Unexpected changes to your cloud resources may create security or compliance risk. OpsCompass detects changes in your cloud configuration so that you can take appropriate action.
Monitoring your cloud configuration for unexpected changes is an important part of successful cloud management. Unplanned changes to your cloud configuration may expose your systems to security or compliance risk, and may cause unexpected cost increases.
Rather than mining endless log files searching for evidence of possible misconfiguration, OpsCompass includes a Drift monitoring feature that can detect and alert you to changes in configuration.
OpsCompass periodically scans your cloud resources to evaluate their configurations. For some resources, OpsCompass detects change events for your resources when they occur. These changes, or drifts, are visible in the Drift feature of OpsCompass.
Drift Alerts in OpsCompass indicate a change. There are three main types of changes that show alerts: resources being added, changed, and deleted. At the top of the page, there is a high level view indicating the number of these changes. This view changes with your filters.
Below the high level view, on the left of the page, each entry shows one individual change to one individual resource. These are ordered by most to least recent. These entries show the time of discovery, type of change, and resource name.
Clicking on one of these entries expands a detailed view on the right. At the top users can see the resource name that links to the Inventory and attribution (if applicable). A person can be identified as the cause of the change. In many cases, changes may be caused by templates, or even the cloud providers themselves.
Below these are the actual changes hidden in collapsible rows. For each drift concern that has been triggered, the user is offered an opportunity to explain the reason for the drift, and to acknowledge the change so that it is not offered in future Drift Alerts. By explaining and acknowledging drift over time, operations teams can track changes to their configuration day by day, resource by resource. This enables precise control over environment configuration.
A JSON-based view of the change is displayed. When it is necessary to view a change in context of the entire resource, the full JSON description can be opened to show the configuration of the whole resource.
The green area indicates the property that has been changed. The red bars indicate the specific lines of JSON that have been changed.
As long as a resource is connected to OpsCompass, it will be scanned, and individual drifts will be stored and viewable later. For resources with multiple drifts, users can scroll down to the Resource History table. The Inventory Resource Page also shows the change history of a specific resource. Both of these views can help in troubleshooting or forensic-style investigations.
OpsCompass differentiates between many kinds of drift. By default, OpsCompass enables many kinds of drift concerns including Cost, Data, Compliance, Networking, Security, Identity & Access Management and others. To review drift concerns for your user profile, select the "Admin" option from the profile dropdown menu in the top right corner. Next, navigate to the Manage Drift Concerns tab.
Opening the Drift Concerns page reveals which drift concerns are enabled. Users with Drift Owner role responsibilities can enable, disable specific drift concerns for the Drift Alerts view, and can create or edit drift concerns.
Enabled Drift Concerns result in Drift Alerts in the Notification Bar, the Drift Module, and other areas like Slack Notifications. To enable specific drift concerns for specific users, use the Teams feature in the profile menu to group drift concerns by team, and to assign specific users to specific teams.
Filtering Drift Alert Views
Many cloud-native workflow include thousands of individual cloud resources. The detailed nature of Drift Alerts can be overwhelming in dynamic environments. To improve this experience, OpsCompass offers several options to filter Drift Alerts to a manageable view.
Scoping the view in OpsCompass helps trim the accounts in view. In many cases this is an easy way to filter to a specific environment or workload. The scope feature is a global view filter, and is located in the navigation bar. Changes to Scope affect all product modules as you navigate between tools.
In this case, only the production environment is needed. To select a single account or cloud provider, double-click the account. Alternatively, you can select each account or provider with a single click to provide a view of drift alerts from multiple accounts.
- Cloud Provider - select or de-select a cloud provider to view all toggle all accounts of that provider. Selecting AWS, for example, will toggle all AWS accounts.
- Cloud Accounts - select or de-select a specific cloud account/subscription/project to toggle that specific account. Selecting accounts affects the Cloud Provider group above. For example, if you de-select AWS in the Cloud Provider area and then select an AWS account from the Cloud As
The option "Make Default" will ensure that future OpsCompass sessions filters to this specific scope for each module.
OpsCompass includes a fine-grained filter for Drift Alerts to narrow the focus of the drift view. In each OpsCompass module, the page filter is specific to the functionality in question.
For Drift Alerts, OpsCompass offers the following page filter options:
- Dates - by default, OpsCompass filters Drift Alerts to the previous 14 days.
- Accounts - filters the Drift Alerts view to specific accounts/subscriptions/projects.
- Concerns - filters the Drift Alerts view to the selected drift concerns.
- Resource types - filters the Drift Alerts view to the selected resource types, such as NetworkSecurityGroup, Virtual Machine, IAM Role or others.
- User Attribution - filters Drift Alerts view to alerts that were caused by users.
- Change Types - filters Drift Alerts to view changes, or permits the inclusion of Security Recommendations from the native cloud providers.
- Drift Acknowledgement - filters the Drift Alerts view to unacknowledged, and acknowledged drifts. By default, only unacknowledged drift alerts are displayed.
Choosing "Apply" enables the filter for this session. Choosing "Save Filter" allows you to name the filter and recall it in future sessions.