Asset Inventory Graph
Resoto scrapes resources from your cloud providers. This data is the source of truth for all of Resoto's features. All resources from all cloud providers, accounts, regions and all resource types become nodes in the graph.
Resoto also knows how resources relate to each other. For example, a compute instance might have a volume and is attached to a network interface. The same compute instance might be the target of a load balancer, which is inside a security group, which itself is inside a VPC. All of these relationships are encoded as edges in the graph.
The superpower of Resoto is the ability to provide a complete picture of your cloud assets and how they relate to each other.
Each collected resource is a node in the asset inventory graph.
Resource data is encoded as a JSON document with a well-defined structure.
You can expect the following properties on every resource:
|string||The cloud providers unique ID of a resource. This identifier might not be unique over different cloud providers.|
|string||The kind of the resource. See Resource Kinds below for details.|
|string||The name of the resource. Resoto tries its best to map the relevant property for that matter.|
|datetime||The time the resource has been created.|
|datetime||The time the resource has been modified the last time.|
|datetime||The time the resource has been accessed the last time.|
Resources have additional properties in addition to those above. The structure of the JSON document is defined by the resource kind.
There is a plethora of resource types. Resoto captures all of this information and makes it available to you.
To ensure you get consistent data, Resoto defines a set of resource kinds. Each resource type is mapped to one of these kinds. Resoto ensures that the data you get for a specific kind adheres to the schema defined for that kind.
The kind of resource is defined in the
kind property of the resource.
Resource Data Models lists all available resource kinds.
The same resource can adhere to multiple resource kinds. This makes it possible to allow to view the same resource in more than one way. For example, an AWS EC2 volume can be viewed as
aws_ec2_volume, as compute
aws_resource and as
This is useful if you want to search the graph using more abstract concepts. For example, it allows for the selection of all volumes regardless of cloud provider.
kinds command allows you to list all resource kinds and their properties.
Resoto also captures the relationships between resources by encoding the relationships as edges in the graph. This makes it possible to traverse the graph and walk from one resource to another based on a specific relationship. The relationship itself does not have any additional properties.
The list of possible edges are also defined explicitly in our data model reference section. Another option is the
kinds command to get the same information on the command line.
This documentation describes how a resource might be connected. This does not mean that every relationship has to exist. For example, a compute instance might not have a volume attached to it. In this case, there is no edge between the compute instance and the volume.
In order to traverse the graph in a meaningful way, it is important to understand the structure. The following diagram serves as an example graph you will find in Resoto to illustrates how we can "walk" edges in a graph:
All resources in AWS are placed in a region. The region is a node in the graph. If we want to find all resources in the graph, we need to walk outbound (following the edges in direction of the arrow). If we want to know the account of a specific resource, we need to walk inbound (following the edge in reverse direction of the arrow) in the graph until we find an account.
Successor nodes are directly connected to the current node in an outbound direction.
aws_ec2_instance is a successor of
Descendant nodes are directly or indirectly connected to the current node in an outbound direction (at any depth).
aws_ec2_elastic_ip are ancestors of
Predecessor nodes are directly connected to the current node in an inbound direction.
aws_alb_target_group are predecessors of
Ancestor nodes are directly or indirectly connected to the current node in an inbound direction (at any depth).
aws_account are ancestors of