Discovery
Discovery is Guardrails' method for automatically searching virtual infrastructure, systems or applications to build a structured, searchable data representation. For example, resources in an AWS Account are discovered and stored in Guardrails.
Discovered resources are always mapped to Resource Types and stored in the Resource Hierarchy.
Discovery & Real-time Updates
Typically, Discovery & CMDB controls are used in combination to find new resources and track changes to them over time.
Discovery
Each resource type registers a Discovery control on it's parent type. The
Discovery control is designed to find all instances of the resource types from
the parent and upsert them into the Guardrails CMDB.
AWS > SQS > Queue defines a control AWS > SQS > Queue > Discovery with a target resource type of AWS > Region.In effect, the parent resource is responsible for creating its children.
CMDB
Each resource type also registers a CMDB control on itself. The CMDB control
queries the source for the latest and complete details about the resource.
AWS > SQS > Queue defines a control AWS > SQS > Queue > CMDB with a target resource type of AWS > SQS > Queue.In effect, a resource is considered to be an adult child, looking after itself.
Real-time Updates via Events
While Discovery and CMDB controls can find existing resources and update their details, Guardrails is designed to react in real-time to resource changes. This is achieved through event handling for create, update and delete events relating to a resource.
sqs.amazonaws.com:CreateQueue event is received by Guardrails and handled with an immediate CMDB upsert. This triggers the CMDB control for the new AWS > SQS > Queue resource, which then fetches full details using the AWS APIs.sqs.amazonaws.com:DeleteQueue event is received by Guardrails and handled with an immediate CMDB deletion. No further queries to the AWS APIs are required.