Within the OpsCompass CLI Client, users are now able to trigger scans of individual resources or whole cloud accounts.
This article assumes that you have already downloaded and configured the OpsCompass CLI against your OpsCompass environment. For more information regarding installation and setup you can reference the article Getting Started with OpsCompass Command Line Interface. If you have previously set up the CLI, ensure that you are running the latest version, to do this simply run the command 'opscompass' and if you are out of date, the CLI will prompt you with the appropriate command to run to update.
Example Update Message:
Resource Scan Overview
Within OpsCompass there is a concept of a resource scan. During a resource scan, OpsCompass fetches the latest cloud provider resource configurations analyzes of the data retrieved. Examples of some analyses taken during a scan are:
- Comparison of resource configuration against compliance checks, possibly resulting in newly discovered or fixed compliance problems.
- Comparison of previously retrieved resource configuration, possibly resulting in drift.
- For applicable resources, retrieve cloud provider metrics for resources.
A scan in OpsCompass occurs is triggered usually:
- Periodically, every 8 hours (depending on the type of cloud account).
- Initially when a cloud account is connected.
|--company||This parameter is required. Expects the input to be a company slug of the company in which the cloud account lives within.|
|--account||This parameter is required. This is the cloud identifier of the account you wish to scan. Only specifying the account with no other optional parameters will scan the entirety of the cloud account.|
|-- ids||This parameter is optional. Expects the input to be a list of numerical OpsCompass assigned identifiers.|
|-- resourceIds||This parameter is optional. Expects the input to be a list of cloud identifiers for the resources you wish to scan.|
|--resourceTags||This parameter is optional. Expects the tag values of the resources within the account to scan.|
Help message as seen within the CLI:
Scanning a Whole Cloud Account
As mentioned previously, you can initiate a whole account scan by only specifying the required parameters company & account. Below is an example:
opscompass resources scan --company my-Company --account 123456789876
Scanning Resources by Tags
One optional parameter 'resourceTags' allows for scanning resources within an account context, but only ones having the resource tag that is passed. Below is an example:
opscompass resources scan --company my-Company --account 123456789876 --resourceTags deployment-06-01-2023
Scanning Resources by ID
The optional parameters 'ids' and 'resourceIds' allow for scanning individual resources within an account context. Below is an example of specifically scanning 3 resources by their OpsCompass numerical id.
opscompass resources scan --company my-Company --account 123465789876 --ids 10123,20312,876231
How long does a scan take?
Currently there is no method for tracking an OpsCompass scan after initiated. Depending on request frequency and timing of the request the scan could take around 15 to 20 minutes to completion.