Resource Inventory

Overview

The Resource Inventory provides a centralized view of Resource configuration and health.
You can currently view supported AWS Resources or filter Resources based on predefined queries, such as All Resources or Resources without Tags.

The queries you can run are:

  • All Resources - shows all supported AWS multi-account resources
  • Resources without Tags - shows AWS resources that support tagging but have no tags
  • Databases with no Backup Policy - shows RDS, Redshift and DynamoDB databases that don't support backup policy
  • Unencrypted Databases and Storage Buckets - shows RDS, Redshift, DocDB, DynamoDB databases alongside EBS volumes, EFS and S3 buckets that aren't encrypted
  • Disabled CloudTrails - shows CloudTrails that don't support logging in their accounts

📘

AWS Integration Update

To use Resource Inventory, you need the updated Bridgecrew-AWS Read-Only integration - see deails here.

📘

Note

Network map and Access map have been deprecated and will no longer be available on the Bridgecrew platform. Instead, we are gradually implementing a direct-access interface our Resource Inventory Graph DB that will eventually enable similar graphical mapping resource features.

Viewing Resources

  1. Press Resource Inventory from the navigation pane.
    By default, all Resources are displayed.
  2. Choose a Resource query from the dropdown list.
  1. To further narrow the list of Resources, you can select one or more of the dropdown filters: Account, Resource Type, Tag or Network Access.
    In order to filter on exact match of tag (and not filter as substring) - put your searched value in quotation notes, i.e. "prod".

Network Access

If a resource is one of the types listed below, the Network Access column shows details about its access rules.

The globe icon indicates that the resource is open to the public internet.

A globe icon with a diagonal strikethrough indicates restricted network access.

The details of the access restriction are shown in the tooltip and can be based on:

  • CIDR block(s)
  • Security Group(s)
  • CIDR block(s) and Security Group(s)

Network Access - Restrictions based on CIDR Blocks

Network Access - Restrictions based on CIDR Block and Security Group

For resources that are not supported for Network Access analysis, the column is blank.

📘

Note

To further investigate a Security Group, copy its ID number and search for its details.

Resource Types for Which Network Access is Displayed

  • EC2 Instance
  • ELB
  • ALB
  • RDS Cluster
  • ElasticCache Cluster
  • EMR Cluster
  • Redshift Cluster
  • ElasticSearch Domain
  • EFS Mount Target
  • ECS Service
  • EC2 Security Group
  • EC2 Security Group Rule

Exploring Resources

You can explore a Resource to see detailed information about its metadata, relationships, history, and context.

To explore a Resource:
Press on a row to view the Resource Explorer. See Explore Resource for details about the information shown.

Viewing Incidents and Taking Action

For Resources with errors, you can view the specific Incident in a new tab and take action (Remediate, Suppress, Create Issue).

To view the Incident:

  1. Hover over the number in the error column and press View.
  2. Press one of the errors.

The Incident page opens.

Updated 10 days ago


Resource Inventory


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.