How Pulumi Insights Account Discovery works
Insights Account Discovery enables organizations to gain visibility into their entire cloud infrastructure through the Pulumi Insights platform. It works by scanning cloud provider accounts and building a comprehensive inventory of resources in the Insights supergraph, regardless of how those resources were created or are currently managed.
Here are some key concepts:
Account management
The Accounts page in the Pulumi Cloud console serves as the central hub for managing the Account Discovery process. From this page, you can:
- View all configured accounts and their current scan status
- Create new accounts
- Monitor the progress of infrastructure discovery
- Configure scanning settings for each account
When you create a new account, Insights automatically generates child accounts based on your cloud provider’s structure. For AWS accounts for example, this means separate child accounts for each region you specify, allowing granular control over the discovery process.
Resource discovery process
Account Discovery integrates with Pulumi ESC to securely manage the credentials needed for scanning cloud resources. This integration ensures that credential management follows enterprise security best practices.
During each scan, Insights:
- Authenticates to your cloud provider using read-only credentials from ESC
- Identifies resources present in your account
- Collects detailed metadata about each resource
- Records resource relationships and dependencies
- Updates the Insights supergraph with the latest resource state
Exploring Your Infrastructure
Once scanning is complete, your resources become available through three main interfaces:
- Resource Explorer provides a structured view of your infrastructure, with capabilities for grouping, filtering, and sorting resources
- Resource Search enables you to find specific resources or groups of resources
- Pulumi AI assist and Copilot allows natural language queries about your infrastructure, such as “Find all public IP addresses”
The Resource Explorer interface supports:
- Custom grouping by dragging and dropping column headers
- Advanced filtering through column-specific filters
- Flexible column management for customized views
- Direct access to resource metadata and relationships
Resource Relationships
Insights maintains a graph of relationships between your resources. For example, it tracks connections between:
- S3 buckets and their associated bucket policies
- Virtual machines and their attached storage
- Network interfaces and security groups
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.