Skip to main content

Illumio Segmentation for the Cloud User Guide

  • Illumio Segmentation for the Cloud User Guide
  • Visualize
  • Inventory

Inventory

Search and browse all resources onboarded by Illumio Segmentation for the Cloud in its Inventory page.

This topic describes the Illumio Segmentation for the Cloud Inventory feature, and provides a general example of how you would use it. For instructions on how to use the search function in the Inventory page, see the pop-ups in the GUI.

For information about the Inventory Details pages for your resources, see Inventory Details.

Inventory_Page.png

How to use the Inventory

As a network security administrator, you start on the Inventory page to secure cloud resources with Illumio policies. The resource cards give a quick snapshot of compute, database, storage, and firewall counts across your environment. When the list seems unmanageable, click a card such as Firewall to apply a filter. The table updates immediately and the cards update highlight relevant categories with check marks.

You then refine the results by choosing a persona-based View, multi-selecting cloud providers in the Cloud filter, or adding more criteria using Add Filter. Type-ahead search helps you find values quickly. As filters narrow the scope, the inventory makes gaps visible, such as unlabeled or unsecured resources. You can export the filtered results to a CSV file to support labeling workflows or policy authoring in Illumio.

Supported Resource Types

See Illumio visibility for resource types.

For a list of resources against which you can write policy, see Policy enforcement and resource types.

Illumio supports filtering commonly referenced resource types in the resources type filter.

For sub-resource types, click a resource to visit its page and view the Attached Resources tab.

Filter Your Inventory Resources

Filters are organized as buttons at the top of the page. The default set includes common options like View, Cloud, Account, and Category.

You can apply multiple values within each filter (multi-select) and add custom filters for more granularity by clicking Add Filter.

Filters support type-ahead search. As you type in a filter field, results are filtered alphabetically to show matching options. You can also paste multiple values directly into the field.

You can multi-select to filter your inventory by one or more of the following:

  • Cloud

  • Account ID

  • Account Name

  • Cluster ID

    Paste a cluster ID (e.g. GKE, OKE, EKS, AKS) to find all of the clusters and their attached resources in the main inventory table.

  • Region

  • Resource Type

    EXAMPLES: Azure Firewall, EC2, Subnet, OCI, compute instance, and more.

  • Resource Group

  • Resource Name

  • Resource State (This reflects updates from the CSP. Frequent state changes may experience delayed refreshes, but updating any of these other parameters triggers an immediate refresh.)

  • VPC/VNET ID

  • Subnet ID

  • Cloud Tags

  • Labels (for example, <application name>, VPC deployments, and more.)

  • Categories (for example, databases, containers, and more.)

  • IP Address (Note that if you type an IP address, the numerals appear in the search bar before they appear in the value field in search menu. Only valid IPs are returned, so users do not have to type full length valid addresses. This is limited to IPv4 and IPv6.)

Tooltips

Hover over items in the following columns to see tooltips summarizing information about them:

  • Resource (Name, Resource ID, Type, Account ID, CSP, Region, Labels, Last Updated)

  • Account ID (Account ID, Name, both of which you can copy)

  • Labels (Type, which you can copy)

  • Cloud Tags (Cloud Tag, Illumio Label)

  • Security Controls (Properties of the resource you have, and Policy Sync and Policy Last Applied.)

Note

Last Updated refreshes only when there is a change in the CSP resource. Policy Sync and Policy Last Applied refresh only when there is a change to existing policy.

Views

Views customize the table columns to match your role. Choose from the following:

  • Default: Shows all available columns for a comprehensive overview.

  • Cloud Labels: Focuses on columns relevant to labeling (for example, missing labels).

  • Labels & Cloud Tags: Emphasizes labels and cloud-specific tags (for example, region, account ID).

  • Security Controls: Highlights policy-related details (for example, applied rules, enforcement status) for network security admins.

After selecting a view, apply other filters to refine the results. Views persist until changed.

Best Practices for Filtering

  • Start with high-level filters (Cloud or Account) to reduce the dataset, then drill down with Category or Labels.

  • In labeled environments, use Labels to filter by application, environment, or role (for example, "App:Web").

  • For unlabeled resources, filter by IP Address or Cloud Tags to identify assets for tagging via Illumio workflows.

  • If your environment has thousands of resources, filters help scope to securable assets (typically compute, database, storage, or firewalls) without scrolling through irrelevant sub-resources.

Resource Cards

The Inventory page displays four cards that provide an at-a-glance summary of your key securable resources:

  • Compute: Number of compute instances (for example, EC2 instances in AWS).

  • Database: Number of database services (for example, RDS in AWS).

  • Storage: Number of storage resources (for example, S3 buckets in AWS).

  • Firewall: Number of Cloud Network Firewalls and Virtual Firewalls like Security Groups.

These cards always reflect the current filtered view and update dynamically as you apply filters. For example:

  • Applying a cloud filter (such as AWS only) reduces the counts to show only AWS-specific resources.

  • Check marks appear on cards when a filter intersects with that category, indicating relevant results.

Find Firewall Inventory

Use the Firewalls quick filter to display all discovered AWS and Azure firewalls in one view.

When you search for AWS Firewall or Azure Firewall, only main firewall resources display in the results. Sub-resources, such as policies, rule groups, and logging configurations) do not display in the search results. To view sub-resources, click the Attached Resources tab.

About the Firewall Detail View

The Firewall Detail view contains the following tabs:

  • The Summary tab displays the firewall name, ARN, VPC, subnet mappings, and endpoint IDs.

  • The Attached Resources tab displays policies, rule groups, and Transit Gateway attachments. Note that only three TGW attachments display by default. Click Show More to display more TGW attachments.

  • The Policies tab contains a table that you can filter, search, and sort.

About Hidden Resource Types

The following resource types do not appear in firewall search results, but you can view them in the parent firewall's attached resources tab:

  • AWS::NetworkFirewall::FirewallPolicy

  • AWS::NetworkFirewall::LoggingConfiguration

  • AWS::NetworkFirewall::RuleGroup

Exporting an Inventory Report

Use this feature to export a list of your resources subject to your search query.

For best results, Illumio recommends viewing videos in Chrome.

  1. Click Export to export the inventory data.

  2. Edit the report name and select the format.

  3. Click the Scheduling Section toggle to the on position to schedule the export unless you want to export the report immediately.

  4. If you choose to schedule your report, select your recurrence and time.

  5. Click Save when done.

  6. Go to the Generated reports page to download the exported report.

Known Networks

The Known Networks tab displays a list of known networks (IP lists). This list populates the options for the Known Networks filter option on the Traffic page. See Search traffic. To add one, follow the in-application help directions.

The Cloud Map also displays known networks as a type of resource.

The Kubernetes Resources tabs displays a list of Kubernetes resources. See Kubernetes Resources Inventory.