Policy Enforcement and Resource Types
Illumio Cloud supports writing policy for the following types of resources. Note that policy enforcement is done through Security Groups on AWS and through Network Security Groups on Azure. For a list of all resource types that appear in the Inventory page, and additional details such as flow support, map support, and attached resources, see Illumio visibility for resource types.
AWS
Category | Resource Type |
|---|---|
Compute | EC2 Instance |
Containers | EKS Cluster |
Databases | ElastiCache CacheCluster |
Databases | MemoryDB Cluster |
Databases | RDS DB Cluster |
Databases | RDS DB Instance |
Data Warehouse | Redshift Cluster |
Network Routing | ElasticLoadBalancingV2 Load Balancer |
Serverless | Lambda Function |
Azure
Category | Resource Type |
|---|---|
Compute | Virtual Machine (inclusive of "spot" VM) |
Compute | Virtual Machine ScaleSet Virtual Machine |
Databases | CosmosDB |
Databases | DocumentDB Database Account |
Databases | DBforPostgreSQL Flexible Server |
Databases | DBforPostgreSQL Server |
Databases | SQL Managed Instance |
Databases | SQL Server (Microsoft.Sql/servers) |
Network Management | Private Link Service: The following resources are attached to a subnet via a private link service. See note below table.
|
Network Routing | Load Balancer |
Network Routing | Private Endpoint: The following resources are attached to a subnet via a private endpoint. See note below table.
|
Network Security | Azure Firewall NoteIllumio Cloud does not support Classic Azure Firewall. |
Note
Illumio Cloud applies policies for the different resources listed under Private Endpoints and Private Link Services by applying rules to the NSG on the subnet that hosts them.
Note
Azure PaaS databases must have private endpoint connectivity for Illumio Cloud to enforce policies on private endpoint NSGs.