DocumentationAPI ReferenceTerraform ProviderStatus PageSchedule a DemoFree Trial
Documentation

Cloud Compass (Beta)

Analyze your cloud resource management to enhance oversight and adherence to best practices

Suggest Edits

⚠ī¸

Beta Feature Notice

  • Cloud Compass is currently in beta. We welcome your feedback to help us improve this feature.

Introduction

Cloud Compass by env0 aims to bridge the gap between manual and automated cloud operations, providing deep insights into how your cloud resources are managed. By identifying and categorizing your resources based on their management type, Cloud Compass helps you develop a more effective Infrastructure as Code (IaC) strategy, improve overall cloud governance, and clarify your cloud culture.

📘

Configure Your First Cloud Account

💸

Additional Costs for Using Cloud Compass

  • When enabling the Cloud Compass feature in env0, there may be additional cloud costs associated with its use. Specifically, as of now, the only additional cost incurred is related to outbound S3 traffic. This means that any data transferred from S3 buckets to external destinations will incur charges according to the standard AWS S3 outbound data transfer rates.

Utilizing the Cloud Compass Dashboard

The Cloud Compass dashboard provides a comprehensive view of your cloud resources, their management types, and severity scores.

Settings

Access the Cloud Compass dashboard using the organization menu item. (A permission to View Dashboard is required to access the page).

Here you can see and manage your cloud accounts.

Click here to see how to configure an account.

Insights

By selecting a cloud account, you can begin analyzing your cloud culture.

The dashboard displays the period for which the data is shown (including the initial data time and last updated time) and provides information about the "Next Run".

Each run could take a few minutes because env0 scans all new cloud activity and processes it to generate insights.
If the data is updating in the background, you'll see a relevant message.

View IaC Coverage Trends:

  • Examine the trend of IaC resource percentages in your cloud account over time.
  • Ensure adherence to your organization’s guidelines.

Resource Management Type Breakdown

Assess Resource Breakdown:

🚧

Resource Detection

For AWS, tracking is possible only for resources logged to S3 by the cloud trail.

  • Explore the detailed breakdown of resources.
  • View the total number of operations detected for each resource.
  • Review the Severity scores to prioritize tasks effectively and improve management practices.

Let's break it down:

For the resource named prod-entity-response:

  • 5 manual operations via the Cloud Console
  • 156 API/CLI operations
  • 0 IaC operations

This resource is managed via API and is categorized with a severity of 🔴 High.

Take Action! đŸŽŦ

By selecting a resource you have the following options:

  • Generate IaC Code to start migrating your resources (supporting OpenTofu and Terraform)
  • Mark resource's severity as Ignored
  • Remove an ignored note from a resource
Codify
  1. Choose your preferred IaC framework

  1. IaC Code is generated for your resources, please make sure to follow the instructions given


Understanding Resource Management Types

Cloud Compass categorizes cloud resources into several types based on their management method. Understanding these types is crucial for optimizing your cloud operations.

đŸŸĸ IaC Resource

  • Definition: A resource managed through Infrastructure as Code (IaC) frameworks.

🟡 API/CLI (Scripted) Resource

  • Definition: A Resource that is managed through custom scripts or direct API/CLI interactions.

🔴 ClickOps Resource

  • Definition: A resource primarily managed through the cloud console/UI.

Evaluating Management Severity

Cloud Compass assesses the management severity of each resource, providing a score that indicates the potential risk and management efficiency.

Severity is calculated based on:

  • Management Type and the type of actions performed on the resource, with clickOps receiving the most weight, followed by API, and Infrastructure as Code (IaC) receiving the least weight
  • Service Type, with different service types having varying weights;
    For example, in AWS, we consider IAM, KMS, EC2, and other services as more sensitive than others

The severity levels are:

đŸŸĸ Optimal

  • Expected Resources: Resources managed through IaC, representing the best practice.

🟡 Low

  • Expected Resources: Resources with minor manual interactions, mostly managed through scripts or CLI tools.

🟠 Medium

  • Expected Resources: Resources with a balanced mix of manual and automated interactions.

🔴 High

  • Expected Resources: Resources primarily managed manually, indicating a high risk of misconfigurations and inefficiencies.

🔘 Ignored

  • Expected Resources: Resources labeled as ignored by users, either temporarily or permanently, to focus on other resources during migration or management efforts.

Conclusion

We know that understanding what's going on in your cloud environment can be a daunting task.
Cloud Compass aims to make it easier by providing a clear breakdown of your organization's cloud culture. Track IaC coverage, focus on the most risky resource management practices, and create a better overall cloud strategy to avoid errors and misconfigurations. By following this tutorial, you can enhance your cloud resource management with Cloud Compass, gaining deeper insights and improving governance.

Updated 25 days ago