After onboarding your accounts

This topic explains what to do next after onboarding your cloud service provider (CSP) accounts.

After you've onboarded your CSP accounts, your resources are discovered and ingested.

Before defining your environment, Illumio recommends you review your ingested resources.

About the Cloud Map
The Map displays a view of your cloud inventory as a network topology map for the your infrastructure. The map displays the relationships between your resources by using cloud native constructs. Go to the Map to view your entire state of cloud resources from the cloud accounts you have onboarded.
Use the Map to view your topology and analyze the traffic flow data. The map helps you visualize your resources and provides an understanding of the traffic flows between them.
Illumio synchronizes the data in cloud accounts you have onboarded, and displays the data in the Inventory, Traffic, and Map pages.
See Map.
About the Inventory Page
View your cloud resources from accounts that were discovered in your environment.
Search and filter cloud resources on different parameters. View preset filters and set custom columns.
See Inventory.
Review Your Traffic Flows
Before you write policy rules to either allow or block traffic, Illumio recommends you determine if there are traffic flows between resources. Filter your resources by flow status, source labels and addresses, destination labels and addresses/ports, and so forth.
See Traffic.

Defining your accounts is a multi-step process:

Define your deployment stacks:
In Cloud, you may decide to create deployment stacks as part of specifying which applications in your cloud account to protect with Cloud.
After onboarding your cloud accounts, you may begin by defining the environments you're using in the cloud. In Cloud, we refer to this as “adding deployment stacks.” In the cloud, stacks provide a way to manage your resources as a single, atomic unit.
See Define a deployment.
Define your applications:
Defining an application follows a similar process. You begin by specifying an Application label. Then, you associate cloud resources to that label by selecting the appropriate cloud tags or cloud metadata associated with that application.
See Define an application automatically.
Approve your application definitions:
This separates the process of defining an application from the ability to create policy for it.
Stakeholders are in the loop to approve your application definitions.
See View and approve an application.

Now that you've reviewed your ingested resources and defined your environment, you are ready to create security policy.

Create your organization polices:
You can think of organization policies as guardrail policies that prevent application policies from allowing undesired traffic, or that are additive to application policies allowing desired traffic. An organization policy can exist all by itself, but these policies are also evaluated during policy computation for any application policy.
Organization policies are broader policies that you write that are independent of applications. They can override application policies, including any future application policies, that may have overly permissive allow rules.
See Writing Organization Policy.
Create your application policies:
Illumio allows or denies traffic between applications using policies that you write. You can think of application policies as segmentation policies to control network traffic using Illumio labels, services, and IP/IP lists to define what can talk to applications.
See Writing Application Policy.

Cloud