CoreStack provides the Cloud Governance Posture for each of the 5 Pillars of OSCAR. You can review the posture by visiting the respective dashboards of Operations, Security, Cost, Access and Resource. The Account Governance Dashboard provides a consolidated view of all your accounts and also the posture and assessment score for them.
Note: It may take 6-12 hours from the time you onboarded the account to have the data fully reflected on the dashboards.
The Account Governance Dashboard provides a consolidated view of all you cloud accounts across multiple clouds and their OSCAR Governance Posture summary. It is the one place you get a view of all your cloud accounts and their current cloud governance posture. The different sections within this dashboard are explained below.
This section provides you a count of Active Cloud Accounts that are currently onboarded in the specific CoreStack Tenant. To view the cloud accounts from another Tenant, you need to switch to that Tenant using the Tenant Selection dropdown at the top right (header).
You will see a box for each Cloud (AWS, Azure, GCP) showing the no. of cloud accounts onboarded and currently in active state. The first box (cloud) is selected by default.
Note: If you have account_admin privileges and you have selected the Master Tenant (indicated by a key symbol in the Tenant selection dropdown list) you will be able to see cloud accounts across all tenants.
Based on the cloud selection in the cloud account summary above, the cloud accounts from that cloud are listed in a grid as shown below.
This grid layout provides the following information
- Cloud: The first column indicates the cloud that the account belongs to (AWS, Azure, GCP) using the respective logo.
- Account ID and Name: The name of the cloud account helps identify the account
- Status: Status of the account whether it is Active / Disabled
- Governance Grade: The overall CoreStack OSCAR Governance Grade for the account is displayed above the name. (E.g. A, B) You can hover on this grade icon to see the actual score.
- Operations: The status of Operations Assessment shown in Red, Green Amber. The exclamation icon next to it (if displayed) will provide the current status of the assessment. The icon is displayed if there are any issues in generating the assessment report for that Pillar.
- Security, Cost, Access, Resource: Same as Operations above.
- Access Type: This indicates whether the cloud account is onboarded with “Assessment” or “Assessment + Governance” level of access.
- Action: This column enables a set of actions that can be taken on the cloud account. These include
- View Settings
- Re-Trigger Assessment
- Disable this account
View Settings: You will see the below tabs in this view:
Account Details: Provides details of the selections made while on-boarding the cloud account.
Assessment Validation: Validation of the required access permissions for each of the 5 OSCAR Governance Pillars. The list of access, type (mandatory/optional), and Status (Allowed/Denied) are displayed here.
Assessment Results: The results of the latest assessment along with the assessment score, grade, governance pillar wise status can be viewed here. The assessment history is also available to see a trend of the score over a period of time.
Detailed Assessment Report is available in Reports section.
Governance Configuration: This is applicable only for accounts configured with Assessment + Governance. You can view the different governance configurations and their status here.
Different notifications such as email, webhook, Microsoft Teams webhook notifications can be configured in the Operations – Alerts and Security – Notification Settings sections of Governance Configuration tab.
Re-Trigger Assessment: Use this option to Re-Trigger Assessment for the account. This can either be for a periodic review or in case of any configuration issues that caused failure of previous assessment.
Re-Discover: Once the account is onboarded, CoreStack starts automated discovery of your cloud inventory. This is displayed in the Resource module in Inventory page. While the sync does happen periodically, if you need to refresh the resources list, you can use this option.
Edit: You can use this option to edit any of the account related information. The authentication credentials will be required to complete this process. The workflow is same as onboarding the account.
Delete: If you need to remove the cloud account from CoreStack, you can use this option. Please note that the roles, any resources and configurations done in your account will remain there.
Disable this account: You can temporarily disable the account for assessment and governance.
The following filters can be applied on the cloud accounts list for a specific cloud:
- Search bar: Search for a specific cloud account using the Name or ID.
- Account Type: You can filter by account types such as Master Account, Linked Account, etc.
- Scope: Filter by the scope of the account – Tenant, Account, Private.
- Onboarded vs. Associated Accounts: Onboarded accounts imply the ones that you actually onboarded. Associated accounts are the list of linked/member/child accounts that you created under the Master accounts, but are yet to be onboarded.
Updated about 2 years ago