A User is an entity with access to GorillaStack and can be a member of many Teams.
A Role can be assigned to a User to control their capacity to perform operations in GorillaStack. A Role defines policies that allow and/or deny privileges.
A Role can optionally specify a parent Role, from which it inherits policies.
A User Group is group of Users in a Team. Within the scope of a User Group, a User can be assigned any Role. The Role assigned to a User in a User Group defines their level of privilege when interacting with GorillaStack entities owned by that User Group.
A single User Group can be selected as an owner of many Rules.
User Groups are a feature restricted to enterprise customers.
The Context is the scope of a Rule. A completed Context will specify:
The appropriate scope for the selected cloud Platform, either:
The Trigger is the observed event that will cause the Rule to run once.
An Action is an automation capability specifying how GorillaStack is to interact with targeted cloud resources in response to the observed Trigger. A Rule can support one or many Actions.
A Pause can be substituted in place of an Action. A Pause is designed to be used as a utility to control Action execution flow.
A Tag Group:
key:valuepairs and a boolean expression to enable flexible filtering of your resources based on their tags
At time of execution of a Rule Action featuring a Tag Group selection, all resources within the defined Rule Context are filtered against the Tag Group. This makes resource targeting in GorillaStack low maintenance and highly scalable.
Once in use Tag Groups cannot be modified. Where Users wish to update a Tag Group they should:
AWS Account Groups make it easier to target many AWS Accounts in a Rule. Once an AWS Account Group is created and selected in a Rule Context, a User only has to modify the AWS Account Group to influence which AWS Accounts are included in the scope or Context in those Rules.
An AWS Account Group named
non-prod is selected in each Rule context, effectively targeting 23 non-production AWS Accounts across all Rules.
The Team admins then wish to add another non-production AWS Account to GorillaStack. The admins can add the AWS Account to GorillaStack, and then select the new AWS Account as a member of the
non-prod AWS Account Group. The existing Rules will now target the new AWS Account, no further manual changes of Rule contexts required.
A template is a static definition of GorillaStack resources. Templates can be deployed to create many resources (Rules, Tag Groups) at once.