you to the corresponding view in the Incidents tab. From there, you can finish your journey of addressing errors by creating a Jira issue, suppressing it, or fixing it live.
With its advanced filtering capabilities and pre-built queries, Bridgecrew’s Resource Inventory provides several starting points for digging into your AWS accounts. By exposing rich, context-driven data and errors associated with resources in one place, we hope to foster cloud visibility and actionability.